Royal Bank of Canada Phish
Posted by Dave Yadallee on
From - Tue May 07 16:04:23 2013
X-Account-Key: account1
X-UIDL: 000018bb4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.3.2);
Tue, 07 May 2013 07:02:43 -0600
From: RBC Royal Bank
To: doctor@netknow.ca
Subject: [Norton AntiSpam]*SPAM* Message Center: 1 New Alert Message!
Date: 07 May 2013 07:25:10 -0400
Message-Id: <20130507072510.CAA43FE8A46DF54F@advisor.webssl.com>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=51.0 required=5.0 tests=BOTNET,RCVD_IN_JMF_BL,
RELAY_CHECKER_BADDNS,RELAY_CHECKER_IPHOSTNAME,RELAY_CHECKER_KEYWORDS
autolearn=unavailable version=3.3.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5188FB73.E35E9445"
X-Antivirus: AVG for E-mail 10.0.1432 [3162/5802]
X-AVG-ID: ID2E54899D-4FCEA7CA
X-Brightmail-Tracker: AAAABB15M1AdeRryHXka6R15M+g=
This is a multi-part message in MIME format.
------------=_5188FB73.E35E9445
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: RBC Royal Bank / Message Center: 1 New Alert Message! 1 New
Alert Message! Customer Service: Your account has been limited! Click to
Resolve Thank you for using Royal Bank of Canada. [...]
Content analysis details: (51.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
50 RCVD_IN_JMF_BL RBL: Sender listed in JMF-BLACK
[204.195.138.250 listed in hostkarma.junkemailfilter.com]
1.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=204.195.138.250,rdns=204-195-138-250-dhcp.atlanticbb.net,baddns,client,ipinhostname,clientwords]
0.0 RELAY_CHECKER_IPHOSTNAME Hostname contains IP address
0.0 RELAY_CHECKER_KEYWORDS Hostname matches keywords
0.0 RELAY_CHECKER_BADDNS Doesn't have full circle DNS
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_5188FB73.E35E9445
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: dave@doctor.nl2k.ab.ca
Delivered-To: dave@doctor.nl2k.ab.ca
Received: by doctor.nl2k.ab.ca (Postfix, from userid 101)
id 44DCA12CFA82; Tue, 7 May 2013 07:02:36 -0600 (MDT)
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Tue, 7 May 2013 07:02:36 -0600
Resent-Message-ID: <20130507130236.GB6560@doctor.nl2k.ab.ca>
Resent-To: Dave Yadallee
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Level: *
X-Spam-Status: No, score=1.0 required=5.0 tests=BOTNET,RELAY_CHECKER_BADDNS,
RELAY_CHECKER_IPHOSTNAME,RELAY_CHECKER_KEYWORDS autolearn=no version=3.3.2
X-Original-To: doctor@netknow.ca
Delivered-To: doctor@netknow.ca
Received: from advisor.webssl.com (unknown [204.195.138.250])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id A961D12CFAA6
for; Tue, 7 May 2013 05:25:52 -0600 (MDT)
From: RBC Royal Bank
To: doctor@netknow.ca
Subject: Message Center: 1 New Alert Message!
Date: 07 May 2013 07:25:10 -0400
Message-ID: <20130507072510.CAA43FE8A46DF54F@advisor.webssl.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Sanitizer: This message has been sanitized!
X-Sanitizer-URL: http://mailtools.anomy.net/
X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $
X-Virus-Scanned: clamav-milter 0.97.8-exp-debug at doctor.nl2k.ab.ca
X-Virus-Status: Clean
RBC Royal Bank / Message Center: 1 New Alert Message!
yalbank_en.gif">
old.gif"> 1 New Alert Message!
=20
ng=3D"0" width=3D"100%">
cellpadding=3D"3" cellspacing=3D"0" width=3D"100%">
Customer Service: Your account has b=
een limited!
http://216.245.209.110/icons/ssl/encrypted-session/F6=3D1&F7=3DIB&F21=3DIB&=
F22=3DIB&REQUEST=3DClientSignin&LANGUAGE=3DENGLISH/index.html">Click to =
Resolve
=20
Thank you for using Royal Bank of Canada.
X-Account-Key: account1
X-UIDL: 000018bb4f5d9180
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from localhost by doctor.nl2k.ab.ca
with SpamAssassin (version 3.3.2);
Tue, 07 May 2013 07:02:43 -0600
From: RBC Royal Bank
To: doctor@netknow.ca
Subject: [Norton AntiSpam]*SPAM* Message Center: 1 New Alert Message!
Date: 07 May 2013 07:25:10 -0400
Message-Id: <20130507072510.CAA43FE8A46DF54F@advisor.webssl.com>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=51.0 required=5.0 tests=BOTNET,RCVD_IN_JMF_BL,
RELAY_CHECKER_BADDNS,RELAY_CHECKER_IPHOSTNAME,RELAY_CHECKER_KEYWORDS
autolearn=unavailable version=3.3.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5188FB73.E35E9445"
X-Antivirus: AVG for E-mail 10.0.1432 [3162/5802]
X-AVG-ID: ID2E54899D-4FCEA7CA
X-Brightmail-Tracker: AAAABB15M1AdeRryHXka6R15M+g=
This is a multi-part message in MIME format.
------------=_5188FB73.E35E9445
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "doctor.nl2k.ab.ca", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: RBC Royal Bank / Message Center: 1 New Alert Message! 1 New
Alert Message! Customer Service: Your account has been limited! Click to
Resolve Thank you for using Royal Bank of Canada. [...]
Content analysis details: (51.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
50 RCVD_IN_JMF_BL RBL: Sender listed in JMF-BLACK
[204.195.138.250 listed in hostkarma.junkemailfilter.com]
1.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=204.195.138.250,rdns=204-195-138-250-dhcp.atlanticbb.net,baddns,client,ipinhostname,clientwords]
0.0 RELAY_CHECKER_IPHOSTNAME Hostname contains IP address
0.0 RELAY_CHECKER_KEYWORDS Hostname matches keywords
0.0 RELAY_CHECKER_BADDNS Doesn't have full circle DNS
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_5188FB73.E35E9445
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path:
X-Original-To: dave@doctor.nl2k.ab.ca
Delivered-To: dave@doctor.nl2k.ab.ca
Received: by doctor.nl2k.ab.ca (Postfix, from userid 101)
id 44DCA12CFA82; Tue, 7 May 2013 07:02:36 -0600 (MDT)
Resent-From: doctor@doctor.nl2k.ab.ca
Resent-Date: Tue, 7 May 2013 07:02:36 -0600
Resent-Message-ID: <20130507130236.GB6560@doctor.nl2k.ab.ca>
Resent-To: Dave Yadallee
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca
X-Spam-Level: *
X-Spam-Status: No, score=1.0 required=5.0 tests=BOTNET,RELAY_CHECKER_BADDNS,
RELAY_CHECKER_IPHOSTNAME,RELAY_CHECKER_KEYWORDS autolearn=no version=3.3.2
X-Original-To: doctor@netknow.ca
Delivered-To: doctor@netknow.ca
Received: from advisor.webssl.com (unknown [204.195.138.250])
by doctor.nl2k.ab.ca (Postfix) with ESMTP id A961D12CFAA6
for
From: RBC Royal Bank
To: doctor@netknow.ca
Subject: Message Center: 1 New Alert Message!
Date: 07 May 2013 07:25:10 -0400
Message-ID: <20130507072510.CAA43FE8A46DF54F@advisor.webssl.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Sanitizer: This message has been sanitized!
X-Sanitizer-URL: http://mailtools.anomy.net/
X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $
X-Virus-Scanned: clamav-milter 0.97.8-exp-debug at doctor.nl2k.ab.ca
X-Virus-Status: Clean
yalbank_en.gif">
old.gif"> 1 New Alert Message!
=20
ng=3D"0" width=3D"100%">
cellpadding=3D"3" cellspacing=3D"0" width=3D"100%">
Customer Service: Your account has b=
een limited!
http://216.245.209.110/icons/ssl/encrypted-session/F6=3D1&F7=3DIB&F21=3DIB&=
F22=3DIB&REQUEST=3DClientSignin&LANGUAGE=3DENGLISH/index.html">Click to =
Resolve
=20
Thank you for using Royal Bank of Canada.
This message has bee= n 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken.
Anomy 0.0.0 : Sanitizer.pm |