NetFlix phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 26 May 2023 22:10:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1q2lEu-000L26-Nb
for dave@doctor.nl2k.ab.ca;
Fri, 26 May 2023 22:09:12 -0600
Resent-From: The Doctor
Resent-Date: Fri, 26 May 2023 22:09:12 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from host-181-39-63-57.telconet.net ([181.39.63.57]:45834 helo=vps.gobiernosimonbolivar.gob.ec)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1q2hqM-0009ro-RT
for root@nk.ca;
Fri, 26 May 2023 18:31:44 -0600
Received: by vps.gobiernosimonbolivar.gob.ec (Postfix, from userid 48)
id B330D7630BE; Fri, 26 May 2023 19:06:22 -0500 (-05)
To: root@nk.ca
Subject: Last reminder !
Date: Sat, 27 May 2023 00:06:22 +0000
From: N E T F L l X
Message-ID: <761bc6d32d0a4c8e54d10b6abe04df94@gobiernosimonbolivar.gob.ec>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_761bc6d32d0a4c8e54d10b6abe04df94"
Content-Transfer-Encoding: 8bit
X-Spam_score: 5.0
X-Spam_score_int: 50
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: 96 body {width: 500px;margin: 0 auto;} table {border-collapse:
collapse;} table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;} img {-ms-interpolation-mode:
bicubic;} body, p, div { font-family: arial,helvetica,sans-serif; font-size:
14px; } body { color: #000000; } body a { color: #1188E6; text-decoration:
none; } p { margin: 0; padding: 0; } table.wrapper { widt [...]
Content analysis details: (5.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URI: sendgrid.net]
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 ACCT_PHISHING Possible phishing for account information
Subject: {SPAM?} Last reminder !
X-Antivirus: AVG (VPS 230526-4, 5/26/2023), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
--b1_761bc6d32d0a4c8e54d10b6abe04df94
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
96
body {width: 500px;margin: 0 auto;}
table {border-collapse: collapse;}
table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;}
img {-ms-interpolation-mode: bicubic;}
body, p, div {
font-family: arial,helvetica,sans-serif;
font-size: 14px;
}
body {
color: #000000;
}
body a {
color: #1188E6;
text-decoration: none;
}
p { margin: 0; padding: 0; }
table.wrapper {
width:100% !important;
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
img.max-width {
max-width: 100% !important;
}
.column.of-2 {
width: 50%;
}
.column.of-3 {
width: 33.333%;
}
.column.of-4 {
width: 25%;
}
@media screen and (max-width:480px) {
.preheader .rightColumnContent,
.footer .rightColumnContent {
text-align: left !important;
}
.preheader .rightColumnContent div,
.preheader .rightColumnContent span,
.footer .rightColumnContent div,
.footer .rightColumnContent span {
text-align: left !important;
}
.preheader .rightColumnContent,
.preheader .leftColumnContent {
font-size: 80% !important;
padding: 5px 0;
}
table.wrapper-mobile {
width: 100% !important;
table-layout: fixed;
}
img.max-width {
height: auto !important;
max-width: 100% !important;
}
a.bulletproof-button {
display: block !important;
width: auto !important;
font-size: 80%;
padding-left: 0 !important;
padding-right: 0 !important;
}
.columns {
width: 100% !important;
}
.column {
display: block !important;
width: 100% !important;
padding-left: 0 !important;
padding-right: 0 !important;
margin-left: 0 !important;
margin-right: 0 !important;
}
}
Your Suspension Notification !
Hi
We were unable to validate your monthly subscription of your NETFLlX account, As there is a error in your billing information. Therefore we have temporarily suspended your NETFLlX account for now.
You just need to update your billing information in two step process. Please click the button below and update it within 12 hour. Otherwise, we will have to suspend your account permanently.
UPDATE
We are here to help if you need it. Visit the Help Center for more info or contact us.
- The NETFLlX Team
--b1_761bc6d32d0a4c8e54d10b6abe04df94
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
96
--b1_761bc6d32d0a4c8e54d10b6abe04df94--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 26 May 2023 22:10:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1q2lEu-000L26-Nb
for dave@doctor.nl2k.ab.ca;
Fri, 26 May 2023 22:09:12 -0600
Resent-From: The Doctor
Resent-Date: Fri, 26 May 2023 22:09:12 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from host-181-39-63-57.telconet.net ([181.39.63.57]:45834 helo=vps.gobiernosimonbolivar.gob.ec)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1q2hqM-0009ro-RT
for root@nk.ca;
Fri, 26 May 2023 18:31:44 -0600
Received: by vps.gobiernosimonbolivar.gob.ec (Postfix, from userid 48)
id B330D7630BE; Fri, 26 May 2023 19:06:22 -0500 (-05)
To: root@nk.ca
Subject: Last reminder !
Date: Sat, 27 May 2023 00:06:22 +0000
From: N E T F L l X
Message-ID: <761bc6d32d0a4c8e54d10b6abe04df94@gobiernosimonbolivar.gob.ec>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_761bc6d32d0a4c8e54d10b6abe04df94"
Content-Transfer-Encoding: 8bit
X-Spam_score: 5.0
X-Spam_score_int: 50
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: 96 body {width: 500px;margin: 0 auto;} table {border-collapse:
collapse;} table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;} img {-ms-interpolation-mode:
bicubic;} body, p, div { font-family: arial,helvetica,sans-serif; font-size:
14px; } body { color: #000000; } body a { color: #1188E6; text-decoration:
none; } p { margin: 0; padding: 0; } table.wrapper { widt [...]
Content analysis details: (5.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URI: sendgrid.net]
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 ACCT_PHISHING Possible phishing for account information
Subject: {SPAM?} Last reminder !
X-Antivirus: AVG (VPS 230526-4, 5/26/2023), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
--b1_761bc6d32d0a4c8e54d10b6abe04df94
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
96
body {width: 500px;margin: 0 auto;}
table {border-collapse: collapse;}
table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;}
img {-ms-interpolation-mode: bicubic;}
body, p, div {
font-family: arial,helvetica,sans-serif;
font-size: 14px;
}
body {
color: #000000;
}
body a {
color: #1188E6;
text-decoration: none;
}
p { margin: 0; padding: 0; }
table.wrapper {
width:100% !important;
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
img.max-width {
max-width: 100% !important;
}
.column.of-2 {
width: 50%;
}
.column.of-3 {
width: 33.333%;
}
.column.of-4 {
width: 25%;
}
@media screen and (max-width:480px) {
.preheader .rightColumnContent,
.footer .rightColumnContent {
text-align: left !important;
}
.preheader .rightColumnContent div,
.preheader .rightColumnContent span,
.footer .rightColumnContent div,
.footer .rightColumnContent span {
text-align: left !important;
}
.preheader .rightColumnContent,
.preheader .leftColumnContent {
font-size: 80% !important;
padding: 5px 0;
}
table.wrapper-mobile {
width: 100% !important;
table-layout: fixed;
}
img.max-width {
height: auto !important;
max-width: 100% !important;
}
a.bulletproof-button {
display: block !important;
width: auto !important;
font-size: 80%;
padding-left: 0 !important;
padding-right: 0 !important;
}
.columns {
width: 100% !important;
}
.column {
display: block !important;
width: 100% !important;
padding-left: 0 !important;
padding-right: 0 !important;
margin-left: 0 !important;
margin-right: 0 !important;
}
}
Your Suspension Notification !
Hi
We were unable to validate your monthly subscription of your NETFLlX account, As there is a error in your billing information. Therefore we have temporarily suspended your NETFLlX account for now.
You just need to update your billing information in two step process. Please click the button below and update it within 12 hour. Otherwise, we will have to suspend your account permanently.
UPDATE
We are here to help if you need it. Visit the Help Center for more info or contact us.
- The NETFLlX Team
--b1_761bc6d32d0a4c8e54d10b6abe04df94
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
|
--b1_761bc6d32d0a4c8e54d10b6abe04df94--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments