Royal Bank of Canada Phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 04 Dec 2024 13:19:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tIvpA-00000000NnW-2G8t
for dave@doctor.nl2k.ab.ca;
Wed, 04 Dec 2024 13:18:16 -0700
Resent-From: The Doctor
Resent-Date: Wed, 4 Dec 2024 13:18:16 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from host.logoleagues.ca ([67.227.172.88]:45004)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1tItPb-000000000ei-3XlG
for sales@nk.ca;
Wed, 04 Dec 2024 10:43:47 -0700
Received: from magnusoncoachi54 by host.logoleagues.ca with local (Exim 4.96.2)
(envelope-from)
id 1tItNm-0006pR-2a
for sales@nk.ca;
Wed, 04 Dec 2024 12:41:50 -0500
To: sales@nk.ca
Subject: Identity Verification Needed: Prevent Account Lock
X-PHP-Script: magnusoncoaching.co/ss.php for 154.249.153.182, 154.249.153.182
X-PHP-Originating-Script: 1055:ss.php
From: Royal Bank of Canada (RBC) Security Team
Reply-To: support@magnusoncoaching.co
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Message-Id:
Date: Wed, 04 Dec 2024 12:41:50 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.logoleagues.ca
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [1055 981] / [47 12]
X-AntiAbuse: Sender Address Domain - host.logoleagues.ca
X-Get-Message-Sender-Via: host.logoleagues.ca: authenticated_id: magnusoncoachi54/from_h
X-Authenticated-Sender: host.logoleagues.ca: support@magnusoncoaching.co
X-Source:
X-Source-Args: php-fpm: pool magnusoncoaching_co
X-Source-Dir: magnusoncoaching.co:/public_html
X-Spam_score: 8.3
X-Spam_score_int: 83
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Verify Your Account ROYAL BANK OF CANADA
Content analysis details: (8.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
[67.227.172.88 listed in dnsbl.ahbl.org]
[67.227.172.88 listed in dnsbl.ahbl.org]
[67.227.172.88 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[67.227.172.88 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[67.227.172.88 listed in sa-accredit.habeas.com]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[67.227.172.88 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[67.227.172.88 listed in bl.score.senderscore.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing
mails
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
2.5 PHP_SCRIPT Sent by PHP script
0.9 URI_PHISH Phishing using web form
1.0 ACCT_PHISHING Possible phishing for account information
Subject: {SPAM?} Identity Verification Needed: Prevent Account Lock
Verify Your Account
Verify Your Account
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 04 Dec 2024 13:19:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tIvpA-00000000NnW-2G8t
for dave@doctor.nl2k.ab.ca;
Wed, 04 Dec 2024 13:18:16 -0700
Resent-From: The Doctor
Resent-Date: Wed, 4 Dec 2024 13:18:16 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from host.logoleagues.ca ([67.227.172.88]:45004)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tItPb-000000000ei-3XlG
for sales@nk.ca;
Wed, 04 Dec 2024 10:43:47 -0700
Received: from magnusoncoachi54 by host.logoleagues.ca with local (Exim 4.96.2)
(envelope-from
id 1tItNm-0006pR-2a
for sales@nk.ca;
Wed, 04 Dec 2024 12:41:50 -0500
To: sales@nk.ca
Subject: Identity Verification Needed: Prevent Account Lock
X-PHP-Script: magnusoncoaching.co/ss.php for 154.249.153.182, 154.249.153.182
X-PHP-Originating-Script: 1055:ss.php
From: Royal Bank of Canada (RBC) Security Team
Reply-To: support@magnusoncoaching.co
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Message-Id:
Date: Wed, 04 Dec 2024 12:41:50 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.logoleagues.ca
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [1055 981] / [47 12]
X-AntiAbuse: Sender Address Domain - host.logoleagues.ca
X-Get-Message-Sender-Via: host.logoleagues.ca: authenticated_id: magnusoncoachi54/from_h
X-Authenticated-Sender: host.logoleagues.ca: support@magnusoncoaching.co
X-Source:
X-Source-Args: php-fpm: pool magnusoncoaching_co
X-Source-Dir: magnusoncoaching.co:/public_html
X-Spam_score: 8.3
X-Spam_score_int: 83
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Verify Your Account ROYAL BANK OF CANADA
Content analysis details: (8.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
[67.227.172.88 listed in dnsbl.ahbl.org]
[67.227.172.88 listed in dnsbl.ahbl.org]
[67.227.172.88 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[67.227.172.88 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
[67.227.172.88 listed in will-spam-for-food.eu.org]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[67.227.172.88 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[67.227.172.88 listed in sa-accredit.habeas.com]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[67.227.172.88 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[67.227.172.88 listed in bl.score.senderscore.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing
mails
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
2.5 PHP_SCRIPT Sent by PHP script
0.9 URI_PHISH Phishing using web form
1.0 ACCT_PHISHING Possible phishing for account information
Subject: {SPAM?} Identity Verification Needed: Prevent Account Lock
ROYAL BANK OF CANADA
Important Security Alert
Dear Valued Customer,
Your account may be locked due to new security measures. To ensure uninterrupted access, we require you to verify your identity.
Please log in and update your account details as soon as possible to prevent any inconvenience.
Verify Your Account
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments