Mailbox size notification

mike_qt · Feb 25, 2021

I am moving emails from my local directory to my account on a my DA server.
I just got an email telling me I have used 97,68% of its capacity, yet I have no quota restrictions
Heres whats in the email:

Renew your mail storage to a larger quota as soon as possible in order to prevent loss of incoming mails. Use the Email Disk Usage tool at *domain.com*:2096/?goto_app=Email_DiskUsage or renew quota button.

The system generated this warning Today, February 27, 2021 at 01:27:01 PM.
You can disable the “Quota :: MailboxWarning” notice type through the cPanel interface: domain.com:2083/?goto_app=ContactInfo_Change

The email is referring to a cpanel server and the link goes to: https://grand-brainy-radon.glitch.me/#[email protected], and its asking me to login with my email credentials
I checked the source code of the email and it was sent from my DA server.
Can anyone shed some light on why a DA server would send a cPanel email and send the user to a totally unrelated URL??

Daniel-Doggy · Feb 26, 2021

The only explanation i can come up is that someone managed to login to directadmin or directly into an email and just started to send that email.
Seeing if they could send scammy emails. But that would need some more digging.

Because i see no reason why directadmin would send an email of an cpanel server. Unless there are links by a plugin or something. But since this is a surprise to you i don not things thats the case.

Daniel-Doggy · Feb 26, 2021

I did some digging into the domain and found the following:

The doamin + subdomain you send is from an AWS DNS server.
Adn this is what the DNS trace came with from the domain itself.

DNS Trace:

Root:

k.root-servers.net. (ns2.us-mia.k.ripe.net)26 ms

me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1

h.root-servers.net. (003.apg.h.root-servers.org)4 ms

me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1

l.root-servers.net. (us-rtv-aa)2 ms

me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1

g.root-servers.net. (groot-con1-2)28 ms

me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1

m.root-servers.net. (M-SJC-4)77 ms

me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1

j.root-servers.net. (rootns-elric2)4 ms

me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1

d.root-servers.net. (abva4.droot.maxgigapop.net)1 ms

me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1

e.root-servers.net. (c01.IAD.eroot)2 ms

me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1

c.root-servers.net. (iad1b.c.root-servers.org)3 ms

me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1

a.root-servers.net. (nnn1-was5)2 ms

me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1

i.root-servers.net. (s1.was)8 ms

me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1

f.root-servers.net. (IAD.cf.f.root-servers.org)1 ms

me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1

b.root-servers.net. (b1-mia)26 ms

me.	a0.nic.me.	2001:500:53:0:0:0:0:1 199.253.59.1
me.	a2.nic.me.	2001:500:47:0:0:0:0:1 199.249.119.1
me.	b2.nic.me.	199.249.127.1 2001:500:4f:0:0:0:0:1
me.	c0.nic.me.	2001:500:55:0:0:0:0:1 199.253.61.1
me.	b0.nic.me.	2001:500:54:0:0:0:0:1 199.253.60.1

me.

c0.nic.me.26 ms

glitch.me.	ns-681.awsdns-21.net.
glitch.me.	ns-1952.awsdns-52.co.uk.
glitch.me.	ns-109.awsdns-13.com.
glitch.me.	ns-1239.awsdns-26.org.

a0.nic.me.26 ms

glitch.me.	ns-681.awsdns-21.net.
glitch.me.	ns-109.awsdns-13.com.
glitch.me.	ns-1239.awsdns-26.org.
glitch.me.	ns-1952.awsdns-52.co.uk.

b2.nic.me.26 ms

glitch.me.	ns-109.awsdns-13.com.
glitch.me.	ns-681.awsdns-21.net.
glitch.me.	ns-1952.awsdns-52.co.uk.
glitch.me.	ns-1239.awsdns-26.org.

a2.nic.me.26 ms

glitch.me.	ns-109.awsdns-13.com.
glitch.me.	ns-1952.awsdns-52.co.uk.
glitch.me.	ns-1239.awsdns-26.org.
glitch.me.	ns-681.awsdns-21.net.

b0.nic.me.26 ms

glitch.me.	ns-1239.awsdns-26.org.
glitch.me.	ns-109.awsdns-13.com.
glitch.me.	ns-1952.awsdns-52.co.uk.
glitch.me.	ns-681.awsdns-21.net.

mike_qt · Feb 26, 2021

My DA admin is locked down to my ip only, so no one can get in.
I dug a bit deeper and found the email did not get sent from my server after all.
Still, I was right in the middle of moving over 100k of emails from my local client to my server, its the 1st time I have done this, so it seems very strange that I get an email saying my qouta is almost reached.
Maybe is was just bad timing, I changed all my passwords as a precaution as well

mike_qt · Feb 26, 2021

Thanks realcryptonight, looks like another phishing scam that failed

https://glitch.com is a coders website were you can encode on the fly.
Hardly worth complaining as they will just setup a new account and do it again, if they get taken down

wtptrs · Feb 26, 2021

It's a common phishing email: https://www.pcrisk.com/removal-guides/20239-email-account-is-almost-full-scam

Mailbox size notification

mike_qt

Verified User

Daniel-Doggy

Verified User

Daniel-Doggy

Verified User

DNS Trace:

Root:

me.

mike_qt

Verified User

mike_qt

Verified User

wtptrs

Verified User

Mailbox size notification

mike_qt

Verified User

Daniel-Doggy

Verified User

Daniel-Doggy

Verified User

DNS Trace:​

Root:​

me.​

mike_qt

Verified User

mike_qt

Verified User

wtptrs

Verified User

DNS Trace:

Root:

me.