Germanic language phish

Posted by Dave Yadallee on Monday, April 8. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 08 Apr 2024 04:20:26 -0600

Received: from [146.19.191.154] (port=61284 helo=tube-hosting.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rtm6V-000000006jX-2Kuw

for dave@doctor.nl2k.ab.ca;

Mon, 08 Apr 2024 04:20:01 -0600

From: "Bitvavo" ;

To: dave@doctor.nl2k.ab.ca

Subject: Bij frequente meldingen van ons dient u direct actie te ondernemen

Date: 8 Apr 2024 13:17:59 +0300

Message-ID: <20240408131759.901EC05102580BC4@info.bitvavo.com>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Geachte klant, U ontvangt dit bericht omdat uw Bitvavo registratie,

en daarbij ook uw inschrijving over 2 werkdagen op inactief zal staan geregistreerd.

Deze maatregel wordt toegepast omdat u enige tijd gebruik maak [...]

Content analysis details: (13.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: mashizadesigns.co.za]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: mashizadesigns.co.za]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: mashizadesigns.co.za]

1.6 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)

[146.19.191.154 listed in bl.mailspike.net]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=tube-hosting.com;ip=146.19.191.154;r=doctor.nl2k.ab.ca]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.1 TW_JV BODY: Odd Letter Triples with JV

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Bij frequente meldingen van ons dient u direct actie te ondernemen

X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message

X-Antivirus-Status: Clean

=20=20=20=20

=20=20=20=20

pse: separate; background-color: rgb(246, 246, 246);" bgcolor=3D"#f6f6f6" b=

order=3D"0" cellspacing=3D"0" cellpadding=3D"0">

p" style=3D"font-family: sans-serif; font-size: 14px; vertical-align: top;"=

>

argin: 0px auto; padding: 10px; width: 580px; font-family: sans-serif; font=

-size: 14px; vertical-align: top; display: block; max-width: 580px;">

display: block; max-width: 580px;">

=20=20=20=20=20=20=20=20=20=20=20=20

55, 255, 255); border-radius: 3px; width: 100%; border-collapse: separate;"=

>

nt-family: sans-serif; font-size: 14px; vertical-align: top;">

se: separate;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">=

cal-align: top;">

=09=09=09=09=09=20=20

14px; font-weight: normal;">
der-color: rgb(0, 0, 0); width: 211px; height: 94px;" src=3D"https://th.bin=

g.com/th/id/OIP.neTguRhgM9hJmWWsMGWqzwHaDS?rs=3D1&pid=3DImgDetMain"=

>

14px; font-weight: normal;">

font-weight: normal;">Geachte klant,

font-weight: normal;">U ontvangt dit bericht omdat uw Bitvavo registratie,=

en daarbij ook uw inschrijving over 2 werkdagen op inacti=

ef zal staan geregistreerd. Deze maatregel wordt toegepast omdat u enige ti=

jd gebruik maakt van verouderde registratiegegevens.

font-weight: normal;">Na meerdere contact pogingen hebben wij niets vanuit=

u vernomen en zijn wij daarom genoodzaakt om maatregelen uit te voeren. Hi=

ernaast riskeert de u ook een boete bedrag van €5.2=

00,-.

font-weight: normal;">Om te voorkomen dat uw registratie definitief w=

ordt uitgeschreven uit het Bitvavo register kunt u nog eenmalig&n=

bsp;gratis uw profiel gegev=

ens online actualiseren. Vanuit de Bitvavo is het voor consumente=

n verplicht hun gegevens up to date te houden.

font-weight: normal;">Wij vertrouwen erop u hiermee voldoende te hebben ge=

informeerd.

font-weight: normal;">

r-collapse: separate;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
ody>

nt-family: sans-serif; font-size: 14px; vertical-align: top;">

lspacing=3D"0" cellpadding=3D"0">
ble>

top" style=3D"border-radius: 5px; text-align: center; font-family: sans-ser=

if; font-size: 14px; vertical-align: top; background-color: rgb(52, 152, 21=

9);" bgcolor=3D"#3498db">
om_zimbra_url" role=3D"link">
5_com_zimbra_url" role=3D"link">

x solid rgb(52, 152, 219); border-image: none; color: rgb(255, 255, 255); t=

ext-transform: capitalize; font-size: 14px; font-weight: bold; text-decorat=

ion: none; display: inline-block; background-color: rgb(52, 152, 219);" hre=

f=3D"http://mashizadesigns.co.za/viv" target=3D"_blank" rel=3D"nofollow noo=

pener noreferrer">Ga naar Inloggen

font-weight: normal;">Hoogachtend,

nt-family: sans-serif; font-size: 14px; font-weight: normal;">

yle=3D"margin: 0px 0px 15px; font-family: sans-serif; font-size: 14px; font=

-weight: normal;">Bitvavo

t-size: 14px; font-weight: normal;'>
_DWT1428_com_zimbra_url" role=3D"link">
FIX_DWT1436_com_zimbra_url" role=3D"link">

4UCkVeuqplxJ1uioal2TasPv0xUNh7z8_fKNjuh7hjp5S3IiZgpxQw2AkYWEaq2tbFFrOWFkyw2=

C0A6gt2FqNg4OJbNMUxk1WyQWh7X2x9pfXnt-Sen98Xris-49b2bXT8nI9dFhhNYeo1O-e-e8oN=

5yZb1GUrYBOQJdSyvf7fIRIj3w8dgGd3N2yfS0TQtnIgM6vLo_Oe_KiUkwbeeJ8IMl4htlZMf6r=

sifVT6RwfkxZafUXAAD__4ZsT8I" target=3D"_blank" rel=3D"nofollow noopener nor=

eferrer">

=09=09=09=09=09=09

">

t: 10px;">

=3D"link">
ole=3D"link">

BgZpSQ6dOXYocnWMbWwrStSJ5-uKh0P3nh-_qCG8xPSBgyRsSYWIelBw1QxDanpU5C6HYDFwai2=

KSXHjejtZqp9CrcWq9Ms5MyBaQ3RDEOlxeB3or_P35eaHGDB_3pu_88nKLKq1y1bFq-c9-ClNmG=

8xE91w1XSX7SvallHp_zDFlfNbXuLPdLdvX4kE2liVwYXV1diFgqFpOuGFAqkdkBEd4OiqCP9Lp=

H-k7Yzo-umkV_w0AAP__9gxPgQ" target=3D"_blank" rel=3D"nofollow noopener nore=

ferrer">

=20=20=20=20=20=20=20=20=20=20=20=20

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Name

Homepage

In reply to

Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enter the string from the spam-prevention image above:

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

Standard emoticons like :-) and ;-) are converted to images.

Enter the string from the spam-prevention image above:

Remember Information?

Subscribe to this entry