77.90.141.0/24 is a suspected stolen or misappropriated BGP prefix currently being used for QuickBooks callback phishing and abusive email delivery. In the phishing samples reviewed for this report, three separate emails were sent directly from hosts inside 77.90.141.0/24. Those messages impersonated Intuit and QuickBooks, used the same callback phishing template, and were still active as of 13 Mar 2026 PT. This post focuses only on direct evidence tied to 77.90.141.0/24. Nine phishing emails were reviewed in total. Three were directly…