RBC Phish from Majestic Hosting Solutions, LLC
Posted by Dave Yadallee on
Return-path:
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Tue, 25 Jun 2024 13:14:00 -0600
Received: from [86.38.225.179] (port=55666 helo=gki.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1sMBbv-000000004w0-0GVq
for aboo@doctor.nl2k.ab.ca;
Tue, 25 Jun 2024 13:13:51 -0600
From: RBC Royal Bank
To: aboo@doctor.nl2k.ab.ca
Subject: Service Message
Date: 25 Jun 2024 12:11:46 -0700
Message-ID: <20240625121146.70A4F63EDEB039ED@gki.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 15.4
X-Spam_score_int: 154
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Royal Bank Dear Customer,
Content analysis details: (15.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
[86.38.225.179 listed in dnsbl.ahbl.org]
[86.38.225.179 listed in dnsbl.ahbl.org]
[86.38.225.179 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: in-d3p00.com]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
1.0 HK_RANDOM_FROM From username looks random
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 J_BACKHAIR_23 RAW: 2 alpha-tag-3 alpha
0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -
probable phishing
Subject: {SPAM?} Service Message
X-Antivirus: AVG (VPS 240625-8, 6/25/2024), Inbound message
X-Antivirus-Status: Clean
:v=3D"urn:schemas-microsoft-com:vml">
t"/>
padding: 0; background-color: #FFFFFF; margin: 0; padding: 0; -webkit-te=
xt-size-adjust: none; text-size-adjust: none;">
er" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-rspace:=
0pt; background-color: #FFFFFF;" width=3D"100%">
ass=3D"row row-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=
-table-rspace: 0pt; background-size: auto;" width=3D"100%">
ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =
0pt; mso-table-rspace: 0pt; background-size: auto; background-color: #0678d=
8; border-radius: 0; color: #000000; width: 500px;" width=3D"500">
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"25%">
k block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=
rspace: 0pt;" width=3D"100%">
>
![]()
rc=3D"https://cdn.glitch.global/8fd93f15-f8aa-4227-9885-db6e282af326/rbc-lo=
go-shield.svg?v=3D1700748777920" style=3D"display: block; height: auto; bor=
der: 0; width: 56px; max-width: 100%;" width=3D"56"/>
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"75%">
block block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-ta=
ble-rspace: 0pt; word-break: break-word;" width=3D"100%">
op:5px;">
e', Helvetica, sans-serif;font-size:14px;font-weight:400;letter-spacing:0px=
;line-height:120%;text-align:left;mso-line-height-alt:16.8px;">
ass=3D"row row-2" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=
-table-rspace: 0pt;" width=3D"100%">
ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =
0pt; mso-table-rspace: 0pt; color: #000000; width: 500px;" width=3D"500">
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"100%">
_block block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-t=
able-rspace: 0pt; word-break: break-word;" width=3D"100%">
e', Helvetica, sans-serif;font-size:14px;font-weight:400;letter-spacing:0px=
;line-height:120%;text-align:left;mso-line-height-alt:16.8px;">
ock block-2" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tabl=
e-rspace: 0pt;" width=3D"100%">
ground-color:#fedf01;border-radius:0px;width:auto;border-top:0px solid tran=
sparent;font-weight:400;border-right:0px solid transparent;border-bottom:0p=
x solid transparent;border-left:0px solid transparent;padding-top:5px;paddi=
ng-bottom:5px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;fo=
nt-size:14px;text-align:center;mso-border-alt:none;word-break:keep-all;">
000;">
lay:inline-block;letter-spacing:normal;">
<=
strong>Verify Identity
=09=20=20
k block-3" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=
rspace: 0pt;" width=3D"100%">
lock block-4" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" width=3D"100%">
n" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">
er-top: 2px solid #4F4B4B;">
block block-5" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-ta=
ble-rspace: 0pt; word-break: break-word;" width=3D"100%">
e', Helvetica, sans-serif;font-size:12px;font-weight:400;letter-spacing:0px=
;line-height:120%;text-align:left;mso-line-height-alt:14.399999999999999px;=
">
lock block-6" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" width=3D"100%">
n" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">
er-top: 2px solid #4F4B4B;">
ass=3D"row row-3" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=
-table-rspace: 0pt;" width=3D"100%">
ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =
0pt; mso-table-rspace: 0pt; color: #000000; width: 500px;" width=3D"500">
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"100%">
k block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=
rspace: 0pt;" width=3D"100%">
ily: inherit; font-size: 15px; padding-bottom: 5px; padding-top: 5px; text-=
align: center;">
so-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">
;">
Envelope-to: aboo@doctor.nl2k.ab.ca
Delivery-date: Tue, 25 Jun 2024 13:14:00 -0600
Received: from [86.38.225.179] (port=55666 helo=gki.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1sMBbv-000000004w0-0GVq
for aboo@doctor.nl2k.ab.ca;
Tue, 25 Jun 2024 13:13:51 -0600
From: RBC Royal Bank
To: aboo@doctor.nl2k.ab.ca
Subject: Service Message
Date: 25 Jun 2024 12:11:46 -0700
Message-ID: <20240625121146.70A4F63EDEB039ED@gki.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 15.4
X-Spam_score_int: 154
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Royal Bank Dear Customer,
Content analysis details: (15.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
[86.38.225.179 listed in dnsbl.ahbl.org]
[86.38.225.179 listed in dnsbl.ahbl.org]
[86.38.225.179 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[86.38.225.179 listed in dnsbl.ahbl.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: in-d3p00.com]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
[86.38.225.179 listed in will-spam-for-food.eu.org]
1.0 HK_RANDOM_FROM From username looks random
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 J_BACKHAIR_23 RAW: 2 alpha-tag-3 alpha
0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
3.0 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA -
probable phishing
Subject: {SPAM?} Service Message
X-Antivirus: AVG (VPS 240625-8, 6/25/2024), Inbound message
X-Antivirus-Status: Clean
:v=3D"urn:schemas-microsoft-com:vml">
t"/>
padding: 0; background-color: #FFFFFF; margin: 0; padding: 0; -webkit-te=
xt-size-adjust: none; text-size-adjust: none;">
er" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-rspace:=
0pt; background-color: #FFFFFF;" width=3D"100%">
ass=3D"row row-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=
-table-rspace: 0pt; background-size: auto;" width=3D"100%">
ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =
0pt; mso-table-rspace: 0pt; background-size: auto; background-color: #0678d=
8; border-radius: 0; color: #000000; width: 500px;" width=3D"500">
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"25%">
k block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=
rspace: 0pt;" width=3D"100%">
>
rc=3D"https://cdn.glitch.global/8fd93f15-f8aa-4227-9885-db6e282af326/rbc-lo=
go-shield.svg?v=3D1700748777920" style=3D"display: block; height: auto; bor=
der: 0; width: 56px; max-width: 100%;" width=3D"56"/>
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"75%">
block block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-ta=
ble-rspace: 0pt; word-break: break-word;" width=3D"100%">
op:5px;">
e', Helvetica, sans-serif;font-size:14px;font-weight:400;letter-spacing:0px=
;line-height:120%;text-align:left;mso-line-height-alt:16.8px;">
Royal Bank=
p>
ass=3D"row row-2" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=
-table-rspace: 0pt;" width=3D"100%">
ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =
0pt; mso-table-rspace: 0pt; color: #000000; width: 500px;" width=3D"500">
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"100%">
_block block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-t=
able-rspace: 0pt; word-break: break-word;" width=3D"100%">
e', Helvetica, sans-serif;font-size:14px;font-weight:400;letter-spacing:0px=
;line-height:120%;text-align:left;mso-line-height-alt:16.8px;">
Dear Cus=
tomer,
Your RBC online banking has b=
een disabled. Kindly verify your identity or
you may visit the nearest =
branch.
ock block-2" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tabl=
e-rspace: 0pt;" width=3D"100%">
ground-color:#fedf01;border-radius:0px;width:auto;border-top:0px solid tran=
sparent;font-weight:400;border-right:0px solid transparent;border-bottom:0p=
x solid transparent;border-left:0px solid transparent;padding-top:5px;paddi=
ng-bottom:5px;font-family:Arial, 'Helvetica Neue', Helvetica, sans-serif;fo=
nt-size:14px;text-align:center;mso-border-alt:none;word-break:keep-all;">
000;">
lay:inline-block;letter-spacing:normal;">
<=
strong>Verify Identity
=09=20=20
k block-3" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=
rspace: 0pt;" width=3D"100%">
lock block-4" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" width=3D"100%">
n" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">
er-top: 2px solid #4F4B4B;">
block block-5" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-ta=
ble-rspace: 0pt; word-break: break-word;" width=3D"100%">
e', Helvetica, sans-serif;font-size:12px;font-weight:400;letter-spacing:0px=
;line-height:120%;text-align:left;mso-line-height-alt:14.399999999999999px;=
">
Priva=
cy & Security | Legal
lock block-6" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-tab=
le-rspace: 0pt;" width=3D"100%">
n" style=3D"mso-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">
er-top: 2px solid #4F4B4B;">
ass=3D"row row-3" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso=
-table-rspace: 0pt;" width=3D"100%">
ass=3D"row-content stack" role=3D"presentation" style=3D"mso-table-lspace: =
0pt; mso-table-rspace: 0pt; color: #000000; width: 500px;" width=3D"500">
ace: 0pt; font-weight: 400; text-align: left; padding-bottom: 5px; padding-=
top: 5px; vertical-align: top; border-top: 0px; border-right: 0px; border-b=
ottom: 0px; border-left: 0px;" width=3D"100%">
k block-1" role=3D"presentation" style=3D"mso-table-lspace: 0pt; mso-table-=
rspace: 0pt;" width=3D"100%">
ily: inherit; font-size: 15px; padding-bottom: 5px; padding-top: 5px; text-=
align: center;">
so-table-lspace: 0pt; mso-table-rspace: 0pt;" width=3D"100%">
;">
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments