NetFlix phish from NEDETEL Pichincha Ecaudor
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 29 May 2023 16:21:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1q3lEX-000DSK-0M
for dave@doctor.nl2k.ab.ca;
Mon, 29 May 2023 16:20:57 -0600
Resent-From: The Doctor
Resent-Date: Mon, 29 May 2023 16:20:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from host-181-39-63-57.telconet.net ([181.39.63.57]:50872 helo=vps.gobiernosimonbolivar.gob.ec)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1q3jt7-000CYA-1S
for root@nk.ca;
Mon, 29 May 2023 14:54:49 -0600
Received: by vps.gobiernosimonbolivar.gob.ec (Postfix, from userid 48)
id B3F81936E4B; Mon, 29 May 2023 15:22:20 -0500 (-05)
To: root@nk.ca
Subject: Last reminder !
Date: Mon, 29 May 2023 20:22:20 +0000
From: N E T F L l X
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_fedc337e7de8b754584c30cdffba7085"
Content-Transfer-Encoding: 8bit
X-Spam_score: 10.6
X-Spam_score_int: 106
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: 96 body {width: 500px;margin: 0 auto;} table {border-collapse:
collapse;} table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;} img {-ms-interpolation-mode:
bicubic;} body, p, div { font-family: arial,helvetica,sans-serif; font-size:
14px; } body { color: #000000; } body a { color: #1188E6; text-decoration:
none; } p { margin: 0; padding: 0; } table.wrapper { widt [...]
Content analysis details: (10.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: 001louey.sa.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: 001louey.sa.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URI: sendgrid.net]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 001louey.sa.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 ACCT_PHISHING Possible phishing for account information
Subject: {SPAM?} Last reminder !
X-Antivirus: AVG (VPS 230529-4, 5/29/2023), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
--b1_fedc337e7de8b754584c30cdffba7085
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
96
body {width: 500px;margin: 0 auto;}
table {border-collapse: collapse;}
table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;}
img {-ms-interpolation-mode: bicubic;}
body, p, div {
font-family: arial,helvetica,sans-serif;
font-size: 14px;
}
body {
color: #000000;
}
body a {
color: #1188E6;
text-decoration: none;
}
p { margin: 0; padding: 0; }
table.wrapper {
width:100% !important;
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
img.max-width {
max-width: 100% !important;
}
.column.of-2 {
width: 50%;
}
.column.of-3 {
width: 33.333%;
}
.column.of-4 {
width: 25%;
}
@media screen and (max-width:480px) {
.preheader .rightColumnContent,
.footer .rightColumnContent {
text-align: left !important;
}
.preheader .rightColumnContent div,
.preheader .rightColumnContent span,
.footer .rightColumnContent div,
.footer .rightColumnContent span {
text-align: left !important;
}
.preheader .rightColumnContent,
.preheader .leftColumnContent {
font-size: 80% !important;
padding: 5px 0;
}
table.wrapper-mobile {
width: 100% !important;
table-layout: fixed;
}
img.max-width {
height: auto !important;
max-width: 100% !important;
}
a.bulletproof-button {
display: block !important;
width: auto !important;
font-size: 80%;
padding-left: 0 !important;
padding-right: 0 !important;
}
.columns {
width: 100% !important;
}
.column {
display: block !important;
width: 100% !important;
padding-left: 0 !important;
padding-right: 0 !important;
margin-left: 0 !important;
margin-right: 0 !important;
}
}
Your Suspension Notification !
Hi
We were unable to validate your monthly subscription of your NETFLlX account, As there is a error in your billing information. Therefore we have temporarily suspended your NETFLlX account for now.
You just need to update your billing information in two step process. Please click the button below and update it within 12 hour. Otherwise, we will have to suspend your account permanently.
UPDATE
We are here to help if you need it. Visit the Help Center for more info or contact us.
- The NETFLlX Team
--b1_fedc337e7de8b754584c30cdffba7085
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
96
--b1_fedc337e7de8b754584c30cdffba7085--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 29 May 2023 16:21:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1q3lEX-000DSK-0M
for dave@doctor.nl2k.ab.ca;
Mon, 29 May 2023 16:20:57 -0600
Resent-From: The Doctor
Resent-Date: Mon, 29 May 2023 16:20:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from host-181-39-63-57.telconet.net ([181.39.63.57]:50872 helo=vps.gobiernosimonbolivar.gob.ec)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96 (FreeBSD))
(envelope-from
id 1q3jt7-000CYA-1S
for root@nk.ca;
Mon, 29 May 2023 14:54:49 -0600
Received: by vps.gobiernosimonbolivar.gob.ec (Postfix, from userid 48)
id B3F81936E4B; Mon, 29 May 2023 15:22:20 -0500 (-05)
To: root@nk.ca
Subject: Last reminder !
Date: Mon, 29 May 2023 20:22:20 +0000
From: N E T F L l X
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_fedc337e7de8b754584c30cdffba7085"
Content-Transfer-Encoding: 8bit
X-Spam_score: 10.6
X-Spam_score_int: 106
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: 96 body {width: 500px;margin: 0 auto;} table {border-collapse:
collapse;} table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;} img {-ms-interpolation-mode:
bicubic;} body, p, div { font-family: arial,helvetica,sans-serif; font-size:
14px; } body { color: #000000; } body a { color: #1188E6; text-decoration:
none; } p { margin: 0; padding: 0; } table.wrapper { widt [...]
Content analysis details: (10.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: 001louey.sa.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: 001louey.sa.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[181.39.63.57 listed in bl.score.senderscore.com]
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URI: sendgrid.net]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: 001louey.sa.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 ACCT_PHISHING Possible phishing for account information
Subject: {SPAM?} Last reminder !
X-Antivirus: AVG (VPS 230529-4, 5/29/2023), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
--b1_fedc337e7de8b754584c30cdffba7085
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
96
body {width: 500px;margin: 0 auto;}
table {border-collapse: collapse;}
table, td {mso-table-lspace: 0pt;mso-table-rspace: 0pt;}
img {-ms-interpolation-mode: bicubic;}
body, p, div {
font-family: arial,helvetica,sans-serif;
font-size: 14px;
}
body {
color: #000000;
}
body a {
color: #1188E6;
text-decoration: none;
}
p { margin: 0; padding: 0; }
table.wrapper {
width:100% !important;
table-layout: fixed;
-webkit-font-smoothing: antialiased;
-webkit-text-size-adjust: 100%;
-moz-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
img.max-width {
max-width: 100% !important;
}
.column.of-2 {
width: 50%;
}
.column.of-3 {
width: 33.333%;
}
.column.of-4 {
width: 25%;
}
@media screen and (max-width:480px) {
.preheader .rightColumnContent,
.footer .rightColumnContent {
text-align: left !important;
}
.preheader .rightColumnContent div,
.preheader .rightColumnContent span,
.footer .rightColumnContent div,
.footer .rightColumnContent span {
text-align: left !important;
}
.preheader .rightColumnContent,
.preheader .leftColumnContent {
font-size: 80% !important;
padding: 5px 0;
}
table.wrapper-mobile {
width: 100% !important;
table-layout: fixed;
}
img.max-width {
height: auto !important;
max-width: 100% !important;
}
a.bulletproof-button {
display: block !important;
width: auto !important;
font-size: 80%;
padding-left: 0 !important;
padding-right: 0 !important;
}
.columns {
width: 100% !important;
}
.column {
display: block !important;
width: 100% !important;
padding-left: 0 !important;
padding-right: 0 !important;
margin-left: 0 !important;
margin-right: 0 !important;
}
}
Your Suspension Notification !
Hi
We were unable to validate your monthly subscription of your NETFLlX account, As there is a error in your billing information. Therefore we have temporarily suspended your NETFLlX account for now.
You just need to update your billing information in two step process. Please click the button below and update it within 12 hour. Otherwise, we will have to suspend your account permanently.
UPDATE
We are here to help if you need it. Visit the Help Center for more info or contact us.
- The NETFLlX Team
--b1_fedc337e7de8b754584c30cdffba7085
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
|
--b1_fedc337e7de8b754584c30cdffba7085--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments