OwlCyberSecurity - MANAGER

Edit File: 1712759189.M681461P2509832.premium128.web-hosting.com,S=8355,W=8521:2,

Return-Path: <mail@haytham.site> Delivered-To: atmane.kessai+spam@gourayafroid.com Received: from premium128.web-hosting.com by premium128.web-hosting.com with LMTP id 4O7wJpWhFmYITCYAAvhI2g (envelope-from <mail@haytham.site>) for <atmane.kessai+spam@gourayafroid.com>; Wed, 10 Apr 2024 10:26:29 -0400 Return-path: <mail@haytham.site> Envelope-to: atmane.kessai@gourayafroid.com Delivery-date: Wed, 10 Apr 2024 10:26:29 -0400 Received: from [185.171.91.187] (port=55968 helo=netweb.com.tr) by premium128.web-hosting.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <mail@haytham.site>) id 1ruYta-00AfXU-1l for atmane.kessai@gourayafroid.com; Wed, 10 Apr 2024 10:26:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=izmiratavinc.com; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NPAMSTwsoTf0XrO2rGzTsY39+D5xvj+2v7IZ7CWag4k=; b=KNcShbrPHJNATLPfg63gCznS4c +Vb0kcNYea2yVuRrNNkwUljsXnsUGdF5SV8U9ZlzLYRH7/vBkkr6nbLTvEeFCt0OHa6PffEPgW/uB pM3GcPSSNswkiGsH2fuc5Ct9fEF5uET66ryu5CGLpyTN2XBYwHebu4y8WWF6SzkaU4YGT7qvDA8M/ IvzxlcvBzhWfoEp4y4ksC2TVS53PHfG+KOTCOxrzjPnjwtbynoZaehvqHcZI4TiOoT3GlETFgGDke Xakl56/2WNJmdkBa7kC6Mjx0MFXUhgXkLfI8cjjXEaeVBC26io42H/YjEOGfKgRC9rPxpLejxDYQP o8VoaBpQ==; Received: from [185.29.10.206] (port=51317 helo=ip-10-206.dataclub.eu) by srv1.dijitio.net with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <mail@haytham.site>) id 1ruYuL-00C77o-2M for atmane.kessai@gourayafroid.com; Wed, 10 Apr 2024 17:25:07 +0300 From: "atmane.kessai@gourayafroid.com" <mail@haytham.site> To: atmane.kessai@gourayafroid.com Date: 10 Apr 2024 16:25:07 +0200 Message-ID: <20240410162507.90A5EFD023D492C7@haytham.site> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - srv1.dijitio.net X-AntiAbuse: Original Domain - gourayafroid.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - haytham.site X-Get-Message-Sender-Via: srv1.dijitio.net: authenticated_id: info@izmiratavinc.com X-Authenticated-Sender: srv1.dijitio.net: info@izmiratavinc.com X-Source: X-Source-Args: X-Source-Dir: X-Spam-Status: Yes, score=11.9 X-Spam-Score: 119 X-Spam-Bar: +++++++++++ X-Spam-Report: Spam detection software, running on the system "premium128.web-hosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: atmane.kessai@gourayafroid.com Unusual sign-in activity We detected something unusual about a recent sign-in to the atmane.kessai@gourayafroid.com. Sign-in details Country/region: Netherland IP address: 109.74.1.030 Date: 4/10/202 [...] Content analysis details: (11.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: cloudflare-ipfs.com] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <https://www.spamcop.net/bl.shtml?185.171.91.187>] 2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the Spamhaus DBL blocklist [URIs: cf-ipfs.com] 1.5 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 2.5 URI_CLOUDFLAREIPFS References Interplanetary File System PtP content via CloudFlare, likely phishing 0.0 T_PDS_TO_EQ_FROM_NAME From: name same as To: address 0.0 T_FROM_MULTI_NORDNS Multiple From addresses + no rDNS X-Spam-Flag: YES Subject: ***SPAM*** Unusual sign-in activity <!DOCTYPE HTML> <html><head><title></title> <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge"> </head> <body style=3D"margin: 0.4em;"> <table style=3D'text-align: left; color: rgb(29, 34, 40); text-transform: n= one; letter-spacing: normal; font-family: "Helvetica Neue",Helvetica,Arial,= sans-serif; font-size: 13px; font-style: normal; font-weight: 400; word-spa= cing: 0px; white-space: normal; background-color: rgb(255, 255, 255); font-= variant-ligatures: normal; font-variant-caps: normal; text-decoration-style= : initial; text-decoration-color: initial;' dir=3D"ltr"><tbody><tr> <td style=3D"padding: 0px; color: rgb(112, 112, 112); font-size: 17px;"><a = target=3D"_blank"><span style=3D"color: rgb(0, 0, 255); font-size: 20.9px;"= >atmane.kessai@gourayafroid.com</span></a><br><br></td></tr> <tr> <td style=3D"padding: 0px; color: rgb(38, 114, 236); font-size: 41px;">Unus= ual sign-in activity</td></tr> <tr> <td style=3D"padding: 25px 0px 0px; color: rgb(42, 42, 42); font-size: 14px= ;">We detected something unusual about a recent sign-in to the<span style= =3D"color: rgb(0, 0, 255);"> atmane.kessai@gourayafroid.com</span>.</td></t= r> <tr> <td style=3D"padding: 25px 0px 0px; color: rgb(42, 42, 42); font-size: 14px= ; font-weight: bold;">Sign-in details</td></tr> <tr> <td style=3D"padding: 6px 0px 0px; color: rgb(42, 42, 42); font-size: 14px;= ">Country/region: Netherland</td></tr> <tr> <td style=3D"padding: 6px 0px 0px; color: rgb(42, 42, 42); font-size: 14px;= ">IP address: 109.74.1.030</td></tr> <tr> <td style=3D"padding: 6px 0px 0px; color: rgb(42, 42, 42); font-size: 14px;= ">Date:&nbsp;4/10/2024 4:25:07 p.m. (GMT)</td></tr> <tr> <td style=3D"padding: 6px 0px 0px; color: rgb(42, 42, 42); font-size: 14px;= ">Platform: iOS</td></tr> <tr> <td style=3D"padding: 6px 0px 0px; color: rgb(42, 42, 42); font-size: 14px;= ">Browser: -</td></tr> <tr> <td style=3D"padding: 25px 0px 0px; color: rgb(42, 42, 42); font-size: 14px= ;">Please go to your recent activity page to let us know whether or not this was=20 you. If this wasn't you, we'll help you secure your account. If this was you, we'll trust similar activity in the future.</td></tr> <tr> <td style=3D"padding: 25px 0px 0px; color: rgb(42, 42, 42); font-size: 14px= ;"> <table border=3D"0" cellspacing=3D"0"> <tbody> <tr> <td style=3D"padding: 5px 20px; min-width: 50px; background-color: rgb(38, = 114, 236);" bgcolor=3D"#2672ec"> <a style=3D"text-align: center; color: rgb(255, 255, 255); letter-spacing: = 0.02em; font-size: 14px; font-weight: 600; text-decoration: none;" href=3D"= https://bafkreielxcx7elqgqa2ivv77zr3jht5uymzcdrzcv7w4mv7tlra4yad7vm.ipfs.cf= -ipfs.com/#atmane.kessai@gourayafroid.com" target=3D"_blank" rel=3D"norefer= rer"=20 data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://cloudflare-i= pfs.com/ipfs/bafybeihndtcp3uo3g5eprsfgwvpdz4vup334pkdvimv4t6fxv47uaiorwi/ch= ameleon.html%23info@pargasgroup.com&amp;source=3Dgmail&amp;ust=3D1712841519= 107000&amp;usg=3DAOvVaw3iJTK3_vBN7usoKgaJ_fsB">Review recent activity</a> </td></tr></tbody></table></td></tr> <tr> <td style=3D"padding: 25px 0px 0px; color: rgb(42, 42, 42); font-size: 14px= ;">To opt out or change where you receive security notifications,<span>&nbs= p;</span></td></tr></tbody></table> </body></html>