/home/smartonegroup/mail/.spam/new/1748726680.M975720P3514236.server11.hhost.eg,S=7590,W=7728
Return-Path: <postmaster@3a06faf3ea.nxcli.io>
Delivered-To: smartonegroup+spam@server11.hhost.eg
Received: from server11.hhost.eg
	by server11.hhost.eg with LMTP
	id 2D/MOZhzO2h8nzUAq0RAHw
	(envelope-from <postmaster@3a06faf3ea.nxcli.io>)
	for <smartonegroup+spam@server11.hhost.eg>; Sat, 31 May 2025 21:24:40 +0000
Return-path: <postmaster@3a06faf3ea.nxcli.io>
Envelope-to: sec@veroserv.com
Delivery-date: Sat, 31 May 2025 21:24:40 +0000
Received: from cloudhost-3183234.us-west-1.nxcli.net ([173.249.147.151]:63636)
	by server11.hhost.eg with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.1)
	(envelope-from <postmaster@3a06faf3ea.nxcli.io>)
	id 1uLTh4-0000000Fc5K-0Cve
	for sec@veroserv.com;
	Sat, 31 May 2025 21:24:40 +0000
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=default; d=3a06faf3ea.nxcli.io;
  b=mLZjJQ0L0BZKSq+oM+/v9unpIw3+Mk6AeEzLX6C5GpbumyKsEFun40b6Jn7kVRQLOdRAlIoOPcQFeNJLL82OL+T3QAzeGvAPZSRgFiGswHA0vzujcqnCIkBGai1lP1oCbFuAZZeyk4Q5ktoc3TD+z5cRYfQe7T17aJDcg2yOyhegaADQm1lkSsf8R3STr4xbGcxmdUjmoeT8WDV694DWw724SLRpjjA4/Dhiy6qCPheNzTnWt7u/kjeh3YF0s6VIGSt8qy7BYRohiAMo8P0rkVJm/TdnVqTmX09qQh8SXbCBUErNfo5EwdCc/WB55LygFPo4hzdnX+9jR90+bOC0Xw==;
  h=Received:Date:Message-ID:To:Subject:X-PHP-Originating-Script:From:Reply-To:MIME-Version:Content-Type:X-Mailer:X-Priority;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=3a06faf3ea.nxcli.io; h=
	date:message-id:to:subject:from:reply-to:mime-version
	:content-type; s=default; bh=LDkr8V8j3iV5gcIQVE06HdOZuYh5xyfvixF
	GzuW1/aQ=; b=MQgx/YLeSvZ0Cqjvjg4NjoJSGfE1FxAH/PzMGCRLR4FB8Hhofgp
	yXQh7zuAw2IUahj9XSsMoOFemPl6u268Hne+zLlBqXKpoa3lfkzYyg9vGFHMqwTH
	AolqE14PMIrHhZB7c3hLOyXSG14hbmB3UNaiLSsVJEC1cdwm6ju0ZNt9zUOwQBTE
	NzQn6mj5ghzWcoU2IH9nnq8xi9c/TxTUCogqWHeX6yZyBl0PRxqVwjQAnjeZgI2p
	ERuPMn5yLqubck0IZG4zQDmEpFGNIE3pwbTYFkDTgsjlYDcn6NKj25UkBkf6wCaZ
	lw4eetJykcD7oIMq5WjO0jB6myq7OtKcQrw==
Received: (qmail 16438 invoked by uid 10204); 31 May 2025 21:23:57 +0000
Date: 31 May 2025 21:23:57 +0000
Message-ID: <20250531212357.16437.qmail@cloudhost-3183234.us-west-1.nxcli.net>
To: sec@veroserv.com
X-PHP-Originating-Script: 10204:f.php
From: "MetaMаsk" <talzfwxg@vrj.io>
Reply-To: talzfwxg@vrj.io
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
X-Mailer: PHP/8.2.20
X-Priority: 3
X-Spam-Status: Yes, score=10.5
X-Spam-Score: 105
X-Spam-Bar: ++++++++++
X-Spam-Report: Spam detection software, running on the system "server11.hhost.eg",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  MetaMаsk Security Notice 🦊 Unusual Login Attempt Detected
    
 Content analysis details:   (10.5 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query to
                             zen.spamhaus.org was blocked due to usage of an
                              open resolver. See
                             https://www.spamhaus.org/returnc/pub/
                             [173.249.147.151 listed in zen.spamhaus.org]
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URI: nxcli.io]
                             [URI: yogidigital.shop]
  0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
                             dbl.spamhaus.org was blocked due to usage of an
                              open resolver. See
                             https://www.spamhaus.org/returnc/pub/
                             [URI: 3a06faf3ea.nxcli.io]
                             [URI: yogidigital.shop]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                           [173.249.147.151 listed in bl.score.senderscore.com]
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
  0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  1.0 HK_RANDOM_FROM         From username looks random
  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                             domains are different
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [173.249.147.151 listed in sa-accredit.habeas.com]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                        [173.249.147.151 listed in sa-trusted.bondedsender.org]
  1.7 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
  2.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                             [cf: 100]
  5.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .beauty, .buzz, .cam, .casa, .cfd,
                             .club, .date, .guru, .link, .live, .monster,
                             .online, .press, .pw, .quest, .rest, .sbs,
                             .shop, .stream, .top, .trade, .wiki, .work,
                             .xyz TLD abuse
X-Spam-Flag: YES
Subject:  ***SPAM***  Lаst Reminder: Security Notification


<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>MetaMаsk Security Notice</title>
<style>
  body {margin:0;padding:0;background:#f4f4f7;font-family:Arial,sans-serif;color:#333}
  .box {max-width:500px;margin:40px auto;background:#fff;border-radius:8px;padding:24px 28px;box-shadow:0 2px 10px #0001}
  .logo {font-size:38px;margin-bottom:10px;text-align:center}
  h2 {color:#f6851b;text-align:center;font-size:20px;margin-bottom:20px}
  p {font-size:15px;line-height:1.6;margin:0 0 18px;text-align:center}
  .btn {
    display:inline-block;margin:22px auto;padding:10px 24px;background:#f6851b;
    color:#fff;text-decoration:none;border-radius:6px;font-weight:bold;font-size:15px
  }
  .footer {font-size:12px;color:#777;text-align:center;margin-top:26px}
</style>
</head>
<body>
<div class="box">
  <div class="logo">🦊</div>
  <h2>Unusual Login Attempt Detected</h2>
  <p>We've detected activity from an unfamiliar device on your MetaMаsk wallet.</p>
  <p>For your protection, we strongly recommend enabling Two-Factor Authentication (2FA).</p>
  <p><a href="https://yogidigital.shop/cpk/?id=1536811911437891216-5669" class="btn">🔐 Setup Now</a></p>
  <p class="footer">If this was you, no action is needed.<br>— MetaMаsk Security Team</p>
</div>
</body>
</html>
Path: home/smartonegroup/mail/.spam/new