INTERNET WEATHER REPORT ☁️☀️

AS399979 (49.3 Networking LLC) has just been added to ASN watchlist.

This autonomous system currently originates one IPv4 prefix:

45.139.104.0/24

That sole prefix, 45.139.104.0/24, currently shows 95 reported IPs and 18,639 total reports on
AbuseIPDB.

A review of passive DNS tied to this /24 suggests what appears to be large-scale phishing-themed infrastructure spanning financial accounts, streaming subscriptions, health portals, tolling, government services, and parcel/logistics impersonation.

After filtering out obvious Plesk placeholder hostnames, wildcard junk, duplicate www variants, and generic filler entries, the following 100 domains stood out as the strongest phishing-related examples visible in passive DNS for this block:

Financial / account access / identity

• luxtrust-dossieroppo.com
• icloud-user-support.com
• banka-365.com
• ucet-365.com
• paypai.websapps.de
• paypai-sicheren.de
• paypai.validierung.me
• paypal.de-helfen.me
• pay-pal-myapp.com
• connect-payment.net
• servicecustomerbilling.com
• mycns-account.com
• myfiix-bill.com
• pay.pal-nachrichten.com
• mypay.pal-nachrichten.com

Streaming / subscription / Netflix-themed

• noreply-neftlixaccount.com
• ntlfixaccntservice.com
• ntfxregis.com
• pay-netflx.com
• netflxpay.com
• netflix-cancelled.com
• netflix-update-account.com
• netflixrenouvellement.com
• netflixrenouvellement.fr
• netflix-subskriptions.de
• netflix-subskription.net
• netflix-helfen.net
• netflix-hilfe.de
• monthlyntflx.com
• ntfxmonthly.com

Health / social services / Vitale / Ameli / Doctolib-themed

• macartesante-vitalefrance.com
• cartevitalefrance.com
• macartevitale-sante.com
• nouvelle-carte-vitale.com
• carte-santevitale.com
• assurance-maladie-cpam.com
• support-cpam.com
• ameli-compte.info
• info-ameli-assurance.com
• info-ameli-vitale.com
• renouvellement-sante-maladie.com
• mes-demarches-vitale.com
• carte-vitale-suivi.com
• mon-espace-ameli.com
• mon-espace-sante-ameli.com
• renouvellementameli2025.com
• ameli-service-public.com
• vitale-support.com
• doctolib-mise-a-jour.info
• doctolib-app.com

Government / fines / tolls / transport-themed

• peageauto-regularisation.com
• ulysfrance.com
• service-ulys.com
• ulys-autoroutes.com
• ulys-autoroutes.net
• telepeage-facture.com
• paybadge-relance.com
• impaye-ulys.com
• peage-ulys.org
• contravention-regularisation.com
• info-amendesgouv.com
• amendes-regulariser-paiement.com
• dossier-infraction.com
• antai.antsdemarches.com
• ants-demarches.com

Parcel / logistics / delivery-themed

• mydhl-kw-t.com
• mydhl-kuwait.com
• trackship-dhl.com
• dhl-infos.de
• delivery-upsworld.com
• upstrackpackages.com
• globaldelivery-connect.com
• auspost-packageonhold.com
• auspost-customsprccs.com
• assistance-package-delivery.info
• hometrack-assistance-package.info
• track-pakpost.com
• infosuivicolissimo.com
• mon-suivi-colissimo.com
• info-suivi-laposte.com
• suivi-colis-colissimo.com
• colissimo-info-colis.com
• relay-colis-retour.info
• livraisoncolis-mondialrelay.com
• mondialrelay-statutcolis.com
• track-my-mondialrelay.com
• colis-mondialrelay-suivi.com
• clients-mondialrelay.com
• mondialrelay-livraisoncolis.com
• mondialrelay-maj-colis.com
• retour-mondialrelay.com
• reprogramme-mon-colis.com
• service-mondiaireiay.com
• infocolis-suivi.com
• suivicolissimo-info.com
• locker-mondialrelayy.com
• mondial-points-relais.info
• mrelay-distri.com
• livraison-mon-relay.info
• monrelay-suivi.com

Drop It Like It’s Hot.

Latest updates to the ASN watchlist posted here:
https://internetweather.net/asn-watchlist/

On 12/17/2025, I received a “Verify your email address” message that appeared to be a legitimate Fedora Accounts verification email. The sender authenticated cleanly (SPF pass, DKIM pass, DMARC pass) and originated from Fedora infrastructure (fas@fedoraproject.org, via bastion.fedoraproject.org).

But the HTML body contained a cryptocurrency-themed phishing payload that had nothing to do with Fedora.

What the email looked like (the tell)

The plain-text part was normal Fedora account verification copy:

• “This email address has been used to sign up for a Fedora Account…”

• An activation link on accounts.fedoraproject.org

• A 60-minute validity window

The HTML part, however, opened with attacker-controlled content:

• “✅ We have partnered with BINANCE… you have won a mining account with 1.3465 BTC…”

• A link out to graph.org (phish landing page)

• Instructions to “send proof” to “BINANCE online chat”

Then the email continued with the legitimate Fedora activation link and boilerplate.

That split (clean text/plain + poisoned text/html) is a classic way to slip past both automated scanning and a user’s quick glance, especially when the sender domain is reputable and authentication passes.

Why this is a problem

This is not “just another scam email.”

• The message was sent from a legitimate Fedora Project mail path and passed authentication checks.

• That gives the phish credibility and significantly increases the chance a recipient trusts it.

• It also means mailbox providers and filters are more likely to deliver it instead of quarantining it.

In other words: the threat actors didn’t spoof Fedora – they appear to have used Fedora Accounts as a delivery mechanism.

Likely abuse path (best inference from the artifact)

I don’t have Fedora’s backend logs, but based on the content structure, the most plausible scenario is:

• An attacker automated account registrations against the Fedora Accounts signup flow, inserting victim email addresses.

• During registration, they populated some user-controlled field that gets rendered into the HTML template (for example: “full name”, “display name”, or another profile/registration field).

• That field was either:

  • Rendered without proper output encoding, or

  • Allowed HTML/markup that was not sanitized, or

  • Passed through a formatter that produced HTML with unsafe content.

Result: Fedora’s mailer generated a verification email where the HTML portion contained attacker content, while the plain-text portion remained “normal,” increasing deliverability and deception.

That is consistent with the greeting line in the HTML being replaced with the phishing message, while the rest of the template remains intact.

What I did

• I reported the issue to Red Hat/Fedora security contacts (including Red Hat security).

• As of 12/18/2025, I did not receive a response.

• I also forwarded it to a Fedora contact address I could find (including Code of Conduct-related routing) as a “someone needs to see this” escalation, even if it’s not the perfect intake channel.

What Fedora should do (quick, practical fixes)

If you run a community identity/signup system, this is the defensive checklist I’d start with:

• Remove user-controlled fields from verification emails entirely, or strictly escape/encode them (no HTML allowed, ever).

• Ensure the HTML template uses safe output encoding for every variable.

• Make text/plain and text/html content-identical in meaning, so one can’t be “clean” while the other is weaponized.

• Add rate limiting, bot detection, and/or CAPTCHA on registration attempts.

• Add abuse detection for high-volume signups and unusual field content (URLs, crypto keywords, excessive Unicode symbols).

• Consider suppressing outbound verification email if the display-name/full-name contains suspicious patterns until reviewed.

What recipients should do

If you get a “verify your email” message you didn’t initiate:

• Do not click anything, even if SPF/DKIM/DMARC pass.

• Treat it as hostile when it contains:

  • crypto giveaways, “you won” language, or external links unrelated to the service

• If you want to be extra safe, go directly to the site by typing it manually (not via the email) and check whether an account exists or request password reset only if needed.

Indicators from this sample (sanitized)

• Legit sender: fas@fedoraproject.org

• Legit infra in headers: bastion02.fedoraproject.org / internal worker

• Payload link domain in HTML: graph.org

• Activation URL domain: accounts.fedoraproject.org (token redacted)

If you’re running an identity system: please assume attackers will use your reputation to deliver their scams. Email authentication tells you the message is really from the domain – it does not tell you the message is safe.

INTERNET WEATHER REPORT 🌧☁️☀️

AS215476 (Inside Network LTD) has just been added to ASN watchlist. This autonomous system announces only one BGP prefixes:

• 77.90.185.0/24

High concentration of phishing websites targeting government and banking entities – and a metric shit-ton of unsolicited port scanning detected.

Drop It Like It’s Hot. 🔥

Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/

INTERNET WEATHER REPORT 🌧☁️☀️

AS211736 (FOP Dmytro Nedilskyi) has just been added to ASN watchlist. This autonomous system announces three BGP prefixes:

• 88.210.63.0/24
• 92.63.197.0/24
• 185.156.73.0/24

High concentration of brute-force attack (large scale) and some phishing sites – plus a few bonus illegal marketplace sites. Check out this corroborating report as well:  https://thehackernews.com/2025/09/ukrainian-network-fdn3-launches-massive.html

Drop It Like It’s Hot. 🔥

Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/

So I was researching a rarely seen threat vector of ESP (IP protocol 50) packets and stumbled upon VMISS Inc. (AS967) – a boy what a surprise this was!

A quick look a their announced IP space (BGP prefixes) was a big red flag by itself, then I discovered their “our team” page: https://www.vmiss.com/our-team/

None of the people shown on the page exist, and the images themselves are stolen.

This “Max Gray” guy is an image stolen (or reused) from other sources, as revealed by a reverse image search:

• https://studio-duality.com/our-team/
• https://unibere.com/teams/jonquil-von-2/

Anyway, definitely stay away from this one. My best guess is this is a Chinese organization, operating in Canada, and it’s fraudulent to the core.

INTERNET WEATHER REPORT 🌧☁️☀️

AS215925 (VPSVAULT.HOST LTD) has just been added to ASN watchlist. This autonomous system announces two BGP prefixes:

• 108.165.153.0/24
• 87.121.84.0/24

High concentration of malware hosting (infostealer, DDoS, etc.) and other illegal content.

Drop It Like It’s Hot. 🔥

Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/

INTERNET WEATHER REPORT 🌧☁️☀️

AS42624 (Global-Data System IT Corporation) has just been added to ASN watchlist. This autonomous system announces nine BGP prefixes:

• 185.196.8.0/24
• 185.196.9.0/24
• 185.196.10.0/24
• 185.196.11.0/24
• 185.208.156.0/24
• 185.208.157.0/24
• 185.208.158.0/24
• 185.208.159.0/24

Nothing but phishing sites, various malware hosting (infostealer, DDoS, etc.) and other illegal content. Global-Data System IT Corporation (nice-sounding generic bullshit name) was previously registered in the Seychelles as AS34888 – but has not been seen in the global routing table using that ASN since February 1, 2022.

Drop It Like It’s Hot. 🔥

Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/

INTERNET WEATHER REPORT 🌧☁️☀️

AS214295 (SKYNET NETWORK LTD) has just been added to ASN watchlist. This autonomous system announces only three BGP prefixes:

• 45.142.193.0/24
• 87.120.93.0/24
• 194.0.234.0/24

Abuse reports sent to murraycharles988@gmail.com go unanswered. AbuseIPDB has logged nearly 250,000 abuse reports for the first netblock alone.

Drop It Like It’s Hot.

Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/

Neiman Marcus email servers (SendGrid) have been hacked to send a phishing attack targeting OpenSea users. Here’s the full headers and body of the message for your perusement:

Delivered-To: <redacted>@gmail.com
Received: by 2002:a05:612c:b8c:b0:4bc:e613:22f0 with SMTP id iq12csp925103vqb;
Fri, 28 Feb 2025 04:46:03 -0800 (PST)
X-Google-Smtp-Source: AGHT+IELOLo2I/Tjn/2ETiQppo+XlEYA9Wer7wVFiljwVnpJhIVFHobU8EAS3iHe1IIyq4HiNfmd
X-Received: by 2002:a05:6602:3fc1:b0:855:a4a4:a938 with SMTP id ca18e2360f4ac-85881f044f0mr239496739f.2.1740746763022;
Fri, 28 Feb 2025 04:46:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1740746763; cv=none;
d=google.com; s=arc-20240605;
b=jBx/BSRBsm4LaPlA8Mve3TyEslqYlMJd3Ool1Z5cmSe6luukjQKZx9lBgJx9Vvr9E4
JiagGyRLnxNWSq420x2uwe4ST4D+DYFcM+jcFWx6NpKr8AcPEH2thwSGbZ7AlyhlmMFL
cqgXheLcLcE+BL2P3Ed1+9Nd26WsCYx+6/0hVvhn8deCggXgMH3PK+gKRShYSJVONoHo
bvNQG0BEDSImOiHgR3H4OM6MFjtK/N91hKFCZ6rR1lT42HPdxd9hhS9BeLirkVcTA1xN
mSSORPBrklUu+ICdbkhq1+ZxpX3wWGN1YXSZ4fujXFdqVZuaA7QJnFYzjeMgX//l9KYZ
9S6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=to:reply-to:list-unsubscribe-post:list-unsubscribe:mime-version
:message-id:date:subject:from:dkim-signature:dkim-signature;
bh=L/+hG+YpQjwSckRnRAz381Ri04Rnc8ZCfQtLqAOJSKo=;
fh=YXG5yT77ulXThGz6wf21MSjtYxN5Y8QvoJEHcfd9KjA=;
b=NzPAm5D6MCoQ0Lq4T7UOXsn4NlyFQLeTbVYLv8RblNCFYmlaKOOHF+Lj499Erv3GaS
bp04ccLPSGZ2xpwpDzFwgoYsnriJWHpE86LLBCCpKh9zMmfsCFmGG7ofjoozWZD5bZ9/
o4QPPf4X9CnoAb9Jm1VlXU+MyzF8x5TVhLD/QS15rax5oifoK+H0F7YQMvu1yptn1bjn
4VylK5tD7oKnS/ILs+LeZGrSHQBxyXnNOp/7zgel0eKVKi1He2TxEdTa4iv/UuS3tkor
bgC3VZbtuO/p7QQ69YEEPquAZdbR/DVU9OMAYTd4qnSWZssK1/ZiKrdcLMkYT+AmBAYE
Aa7w==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@s.neimanmarcus.com header.s=s1 header.b=C4dJPzNe;
dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b=z5fGjl43;
spf=pass (google.com: domain of bounces+12932948-66e1-<redacted>=gmail.com@sg.s.neimanmarcus.com designates 198.21.7.242 as permitted sender) smtp.mailfrom=”bounces+12932948-66e1-<redacted>=gmail.com@sg.s.neimanmarcus.com”;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=neimanmarcus.com
Return-Path: <bounces+12932948-66e1-<redacted>=gmail.com@sg.s.neimanmarcus.com>
Received: from o1.sg.s.neimanmarcus.com (o1.sg.s.neimanmarcus.com. [198.21.7.242])
by mx.google.com with ESMTPS id 8926c6da1cb9f-4f061f85126si2821214173.105.2025.02.28.04.46.02
for <<redacted>@gmail.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Fri, 28 Feb 2025 04:46:03 -0800 (PST)
Received-SPF: pass (google.com: domain of bounces+12932948-66e1-<redacted>=gmail.com@sg.s.neimanmarcus.com designates 198.21.7.242 as permitted sender) client-ip=198.21.7.242;
Authentication-Results: mx.google.com;
dkim=pass header.i=@s.neimanmarcus.com header.s=s1 header.b=C4dJPzNe;
dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b=z5fGjl43;
spf=pass (google.com: domain of bounces+12932948-66e1-<redacted>=gmail.com@sg.s.neimanmarcus.com designates 198.21.7.242 as permitted sender) smtp.mailfrom=”bounces+12932948-66e1-<redacted>=gmail.com@sg.s.neimanmarcus.com”;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=neimanmarcus.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=s.neimanmarcus.com; h=from:subject:mime-version:list-unsubscribe:list-unsubscribe-post: reply-to:x-feedback-id:to:content-type:cc:content-type:from:subject:to; s=s1; bh=L/+hG+YpQjwSckRnRAz381Ri04Rnc8ZCfQtLqAOJSKo=; b=C4dJPzNel1gq5NtWmthN0ZVZCxj1n6rtq35EHfAkdsC2pr4Ys9/2KZ0l2W3VIP8+3Wtg qlm94rIOipd54TLAkzRN6hnXpcbbAVTxNF0WaECctkdZmmtuyskLAXu8AtAAhc27tDYk7Z cJgK3uTkssG6097v8sLIbwBX6J0dqBl0flHatvn2xV2QB5Z+7ebu2X5qNDv3IkxoMkS2L/ Pmy4uUM/LNza1VuW4GPuFrrYk3CvuIYfJKtrqgsbizgtsYv3hxmVvUg5aL3JwiCtiNayDM ZUqGAsENCTdtbWIsfLSUFv07pT6RK6u8IGBmMxAv2KzXDMnFFOmCcjyMJXK09NMQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.info; h=from:subject:mime-version:list-unsubscribe:list-unsubscribe-post: reply-to:x-feedback-id:to:content-type:cc:content-type:from:subject:to; s=smtpapi; bh=L/+hG+YpQjwSckRnRAz381Ri04Rnc8ZCfQtLqAOJSKo=; b=z5fGjl43wV9k7QAvidXL3jUKO+xowVNcAvEzHoPnp6P4AoVF0NsvE8TF09HlJlHunQ4E KJH47BF5/OAx5nRVUr2qFUoHpTRkCZbzaNP3G3B9W/GN/fW5U34FKfgFD1W5zj0vfkiJAR 1W8zL7jgPNjafagrof42NPiQYPFOqRKJg=
Received: by recvd-6c59464dcc-tftxq with SMTP id recvd-6c59464dcc-tftxq-1-67C1B008-4D 2025-02-28 12:46:00.857072207 +0000 UTC m=+9127416.987151032
Received: from epicurus.dns.army (unknown) by geopod-ismtpd-0 (SG) with ESMTP id fkK3Yxy6S-O3zfLl2kDiRw for <<redacted>@gmail.com>; Fri, 28 Feb 2025 12:46:00.817 +0000 (UTC)
From: Opensea <customercarenm@s.neimanmarcus.com>
Subject: You’ve received a new offer in your listing !
Date: Fri, 28 Feb 2025 12:46:00 +0000 (UTC)
Message-ID: <20250228134600.246967D5FE227E6F@s.neimanmarcus.com>
MIME-Version: 1.0
List-Unsubscribe: <https://v25.firsthive.com/engage/doUnsubscribe?unsUsrId=<redacted>@gmail.com&amp;dcfh=21966&gt;,<mailto:unsubscribe@v25.firsthive.com?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Reply-To: Opensea <customercarenm@s.neimanmarcus.com>
X-Feedback-ID: 12932948:SG
X-SG-EID: u001.jXNLjdD674qyU4myzaYKLLm20AOsdn87M2v9uB8gsMXeW8FcZ+qlqLTCKZYFfPx51PMJP+UB0CmtApEfYvaxTKyFm3tQnf3XKxsTzt+AjqNiZMVqAO91fJ6gEcUOkC4R0eSg8qSvpH7JZP742SVY79gfqtrVx0LSwywRESzmMQkHHBXc2eiRrGswTeGauq8BxLRpsPJaQf7+3R4Yfr8oFO1HiGkJkxfwGw2v7a28BgCuTFbBeI9NZZ69lFovcnhJ
To: <redacted>@gmail.com
X-Entity-ID: u001.BywriMLvqLDvPZeuBdxLBw==
Content-Type: multipart/alternative; boundary=”—-=_NextPart_000_0012_85E8305D.24BE80D9″

——=_NextPart_000_0012_85E8305D.24BE80D9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

udylcv cp oyao bjosvufm qgvh xki
——=_NextPart_000_0012_85E8305D.24BE80D9
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org=
/TR/xhtml1/DTD/xhtml1-strict.dtd”><html data-editor-version=3D”1″ class=3D”=
sg-campaigns” xmlns=3D”http://www.w3.org/1999/xhtml”><head><meta http-equiv=
=3D”Content-Type” content=3D”text/html; charset=3Dutf-8″><meta name=3D”view=
port” content=3D”width=3Ddevice-width, initial-scale=3D1, minimum-scale=3D1=
, maximum-scale=3D1″><!–[if !mso]><!–><title>Forgot Password</title><!–[=
if (gte mso 9)|(IE)]>
<xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml>
<![endif]–><!–[if (gte mso 9)|(IE)]>
<style type=3D”text/css”>
body {width: 600px;margin: 0 auto;}
table {border-collapse: collapse;}
table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;}
img {-ms-interpolation-mode: bicubic;}
</style>
<![endif]–><style type=3D”text/css”>body,p,div{font-family:arial,helvetica=
,sans-serif;font-size:16px}body{color:#ffffff}body a{color:#1188E6;text-dec=
oration:none}p{margin:0;padding:0}table.wrapper{width:100% !important;table=
-layout:fixed;-webkit-font-smoothing:antialiased;-webkit-text-size-adjust:1=
00%;-moz-text-size-adjust:100%;-ms-text-size-adjust:100%}img.max-width{max-=
width:100% !important}.column.of-2{width:50%}.column.of-3{width:33.333%}.co=
lumn.of-4{width:25%}ul ul ul ul{list-style-type:disc !important}ol ol{list-=
style-type:lower-roman !important}ol ol ol{list-style-type:lower-latin !imp=
ortant}ol ol ol ol{list-style-type:decimal !important}@media screen and (ma=
x-width:480px) { .preheader .rightColumnContent,.footer .rightColumnContent=
{ text-align: left !important; } .preheader .rightColumnContent div,.prehe=
ader .rightColumnContent span,.footer .rightColumnContent div,.footer .righ=
tColumnContent span { text-align: left !important; } .preheader .rightColum=
nContent,.preheader .leftColumnContent { font-size: 80% !important; padding=
: 5px 0; } table.wrapper-mobile { width: 100% !important; table-layout: fix=
ed; } img.max-width { height: auto !important; max-width: 100% !important; =
} a.bulletproof-button { display: block !important; width: auto !important;=
font-size: 80%; padding-left: 0 !important; padding-right: 0 !important; }=
.columns { width: 100% !important; } .column { display: block !important; =
width: 100% !important; padding-left: 0 !important; padding-right: 0 !impor=
tant; margin-left: 0 !important; margin-right: 0 !important; } .social-icon=
-column { display: inline-block !important; } }</style></head><body style=
=3D”font-family:arial,helvetica,sans-serif;font-size:16px;color:#ffffff”><c=
enter class=3D”wrapper” data-link-color=3D”#1188E6″ data-body-style=3D”font=
-size:16px; font-family:arial,helvetica,sans-serif; color:#ffffff; backgrou=
nd-color:#ffffff;”><div style=3D”font-family:arial,helvetica,sans-serif;fon=
t-size:16px” class=3D”webkit”><table style=3D”width:100% !important;table-l=
ayout:fixed;-webkit-font-smoothing:antialiased;-webkit-text-size-adjust:100=
%;-moz-text-size-adjust:100%;-ms-text-size-adjust:100%” cellpadding=3D”0″ c=
ellspacing=3D”0″ border=3D”0″ width=3D”100%” class=3D”wrapper” bgcolor=3D”#=
ffffff”><tr><td valign=3D”top” bgcolor=3D”#ffffff” width=3D”100%”><table wi=
dth=3D”100%” role=3D”content-container” class=3D”outer” align=3D”center” ce=
llpadding=3D”0″ cellspacing=3D”0″ border=3D”0″><tr><td width=3D”100%”><tabl=
e width=3D”100%” cellpadding=3D”0″ cellspacing=3D”0″ border=3D”0″><tr><td><=
!–[if mso]>
<center>
<table><tr><td width=3D”600″>
<![endif]–><table width=3D”100%” cellpadding=3D”0″ cellspacing=3D”0″ bor=
der=3D”0″ style=3D”width:100%;max-width:600px” align=3D”center”><tr><td rol=
e=3D”modules-container” style=3D”padding:20px 0px 20px 0px;color:#ffffff;te=
xt-align:left” bgcolor=3D”#252525″ width=3D”100%” align=3D”left”><table cla=
ss=3D”module preheader preheader-hide” role=3D”module” data-type=3D”prehead=
er” border=3D”0″ cellpadding=3D”0″ cellspacing=3D”0″ width=3D”100%” style=
=3D”display:none !important;mso-hide:all;visibility:hidden;opacity:0;color:=
transparent;height:0;width:0″><tr><td role=3D”module-content”><p style=3D”f=
ont-family:arial,helvetica,sans-serif;font-size:16px;margin:0;padding:0″>Ne=
w alert :</p></td></tr></table><table style=3D”width:100% !important;table-=
layout:fixed;-webkit-font-smoothing:antialiased;-webkit-text-size-adjust:10=
0%;-moz-text-size-adjust:100%;-ms-text-size-adjust:100%;table-layout:fixed”=
width=3D”100%” class=3D”wrapper” role=3D”module” border=3D”0″ cellspacing=
=3D”0″ cellpadding=3D”0″ data-type=3D”image” data-muid=3D”48e008b1-0352-461=
6-a761-b05ad06b6aac”><tbody><tr><td align=3D”center” valign=3D”top” style=
=3D”padding:0px 0px 0px 0px;line-height:10px;font-size:6px”><img style=3D”m=
ax-width:100% !important;width:10%;height:auto !important;color:rgb(0,0,0);=
font-family:Helvetica,arial,sans-serif;font-size:16px;text-decoration:none;=
display:block;max-width:10% !important” width=3D”60″ class=3D”max-width” al=
t=3D”Customer Logo” src=3D”https://cdn.mcauto-images-production.sendgrid.ne=
t/76064dbe76cc238b/ade47893-df50-4299-bbeb-a845581c5a2c/250×250.png” border=
=3D”0″ data-proportionally-constrained=3D”true” data-responsive=3D”true”></=
td></tr></tbody></table><table class=3D”module” role=3D”module” data-type=
=3D”spacer” border=3D”0″ cellpadding=3D”0″ cellspacing=3D”0″ width=3D”100%”=
style=3D”table-layout:fixed” data-muid=3D”769c986b-33ec-40a1-b375-4c0f6e20=
bc3e”><tbody><tr><td style=3D”padding:0px 0px 10px 0px” role=3D”module-cont=
ent” bgcolor=3D””></td></tr></tbody></table><table class=3D”module” role=3D=
“module” data-type=3D”divider” border=3D”0″ cellpadding=3D”0″ cellspacing=
=3D”0″ width=3D”100%” style=3D”table-layout:fixed” data-muid=3D”97a14720-38=
c8-45b6-b5b2-31a2a10c7107″><tbody><tr><td style=3D”padding:0px 10px 0px 10p=
x” role=3D”module-content” height=3D”100%” valign=3D”top” bgcolor=3D””><tab=
le border=3D”0″ cellpadding=3D”0″ cellspacing=3D”0″ align=3D”center” width=
=3D”100%” height=3D”1px” style=3D”line-height:1px;font-size:1px”><tbody><tr=
><td style=3D”padding:0px 0px 1px 0px” bgcolor=3D”#ffffff”></td></tr></tbod=
y></table></td></tr></tbody></table><table width=3D”100%” class=3D”module” =
role=3D”module” style=3D”table-layout:fixed” border=3D”0″ cellspacing=3D”0″=
cellpadding=3D”0″ data-type=3D”spacer” data-muid=3D”1402e200-4a0d-477e-879=
0-004bcbced5ed”><tbody><tr><td role=3D”module-content” style=3D”padding:0px=
0px 10px 0px” bgcolor=3D””></td></tr></tbody></table><table width=3D”100%”=
align=3D”center” role=3D”module” style=3D”padding:15px 15px 15px 15px” bgc=
olor=3D”#252525″ border=3D”0″ cellspacing=3D”0″ cellpadding=3D”0″ data-type=
=3D”columns” data-distribution=3D”1″><tbody><tr role=3D”module-content”><td=
height=3D”100%” valign=3D”top”><table width=3D”550″ style=3D”width:550px;b=
order-spacing:0;border-collapse:collapse;margin:0px 10px 0px 10px” cellpadd=
ing=3D”0″ cellspacing=3D”0″ align=3D”left” border=3D”0″ bgcolor=3D”” class=
=3D”column column-0″><tbody><tr><td style=3D”padding:0px;margin:0px;border-=
spacing:0″><table width=3D”100%” class=3D”module” role=3D”module” style=3D”=
table-layout:fixed” border=3D”0″ cellspacing=3D”0″ cellpadding=3D”0″ data-t=
ype=3D”text” data-muid=3D”d2c550d7-0245-4d26-914b-f939c2006bf4″ data-mc-mod=
ule-version=3D”2019-10-22″><tbody><tr><td height=3D”100%” role=3D”module-co=
ntent” valign=3D”top” style=3D”padding:0px 0px 0px 0px;text-align:inherit;l=
ine-height:30px;background-color:rgb(37,37,37)” bgcolor=3D”rgb(37, 37, 37)”=
><div style=3D”font-family:arial,helvetica,sans-serif;font-size:16px”><div =
style=3D”font-family:arial,helvetica,sans-serif;font-size:16px;font-family:=
inherit;text-align:inherit;color:#FFFFFF !important”><strong>Dear user,</st=
rong></div><div style=3D”font-family:arial,helvetica,sans-serif;font-size:1=
6px;font-family:inherit;text-align:inherit;color:#FFFFFF !important”>We are=
pleased to inform you that your listing has just received a new bid! We in=
vite you to log into your account at your earliest convenience to review th=
e details of this offer. This is a great opportunity to evaluate the propos=
al and determine if it meets your expectations.</div><div style=3D”font-fam=
ily:arial,helvetica,sans-serif;font-size:16px”></div></div></td></tr></tbod=
y></table></td></tr></tbody></table></td></tr></tbody></table><table class=
=3D”module” role=3D”module” data-type=3D”spacer” border=3D”0″ cellpadding=
=3D”0″ cellspacing=3D”0″ width=3D”100%” style=3D”table-layout:fixed” data-m=
uid=3D”a4208e35-edcb-49ed-84e7-69aa2e6e2339″><tbody><tr><td style=3D”paddin=
g:0px 0px 30px 0px” role=3D”module-content” bgcolor=3D””></td></tr></tbody>=
</table><table border=3D”0″ cellpadding=3D”0″ cellspacing=3D”0″ align=3D”ce=
nter” width=3D”100%” role=3D”module” data-type=3D”columns” style=3D”padding=
:20px 20px 20px 20px” bgcolor=3D”#262626″ data-distribution=3D”1″><tbody><t=
r role=3D”module-content”><td height=3D”100%” valign=3D”top”><table width=
=3D”540″ style=3D”width:540px;border-spacing:0;border-collapse:collapse;mar=
gin:0px 10px 0px 10px” cellpadding=3D”0″ cellspacing=3D”0″ align=3D”left” b=
order=3D”0″ bgcolor=3D”” class=3D”column column-0″><tbody><tr><td style=3D”=
padding:0px;margin:0px;border-spacing:0″><table class=3D”module” role=3D”mo=
dule” data-type=3D”text” border=3D”0″ cellpadding=3D”0″ cellspacing=3D”0″ w=
idth=3D”100%” style=3D”table-layout:fixed” data-muid=3D”a4c28e76-1f05-4683-=
892e-8b863418e7b9″ data-mc-module-version=3D”2019-10-22″><tbody><tr><td sty=
le=3D”border-radius:15px 15px 15px 15px;padding:18px 18px 18px 18px;line-he=
ight:22px;text-align:inherit;background-color:#ffffff” height=3D”100%” vali=
gn=3D”top” bgcolor=3D”#ffffff” role=3D”module-content”><div style=3D”font-f=
amily:arial,helvetica,sans-serif;font-size:16px”><div style=3D”font-family:=
arial,helvetica,sans-serif;font-size:16px;font-family:inherit;text-align:in=
herit”><span style=3D”color:#000000″><ul><strong>Details:</strong><br><li><=
strong>By: 0xa281***4419</strong></li><li><strong>Username: Neiman36</stron=
g></li></ul></span></div><div style=3D”font-family:arial,helvetica,sans-ser=
if;font-size:16px”></div></div></td></tr></tbody></table></td></tr></tbody>=
</table></td></tr></tbody></table><table class=3D”module” role=3D”module” d=
ata-type=3D”spacer” border=3D”0″ cellpadding=3D”0″ cellspacing=3D”0″ width=
=3D”100%” style=3D”table-layout:fixed” data-muid=3D”5df3475a-d52a-4172-b588=
-6328cec59fa0″><tbody><tr><td style=3D”padding:0px 0px 10px 0px” role=3D”mo=
dule-content” bgcolor=3D””></td></tr></tbody></table><table border=3D”0″ ce=
llpadding=3D”0″ cellspacing=3D”0″ class=3D”module” data-role=3D”module-butt=
on” data-type=3D”button” role=3D”module” style=3D”table-layout:fixed” width=
=3D”100%” data-muid=3D”4a7d1b4e-0165-4dac-901c-aed463681e45″><tbody><tr><td=
align=3D”center” bgcolor=3D”” class=3D”outer-td” style=3D”padding:0px 0px =
0px 0px”><table border=3D”0″ cellpadding=3D”0″ cellspacing=3D”0″ class=3D”w=
rapper-mobile” style=3D”text-align:center”><tbody><tr><td align=3D”center” =
bgcolor=3D”#18c5ff” class=3D”inner-td” style=3D”border-radius:6px;font-size=
:16px;text-align:center;background-color:inherit”><a href=3D” https://mandr=
illapp.com/track/click/30599218/natiocourrier.com?p=3D’eyJzIjoiWGlyNkduMjZV=
Y1Yyd0E1NmI3WHlITF9zWEJBIiwidiI6MSwicCI6IntcInVcIjozMDU5OTIxOCxcInZcIjoxLFw=
idXJsXCI6XCJodHRwczpcXFwvXFxcL25hdGlvY291cnJpZXIuY29tXFxcL21haWxcIixcImlkXC=
I6XCIxOWFjMTU3MjAzOGE0ZGY1ODRjOGVmNjg0ZTcwYzBhY1wiLFwidXJsX2lkc1wiOltcImNiY=
zZlMWVmNmU0MDZmYmUyMjk5Yzg2YWI0ODY4ZmM5YzYxNjU5MTZcIl19In0″‘ style=3D”backg=
round-color:#18c5ff;border:1px solid #333333;border-color:#333333;border-ra=
dius:6px;border-width:1px;color:#ffffff;display:inline-block;font-size:14px=
;font-weight:bold;letter-spacing:0px;line-height:normal;padding:12px 18px 1=
2px 18px;text-align:center;text-decoration:none;border-style:solid” target=
=3D”_blank”>More Details</a></td></tr></tbody></table></td></tr></tbody></t=
able><table class=3D”module” role=3D”module” data-type=3D”spacer” border=3D=
“0” cellpadding=3D”0″ cellspacing=3D”0″ width=3D”100%” style=3D”table-layou=
t:fixed” data-muid=3D”667ac555-40c0-42b4-81be-9274a9ef8fb0″><tbody><tr><td =
style=3D”padding:0px 0px 30px 0px” role=3D”module-content” bgcolor=3D””></t=
d></tr></tbody></table><table border=3D”0″ cellpadding=3D”0″ cellspacing=3D=
“0” align=3D”center” width=3D”100%” role=3D”module” data-type=3D”columns” s=
tyle=3D”padding:0px 0px 0px 0px” bgcolor=3D”#000000″ data-distribution=3D”1=
“><tbody><tr role=3D”module-content”><td height=3D”100%” valign=3D”top”><ta=
ble width=3D”600″ style=3D”width:600px;border-spacing:0;border-collapse:col=
lapse;margin:0px 0px 0px 0px” cellpadding=3D”0″ cellspacing=3D”0″ align=3D”=
left” border=3D”0″ bgcolor=3D”” class=3D”column column-0″><tbody><tr><td st=
yle=3D”padding:0px;margin:0px;border-spacing:0″><table class=3D”module” rol=
e=3D”module” data-type=3D”text” border=3D”0″ cellpadding=3D”0″ cellspacing=
=3D”0″ width=3D”100%” style=3D”table-layout:fixed” data-muid=3D”53474f7c-bd=
e0-4338-969f-f349734bb7ea” data-mc-module-version=3D”2019-10-22″><tbody><tr=
><td style=3D”padding:18px 48px 18px 48px;line-height:22px;text-align:inher=
it” height=3D”100%” valign=3D”top” bgcolor=3D”” role=3D”module-content”><di=
v style=3D”font-family:arial,helvetica,sans-serif;font-size:16px”><div styl=
e=3D”font-family:arial,helvetica,sans-serif;font-size:16px;font-family:inhe=
rit;text-align:center”><span style=3D”color:#ffffff;font-size:12px”>This em=
ail was sent to <redacted>@gmail.com.<br>We&#8217;re sending you this email be=
cause you previously opted in for these updates. If you&#8217;d rather not =
receive them anymore, simply click here to unsubscribe. Need help? Our Supp=
ort Center is always available for your questions.</span></div><div style=
=3D”font-family:arial,helvetica,sans-serif;font-size:16px”></div></div></td=
></tr></tbody></table><div style=3D”font-family:arial,helvetica,sans-serif;=
font-size:16px;color:#ffffff;font-size:12px;line-height:20px;padding:16px 1=
6px 16px 16px;text-align:center” data-role=3D”module-unsubscribe” class=3D”=
module” role=3D”module” data-type=3D”unsubscribe” data-muid=3D”b326c8ef-dde=
e-4bb7-b891-6cbb235f30b8″><div style=3D”font-family:arial,helvetica,sans-se=
rif;font-size:16px” class=3D”Unsubscribe–addressLine”></div><p style=3D”fo=
nt-family:arial,helvetica,sans-serif;font-size:16px;margin:0;padding:0;font=
-size:12px;line-height:20px;color:#FFFFFF !important”><a target=3D”_blank” =
class=3D”Unsubscribe–unsubscribeLink ” href=3D”https://u12932948.ct.sendgr=
id.net/ls/click?upn=3Du001.kzuYOsyKCcMmkMXUGxVrqPf-2BJzlrlPicSwbrU82l5mJSKA=
cB-2FfNdXRrNGKelgLgx-2BhHkw2RGvMBlEsQHzk3EgxxViIzfOY3jm2sIsdYUr8LKxOk1wH-2B=
4KwxIANngGCKMmEgz_yKPPKpmirYKJXcuww8j2dmYrrZnR50FK6z2IG3C1FT3ZwffGAbsf2tLuF=
n2MrckGgr06rvsC5QN8IKTwC05OB2wxgqH4MdmWg8BnwQjcMbBHk3N1eiHHMmsF6q6DLOwnqrTV=
vIhkfq5wx5Wj00dLzJcLjOmv3eTF0FePcKrJU2-2Ffmml8AAkxZE0cLnsoGpGa3DlFPXvzR-2Fg=
V2Jqd1rXFEA-3D-3D” style=3D””>Unsubscribe</a></p></div></td></tr></tbody></=
table></td></tr></tbody></table></td></tr></table><!–[if mso]>
</td>
</tr>
</table>
</center>
<![endif]–></td></tr></table></td></tr></table=
></td></tr></table></div></center><img src=3D”https://u12932948.ct.sendgrid=
.net/wf/open?upn=3Du001.Yxj26awTvwz1-2F60kErsCUqm80jCzs620OwDOa0Qvud5-2Ffm9=
bfk5okPrC2257z2ul8LK3WncnhvZdl7NXnKsu-2B1UYS9dCqCyVlhemiN-2F-2FF2l6RitmZczn=
ue9ZxqscdYHNpjwc-2FRBlLp3FLekOTMYNvVJxXfI7O8QoUXWVXaaoqlLmsNO4FdyVapQKF2car=
-2BcHXqPpgS8pITvN9xLeR4blYg-3D-3D” alt=3D”” width=3D”1″ height=3D”1″ border=
=3D”0″ style=3D”height:1px !important;width:1px !important;border-width:0 !=
important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0=
!important;margin-left:0 !important;padding-top:0 !important;padding-botto=
m:0 !important;padding-right:0 !important;padding-left:0 !important;”/></bo=
dy></html>
——=_NextPart_000_0012_85E8305D.24BE80D9–

SendGrid’s abuse team has been notified to rectify the issue.