NetFilx Phish
Posted by Dave Yadallee on
From - Fri Aug 09 10:34:47 2013
X-Account-Key: account1
X-UIDL: 000023084f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 09 Aug 2013 08:33:28 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.80.1)
(envelope-from)
id 1V7nkU-0006F1-Kd
for dave@doctor.nl2k.ab.ca; Fri, 09 Aug 2013 08:33:02 -0600
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Fri, 9 Aug 2013 08:33:02 -0600
Resent-Message-ID: <20130809143302.GA22603@doctor.nl2k.ab.ca>
Resent-To: Dave Yadallee
Received: from [183.129.210.194] (helo=www.sci-inv.com)
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80.1)
(envelope-from)
id 1V7kaP-0002Ka-HP
for postmaster@nl2k.ab.ca; Fri, 09 Aug 2013 05:10:41 -0600
X-Spam-Status: No, hits=2.8 required=10.0
tests=BAYES_00: -1.665,FORGED_MUA_OUTLOOK: 2.963,FORGED_OUTLOOK_HTML: 0.001,
HTML_MESSAGE: 0.001,MIME_HTML_ONLY: 0.001,MISSING_HEADERS: 1.5,
MISSING_MID: 0.001,TOTAL_SCORE: 2.802,autolearn=no
X-Spam-Level: **
Received: from User ([98.173.59.168])
(authenticated user info@sci-inv.com)
by www.sci-inv.com (Kerio Connect 7.1.3);
Fri, 9 Aug 2013 19:03:41 +0800
From: "Netflix"
Subject: Your Account Has Been Suspended
Date: Fri, 9 Aug 2013 04:03:34 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 6.2
X-Spam_score_int: 62
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: To make sure you get your Netflix emails, add info@netflix.com
to your address book. Your Account | Queue | Help Your Account Has Been Suspended
Dear Netflix, We are sending this email to let you know that your credit
card has been expired. To update your account information, please visit Your
Account. [...]
Content analysis details: (6.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=183.129.210.194,nordns]
0.0 RELAY_CHECKER_NORDNS No PTR record
1.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40netflix.com;ip=183.129.210.194;r=doctor.nl2k.ab.ca]
4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Subject: {SPAM?} Your Account Has Been Suspended
X-Account-Key: account1
X-UIDL: 000023084f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 09 Aug 2013 08:33:28 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.80.1)
(envelope-from
id 1V7nkU-0006F1-Kd
for dave@doctor.nl2k.ab.ca; Fri, 09 Aug 2013 08:33:02 -0600
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Fri, 9 Aug 2013 08:33:02 -0600
Resent-Message-ID: <20130809143302.GA22603@doctor.nl2k.ab.ca>
Resent-To: Dave Yadallee
Received: from [183.129.210.194] (helo=www.sci-inv.com)
by doctor.nl2k.ab.ca with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80.1)
(envelope-from
id 1V7kaP-0002Ka-HP
for postmaster@nl2k.ab.ca; Fri, 09 Aug 2013 05:10:41 -0600
X-Spam-Status: No, hits=2.8 required=10.0
tests=BAYES_00: -1.665,FORGED_MUA_OUTLOOK: 2.963,FORGED_OUTLOOK_HTML: 0.001,
HTML_MESSAGE: 0.001,MIME_HTML_ONLY: 0.001,MISSING_HEADERS: 1.5,
MISSING_MID: 0.001,TOTAL_SCORE: 2.802,autolearn=no
X-Spam-Level: **
Received: from User ([98.173.59.168])
(authenticated user info@sci-inv.com)
by www.sci-inv.com (Kerio Connect 7.1.3);
Fri, 9 Aug 2013 19:03:41 +0800
From: "Netflix"
Subject: Your Account Has Been Suspended
Date: Fri, 9 Aug 2013 04:03:34 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam_score: 6.2
X-Spam_score_int: 62
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: To make sure you get your Netflix emails, add info@netflix.com
to your address book. Your Account | Queue | Help Your Account Has Been Suspended
Dear Netflix, We are sending this email to let you know that your credit
card has been expired. To update your account information, please visit Your
Account. [...]
Content analysis details: (6.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=183.129.210.194,nordns]
0.0 RELAY_CHECKER_NORDNS No PTR record
1.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40netflix.com;ip=183.129.210.194;r=doctor.nl2k.ab.ca]
4.2 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Subject: {SPAM?} Your Account Has Been Suspended
| ||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments