I'm an admin for a large company and I managed our spam filter. I found some unusual emails and I'm wondering if Google's DNS was hacked. We have many emails in quarantine from 8.8.8.8 and from localhost. Below is what I'm seeing. Has anyone else seen this? If this needs to be reported to Google, I can't find where to report it.
FIRST EMAIL
_____________________________________________________
Received on
Nov 19 2021 02:57:10 AM
From
info@localhost
To
CC
Recipients
in...@REMOVEDMYDOMAIN.COMSubject
Attachment(s) / URL(s)
Status
Quarantined
Source Email Server
167.172.131.119
HEADERS
Received
from [127.0.1.1] (unknown [167.172.131.119]) by prd09-use1-06 (envelope-from <info@localhost>) FireEye ETP with ESMTP id D475313335F477916118152fb; batch_id D4/75-31333-5F477916; Fri, 19 Nov 2021 09:57:10 +0000 (UTC)
From
<>
Return-Path
<info@localhost>
____________________________________________________________________
SECOND EXAMPLE
Received on
Nov 19 2021 02:57:15 AM
From
in...@REMOVEDMYDOMAIN.COMinfo@[8.8.8.8]
To
CC
Recipients
Subject
Attachment(s) / URL(s)
Status
Quarantined
Source Email Server
167.172.131.119
These are the headers:
Received
from [127.0.1.1] (unknown [167.172.131.119]) by prd09-use1-29 (envelope-from <info@[8.8.8.8]>) FireEye ETP with ESMTP id BEDD14597AF477916208d9952; batch_id BE/DD-14597-AF477916; Fri, 19 Nov 2021 09:57:15 +0000 (UTC)
From
<>
Return-Path
<info@[8.8.8.8]>