NetFlix Phish from Lansing Michigan
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 30 Jul 2024 14:59:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1sYtv0-0000000090n-0yes
for dave@doctor.nl2k.ab.ca;
Tue, 30 Jul 2024 14:58:02 -0600
Resent-From: The Doctor
Resent-Date: Tue, 30 Jul 2024 14:58:02 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cloudhost-10356436.uk-south-2.nxcli.net ([87.76.28.82]:25922)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1sYrqU-00000000CFE-2f9y
for sales@nk.ca;
Tue, 30 Jul 2024 12:45:19 -0600
Received: (qmail 13453 invoked by uid 10037); 30 Jul 2024 17:15:24 +0100
Date: Tue, 30 Jul 2024 16:11:05 +0000
To: sales@nk.ca
From: Netflix Support Team
Reply-To: notifications@netflix-support.com
Subject: Important Notice Regarding Your Netflix Account
Message-ID:
List-Unsubscribe: mailto:bounce307-gNCvxbsqk9PXi7o@netflix.com?subject=list-unsubscribe
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="1cf7f266b6d9ac81ee52024d83c7a5f06"
Content-Transfer-Encoding: 8bit
X-Spam_score: 19.1
X-Spam_score_int: 191
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Account Notification body { font-family: 'Arial', sans-serif;
background-color: #fff; margin: 0; padding: 20px; color: #333; } .container
{ background-color: #f8f8f8; border: 1px solid #e0e0e0; padding: 20px; max-width:
[...]
Content analysis details: (19.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
[87.76.28.82 listed in dnsbl.ahbl.org]
[87.76.28.82 listed in dnsbl.ahbl.org]
[87.76.28.82 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[87.76.28.82 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[87.76.28.82 listed in bl.score.senderscore.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[87.76.28.82 listed in wl.mailspike.net]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[87.76.28.82 listed in ix.dnsbl.manitu.net]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
2.0 US_8BIT US-ASCII isn't an eight bit charset
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
0.9 URI_PHISH Phishing using web form
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} Important Notice Regarding Your Netflix Account
This is a multi-part message in MIME format.
--1cf7f266b6d9ac81ee52024d83c7a5f06
Content-Type: text/plain; charset=us-ascii
Account Notification
body {
font-family: 'Arial', sans-serif;
background-color: #fff;
margin: 0;
padding: 20px;
color: #333;
}
.container {
background-color: #f8f8f8;
border: 1px solid #e0e0e0;
padding: 20px;
max-width: 600px;
margin: 20px auto;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
h1 {
color: #E50914;
}
p {
font-size: 16px;
line-height: 1.5;
}
a {
display: block;
width: max-content;
background-color: #E50914;
color: white;
padding: 10px 20px;
text-align: center;
text-decoration: none;
margin-top: 20px;
border-radius: 4px;
}
.footer {
font-size: 12px;
text-align: center;
color: #777;
margin-top: 20px;
}
.logo {
text-align: center;
margin-bottom: 20px;
}
.logo img {
width: 50px; / Adjust the size as needed /
}
Important Account Notice
Dear Subscriber,
We've noticed that your latest subscription payment has not been received. To continue enjoying your service without interruption, please update your payment details promptly.
If we do not receive payment by the due date, your account will be temporarily suspended.
Update Payment Details
If you have any questions or need assistance, please contact our customer support.
Thank you for choosing our service,
The Support Team
--1cf7f266b6d9ac81ee52024d83c7a5f06
Content-Type: text/html; charset=us-ascii
Account Notification
Update Payment Details
--1cf7f266b6d9ac81ee52024d83c7a5f06--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 30 Jul 2024 14:59:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1sYtv0-0000000090n-0yes
for dave@doctor.nl2k.ab.ca;
Tue, 30 Jul 2024 14:58:02 -0600
Resent-From: The Doctor
Resent-Date: Tue, 30 Jul 2024 14:58:02 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from cloudhost-10356436.uk-south-2.nxcli.net ([87.76.28.82]:25922)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from
id 1sYrqU-00000000CFE-2f9y
for sales@nk.ca;
Tue, 30 Jul 2024 12:45:19 -0600
Received: (qmail 13453 invoked by uid 10037); 30 Jul 2024 17:15:24 +0100
Date: Tue, 30 Jul 2024 16:11:05 +0000
To: sales@nk.ca
From: Netflix Support Team
Reply-To: notifications@netflix-support.com
Subject: Important Notice Regarding Your Netflix Account
Message-ID:
List-Unsubscribe: mailto:bounce307-gNCvxbsqk9PXi7o@netflix.com?subject=list-unsubscribe
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="1cf7f266b6d9ac81ee52024d83c7a5f06"
Content-Transfer-Encoding: 8bit
X-Spam_score: 19.1
X-Spam_score_int: 191
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Account Notification body { font-family: 'Arial', sans-serif;
background-color: #fff; margin: 0; padding: 20px; color: #333; } .container
{ background-color: #f8f8f8; border: 1px solid #e0e0e0; padding: 20px; max-width:
[...]
Content analysis details: (19.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
[87.76.28.82 listed in dnsbl.ahbl.org]
[87.76.28.82 listed in dnsbl.ahbl.org]
[87.76.28.82 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[87.76.28.82 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
[87.76.28.82 listed in will-spam-for-food.eu.org]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[87.76.28.82 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[87.76.28.82 listed in bl.score.senderscore.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[87.76.28.82 listed in wl.mailspike.net]
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[87.76.28.82 listed in ix.dnsbl.manitu.net]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 HTML_MESSAGE BODY: HTML included in message
1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
2.0 US_8BIT US-ASCII isn't an eight bit charset
1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts
suspended", "account credited", "account
verification"
0.9 URI_PHISH Phishing using web form
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} Important Notice Regarding Your Netflix Account
This is a multi-part message in MIME format.
--1cf7f266b6d9ac81ee52024d83c7a5f06
Content-Type: text/plain; charset=us-ascii
Account Notification
body {
font-family: 'Arial', sans-serif;
background-color: #fff;
margin: 0;
padding: 20px;
color: #333;
}
.container {
background-color: #f8f8f8;
border: 1px solid #e0e0e0;
padding: 20px;
max-width: 600px;
margin: 20px auto;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
h1 {
color: #E50914;
}
p {
font-size: 16px;
line-height: 1.5;
}
a {
display: block;
width: max-content;
background-color: #E50914;
color: white;
padding: 10px 20px;
text-align: center;
text-decoration: none;
margin-top: 20px;
border-radius: 4px;
}
.footer {
font-size: 12px;
text-align: center;
color: #777;
margin-top: 20px;
}
.logo {
text-align: center;
margin-bottom: 20px;
}
.logo img {
width: 50px; / Adjust the size as needed /
}
Important Account Notice
Dear Subscriber,
We've noticed that your latest subscription payment has not been received. To continue enjoying your service without interruption, please update your payment details promptly.
If we do not receive payment by the due date, your account will be temporarily suspended.
Update Payment Details
If you have any questions or need assistance, please contact our customer support.
Thank you for choosing our service,
The Support Team
--1cf7f266b6d9ac81ee52024d83c7a5f06
Content-Type: text/html; charset=us-ascii
Important Account Notice
Dear Subscriber,
We've noticed that your latest subscription payment has not been received. To continue enjoying your service without interruption, please update your payment details promptly.
If we do not receive payment by the due date, your account will be temporarily suspended.
Update Payment Details
If you have any questions or need assistance, please contact our customer support.
--1cf7f266b6d9ac81ee52024d83c7a5f06--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments