RBC PHish from Google Gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 28 Nov 2024 06:35:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tGeeq-00000000DGu-2kqj

for dave@doctor.nl2k.ab.ca;

Thu, 28 Nov 2024 06:34:12 -0700

Resent-From: The Doctor

Resent-Date: Thu, 28 Nov 2024 06:34:12 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f45.google.com ([209.85.167.45]:48549)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tGeXr-000000002Og-1fqh

for root@nl2k.ab.ca;

Thu, 28 Nov 2024 06:27:03 -0700

Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-53df1e0641fso925363e87.1

for ; Thu, 28 Nov 2024 05:25:10 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1732800303; x=1733405103; darn=nl2k.ab.ca;

h=date:to:from:subject:mime-version:message-id:from:to:cc:subject

:date:message-id:reply-to;

bh=+r3nKiIFiG3tVswojoo0s7NNQ3wpIKzPTOc9U5hGMpo=;

b=Bklkr+PRqxNgRhMiKIxwevFNPHwh2x6OYSF/SMvgiDgszG8265YlVQbzJ3w81z8G0B

Tv8djhcjS9HFEY0A0yDctofzr/CmxdWk/6owS0XeE36XogTIfjGkQzjVpSfDCpnR42Zo

iFExuTNZ1IcK5YwFQ/qlKgZpZztPJNYjgCjogkeyv4GXqMFw1kcK7HGMl8bhUGIImwak

3KIKm09drPwMivw04oHhx3yHuxgNdqQWXQTRrysGBc7Kfbd7U+F5VoXnQxcfNmiR/cG/

QRnChiG1ZQK6bkqHva/lruEQ9no1IaFOIg+JkhwE6981deZjZURnf1n5PF/onaQMkmvr

O2ig==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1732800303; x=1733405103;

h=date:to:from:subject:mime-version:message-id:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=+r3nKiIFiG3tVswojoo0s7NNQ3wpIKzPTOc9U5hGMpo=;

b=qPBRYxiIbK7Ybfy4tR6+reR8m3fvXXV+XUjaXxoFLRsyLVuucHrO1FfJicgaKCeu9g

sWEFQt3XjW+4x32xH9K4Vd9jgsUejRc1IMbf55dO6R8X3X5yTBQ2FzmCBsHMCj+VHwK6

L/RnL7ZyCTIqGpURnVpm8F+7I4BOqnx5SGZh5tEJqPIWJ9hHyvdVtVRwrDtOECa+W3Iw

dnqvhu4p9Xgwrp2zQm+LECoKi78vMhvoW6cvHFsL1Kt77QgMzkLj6pqWmyBRWD0E2wVB

27VgPTbcVmis77ipavFvval7uy/EjfFZl0TFdVTVlUSbjSe3KIOYL6C3k+gUjedrL026

3+YQ==

X-Gm-Message-State: AOJu0YznBB9OVhOxE+Z7EdBr93xJ+gaMlUGEQsZlSsbjOKe0LtDN8BQv

O9p6J24OU4dsNlHYDVVf+u1WQqFSmXZEOrYWDUF3cwWNOonLv2DG6NipEA==

X-Gm-Gg: ASbGncsNhUkIYU6wqJ2eyEzLrOXlVhvvZA5X+5bMcfgoNhBK2SmWqWlT+J50qTMVubW

nMjs4AlLas8SMAaK+cilXFCfkYZ/bIoL0gJRcA5hNuz+XoluE4XuvNvzJXE2W1VVhXF+tlEXiQR

CeWuZ9lQqmasAky00pNHmzLzsGJHyJLLcOe2TJfFnDhDgNAw+9GLKFnsv/H3TaONK+wcmFdXcgV

1jd2+uikK/nDwerrqdwUq9zG+KqKNLImm8TCTIQkMnl/tzaHA==

X-Google-Smtp-Source: AGHT+IF5P99DWq3J4YpIkn8iEyxHNtIPjU3vZsIbKCl7suXBevFviWBKolh7iqDLTiIxbizPY0Hdzw==

X-Received: by 2002:a05:6512:3d24:b0:53d:ab0d:b9ef with SMTP id 2adb3069b0e04-53df0106c38mr4341242e87.43.1732800302482;

Thu, 28 Nov 2024 05:25:02 -0800 (PST)

Received: from rbc-mac ([2a03:94e0:2637:d3c6:c554:15a8:608:a7db])

by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-53df649665fsm169278e87.204.2024.11.28.05.25.01

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Thu, 28 Nov 2024 05:25:01 -0800 (PST)

Message-ID: <67486f2d.c20a0220.be001.1939@mx.google.com>

Content-Type: multipart/mixed; boundary="===============3084278785041481287=="

MIME-Version: 1.0

Subject: Time to verify your email address

From: RBC Royal Bank

To: root@nl2k.ab.ca

Date: Thu, 28 Nov 2024 05:25:01 -0800

X-Spam_score: 6.7

X-Spam_score_int: 67

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear RBC Bank Client, The following RBC Bank e-Alert(s) is(are)

available: Please complete the email verification process



Content analysis details: (6.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

[209.85.167.45 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.45 listed in dnsbl.ahbl.org]

[209.85.167.45 listed in dnsbl.ahbl.org]

[209.85.167.45 listed in dnsbl.ahbl.org]

[209.85.167.45 listed in dnsbl.ahbl.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[dnsbl.ahbl.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[dnsbl.ahbl.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[dnsbl.ahbl.org]

[2a03:94e0:2637:d3c6:c554:15a8:608:a7db listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.45 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.45 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.45 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.45 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.45 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.45 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[ymaataoui62(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[ymaataoui62(at)gmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

Subject: {SPAM?} Time to verify your email address



--===============3084278785041481287==

Content-Type: multipart/related; boundary="===============3158243932690578440=="

MIME-Version: 1.0



--===============3158243932690578440==

Content-Type: multipart/alternative; boundary="===============8277953127885255245=="

MIME-Version: 1.0



--===============8277953127885255245==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBXMyBIVE1MLy9FTiI+PGh0bWw+Cjxo

ZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsg

Y2hhcnNldD1pc28tODg1OS0xIj48L2hlYWQ+Cjxib2R5PgoJCglEZWFyIFJCQyBCYW5rIENsaWVu

dCw8YnI+PGJyPgoKVGhlIGZvbGxvd2luZyBSQkMgQmFuayBlLUFsZXJ0KHMpIGlzKGFyZSkgYXZh

aWxhYmxlOjxicj4KCTxicj4KUGxlYXNlIGNvbXBsZXRlIHRoZSBlbWFpbCB2ZXJpZmljYXRpb24g

cHJvY2Vzczxicj4KCTxicj4KRHVlIHRvIGNoYW5nZXMgaW4gb3VyIHNlY3VyaXR5IHBvbGljeSwg

d2UgcmVxdWVzdCB0aGF0IHlvdSB2ZXJpZnkgeW91ciBlbWFpbCBhZGRyZXNzLjxicj4KCTxicj4K

Q2xpY2sgdGhlIGxpbmsgYmVsb3cgdG8gYWNjZXNzIFJCQyBPbmxpbmUgQmFua2luZyBhbmQgZmlu

aXNoIHZlcmlmeWluZyB5b3VyIGVtYWlsIGFkZHJlc3M6Cgk8YnI+PGJyPgo8YSBocmVmPSJodHRw

czovL3dpdHlza3kuYmxvZ3Nwb3QuY29tLyI+Q29uZmlybSB5b3VyIGVtYWlsIGZvciB2ZXJpZmlj

YXRpb248L2E+PGJyPgoKCTxicj5QZXJzb25hbGl6ZSB5b3VyIGVtYWlsIG5vdGlmaWNhdGlvbiBv

cHRpb25zIGluIFJCQyBPbmxpbmUgQmFua2luZywgc2VsZWN0ICZxdW90O1Byb2ZpbGUgYW5kIFBy

ZWZlcmVuY2VzJnF1b3Q7IGluIHRoZSBCYW5raW5nIHRhYiBsb2NhdGVkIHVuZGVyIE15IEFjY291

bnRzLjxicj48YnI+CgoJRW1haWwgd2l0aG91dCBlbmNyeXB0aW9uIGlzIGluc2VjdXJlIGZvciBw

ZXJzb25hbCBkZXRhaWxzLiBGb3Igc2FmZSBjb21tdW5pY2F0aW9uLCBzZW5kIHlvdXIgbWVzc2Fn

ZSB2aWEgdGhlIFJCQyBSb3lhbCBCYW5rIE9ubGluZSBCYW5raW5nIG1lc3NhZ2UgY2VudGVyIG9y

IGFub3RoZXIgc2VjdXJlIG9wdGlvbiwgb3IgY29udGFjdCB1cyBieSA8YSBocmVmPSIjIj5waG9u

ZTwvYT4uPGJyPjxicj4KCglPdXRzaWRlIENhbmFkYSBhbmQgdGhlIFUuUy46ICBDb250YWN0IHVz

IHZpYSBvdXIgPGEgaHJlZj0iIyI+SW50ZXJuYXRpb25hbCBDdXN0b21lciBTZXJ2aWNlPC9hPgoK

CVRoaXMgZW1haWwgd2FzIHNlbnQgZnJvbSBhbiB1bm1vbml0b3JlZCBhY2NvdW50OyBwbGVhc2Ug

ZG8gbm90IHJlcGx5Ljxicj48YnI+CgoJXlJCQyBPbmxpbmUgQmFua2luZyBpcyBvZmZlcmVkIGJ5

IFJveWFsIEJhbmsuCgoJPC9ib2R5Pgo8L2h0bWw+



--===============8277953127885255245==--



--===============3158243932690578440==--



--===============3084278785041481287==--

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA