#maliciousactor — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #maliciousactor, aggregated by home.social.
-
Ok, this is interesting and it's confusing. The domain
hungerrush.comis not affiliated with any of my domains. The only similarity is that we both use Cloudflare. But this is coming to my personal email domain. DNSlytics doesn't show anything out of order forhungerrush.comand their DNS servers are not my DNS servers so it's not like Cloudflare has accidentally mixed our accounts. Also not sure how or why this was accepted by #MailCow when the SPF records for the domain clearly do not list the IP address of the mail server that sent this to me as being valid. #hacking #MaliciousActor #ThreatActor #email #threatsReturn-Path: <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com> Delivered-To: [email protected] Received: from mc01.bofhcorp.com ([fd4d:6169:6c63:6f77::e]) by 4d492a470590 with LMTP id ePC8ETjOp2k40BwA8UTzlA (envelope-from <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com>) for <[email protected]>; Wed, 04 Mar 2026 01:16:24 -0500 X-Original-To: [email protected] Received: from o8.e.hungerrush.com (o8.e.hungerrush.com [159.183.101.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mc01.bofhcorp.com (Postcow) with ESMTPS id CA5B83F7C7 for <[email protected]>; Wed, 4 Mar 2026 01:16:22 -0500 (EST) Authentication-Results: mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ellenburg.email; s=dkim; t=1772604983; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: dkim-signature; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=DauNC+S6ttdO/quZoBv0L089Gbgb0LvdV7nODvq5YhJnH1auSFd06y1oxdCooyZkX8SWnM MEU+0j5NHJFhYJ42EktQhZEswJQgFTt1KuoVHnsqmNrXTeT1tmXdyboARXMA+vR4xNylrL BmEetbNPCOr63tzqNaFDSnJ3FOX5NF0fQoKtBKhNgo4JRR8zt4UfSA2UBMBUJQN6u8nYgo Ehw5r+S/3dUQFjty1iBGiHCkRSUsg1swgOHBVr/4LNxFyUli1T6U8cx+1pkQ7+yLUwhdzy rLPsJQg48Vi0MhM4RGMm/VXISY47jJ9QwzSpvqN0cilIX5xK8CwQcRsEwT/z3A== Arc-Authentication-Results: i=1; mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Seal: i=1; a=rsa-sha256; d=ellenburg.email; s=dkim; cv=none; t=1772604983; b=XgkqoDAX6WgAOrkYbxC1iSMvL3Y8BNYAmWV0zc4+qnmFOIXZk/F5Lah+JGjpq0J1bplLw4 +ctYOFPsiT/hRipThKyqAQKg8tbepc2WHhDfMfx0ZIBQ1pvSPLprPxXNWxShf1BGzYsk/p w43+BjfHPBaTUjfh33bRq9n+muIgQZWb0IrE3j3IxaQqbPH4gNGy3PRSQeJ0h8d+H2LDcz Ww33NM3dr46k9zG8G9zCz01UsQliOfyccWEBeEaZvKAOLRd8GJ9mVq0RdHaYx0OD7CAPCB oU3OVtXHM6BkaljOmSpBYG+bMf0FELppgF3Xh3kxjZqDp6T9ILy/MDF0C5qSLg== Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hungerrush.com; h=content-type:date:from:mime-version:subject:to:cc:content-type:date: from:subject:to; s=s1; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=rUHDecOMPHV2uRHVRS0QWXTT+DvTlfnrkdErDM9S70AwIj6KcAGTRyXZ7HWShgumJh6C ZsLMIfaTz18zNbjmNvBnpTrFu53vh/91UsRE77gNqjXqcEZ1+GgyODFGuksZXJII5MGOmX kPjd7aoLNGV8IoW1vIJFeNFhn+V+V+Mqe8KZjDEYOS4vwhtYDZcLrEM1ycDSAwjxQXZQjo jhoKUzn0eMiJwAbZ+pv6rOFPboWo1TrML56rf2GnFaxzx02OzSzvtNW8zymZo+A91KcDBc CMBzB0a+gH4jTqq7Nru7UXy7HzJs65WKmzi0oP+6om74zfPstkxZIOyOdx8SuZmg== Received: by recvd-78b965c8d8-zdgqr with SMTP id recvd-78b965c8d8-zdgqr-1-69A7CE26-1C 2026-03-04 06:16:06.443112518 +0000 UTC m=+6594257.398878059 Received: from MTU0Mjg0MjA (unknown) by geopod-ismtpd-14 (SG) with HTTP id R8ef3HgJSzKAWjTspVFOVg Wed, 04 Mar 2026 06:16:06.389 +0000 (UTC) Content-Type: multipart/alternative; boundary=756eec60870d3d536fbdd68742e52497a4b942240da0929eb9086137701f Date: Wed, 04 Mar 2026 06:16:20 +0000 (UTC) (03/03/2026 11:16:20 PM) From: [email protected] Mime-Version: 1.0 Message-Id: <R8ef3HgJSzKAWjTspVFOVg@geopod-ismtpd-14> Subject: Important Security Concern X-Sg-Eid: u001.0C7K3f28Upwcc83Ki/sssUs41HbZm8V+OpCWByUHpnkIo3Cf3hm/pW0EfJzflgf36jw5Gp3JgFJ4tuWJQPsEAbcJU6UF8Ihcb1M62yBTRoE0vsUfZz2XJX+RWG3qaANKO1EBHzIuX62fzw1ozL1hsUCBi4ED9i/f8vMAlSBOsVfoeGi/Px3FbeZ5xedkeohgriOTDEtF5uvWrlpvLmUwmg== To: [email protected] X-Entity-Id: u001.GsWs5sr1vbo83iYQd0snJg== X-Last-Tls-Session-Version: TLSv1.3 X-Rspamd-Queue-Id: CA5B83F7C7 X-Spamd-Result: default: False [4.83 / 15.00]; BAD_REP_POLICIES(2.00)[]; IP_REPUTATION_SPAM(1.64)[asn: 11377(0.40), country: US(0.01), ip: 159.183.101.69(0.00)]; URI_COUNT_ODD(1.00)[1]; RBL_SENDERSCORE_REPUT_9(-1.00)[159.183.101.69:from]; MV_CASE(0.50)[]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[[email protected],[email protected]]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MX_GOOD(-0.01)[]; BAYES_SPAM(0.00)[22.47%]; RCVD_TLS_LAST(0.00)[]; R_DKIM_ALLOW(0.00)[hungerrush.com:s=s1]; RCPT_MAILCOW_DOMAIN(0.00)[ellenburg.email]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_POLICY_ALLOW(0.00)[hungerrush.com,quarantine]; ARC_SIGNED(0.00)[ellenburg.email:s=dkim:i=1]; ALIAS_RESOLVED(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TAGGED_FROM(0.00)[15428420-0e13-george=ellenburg.email]; R_SPF_ALLOW(0.00)[+ip4:159.183.101.69]; FROM_NO_DN(0.00)[]; ASN(0.00)[asn:11377, ipnet:159.183.64.0/18, country:US]; DKIM_TRACE(0.00)[hungerrush.com:+]; MISSING_XM_UA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[[email protected],[email protected]] X-Evolution-Source: a61fb74e0da811eda3a3e4401e58eba051b5dcfa -
Ok, this is interesting and it's confusing. The domain
hungerrush.comis not affiliated with any of my domains. The only similarity is that we both use Cloudflare. But this is coming to my personal email domain. DNSlytics doesn't show anything out of order forhungerrush.comand their DNS servers are not my DNS servers so it's not like Cloudflare has accidentally mixed our accounts. Also not sure how or why this was accepted by #MailCow when the SPF records for the domain clearly do not list the IP address of the mail server that sent this to me as being valid. #hacking #MaliciousActor #ThreatActor #email #threatsReturn-Path: <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com> Delivered-To: [email protected] Received: from mc01.bofhcorp.com ([fd4d:6169:6c63:6f77::e]) by 4d492a470590 with LMTP id ePC8ETjOp2k40BwA8UTzlA (envelope-from <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com>) for <[email protected]>; Wed, 04 Mar 2026 01:16:24 -0500 X-Original-To: [email protected] Received: from o8.e.hungerrush.com (o8.e.hungerrush.com [159.183.101.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mc01.bofhcorp.com (Postcow) with ESMTPS id CA5B83F7C7 for <[email protected]>; Wed, 4 Mar 2026 01:16:22 -0500 (EST) Authentication-Results: mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ellenburg.email; s=dkim; t=1772604983; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: dkim-signature; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=DauNC+S6ttdO/quZoBv0L089Gbgb0LvdV7nODvq5YhJnH1auSFd06y1oxdCooyZkX8SWnM MEU+0j5NHJFhYJ42EktQhZEswJQgFTt1KuoVHnsqmNrXTeT1tmXdyboARXMA+vR4xNylrL BmEetbNPCOr63tzqNaFDSnJ3FOX5NF0fQoKtBKhNgo4JRR8zt4UfSA2UBMBUJQN6u8nYgo Ehw5r+S/3dUQFjty1iBGiHCkRSUsg1swgOHBVr/4LNxFyUli1T6U8cx+1pkQ7+yLUwhdzy rLPsJQg48Vi0MhM4RGMm/VXISY47jJ9QwzSpvqN0cilIX5xK8CwQcRsEwT/z3A== Arc-Authentication-Results: i=1; mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Seal: i=1; a=rsa-sha256; d=ellenburg.email; s=dkim; cv=none; t=1772604983; b=XgkqoDAX6WgAOrkYbxC1iSMvL3Y8BNYAmWV0zc4+qnmFOIXZk/F5Lah+JGjpq0J1bplLw4 +ctYOFPsiT/hRipThKyqAQKg8tbepc2WHhDfMfx0ZIBQ1pvSPLprPxXNWxShf1BGzYsk/p w43+BjfHPBaTUjfh33bRq9n+muIgQZWb0IrE3j3IxaQqbPH4gNGy3PRSQeJ0h8d+H2LDcz Ww33NM3dr46k9zG8G9zCz01UsQliOfyccWEBeEaZvKAOLRd8GJ9mVq0RdHaYx0OD7CAPCB oU3OVtXHM6BkaljOmSpBYG+bMf0FELppgF3Xh3kxjZqDp6T9ILy/MDF0C5qSLg== Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hungerrush.com; h=content-type:date:from:mime-version:subject:to:cc:content-type:date: from:subject:to; s=s1; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=rUHDecOMPHV2uRHVRS0QWXTT+DvTlfnrkdErDM9S70AwIj6KcAGTRyXZ7HWShgumJh6C ZsLMIfaTz18zNbjmNvBnpTrFu53vh/91UsRE77gNqjXqcEZ1+GgyODFGuksZXJII5MGOmX kPjd7aoLNGV8IoW1vIJFeNFhn+V+V+Mqe8KZjDEYOS4vwhtYDZcLrEM1ycDSAwjxQXZQjo jhoKUzn0eMiJwAbZ+pv6rOFPboWo1TrML56rf2GnFaxzx02OzSzvtNW8zymZo+A91KcDBc CMBzB0a+gH4jTqq7Nru7UXy7HzJs65WKmzi0oP+6om74zfPstkxZIOyOdx8SuZmg== Received: by recvd-78b965c8d8-zdgqr with SMTP id recvd-78b965c8d8-zdgqr-1-69A7CE26-1C 2026-03-04 06:16:06.443112518 +0000 UTC m=+6594257.398878059 Received: from MTU0Mjg0MjA (unknown) by geopod-ismtpd-14 (SG) with HTTP id R8ef3HgJSzKAWjTspVFOVg Wed, 04 Mar 2026 06:16:06.389 +0000 (UTC) Content-Type: multipart/alternative; boundary=756eec60870d3d536fbdd68742e52497a4b942240da0929eb9086137701f Date: Wed, 04 Mar 2026 06:16:20 +0000 (UTC) (03/03/2026 11:16:20 PM) From: [email protected] Mime-Version: 1.0 Message-Id: <R8ef3HgJSzKAWjTspVFOVg@geopod-ismtpd-14> Subject: Important Security Concern X-Sg-Eid: u001.0C7K3f28Upwcc83Ki/sssUs41HbZm8V+OpCWByUHpnkIo3Cf3hm/pW0EfJzflgf36jw5Gp3JgFJ4tuWJQPsEAbcJU6UF8Ihcb1M62yBTRoE0vsUfZz2XJX+RWG3qaANKO1EBHzIuX62fzw1ozL1hsUCBi4ED9i/f8vMAlSBOsVfoeGi/Px3FbeZ5xedkeohgriOTDEtF5uvWrlpvLmUwmg== To: [email protected] X-Entity-Id: u001.GsWs5sr1vbo83iYQd0snJg== X-Last-Tls-Session-Version: TLSv1.3 X-Rspamd-Queue-Id: CA5B83F7C7 X-Spamd-Result: default: False [4.83 / 15.00]; BAD_REP_POLICIES(2.00)[]; IP_REPUTATION_SPAM(1.64)[asn: 11377(0.40), country: US(0.01), ip: 159.183.101.69(0.00)]; URI_COUNT_ODD(1.00)[1]; RBL_SENDERSCORE_REPUT_9(-1.00)[159.183.101.69:from]; MV_CASE(0.50)[]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[[email protected],[email protected]]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MX_GOOD(-0.01)[]; BAYES_SPAM(0.00)[22.47%]; RCVD_TLS_LAST(0.00)[]; R_DKIM_ALLOW(0.00)[hungerrush.com:s=s1]; RCPT_MAILCOW_DOMAIN(0.00)[ellenburg.email]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_POLICY_ALLOW(0.00)[hungerrush.com,quarantine]; ARC_SIGNED(0.00)[ellenburg.email:s=dkim:i=1]; ALIAS_RESOLVED(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TAGGED_FROM(0.00)[15428420-0e13-george=ellenburg.email]; R_SPF_ALLOW(0.00)[+ip4:159.183.101.69]; FROM_NO_DN(0.00)[]; ASN(0.00)[asn:11377, ipnet:159.183.64.0/18, country:US]; DKIM_TRACE(0.00)[hungerrush.com:+]; MISSING_XM_UA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[[email protected],[email protected]] X-Evolution-Source: a61fb74e0da811eda3a3e4401e58eba051b5dcfa -
Ok, this is interesting and it's confusing. The domain
hungerrush.comis not affiliated with any of my domains. The only similarity is that we both use Cloudflare. But this is coming to my personal email domain. DNSlytics doesn't show anything out of order forhungerrush.comand their DNS servers are not my DNS servers so it's not like Cloudflare has accidentally mixed our accounts. Also not sure how or why this was accepted by #MailCow when the SPF records for the domain clearly do not list the IP address of the mail server that sent this to me as being valid. #hacking #MaliciousActor #ThreatActor #email #threatsReturn-Path: <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com> Delivered-To: [email protected] Received: from mc01.bofhcorp.com ([fd4d:6169:6c63:6f77::e]) by 4d492a470590 with LMTP id ePC8ETjOp2k40BwA8UTzlA (envelope-from <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com>) for <[email protected]>; Wed, 04 Mar 2026 01:16:24 -0500 X-Original-To: [email protected] Received: from o8.e.hungerrush.com (o8.e.hungerrush.com [159.183.101.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mc01.bofhcorp.com (Postcow) with ESMTPS id CA5B83F7C7 for <[email protected]>; Wed, 4 Mar 2026 01:16:22 -0500 (EST) Authentication-Results: mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ellenburg.email; s=dkim; t=1772604983; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: dkim-signature; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=DauNC+S6ttdO/quZoBv0L089Gbgb0LvdV7nODvq5YhJnH1auSFd06y1oxdCooyZkX8SWnM MEU+0j5NHJFhYJ42EktQhZEswJQgFTt1KuoVHnsqmNrXTeT1tmXdyboARXMA+vR4xNylrL BmEetbNPCOr63tzqNaFDSnJ3FOX5NF0fQoKtBKhNgo4JRR8zt4UfSA2UBMBUJQN6u8nYgo Ehw5r+S/3dUQFjty1iBGiHCkRSUsg1swgOHBVr/4LNxFyUli1T6U8cx+1pkQ7+yLUwhdzy rLPsJQg48Vi0MhM4RGMm/VXISY47jJ9QwzSpvqN0cilIX5xK8CwQcRsEwT/z3A== Arc-Authentication-Results: i=1; mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Seal: i=1; a=rsa-sha256; d=ellenburg.email; s=dkim; cv=none; t=1772604983; b=XgkqoDAX6WgAOrkYbxC1iSMvL3Y8BNYAmWV0zc4+qnmFOIXZk/F5Lah+JGjpq0J1bplLw4 +ctYOFPsiT/hRipThKyqAQKg8tbepc2WHhDfMfx0ZIBQ1pvSPLprPxXNWxShf1BGzYsk/p w43+BjfHPBaTUjfh33bRq9n+muIgQZWb0IrE3j3IxaQqbPH4gNGy3PRSQeJ0h8d+H2LDcz Ww33NM3dr46k9zG8G9zCz01UsQliOfyccWEBeEaZvKAOLRd8GJ9mVq0RdHaYx0OD7CAPCB oU3OVtXHM6BkaljOmSpBYG+bMf0FELppgF3Xh3kxjZqDp6T9ILy/MDF0C5qSLg== Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hungerrush.com; h=content-type:date:from:mime-version:subject:to:cc:content-type:date: from:subject:to; s=s1; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=rUHDecOMPHV2uRHVRS0QWXTT+DvTlfnrkdErDM9S70AwIj6KcAGTRyXZ7HWShgumJh6C ZsLMIfaTz18zNbjmNvBnpTrFu53vh/91UsRE77gNqjXqcEZ1+GgyODFGuksZXJII5MGOmX kPjd7aoLNGV8IoW1vIJFeNFhn+V+V+Mqe8KZjDEYOS4vwhtYDZcLrEM1ycDSAwjxQXZQjo jhoKUzn0eMiJwAbZ+pv6rOFPboWo1TrML56rf2GnFaxzx02OzSzvtNW8zymZo+A91KcDBc CMBzB0a+gH4jTqq7Nru7UXy7HzJs65WKmzi0oP+6om74zfPstkxZIOyOdx8SuZmg== Received: by recvd-78b965c8d8-zdgqr with SMTP id recvd-78b965c8d8-zdgqr-1-69A7CE26-1C 2026-03-04 06:16:06.443112518 +0000 UTC m=+6594257.398878059 Received: from MTU0Mjg0MjA (unknown) by geopod-ismtpd-14 (SG) with HTTP id R8ef3HgJSzKAWjTspVFOVg Wed, 04 Mar 2026 06:16:06.389 +0000 (UTC) Content-Type: multipart/alternative; boundary=756eec60870d3d536fbdd68742e52497a4b942240da0929eb9086137701f Date: Wed, 04 Mar 2026 06:16:20 +0000 (UTC) (03/03/2026 11:16:20 PM) From: [email protected] Mime-Version: 1.0 Message-Id: <R8ef3HgJSzKAWjTspVFOVg@geopod-ismtpd-14> Subject: Important Security Concern X-Sg-Eid: u001.0C7K3f28Upwcc83Ki/sssUs41HbZm8V+OpCWByUHpnkIo3Cf3hm/pW0EfJzflgf36jw5Gp3JgFJ4tuWJQPsEAbcJU6UF8Ihcb1M62yBTRoE0vsUfZz2XJX+RWG3qaANKO1EBHzIuX62fzw1ozL1hsUCBi4ED9i/f8vMAlSBOsVfoeGi/Px3FbeZ5xedkeohgriOTDEtF5uvWrlpvLmUwmg== To: [email protected] X-Entity-Id: u001.GsWs5sr1vbo83iYQd0snJg== X-Last-Tls-Session-Version: TLSv1.3 X-Rspamd-Queue-Id: CA5B83F7C7 X-Spamd-Result: default: False [4.83 / 15.00]; BAD_REP_POLICIES(2.00)[]; IP_REPUTATION_SPAM(1.64)[asn: 11377(0.40), country: US(0.01), ip: 159.183.101.69(0.00)]; URI_COUNT_ODD(1.00)[1]; RBL_SENDERSCORE_REPUT_9(-1.00)[159.183.101.69:from]; MV_CASE(0.50)[]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[[email protected],[email protected]]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MX_GOOD(-0.01)[]; BAYES_SPAM(0.00)[22.47%]; RCVD_TLS_LAST(0.00)[]; R_DKIM_ALLOW(0.00)[hungerrush.com:s=s1]; RCPT_MAILCOW_DOMAIN(0.00)[ellenburg.email]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_POLICY_ALLOW(0.00)[hungerrush.com,quarantine]; ARC_SIGNED(0.00)[ellenburg.email:s=dkim:i=1]; ALIAS_RESOLVED(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TAGGED_FROM(0.00)[15428420-0e13-george=ellenburg.email]; R_SPF_ALLOW(0.00)[+ip4:159.183.101.69]; FROM_NO_DN(0.00)[]; ASN(0.00)[asn:11377, ipnet:159.183.64.0/18, country:US]; DKIM_TRACE(0.00)[hungerrush.com:+]; MISSING_XM_UA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[[email protected],[email protected]] X-Evolution-Source: a61fb74e0da811eda3a3e4401e58eba051b5dcfa -
Ok, this is interesting and it's confusing. The domain
hungerrush.comis not affiliated with any of my domains. The only similarity is that we both use Cloudflare. But this is coming to my personal email domain. DNSlytics doesn't show anything out of order forhungerrush.comand their DNS servers are not my DNS servers so it's not like Cloudflare has accidentally mixed our accounts. Also not sure how or why this was accepted by #MailCow when the SPF records for the domain clearly do not list the IP address of the mail server that sent this to me as being valid. #hacking #MaliciousActor #ThreatActor #email #threatsReturn-Path: <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com> Delivered-To: [email protected] Received: from mc01.bofhcorp.com ([fd4d:6169:6c63:6f77::e]) by 4d492a470590 with LMTP id ePC8ETjOp2k40BwA8UTzlA (envelope-from <bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com>) for <[email protected]>; Wed, 04 Mar 2026 01:16:24 -0500 X-Original-To: [email protected] Received: from o8.e.hungerrush.com (o8.e.hungerrush.com [159.183.101.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mc01.bofhcorp.com (Postcow) with ESMTPS id CA5B83F7C7 for <[email protected]>; Wed, 4 Mar 2026 01:16:22 -0500 (EST) Authentication-Results: mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ellenburg.email; s=dkim; t=1772604983; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: dkim-signature; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=DauNC+S6ttdO/quZoBv0L089Gbgb0LvdV7nODvq5YhJnH1auSFd06y1oxdCooyZkX8SWnM MEU+0j5NHJFhYJ42EktQhZEswJQgFTt1KuoVHnsqmNrXTeT1tmXdyboARXMA+vR4xNylrL BmEetbNPCOr63tzqNaFDSnJ3FOX5NF0fQoKtBKhNgo4JRR8zt4UfSA2UBMBUJQN6u8nYgo Ehw5r+S/3dUQFjty1iBGiHCkRSUsg1swgOHBVr/4LNxFyUli1T6U8cx+1pkQ7+yLUwhdzy rLPsJQg48Vi0MhM4RGMm/VXISY47jJ9QwzSpvqN0cilIX5xK8CwQcRsEwT/z3A== Arc-Authentication-Results: i=1; mc01.bofhcorp.com; dkim=pass header.d=hungerrush.com header.s=s1 header.b=rUHDecOM; spf=pass (mc01.bofhcorp.com: domain of "bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com" designates 159.183.101.69 as permitted sender) smtp.mailfrom="bounces+15428420-0e13-george=ellenburg.email@em8199.hungerrush.com"; dmarc=pass (policy=quarantine) header.from=hungerrush.com Arc-Seal: i=1; a=rsa-sha256; d=ellenburg.email; s=dkim; cv=none; t=1772604983; b=XgkqoDAX6WgAOrkYbxC1iSMvL3Y8BNYAmWV0zc4+qnmFOIXZk/F5Lah+JGjpq0J1bplLw4 +ctYOFPsiT/hRipThKyqAQKg8tbepc2WHhDfMfx0ZIBQ1pvSPLprPxXNWxShf1BGzYsk/p w43+BjfHPBaTUjfh33bRq9n+muIgQZWb0IrE3j3IxaQqbPH4gNGy3PRSQeJ0h8d+H2LDcz Ww33NM3dr46k9zG8G9zCz01UsQliOfyccWEBeEaZvKAOLRd8GJ9mVq0RdHaYx0OD7CAPCB oU3OVtXHM6BkaljOmSpBYG+bMf0FELppgF3Xh3kxjZqDp6T9ILy/MDF0C5qSLg== Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hungerrush.com; h=content-type:date:from:mime-version:subject:to:cc:content-type:date: from:subject:to; s=s1; bh=3OmNKI/mpxlfrxxqyS2f3WGBsqm4mduaJHUdqKevnhU=; b=rUHDecOMPHV2uRHVRS0QWXTT+DvTlfnrkdErDM9S70AwIj6KcAGTRyXZ7HWShgumJh6C ZsLMIfaTz18zNbjmNvBnpTrFu53vh/91UsRE77gNqjXqcEZ1+GgyODFGuksZXJII5MGOmX kPjd7aoLNGV8IoW1vIJFeNFhn+V+V+Mqe8KZjDEYOS4vwhtYDZcLrEM1ycDSAwjxQXZQjo jhoKUzn0eMiJwAbZ+pv6rOFPboWo1TrML56rf2GnFaxzx02OzSzvtNW8zymZo+A91KcDBc CMBzB0a+gH4jTqq7Nru7UXy7HzJs65WKmzi0oP+6om74zfPstkxZIOyOdx8SuZmg== Received: by recvd-78b965c8d8-zdgqr with SMTP id recvd-78b965c8d8-zdgqr-1-69A7CE26-1C 2026-03-04 06:16:06.443112518 +0000 UTC m=+6594257.398878059 Received: from MTU0Mjg0MjA (unknown) by geopod-ismtpd-14 (SG) with HTTP id R8ef3HgJSzKAWjTspVFOVg Wed, 04 Mar 2026 06:16:06.389 +0000 (UTC) Content-Type: multipart/alternative; boundary=756eec60870d3d536fbdd68742e52497a4b942240da0929eb9086137701f Date: Wed, 04 Mar 2026 06:16:20 +0000 (UTC) (03/03/2026 11:16:20 PM) From: [email protected] Mime-Version: 1.0 Message-Id: <R8ef3HgJSzKAWjTspVFOVg@geopod-ismtpd-14> Subject: Important Security Concern X-Sg-Eid: u001.0C7K3f28Upwcc83Ki/sssUs41HbZm8V+OpCWByUHpnkIo3Cf3hm/pW0EfJzflgf36jw5Gp3JgFJ4tuWJQPsEAbcJU6UF8Ihcb1M62yBTRoE0vsUfZz2XJX+RWG3qaANKO1EBHzIuX62fzw1ozL1hsUCBi4ED9i/f8vMAlSBOsVfoeGi/Px3FbeZ5xedkeohgriOTDEtF5uvWrlpvLmUwmg== To: [email protected] X-Entity-Id: u001.GsWs5sr1vbo83iYQd0snJg== X-Last-Tls-Session-Version: TLSv1.3 X-Rspamd-Queue-Id: CA5B83F7C7 X-Spamd-Result: default: False [4.83 / 15.00]; BAD_REP_POLICIES(2.00)[]; IP_REPUTATION_SPAM(1.64)[asn: 11377(0.40), country: US(0.01), ip: 159.183.101.69(0.00)]; URI_COUNT_ODD(1.00)[1]; RBL_SENDERSCORE_REPUT_9(-1.00)[159.183.101.69:from]; MV_CASE(0.50)[]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[[email protected],[email protected]]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MX_GOOD(-0.01)[]; BAYES_SPAM(0.00)[22.47%]; RCVD_TLS_LAST(0.00)[]; R_DKIM_ALLOW(0.00)[hungerrush.com:s=s1]; RCPT_MAILCOW_DOMAIN(0.00)[ellenburg.email]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_POLICY_ALLOW(0.00)[hungerrush.com,quarantine]; ARC_SIGNED(0.00)[ellenburg.email:s=dkim:i=1]; ALIAS_RESOLVED(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TAGGED_FROM(0.00)[15428420-0e13-george=ellenburg.email]; R_SPF_ALLOW(0.00)[+ip4:159.183.101.69]; FROM_NO_DN(0.00)[]; ASN(0.00)[asn:11377, ipnet:159.183.64.0/18, country:US]; DKIM_TRACE(0.00)[hungerrush.com:+]; MISSING_XM_UA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[[email protected],[email protected]] X-Evolution-Source: a61fb74e0da811eda3a3e4401e58eba051b5dcfa -
@Lumpbucket At this point #Chrome and #Google have to be labeled #Malware and #MaliciousActor respectably...
-
@Lumpbucket At this point #Chrome and #Google have to be labeled #Malware and #MaliciousActor respectably...
-
@Lumpbucket At this point #Chrome and #Google have to be labeled #Malware and #MaliciousActor respectably...
-
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move - Among the nonfungible tokens (NFTs) stolen from the PROOF co-foun... - https://cointelegraph.com/news/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move #openseamarketplacecontract #arranschlosberg #chromiesquiggle #maliciousactor #onchainmonkey #ryanseanadams #floorprice #fixedfloat #kevinrose #moonbirds #autoglyph #feetpix #proof
-
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move - Among the nonfungible tokens (NFTs) stolen from the PROOF co-foun... - https://cointelegraph.com/news/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move #openseamarketplacecontract #arranschlosberg #chromiesquiggle #maliciousactor #onchainmonkey #ryanseanadams #floorprice #fixedfloat #kevinrose #moonbirds #autoglyph #feetpix #proof
-
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move - Among the nonfungible tokens (NFTs) stolen from the PROOF co-foun... - https://cointelegraph.com/news/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move #openseamarketplacecontract #arranschlosberg #chromiesquiggle #maliciousactor #onchainmonkey #ryanseanadams #floorprice #fixedfloat #kevinrose #moonbirds #autoglyph #feetpix #proof
-
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move - Among the nonfungible tokens (NFTs) stolen from the PROOF co-foun... - https://cointelegraph.com/news/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move #openseamarketplacecontract #arranschlosberg #chromiesquiggle #maliciousactor #onchainmonkey #ryanseanadams #floorprice #fixedfloat #kevinrose #moonbirds #autoglyph #feetpix #proof
-
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move
https://cointelegraph.com/news/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move
#OpenSeaMarketplaceContract #ArranSchlosberg #ChromieSquiggle #MaliciousActor #OnChainMonkey #RyanSeanAdams #FloorPrice #FixedFloat #KevinRose #Moonbirds #Autoglyph #Feetpix #PROOF -
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move
https://cointelegraph.com/news/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move
#OpenSeaMarketplaceContract #ArranSchlosberg #ChromieSquiggle #MaliciousActor #OnChainMonkey #RyanSeanAdams #FloorPrice #FixedFloat #KevinRose #Moonbirds #Autoglyph #Feetpix #PROOF -
An Unknown Miner Commands More Than 51% of BSV’s Hashpower, Consecutive Strings of Empty Blocks Makes Chain Unreliable
https://news.bitcoin.com/an-unknown-miner-commands-more-than-51-of-bsvs-hashpower-consecutive-strings-of-empty-blocks-makes-chain-unreliable/
#BlockchainReorganization #Coingeekstreamingchannel #BitcoinAssociation #NikitaZhavoronkov #reorganizations #Bitcoinsv(BSV) #maliciousactor #SouthKoreanWon #100blockreorg #UnknownMiner #CoinMetrics #blockreorg #Blockchair #Hashrate