MOON
Server: Apache
System: Linux s5.yayogua.com.py 6.12.0-124.55.3.el10_1.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 7 16:54:02 EDT 2026 x86_64
User: w3com (1005)
PHP: 8.2.32
Disabled: NONE
Upload Files
File: /home/w3com/mail/.info@w3_com_py/new/1753079782.H423163P25684.s3.yayogua.com.py,S=7049
Return-path: <postmaster@e8f7b069df.nxcli.io>
Envelope-to: info@w3.com.py
Delivery-date: Mon, 21 Jul 2025 02:36:22 -0400
Received: from cloudhost-7858067.us-midwest-1.nxcli.net ([209.87.158.16]:41676)
	by s3.yayogua.com.py with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
	(Exim 4.87)
	(envelope-from <postmaster@e8f7b069df.nxcli.io>)
	id 1udk8H-0006bz-Ea
	for info@w3.com.py; Mon, 21 Jul 2025 02:36:22 -0400
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=default; d=e8f7b069df.nxcli.io;
  b=RMQKaf0zqKWIK/IAov3TNXE09D2kLoWffLW4urSYsdx8Of9tcGnc1NRFt58RyW7vUmAQYnjrTclW6YCfGnJOldWtAEtGueupbxtLExI/4mKB8l0+Oc61xVmX0E5/hc9eoc8ebdFkkOxELG9yLfn4dF535EfIoqkF3DWqm9g0vZyrSWsSiWmnV4xSm895jf7YkKpStZJRzou5QPj2UYpaZEc9tDv/pgw1Lo5pc0SsA4q2tcFZH3249rNZk68rUwU6PqPnOX82nXzWH4gAIDuD0EZGjVRlJsmk5p1cmL7XhchHsK199sqFFeIETEl6LscWBfP47DzISABhmTYG6UDAaA==;
  h=Received:Date:Message-ID:To:Subject:X-PHP-Originating-Script:From:Reply-To:MIME-Version:Content-Type:X-Mailer:X-Priority:List-Unsubscribe;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=e8f7b069df.nxcli.io; h=
	date:message-id:to:subject:from:reply-to:mime-version
	:content-type:list-unsubscribe; s=default; bh=vCx7TU3h03aSK9Albw
	znHSckukofzGRUP3bF5UJDz2c=; b=OlLVuoASHwSsPAfxP2xIIUyJxRHgBlk6NP
	5tmkVG5K6zQQm6GEEw0oK7uWIu+O8bbfMZabVQjiC1DPJMgC0Jz05gurncuqLphZ
	KmKSPB9GUyWFDBuC/rH7pnfDcHubEiBdtUl9GBI4VxEeuHiHS4CemUxWJjAWtyQD
	kTdEs37uhUXOXwR7/KNecI6jU4IVLTCkLsOVe7aUbcRPynq+Zx3qeKbsuBtBorq+
	3FhapR7squtJQBi9DaigPsAqJ4yXRJjtR7w8SRaltzYJbLy4Htt8QKjfB8nZf5ZV
	itmtwXO6xi9Ca+4rXCIzQHhOZiBFSNawNpHpti6Dtzgf0xHZokcw==
Received: (qmail 18840 invoked by uid 10128); 21 Jul 2025 05:51:07 +0000
Date: 21 Jul 2025 05:51:07 +0000
Message-ID: <20250721055107.18828.qmail@cloudhost-7858067.us-midwest-1.nxcli.net>
To: info@w3.com.py
X-PHP-Originating-Script: 10128:you.php
From: "MetаMаsk" <nc0x3r5b@nfb.io>
Reply-To: nc0x3r5b@nfb.io
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
X-Mailer: PHP/8.2.20
X-Priority: 3
List-Unsubscribe: <mailto:unsubscribe@nc0x3r5b@nfb.io>
X-Spam-Status: Yes, score=7.6
X-Spam-Score: 76
X-Spam-Bar: +++++++
X-Spam-Report: Spam detection software, running on the system "s3.yayogua.com.py",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 
 Content preview:  Account Access Alert 🦊 Account Access Alert We’ve noticed
    a login from a device or location we don’t recognize. For your security,
    please review this activity. [...] 
 
 Content analysis details:   (7.6 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: incedesign.com]
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                             domains are different
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [209.87.158.16 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                          [209.87.158.16 listed in sa-trusted.bondedsender.org]
  0.0 RCVD_IN_DNSWL_BLOCKED  RBL: ADMINISTRATOR NOTICE: The query to DNSWL
                             was blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block
                              for more information.
                             [209.87.158.16 listed in list.dnswl.org]
  3.2 FUZZY_WALLET           BODY: Obfuscated "Wallet"
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
  0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
  1.9 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                             [cf: 100]
  0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
  3.0 URI_WPADMIN            WordPress login/admin URI, possible phishing
X-Spam-Flag: YES
Subject:  ***SPAM***  Wаllet Login Attempt – Vеrification Needed


<!DOCTYPE html>
<html lang="en" >
<head>
  <meta charset="UTF-8" />
  <title>Account Access Alert</title>
</head>
<body style="margin:0; padding:20px; font-family:Arial, sans-serif; background:#f9fafb; color:#222222;">
  <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="max-width:540px; margin: auto; background:#ffffff; border:1px solid #ddd; border-radius:8px;">
    <tr>
      <td style="padding: 28px; text-align:center;">
        <span style="font-size:32px; display:block; line-height:1;">&#129418;</span>
        <h1 style="color:#f6851b; font-weight:600; margin:16px 0 24px; font-size:22px;">Account Access Alert</h1>
        <p style="font-size:16px; line-height:1.5; margin:0 0 22px;">
          We’ve noticed a login from a device or location we don’t recognize. For your security, please review this activity.
        </p>

        <table role="presentation" cellpadding="0" cellspacing="0" style="margin: 24px auto 16px;">
          <tr>
            <td align="center" bgcolor="#f6851b" style="border-radius:6px;">
              <a href="https://incedesign.com/wp-admin/js/?id=4289962166006719051-3848" target="_blank" rel="noopener noreferrer" style="font-size:16px; color:#fff; text-decoration:none; padding: 14px 40px; display:inline-block; font-weight:700; font-family:Arial, sans-serif; letter-spacing: 0.03em; user-select:none;">
                &#8203;Secure Your Wallet Now&#8203;
              </a>
            </td>
          </tr>
        </table>

        <p style="font-size:13px; color:#888; margin-top:20px; font-style:italic;">
          If this was you, you don’t need to do anything further. Thank you for helping us keep your account safe.
        </p>
        <p style="font-size:12px; color:#bbb; margin-top:40px; user-select:none;">
          — MetaMask Security Team
        </p>
      </td>
    </tr>
  </table>
</body>
</html>