Netflix phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 01 Apr 2023 13:09:10 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pigb4-000Oe5-02
for dave@doctor.nl2k.ab.ca;
Sat, 01 Apr 2023 13:09:06 -0600
Resent-From: The Doctor
Resent-Date: Sat, 1 Apr 2023 13:09:05 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from boar.birch.relay.mailchannels.net ([23.83.209.250]:19935)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pifkX-000N1X-1r
for info@netknow.ca;
Sat, 01 Apr 2023 12:14:53 -0600
X-Sender-Id: hostpapa|x-authuser|a3@autogatesandfencing.com.au
Received: from relay.mailchannels.net (localhost [127.0.0.1])
by relay.mailchannels.net (Postfix) with ESMTP id 07C1D761E65;
Sat, 1 Apr 2023 18:12:50 +0000 (UTC)
Received: from r129.websiteservername.com (unknown [127.0.0.6])
(Authenticated sender: hostpapa)
by relay.mailchannels.net (Postfix) with ESMTPA id 6FDD5761E14;
Sat, 1 Apr 2023 18:12:41 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1680372769; a=rsa-sha256;
cv=none;
b=OzOiNrT7kDPJQtTfgV7N8RemdQ/eh8DHRAGq04bHDrIjUbIHhf3ajb3yZmxEALJm4GWdPI
eg45qBXwIilStGJYtAKvHfZcqSXACADtxQ1sImYyI9X3Zjn3dBeAbshIodcwWaH65mTsNk
MeoVj91SQwA/aWNpp0++cNYe5UA4pmXUC6kSNwRg81ASyXY2hO/y8N9HlPWbV6y9Kg2NF2
+Lxn4vBD+IoIe5fWqFSSY0cWnUc1/EfyFZ+F/2wYYzpkl2T04ARj9RiYi9yidbQTLaZ6cy
uBUkRiRlPzX7K3m0yG0bDb2V3R1SfY0vcaNp3o86Ju1MmvsltZW/DbQLeHhtxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=mailchannels.net;
s=arc-2022; t=1680372769;
h=from:from:reply-to:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:dkim-signature;
bh=Bs8Pm7k0VrnEq4BRDrei3NNDaZxDZ9AaBob4DzjEn30=;
b=u7l7c06rwOhLleZP0rMaXZMHSrvD4PUbvPifuQqpbZSCPCba7+q4yL64i0JLMpmCmkXkvt
p7Asi+g1Zak9Bu3c21MSqkjv6xFJNyufUOYu5uCi4tMmU4F5W66iu9atLbXW5Oz80VSx71
bmAvhxzGTlvuOvSymTXJPqpGtR/mMgVBp/JNCXv21RQ1fp9XpLBlurGu/GSV2/mBMnc7uu
iEh/gBBk5C/X7NjWJeBimK2PnmgnF8v6ZCJaQca4ykRDXho60W7DzMgNWnjtaPMW2F9Mx4
SiT3hu3hGHVlgWJjQ4YtTh2rrmmTa5nEp54F10UQT0VIlMPYfPc8AndKLph2Aw==
ARC-Authentication-Results: i=1;
rspamd-786cb55f77-8zshc;
auth=pass smtp.auth=hostpapa smtp.mailfrom=a3@autogatesandfencing.com.au
X-Sender-Id: hostpapa|x-authuser|a3@autogatesandfencing.com.au
X-MC-Relay: Bad
X-MailChannels-SenderId: hostpapa|x-authuser|a3@autogatesandfencing.com.au
X-MailChannels-Auth-Id: hostpapa
X-Illegal-Snatch: 0d9fb1594e897388_1680372769610_309881253
X-MC-Loop-Signature: 1680372769610:726466694
X-MC-Ingress-Time: 1680372769610
Received: from r129.websiteservername.com (r129.websiteservername.com
[66.199.141.102])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384)
by 100.127.59.29 (trex/6.7.2);
Sat, 01 Apr 2023 18:12:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=autogatesandfencing.com.au; s=default; h=Content-Type:Message-ID:Reply-To:
Subject:To:From:Date:MIME-Version:Sender:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Bs8Pm7k0VrnEq4BRDrei3NNDaZxDZ9AaBob4DzjEn30=; b=Qh6aGSwr9BRF+8w/NdX939Qr66
9OF9rgNkPA24zV4x7dW+3sC8GsI3fyUIv/pa6DxCZ6J9jNm2AuoKAMgXLuyHN+5cgBP9Oe0p+dwy7
xpOdjTp8cXZGJXZSgARz8cVl38PDs1GIah/jzNQRjMBBua1TtTdxNduOQ3l0W//En4BeGdufDDBTr
M2oj8cJvQck0UDePsDKBaTDPHB/BSejNRGJR5nVkC8HY3RDmqlVf2ER1ntrvJ1v5B5Ie6ogve0FSn
gRmos5z5x5hiNuE86QaBmxMfj3CBlrHUFgitNl1lD4QftaOpGh94Q8LtyMJRc+obzTjSRw/hpch3m
hvTl7WSg==;
Received: from localhost ([127.0.0.1]:56730 helo=r129.websiteservername.com)
by r129.websiteservername.com with esmtpa (Exim 4.95)
(envelope-from)
id 1pifiQ-009dqL-UX;
Sun, 02 Apr 2023 04:12:39 +1000
MIME-Version: 1.0
Date: Sun, 02 Apr 2023 04:12:38 +1000
From: =?UTF-8?Q?Netf=D0=86=D1=96=D1=85?=
To: undisclosed-recipients:;
Subject: =?UTF-8?Q?Your_Netf=D0=86=D1=96=D1=85_account_is_suspended?=
Reply-To: a3@autogatesandfencing.com.au
User-Agent: Roundcube Webmail/1.4.12
Message-ID: <05dd360c62d2402331aa68b4f51e21d6@autogatesandfencing.com.au>
X-Sender: a3@autogatesandfencing.com.au
Organization: a3@autogatesandfencing.com.au
Content-Type: multipart/alternative;
boundary="=_5a00adcb1bb14ba685850900e23ac400"
X-AuthUser: a3@autogatesandfencing.com.au
X-Spam_score: 7.7
X-Spam_score_int: 77
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Reminder : update your payment details Dear customer, We're
having some trouble with your current billing information. We'll try again,
but in the meantime you may want to update your payment details.
Content analysis details: (7.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_RED Contains an URL listed in the URIBL redlist
[URI: airportviena.com]
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[23.83.209.250 listed in list.dnswl.org]
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 T_REMOTE_IMAGE Message contains an external image
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?Q?Your_Netf=D0=86=D1=96=D1=85_account_is_suspended?=
--=_5a00adcb1bb14ba685850900e23ac400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Reminder : update your payment details
Dear customer,
We're having some trouble with your current billing information. We'll
try again, but in the meantime you may want to update your payment
details.
UPDATE NOW [1]
We're here to help if you need it. Visit the help center for more info
or contact us.
Netflix Team
Links:
------
[1] https://airportviena.com/wp-ts.html
--=_5a00adcb1bb14ba685850900e23ac400
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8
=3DUTF-8" />
eva,sans-serif'>
--=_5a00adcb1bb14ba685850900e23ac400--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 01 Apr 2023 13:09:10 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pigb4-000Oe5-02
for dave@doctor.nl2k.ab.ca;
Sat, 01 Apr 2023 13:09:06 -0600
Resent-From: The Doctor
Resent-Date: Sat, 1 Apr 2023 13:09:05 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from boar.birch.relay.mailchannels.net ([23.83.209.250]:19935)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pifkX-000N1X-1r
for info@netknow.ca;
Sat, 01 Apr 2023 12:14:53 -0600
X-Sender-Id: hostpapa|x-authuser|a3@autogatesandfencing.com.au
Received: from relay.mailchannels.net (localhost [127.0.0.1])
by relay.mailchannels.net (Postfix) with ESMTP id 07C1D761E65;
Sat, 1 Apr 2023 18:12:50 +0000 (UTC)
Received: from r129.websiteservername.com (unknown [127.0.0.6])
(Authenticated sender: hostpapa)
by relay.mailchannels.net (Postfix) with ESMTPA id 6FDD5761E14;
Sat, 1 Apr 2023 18:12:41 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1680372769; a=rsa-sha256;
cv=none;
b=OzOiNrT7kDPJQtTfgV7N8RemdQ/eh8DHRAGq04bHDrIjUbIHhf3ajb3yZmxEALJm4GWdPI
eg45qBXwIilStGJYtAKvHfZcqSXACADtxQ1sImYyI9X3Zjn3dBeAbshIodcwWaH65mTsNk
MeoVj91SQwA/aWNpp0++cNYe5UA4pmXUC6kSNwRg81ASyXY2hO/y8N9HlPWbV6y9Kg2NF2
+Lxn4vBD+IoIe5fWqFSSY0cWnUc1/EfyFZ+F/2wYYzpkl2T04ARj9RiYi9yidbQTLaZ6cy
uBUkRiRlPzX7K3m0yG0bDb2V3R1SfY0vcaNp3o86Ju1MmvsltZW/DbQLeHhtxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=mailchannels.net;
s=arc-2022; t=1680372769;
h=from:from:reply-to:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:dkim-signature;
bh=Bs8Pm7k0VrnEq4BRDrei3NNDaZxDZ9AaBob4DzjEn30=;
b=u7l7c06rwOhLleZP0rMaXZMHSrvD4PUbvPifuQqpbZSCPCba7+q4yL64i0JLMpmCmkXkvt
p7Asi+g1Zak9Bu3c21MSqkjv6xFJNyufUOYu5uCi4tMmU4F5W66iu9atLbXW5Oz80VSx71
bmAvhxzGTlvuOvSymTXJPqpGtR/mMgVBp/JNCXv21RQ1fp9XpLBlurGu/GSV2/mBMnc7uu
iEh/gBBk5C/X7NjWJeBimK2PnmgnF8v6ZCJaQca4ykRDXho60W7DzMgNWnjtaPMW2F9Mx4
SiT3hu3hGHVlgWJjQ4YtTh2rrmmTa5nEp54F10UQT0VIlMPYfPc8AndKLph2Aw==
ARC-Authentication-Results: i=1;
rspamd-786cb55f77-8zshc;
auth=pass smtp.auth=hostpapa smtp.mailfrom=a3@autogatesandfencing.com.au
X-Sender-Id: hostpapa|x-authuser|a3@autogatesandfencing.com.au
X-MC-Relay: Bad
X-MailChannels-SenderId: hostpapa|x-authuser|a3@autogatesandfencing.com.au
X-MailChannels-Auth-Id: hostpapa
X-Illegal-Snatch: 0d9fb1594e897388_1680372769610_309881253
X-MC-Loop-Signature: 1680372769610:726466694
X-MC-Ingress-Time: 1680372769610
Received: from r129.websiteservername.com (r129.websiteservername.com
[66.199.141.102])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384)
by 100.127.59.29 (trex/6.7.2);
Sat, 01 Apr 2023 18:12:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=autogatesandfencing.com.au; s=default; h=Content-Type:Message-ID:Reply-To:
Subject:To:From:Date:MIME-Version:Sender:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Bs8Pm7k0VrnEq4BRDrei3NNDaZxDZ9AaBob4DzjEn30=; b=Qh6aGSwr9BRF+8w/NdX939Qr66
9OF9rgNkPA24zV4x7dW+3sC8GsI3fyUIv/pa6DxCZ6J9jNm2AuoKAMgXLuyHN+5cgBP9Oe0p+dwy7
xpOdjTp8cXZGJXZSgARz8cVl38PDs1GIah/jzNQRjMBBua1TtTdxNduOQ3l0W//En4BeGdufDDBTr
M2oj8cJvQck0UDePsDKBaTDPHB/BSejNRGJR5nVkC8HY3RDmqlVf2ER1ntrvJ1v5B5Ie6ogve0FSn
gRmos5z5x5hiNuE86QaBmxMfj3CBlrHUFgitNl1lD4QftaOpGh94Q8LtyMJRc+obzTjSRw/hpch3m
hvTl7WSg==;
Received: from localhost ([127.0.0.1]:56730 helo=r129.websiteservername.com)
by r129.websiteservername.com with esmtpa (Exim 4.95)
(envelope-from
id 1pifiQ-009dqL-UX;
Sun, 02 Apr 2023 04:12:39 +1000
MIME-Version: 1.0
Date: Sun, 02 Apr 2023 04:12:38 +1000
From: =?UTF-8?Q?Netf=D0=86=D1=96=D1=85?=
To: undisclosed-recipients:;
Subject: =?UTF-8?Q?Your_Netf=D0=86=D1=96=D1=85_account_is_suspended?=
Reply-To: a3@autogatesandfencing.com.au
User-Agent: Roundcube Webmail/1.4.12
Message-ID: <05dd360c62d2402331aa68b4f51e21d6@autogatesandfencing.com.au>
X-Sender: a3@autogatesandfencing.com.au
Organization: a3@autogatesandfencing.com.au
Content-Type: multipart/alternative;
boundary="=_5a00adcb1bb14ba685850900e23ac400"
X-AuthUser: a3@autogatesandfencing.com.au
X-Spam_score: 7.7
X-Spam_score_int: 77
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Reminder : update your payment details Dear customer, We're
having some trouble with your current billing information. We'll try again,
but in the meantime you may want to update your payment details.
Content analysis details: (7.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_RED Contains an URL listed in the URIBL redlist
[URI: airportviena.com]
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[23.83.209.250 listed in list.dnswl.org]
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 T_REMOTE_IMAGE Message contains an external image
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?Q?Your_Netf=D0=86=D1=96=D1=85_account_is_suspended?=
--=_5a00adcb1bb14ba685850900e23ac400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Reminder : update your payment details
Dear customer,
We're having some trouble with your current billing information. We'll
try again, but in the meantime you may want to update your payment
details.
UPDATE NOW [1]
We're here to help if you need it. Visit the help center for more info
or contact us.
Netflix Team
Links:
------
[1] https://airportviena.com/wp-ts.html
--=_5a00adcb1bb14ba685850900e23ac400
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8
=3DUTF-8" />
eva,sans-serif'>
--=_5a00adcb1bb14ba685850900e23ac400--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments