Scribd
Upload
11 views

(Anonymous)

The document details the processing of an email message received by Canadian Bank's Secure Manager Email and Web Gateway on February 27, 2025. The email, originating from crossoverresearch.com, was scanned for threats and had a neutral threat level, but contained URLs with negative reputations that were redirected to a Cisco Security proxy. The message was ultimately accepted and processed according to the bank's email filtering policies.

Uploaded by

vorn savan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

(Anonymous)

The document details the processing of an email message received by Canadian Bank's Secure Manager Email and Web Gateway on February 27, 2025. The email, originating from crossoverresearch.com, was scanned for threats and had a neutral threat level, but contained URLs with negative reputations that were redirected to a Cisco Security proxy. The message was ultimately accepted and processed according to the bank's email filtering policies.

Uploaded by

vorn savan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Secure Manager Email and Web Gateway

dcsma-pro1.canadiabank.com

Message Details

Envelope and Header Summary

Received Time: 27 Feb 2025 02:30:15 (GMT +07:00)

MID: 5923332, 5923331, 5923330

Message Size: 5.57 (KB)

Subject: RE: Final Outreach | SD-WAN/SASE Insights

Envelope Sender: cp@crossoverresearch.com IT_Security@canadiabank.com.kh

Envelope Recipients: yingho.lau@canadiabank.com.kh

Message ID Header: <269437905.8797007.1740598212227@c6a6aadd0806>

Cisco IronPort Host: dcesa.pro2 (192.168.7.59)

SMTP Auth User ID: N/A

Attachments N/A

Sending Host Summary

Reverse DNS Hostname: smtp-252-51.iad1.qemailserver.com (verified)

IP Address: 98.97.252.51

SBRS Score: 3.1

Processing Details

MAIL POLICY "IncomingEmail_Filter" MATCHED THESE RECIPIENTS: yingho.lau@canadiabank.com.kh

27 Feb 2025 02:30:13 (GMT +07:00) Incoming connection (ICID 5588489) has sender_group: UNKNOWNLIST, sender_ip: 98.97.252.51 and sbrs: 3.1

Protocol SMTP interface PublicNet (IP 172.16.13.39) on incoming connection (ICID 5588489) from sender IP
27 Feb 2025 02:30:13 (GMT +07:00) 98.97.252.51. Reverse DNS host smtp-252-51.iad1.qemailserver.com verified yes.

(ICID 5588489) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 3.1 sender IP 98.97.252.51 country
27 Feb 2025 02:30:13 (GMT +07:00) United States

Incoming connection (ICID 5588489) successfully accepted TLS protocol TLSv1.2 cipher
27 Feb 2025 02:30:14 (GMT +07:00) ECDHE-RSA-AES256-GCM-SHA384.

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 Sender Domain: crossoverresearch.com

27 Feb 2025 02:30:15 (GMT +07:00) Start message 5923330 on incoming connection (ICID 5588489).

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 enqueued on incoming connection (ICID 5588489) from cp@crossoverresearch.com.

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 direction: incoming

Message 5923330 Domains for which SDR is requested: reverse DNS host: smtp-252-51.iad1.qemailserver.com, helo:
27 Feb 2025 02:30:15 (GMT +07:00) smtp-252-51.iad1.qemailserver.com, env-from: crossoverresearch.com, header_from: Not Present, reply_to: Not
Present

Message 5923330 Consolidated Sender Threat Level: Neutral, Threat Category: N/A, Suspected Domain(s) : N/A (other
27 Feb 2025 02:30:15 (GMT +07:00) reasons for verdict). Sender Maturity: 30 days (or greater) for domain: crossoverresearch.com

27 Feb 2025 02:30:15 (GMT +07:00) Message 5923330 on incoming connection (ICID 5588489) added recipient (yingho.lau@canadiabank.com.kh).

27 Feb 2025 02:30:16 (GMT +07:00) Message 5923330 SPF: helo identity postmaster@smtp-252-51.iad1.qemailserver.com None

27 Feb 2025 02:30:16 (GMT +07:00) Message 5923330 SPF: mailfrom identity cp@crossoverresearch.com PermError

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 DKIM: pass signature verified (d=crossoverresearch.com s=qualtrics i=@crossoverresearch.com)

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 contains message ID header '&lt;269437905.8797007.1740598212227@c6a6aadd0806&gt;'.

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 original subject on injection: RE: Final Outreach | SD-WAN/SASE Insights

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 has 'reply-to' header cp@crossoverresearch.com

Message 5923330 Domains for which SDR is requested: reverse DNS host: smtp-252-51.iad1.qemailserver.com, helo:
27 Feb 2025 02:30:17 (GMT +07:00) smtp-252-51.iad1.qemailserver.com, env-from: crossoverresearch.com, header_from: crossoverresearch.com, reply_to:
crossoverresearch.com

Message 5923330 Consolidated Sender Threat Level: Neutral, Threat Category: N/A, Suspected Domain(s) : N/A (other
27 Feb 2025 02:30:17 (GMT +07:00) reasons for verdict). Sender Maturity: 30 days (or greater) for domain: crossoverresearch.com

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 (5701 bytes) from cp@crossoverresearch.com ready.

dcsma-pro1.canadiabank.com - 03 Mar 2025 13:48 (GMT +07:00)

Copyright © 2003-2022 Cisco Systems, Inc. All rights reserved. 1


27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 has sender_group: UNKNOWNLIST, sender_ip: 98.97.252.51 and sbrs: 3.1

27 Feb 2025 02:30:17 (GMT +07:00) Message 5923330 matched per-recipient policy IncomingEmail_Filter for inbound mail policies.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Spam engine: CASE. Interim verdict: Positive

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Spam engine: CASE. Final verdict: Positive

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Anti-Virus engine. Final verdict: Negative

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923330 scanned by Advanced Malware Protection engine. Final verdict: SKIPPED(no attachment in message)

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM&amp;OptOut=dir
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/watermark.gif?UID=UR_9ZhHcomimQPJcdU&amp;amp;EMD=EMD_
27 Feb 2025 02:30:18 (GMT +07:00) WCVuv0KJPROjq7a&amp;amp;CGC=CGC_fiIAZHs83NRiBxT&amp;amp;SV=SV_9RDchloTT3G1r2m
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;amp;Q_CHL=email
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;Q_CHL=email
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM&amp;amp;OptOut=dir
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM
, URL reputation: -5.8, Condition: URL Reputation Rule.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;Q_CHL=email
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;libr
27 Feb 2025 02:30:18 (GMT +07:00) aryId=UR_9ZhHcomimQPJcdU&amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;BT=Y3Jvc3NvdmVycmVzZWFyY2hsb
GM&amp;OptOut=dir
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/jfe/form/SV_9RDchloTT3G1r2m?Q_DL=WCVuv0KJPROjq7a_9RDchloTT3G1r2m_C
27 Feb 2025 02:30:18 (GMT +07:00) GC_fiIAZHs83NRiBxT&amp;amp;Q_CHL=email
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/manage/confirmation?recipientId=CGC_fiIAZHs83NRiBxT&amp;am
27 Feb 2025 02:30:18 (GMT +07:00) p;libraryId=UR_9ZhHcomimQPJcdU&amp;amp;distributionId=EMD_WCVuv0KJPROjq7a&amp;amp;BT=Y3Jvc3NvdmVycm
VzZWFyY2hsbGM&amp;amp;OptOut=dir
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 URL:


https://surveys.crossoverresearch.com/subscription/watermark.gif?UID=UR_9ZhHcomimQPJcdU&amp;amp;EMD=EMD_
27 Feb 2025 02:30:18 (GMT +07:00) WCVuv0KJPROjq7a&amp;amp;CGC=CGC_fiIAZHs83NRiBxT&amp;amp;SV=SV_9RDchloTT3G1r2m
, URL reputation: -5.8, Action: URL redirected to Cisco Security proxy.

Message 5923330 rewritten as new message 5923331 by url-reputation-proxy-redirect-action


27 Feb 2025 02:30:18 (GMT +07:00) URL_REWRITE_SUSPICIOUS filter

27 Feb 2025 02:30:18 (GMT +07:00) Start message 5923332 on incoming connection (ICID 0).

27 Feb 2025 02:30:18 (GMT +07:00) A new message 5923332 was generated based on message 5923331 by notify filter URL_REWRITE_SUSPICIOUS.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 enqueued on incoming connection (ICID 0) from IT_Security@canadiabank.com.kh.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 on incoming connection (ICID 0) added recipient (yingho.lau@canadiabank.com.kh).

dcsma-pro1.canadiabank.com - 03 Mar 2025 13:48 (GMT +07:00)

Copyright © 2003-2022 Cisco Systems, Inc. All rights reserved. 2


27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 is not signed. No domain key profile matches IT_Security@canadiabank.com.kh.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 not signed. No DKIM profile matched IT_Security@canadiabank.com.kh.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 (4930 bytes) from IT_Security@canadiabank.com.kh ready.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 queued for delivery.

SMTP delivery connection (DCID 2660637) opened from Cisco IronPort interface 172.16.13.39 to IP address
27 Feb 2025 02:30:18 (GMT +07:00) 172.16.13.57 on port 25.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 scanned by Outbreak Filters. Verdict: Negative

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 queued for delivery.

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660637) Delivery started for message 5923332 to yingho.lau@canadiabank.com.kh.

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660638) Delivery started for message 5923331 to (no recipient data) to offbox Spam Quarantine

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660638) Delivery details: Message 5923331 sent to (no recipient data) delivered to external ISQ.

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 Quarantine Status: SPAM

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923331 to (no recipient data) received remote SMTP response 'ok: Message 391241 accepted'.

27 Feb 2025 02:30:18 (GMT +07:00) (DCID 2660637) Delivery details: Message 5923332 sent to yingho.lau@canadiabank.com.kh

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 Delivery Status: DELIVERED

27 Feb 2025 02:30:18 (GMT +07:00) Message 5923332 to yingho.lau@canadiabank.com.kh received remote SMTP response 'Ok: queued as 807E92A0051'.

Key: Last Event

dcsma-pro1.canadiabank.com - 03 Mar 2025 13:48 (GMT +07:00)

Copyright © 2003-2022 Cisco Systems, Inc. All rights reserved. 3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy