NetFlix Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 12 Nov 2022 14:12:01 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1otxlW-0009Fm-SV

for dave@doctor.nl2k.ab.ca;

Sat, 12 Nov 2022 14:10:14 -0700

Resent-From: The Doctor

Resent-Date: Sat, 12 Nov 2022 14:10:14 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from ds1222.tmddedicated.eu ([107.6.182.241]:51480)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1otw7J-000Ahz-Cj

for root@nk.ca;

Sat, 12 Nov 2022 12:24:48 -0700

Received: from mobilecleaners by ds1222.tmddedicated.eu with local (Exim 4.95)

(envelope-from )

id 1otw4Y-0007Ov-1w

for root@nk.ca;

Sat, 12 Nov 2022 19:21:46 +0000

To: root@nk.ca

Subject: Your Netflix membership is about to be canceled!

X-PHP-Script: mobilecleaners.co.za/wp-content/qkJcdoNSx9t.php for 217.164.78.190

X-PHP-Originating-Script: 1026:qkJcdoNSx9t.php

Date: Sat, 12 Nov 2022 19:21:46 +0000

From: NO-reply

Message-ID: <77389c01a931e37207eab80203c961fb@mobilecleaners.co.za>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_77389c01a931e37207eab80203c961fb"

Content-Transfer-Encoding: 8bit

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - ds1222.tmddedicated.eu

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [1026 993] / [47 12]

X-AntiAbuse: Sender Address Domain - mobilecleaners.co.za

X-Get-Message-Sender-Via: ds1222.tmddedicated.eu: authenticated_id: mobilecleaners/from_h

X-Authenticated-Sender: ds1222.tmddedicated.eu: support@mobilecleaners.co.za

X-Source:

X-Source-Args: /opt/cpanel/ea-php72/root/usr/bin/php-cgi /home/mobilecleaners/public_html/wp-content/qkJcdoNSx9t.php

X-Source-Dir: mobilecleaners.co.za:/public_html/wp-content

X-Spam_score: 5.6

X-Spam_score_int: 56

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: @media screen { @font-face { font-family: 'Fira Sans'; font-style:

normal; font-weight: 400; src: local('Fira Sans Regular'), local('FiraSans-Regular'),

url(https://fonts.gstatic.com/s/firasans/v8/va [...]



Content analysis details: (5.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[107.6.182.241 listed in bb.barracudacentral.org]

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different

2.5 PHP_SCRIPT Sent by PHP script

Subject: {SPAM?} Your Netflix membership is about to be canceled!



This is a multi-part message in MIME format.



--b1_77389c01a931e37207eab80203c961fb

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit







































@media screen {

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 400;

src: local('Fira Sans Regular'), local('FiraSans-Regular'), url(https://fonts.gstatic.com/s/firasans/v8/va9E4kDNxMZdWfMOD5Vvl4jLazX3dA.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 400;

src: local('Fira Sans Regular'), local('FiraSans-Regular'), url(https://fonts.gstatic.com/s/firasans/v8/va9E4kDNxMZdWfMOD5Vvk4jLazX3dGTP.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 500;

src: local('Fira Sans Medium'), local('FiraSans-Medium'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnZKveRhf6Xl7Glw.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 500;

src: local('Fira Sans Medium'), local('FiraSans-Medium'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnZKveQhf6Xl7Gl3LX.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 700;

src: local('Fira Sans Bold'), local('FiraSans-Bold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnLK3eRhf6Xl7Glw.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 700;

src: local('Fira Sans Bold'), local('FiraSans-Bold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnLK3eQhf6Xl7Gl3LX.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 800;

src: local('Fira Sans ExtraBold'), local('FiraSans-ExtraBold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnMK7eRhf6Xl7Glw.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 800;

src: local('Fira Sans ExtraBold'), local('FiraSans-ExtraBold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnMK7eQhf6Xl7Gl3LX.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

}





#outlook a {

padding: 0;

}



.ReadMsgBody,

.ExternalClass {

width: 100%;

}



.ExternalClass,

.ExternalClass p,

.ExternalClass td,

.ExternalClass div,

.ExternalClass span,

.ExternalClass font {

line-height: 100%;

}



div[style*="margin: 14px 0"],

div[style*="margin: 16px 0"] {

margin: 0 !important;

}



table,

td {

mso-table-lspace: 0;

mso-table-rspace: 0;

}



table,

tr,

td {

border-collapse: collapse;

}



body,

td,

th,

p,

div,

li,

a,

span {

-webkit-text-size-adjust: 100%;

-ms-text-size-adjust: 100%;

mso-line-height-rule: exactly;

}



img {

border: 0;

outline: none;

line-height: 100%;

text-decoration: none;

-ms-interpolation-mode: bicubic;

}



a[x-apple-data-detectors] {

color: inherit !important;

text-decoration: none !important;

}



body {

margin: 0;

padding: 0;

width: 100% !important;

-webkit-font-smoothing: antialiased;

}



.pc-gmail-fix {

display: none;

display: none !important;

}



@media screen and (min-width: 621px) {

.pc-email-container {

width: 620px !important;

}

}





@media screen and (max-width:620px) {

.pc-sm-p-34-30-55 {

padding: 34px 30px 55px !important

}

.pc-sm-p-21-10-14 {

padding: 21px 10px 14px !important

}

.pc-sm-h-20 {

height: 20px !important

}

.pc-sm-mw-100pc {

max-width: 100% !important

}

}





@media screen and (max-width:525px) {

.pc-xs-p-25-20-20 {

padding: 25px 20px 20px !important

}

.pc-xs-h-53 {

height: 53px !important

}

.pc-xs-fs-30 {

font-size: 30px !important

}

.pc-xs-lh-42 {

line-height: 42px !important

}

.pc-xs-br-disabled br {

display: none !important

}

.pc-xs-p-5-0 {

padding: 5px 0 !important

}

}

































@media screen {

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 400;

src: local('Fira Sans Regular'), local('FiraSans-Regular'), url(https://fonts.gstatic.com/s/firasans/v8/va9E4kDNxMZdWfMOD5Vvl4jLazX3dA.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 400;

src: local('Fira Sans Regular'), local('FiraSans-Regular'), url(https://fonts.gstatic.com/s/firasans/v8/va9E4kDNxMZdWfMOD5Vvk4jLazX3dGTP.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 500;

src: local('Fira Sans Medium'), local('FiraSans-Medium'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnZKveRhf6Xl7Glw.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 500;

src: local('Fira Sans Medium'), local('FiraSans-Medium'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnZKveQhf6Xl7Gl3LX.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 700;

src: local('Fira Sans Bold'), local('FiraSans-Bold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnLK3eRhf6Xl7Glw.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 700;

src: local('Fira Sans Bold'), local('FiraSans-Bold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnLK3eQhf6Xl7Gl3LX.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 800;

src: local('Fira Sans ExtraBold'), local('FiraSans-ExtraBold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnMK7eRhf6Xl7Glw.woff2) format('woff2');

unicode-range: U 0000-00FF, U 0131, U 0152-0153, U 02BB-02BC, U 02C6, U 02DA, U 02DC, U 2000-206F, U 2074, U 20AC, U 2122, U 2191, U 2193, U 2212, U 2215, U FEFF, U FFFD;

}

@font-face {

font-family: 'Fira Sans';

font-style: normal;

font-weight: 800;

src: local('Fira Sans ExtraBold'), local('FiraSans-ExtraBold'), url(https://fonts.gstatic.com/s/firasans/v8/va9B4kDNxMZdWfMOD5VnMK7eQhf6Xl7Gl3LX.woff2) format('woff2');

unicode-range: U 0400-045F, U 0490-0491, U 04B0-04B1, U 2116;

}

}





#outlook a {

padding: 0;

}



.ReadMsgBody,

.ExternalClass {

width: 100%;

}



.ExternalClass,

.ExternalClass p,

.ExternalClass td,

.ExternalClass div,

.ExternalClass span,

.ExternalClass font {

line-height: 100%;

}



div[style*="margin: 14px 0"],

div[style*="margin: 16px 0"] {

margin: 0 !important;

}



table,

td {

mso-table-lspace: 0;

mso-table-rspace: 0;

}



table,

tr,

td {

border-collapse: collapse;

}



body,

td,

th,

p,

div,

li,

a,

span {

-webkit-text-size-adjust: 100%;

-ms-text-size-adjust: 100%;

mso-line-height-rule: exactly;

}



img {

border: 0;

outline: none;

line-height: 100%;

text-decoration: none;

-ms-interpolation-mode: bicubic;

}



a[x-apple-data-detectors] {

color: inherit !important;

text-decoration: none !important;

}



body {

margin: 0;

padding: 0;

width: 100% !important;

-webkit-font-smoothing: antialiased;

}



.pc-gmail-fix {

display: none;

display: none !important;

}



@media screen and (min-width: 621px) {

.pc-email-container {

width: 620px !important;

}

}





@media screen and (max-width:620px) {

.pc-sm-p-34-30-55 {

padding: 34px 30px 55px !important

}

.pc-sm-p-21-10-14 {

padding: 21px 10px 14px !important

}

.pc-sm-h-20 {

height: 20px !important

}

.pc-sm-mw-100pc {

max-width: 100% !important

}

}





@media screen and (max-width:525px) {

.pc-xs-p-25-20-20 {

padding: 25px 20px 20px !important

}

.pc-xs-h-53 {

height: 53px !important

}

.pc-xs-fs-30 {

font-size: 30px !important

}

.pc-xs-lh-42 {

line-height: 42px !important

}

.pc-xs-br-disabled br {

display: none !important

}

.pc-xs-p-5-0 {

padding: 5px 0 !important

}

}















‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌Â































































Â









Your Netflix membership is about to be canceled!





Â









Sorry for the interruption, but we're having trouble authorizing your card. Visit the account payment page at























Your account













Re-enter your payment information, or use a different payment method.

.Warning: do not forget to cancel the transaction via the SMS received.





Â























Your friends on Netflix.







Â















































Â















































                             Â

























--b1_77389c01a931e37207eab80203c961fb

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit





























































































‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌Â







































                             Â






























--b1_77389c01a931e37207eab80203c961fb--



Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA