What is the name of the domain?
What is the issue you’re encountering
Phishing emails
What steps have you taken to resolve the issue?
I think someone might have hacked Cloudflare, stolen API keys or perhaps their email sender SparkPost, as I’ve been receiving phishing emails, with SPF/DKIM/DMARC fully authenticated and sent by 192.174.87.157, which is the authorized sender of SparkPost through notify.cloudflare.com
Anyone else receiving these type of emails? I just opened a ticket with them to look up into it, as these phishing emails are coming to my main inbox, and didn’t get an answer so far.
You can see on the screenshot that those emails point to a fake Cloudflare domain, surpassing the official panel, for stealing credentials.
email .eml from google attached.
i created a case about this, but no one answered yet… so i’m posting this here.