OwlCyberSecurity - MANAGER

Edit File: 1752572433.M105335P3972763.cloudbhc.clouditzone.com,S=6508,W=6622

Return-Path: <info@bigtreesmd.com> Delivered-To: info@onebox.pk Received: from cloudbhc.clouditzone.com by cloudbhc.clouditzone.com with LMTP id +IegAhEidmibnjwAZAThIw (envelope-from <info@bigtreesmd.com>) for <info@onebox.pk>; Tue, 15 Jul 2025 14:40:33 +0500 Return-path: <info@bigtreesmd.com> Envelope-to: info@onebox.pk Delivery-date: Tue, 15 Jul 2025 14:40:33 +0500 Received: from [117.217.180.48] (port=39738 helo=agro-campus-dijon.fr) by cloudbhc.clouditzone.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from <info@bigtreesmd.com>) id 1ubc9E-0000000GfTb-0qAB for info@onebox.pk; Tue, 15 Jul 2025 14:40:32 +0500 Received-SPF: none (mx.onebox.pk: domain of noreply@bigtreesmd.com does not provide an SPF record) client-ip=162.120.128.12; envelope-from=info@bigtreesmd.com; helo=agro-campus-dijon.fr; Authentication-Results: mx.onebox.pk; dkim=pass header.i=@service.bigtreesmd.com header.s=mail header.b=3E99d5a3; spf=none (mx.gcjlu.onebox.pk: domain of bigtreesmd.com does not provide an SPF record) smtp.mailfrom=info@bigtreesmd.com smtp.helo=agro-campus-dijon.fr; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=bigtreesmd.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=onebox.pk; s=mail; bh=4f7558752A5Af48941E61Deaf7005490e61+FnAxk=; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Message-ID:To:Reply-To:From:Date; b=0FcDc91Ff4AECbB92E759659d340C2268E3+C38F6D9f934cf222588 6E+eA960388E87FbD5E5fA5a397057F4d8778a68B1101a0395B24cbD38Fa6784563A2 0f6ff9c8d9b7D1725+5476Bd/3212c187F0b1635a31aE1EBE4a1510a8Ae/ac65Cfe/B1f1e5D Bc0d882Cf08a2e485d38a1+eFC/e947570FE33f3d60/cC9F55756fb9687B0316ee53E8ab08EDD6 0D12089Ce7080Fb4F9aD67eEaE013c26dAD2FcBf2D4615f60779Fb9707== Received: from [zlnfcAi] (helo-FPnvLErl.ddzn) by swindoll@att.net with esmtp (Exin 4.80.1) id 1C3b813752EFF-0335b1F1d6E126cA33718-4672a9AA38Dd689 for <info@onebox.pk>; Tue, 15 Jul 2025 12:40:07 +0300 From: Camila Richards <swindoll@att.net> To: info@onebox.pk Message-ID: <88ce8720000b212efd571ea327e2d2a1feda@bigtreesmd.com> Subject: =?utf-8?B?8J+RhSAgU2ltcGx5IHRob3VnaHQgSSdkICByZWFjaCBvdXQgIHRvIHNheQ==?= =?utf-8?B?IGhp?= MIME-Version: 1.0 X-Ukebndguo: odtigaudkdcljpezzj X-Jnywifngoxikvndy: zusnbbxymvpeaplwsjvcoybjd X-Llmtznaz: sygkqpcyljsdpmuzoaaqqcilrwp Date: Tue, 15 Jul 2025 12:40:07 +0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailru-Msgtype: letter-15-07-2025 Content-Type: multipart/alternative; boundary="a08ec760404b616ebd175ee367a292e6294a" Content-Transfer-Encoding: base64 X-Spam-Status: No, score=3.2 X-Spam-Score: 32 X-Spam-Bar: +++ X-Ham-Report: Spam detection software, running on the system "cloudbhc.clouditzone.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: What's U dear ! 🌶🌶🌶 Maybe it’s silly, but it made me pause — so I thought you might like it too It’s a soft spark, but sometimes that’s all we need Content analysis details: (3.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: onebox.pk] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [swindoll[at]att.net] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to background 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS 1.0 URI_GOOGDRAWPREVIEW Link to image at Google Docs, possible phishing 0.0 SPOOFED_FREEMAIL No description available. X-Spam-Flag: NO --a08ec760404b616ebd175ee367a292e6294a Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 V2hhdCdzIFUgZGVhciAhIPCfjLbwn4y28J+Mtg0KDQpNYXliZSBpdOKAmXMgc2lsbHksIGJ1dCBp dCBtYWRlIG1lIHBhdXNlIOKAlCBzbyBJIHRob3VnaHQgeW91IG1pZ2h0IGxpa2UgaXQgdG9vDQoN Ckl04oCZcyBhIHNvZnQgc3BhcmssIGJ1dCBzb21ldGltZXMgdGhhdOKAmXMgYWxsIHdlIG5lZWQN Cg0KVGFwIGhlciANCg0KQ2F0Y2ggeW91IGxhdGVyDQoNCkNhbWlsYSBSaWNoYXJkcyDwn6WCDQo= --a08ec760404b616ebd175ee367a292e6294a Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCjxtZXRhIGNoYXJzZXQ9 InV0Zi04Ij48L2hlYWQ+PGJvZHkgc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1zZXJp ZjsgY29sb3I6ICMwMDA7IG1hcmdpbjogMjBweDsiPg0KPHA+V2hhdCdzIFUgZGVhciAhIPCfjLbw n4y28J+MtiA8L3A+DQo8cD5NYXliZSBpdOKAmXMgc2lsbHksIGJ1dCBpdCBtYWRlIG1lIHBhdXNl IOKAlCBzbyBJIHRob3VnaHQgeW91IG1pZ2h0IGxpa2UgaXQgdG9vPC9wPg0KPHA+SXTigJlzIGEg c29mdCBzcGFyaywgYnV0IHNvbWV0aW1lcyB0aGF04oCZcyBhbGwgd2UgbmVlZDwvcD4NCjxwPg0K PGEgaHJlZj1odHRwczovL2RvY3MuZ29vZ2xlLmNvbS9kcmF3aW5ncy9kLzF2Z2dZYS03NFN0T3p2 bjhNOE85NUZnYnZKM2Z2eVlNSjIzMEFyTGdKTUpnL3ByZXZpZXcjP3NvdXJjZTYzMWUmcmFuZD03 NzA0ZDhBMTcgdGFyZ2V0PSJfYmxhbmsiIHN0eWxlPSJiYWNrZ3JvdW5kOiMxYTczZTg7IGNvbG9y OiNmZmY7IHBhZGRpbmc6MTBweCAxNXB4OyB0ZXh0LWRlY29yYXRpb246bm9uZTsgYm9yZGVyLXJh ZGl1czozcHg7IGRpc3BsYXk6aW5saW5lLWJsb2NrOyI+VGFwIGhlcjwvYT4NCjwvcD4NCjxwPkNh dGNoIHlvdSBsYXRlcjwvcD4NCjxwPkNhbWlsYSBSaWNoYXJkcyDwn6WCPC9wPg0KPC9ib2R5Pg0K PC9odG1sPiANCg0K --a08ec760404b616ebd175ee367a292e6294a--