Scribd
Upload
27 views3 pages

Anonymous

The document details the processing of an email message received by Canadian Bank's Secure Manager Email and Web Gateway on February 27, 2025. The email, originating from crossoverresearch.com, was scanned for threats and had a neutral threat level, but contained URLs with negative reputations that were redirected to a Cisco Security proxy. The message was ultimately accepted and processed according to the bank's email filtering policies.

Uploaded by

vorn savan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views3 pages

Anonymous

The document details the processing of an email message received by Canadian Bank's Secure Manager Email and Web Gateway on February 27, 2025. The email, originating from crossoverresearch.com, was scanned for threats and had a neutral threat level, but contained URLs with negative reputations that were redirected to a Cisco Security proxy. The message was ultimately accepted and processed according to the bank's email filtering policies.

Uploaded by

vorn savan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Secure Manager Email and Web Gateway

dcsma-pro1.canadiabank.com

Message Details

Envelope and Header Summary

Received Time: 27 Feb 2025 02:30:15 (GMT +07:00)

MID: 5923332, 5923331, 5923330

Message Size: 5.57 (KB)

Subject: RE: Final Outreach | SD-WAN/SASE Insights

Envelope Sender: [email protected] [email protected]

Envelope Recipients: [email protected]

Message ID Header: <269437905.8797007.1740598212227@c6a6aadd0806>

Cisco IronPort Host: dcesa.pro2 (192.168.7.59)

SMTP Auth User ID: N/A

Attachments N/A

Sending Host Summary

Reverse DNS Hostname: smtp-252-51.iad1.qemailserver.com (verified)

IP Address: 98.97.252.51

SBRS Score: 3.1

Processing Details

MAIL POLICY "IncomingEmail_Filter" MATCHED THESE RECIPIENTS: [email protected]

27 Feb 2025 02:30:13 (GMT +07:00) Incoming connection (ICID 5588489) has sender_group: UNKNOWNLIST, sender_ip: 98.97.252.51 and sbrs: 3.1

Protocol SMTP interface PublicNet (IP 172.16.13.39) on incoming connection (ICID 5588489) from sender IP
27 Feb 2025 02:30:13 (GMT +07:00) 98.97.252.51. Reverse DNS host smtp-252-51.iad1.qemailserver.com verified yes.

(ICID 5588489) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 3.1 sender IP 98.97.252.51 country
27 Feb 2025 02:30:13 (GMT +07:00) United States

Incoming connection (ICID 5588489) successfully accepted TLS protocol TLSv1.2 cipher
27 Feb 2025 02:30:14 (GMT +07:00) ECDHE-RSA-AES256-GCM-SHA384.

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 Sender Domain: crossoverresearch.com

27 Feb 2025 02:30:15 (GMT +07:00) Start message 5923330 on incoming connection (ICID 5588489).

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 enqueued on incoming connection (ICID 5588489) from [email protected].

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 direction: incoming

Message 5923330 Domains for which SDR is requested: reverse DNS host: smtp-252-51.iad1.qemailserver.com, helo:
27 Feb 2025 02:30:15 (GMT +07:00) smtp-252-51.iad1.qemailserver.com, env-from: crossoverresearch.com, header_from: Not Present, reply_to: Not
Present

Message 5923330 Consolidated Sender Threat Level: Neutral, Threat Category: N/A, Suspected Domain(s) : N/A (other
27 Feb 2025 02:30:15 (GMT +07:00) reasons for verdict). Sender Maturity: 30 days (or greater) for domain: crossoverresearch.com

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 on incoming connection (ICID 5588489) added recipient ([email protected]).

27 Feb 2025 02:30:16 (GMT +07:00) Message 5923330 SPF: helo identity [email protected] None

27 Feb 2025 02:30:16 (GMT +07:00) Message 5923330 SPF: mailfrom identity [email protected] PermError

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 DKIM: pass signature verified (d=crossoverresearch.com s=qualtrics [email protected])

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 contains message ID header '&lt;269437905.8797007.1740598212227@c6a6aadd0806&gt;'.

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 original subject on injection: RE: Final Outreach | SD-WAN/SASE Insights

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 has 'reply-to' header [email protected]

Message 5923330 Domains for which SDR is requested: reverse DNS host: smtp-252-51.iad1.qemailserver.com, helo:
27 Feb 2025 02:30:17 (GMT +07:00) smtp-252-51.iad1.qemailserver.com, env-from: crossoverresearch.com, header_from: crossoverresearch.com, reply_to:
crossoverresearch.com

Message 5923330 Consolidated Sender Threat Level: Neutral, Threat Category: N/A, Suspected Domain(s) : N/A (other
27 Feb 2025 02:30:17 (GMT +07:00) reasons for verdict). Sender Maturity: 30 days (or greater) for domain: crossoverresearch.com

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 (5701 bytes) from [email protected] ready.

dcsma-pro1.canadiabank.com - 03 Mar 2025 13:48 (GMT +07:00)

Copyright © 2003-2022 Cisco Systems, Inc. All rights reserved. 1


27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 has sender_group: UNKNOWNLIST, sender_ip: 98.97.252.51 and sbrs: 3.1

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 matched per-recipient policy IncomingEmail_Filter for inbound mail policies.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Spam engine: CASE. Interim verdict: Positive

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Spam engine: CASE. Final verdict: Positive

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Virus engine. Final verdict: Negative

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Advanced Malware Protection engine. Final verdict: SKIPPED(no attachment in message)

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM&amp;OptOut=dir
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/watermark.gif?UID=UR_9ZhHcomimQPJcdU&amp;amp;EMD=EMD_
27 Feb 2025 02:30:18 (GMT +07:00) WCVuv0KJPROjq7a&amp;amp;CGC=CGC_fiIAZHs83NRiBxT&amp;amp;SV=SV_9RDchloTT3G1r2m
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;amp;Q_CHL=email
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;Q_CHL=email
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM&amp;amp;OptOut=dir
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;Q_CHL=email
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM&amp;OptOut=dir
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;amp;Q_CHL=email
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM&amp;amp;OptOut=dir
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/watermark.gif?UID=UR_9ZhHcomimQPJcdU&amp;amp;EMD=EMD_
27 Feb 2025 02:30:18 (GMT +07:00) WCVuv0KJPROjq7a&amp;amp;CGC=CGC_fiIAZHs83NRiBxT&amp;amp;SV=SV_9RDchloTT3G1r2m
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 rewritten as new message 5923331 by url-reputation-proxy-redirect-action


27 Feb 2025 02:30:18 (GMT +07:00) URL_REWRITE_SUSPICIOUS filter

27 Feb 2025 02:30:18 (GMT +07:00) Start message 5923332 on incoming connection (ICID 0).

27 Feb 2025 02:30:18 (GMT +07:00) A new message 5923332 was generated based on message 5923331 by notify filter URL_REWRITE_SUSPICIOUS.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 enqueued on incoming connection (ICID 0) from [email protected].

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 on incoming connection (ICID 0) added recipient ([email protected]).

dcsma-pro1.canadiabank.com - 03 Mar 2025 13:48 (GMT +07:00)

Copyright © 2003-2022 Cisco Systems, Inc. All rights reserved. 2


27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 is not signed. No domain key profile matches [email protected].

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 not signed. No DKIM profile matched [email protected].

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 (4930 bytes) from [email protected] ready.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 queued for delivery.

SMTP delivery connection (DCID 2660637) opened from Cisco IronPort interface 172.16.13.39 to IP address
27 Feb 2025 02:30:18 (GMT +07:00) 172.16.13.57 on port 25.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 scanned by Outbreak Filters. Verdict: Negative

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 queued for delivery.

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660637) Delivery started for message 5923332 to [email protected].

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660638) Delivery started for message 5923331 to (no recipient data) to offbox Spam Quarantine

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660638) Delivery details: Message 5923331 sent to (no recipient data) delivered to external ISQ.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 Quarantine Status: SPAM

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 to (no recipient data) received remote SMTP response 'ok: Message 391241 accepted'.

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660637) Delivery details: Message 5923332 sent to [email protected]

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 Delivery Status: DELIVERED

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 to [email protected] received remote SMTP response 'Ok: queued as 807E92A0051'.

Key: Last Event

dcsma-pro1.canadiabank.com - 03 Mar 2025 13:48 (GMT +07:00)

Copyright © 2003-2022 Cisco Systems, Inc. All rights reserved. 3

You might also like