Harbor Freight phish from Micosoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 31 Dec 2023 04:23:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from)
id 1rJttf-000000009AM-2PuY
for dave@doctor.nl2k.ab.ca;
Sun, 31 Dec 2023 04:22:23 -0700
Resent-From: The Doctor
Resent-Date: Sun, 31 Dec 2023 04:22:23 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam12hn2206.outbound.protection.outlook.com ([52.100.166.206]:44129 helo=NAM12-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97 (FreeBSD))
id 1rJkVS-00000000LGU-2bBB
for doctor@doctor.nl2k.ab.ca;
Sat, 30 Dec 2023 18:20:50 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=m2sVh3Z9GjFLYSVxxqC+BlANlEoWJExuOaRe+Y6Cwxgjp5hqEWxcJUc2qsCLeu7M9naXvn5jjcHkpqOpv24Avd2W2rDt/HZgAk28wOO7iFXChsVG/KU16yCVVkH2IgovBzNGwo5isqRryvXOCGmc5zd2CPwtp+4I3jCSyzOTwjqS6CS9qgUYBqbGEL0qZ81/vdnZgC2Hz40jg0WnZoqQxzPFIZXa/eBo4K2q5H/HdX1xK1jf5vnMXts+1qgQRKxJ+wITj+9h9nyCXz9kxhATHmYGXRDnB3+33KMgFI2l9QomHACXTm976NCYgyi2YV/AwPiF1DgfJEryHERQ8d3//g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=yAxdiMhzSkivXmPMWFqC3Hq69ovLWyWd7r1EYzW2wJM=;
b=iZ85OuA8ts0r8/ASgZOMr60qPLgs918J9iy/B2dXuu0qtdw522GAblr2eZipN3t3n7qQW5+dOAEVr9tS3m1SCcaV38D7cZ/Z9YQrMptPZqu9iZB8ABvzKXc84VPndN64EqG9G1C/HQGzakeGxIfUrSK2EcI9iIL9H9GYIlTDyvmA/PNYx6Al7w63hCZxg9Ez5/pnt0L95dEGFofcxcXxLRyG7aBvg6exDcQe+knQVoqOCxtTbzDXWlae8nbTWaRNBpHNEMBNXu/Nx1o7Fhk0fJZ3VZ1vUfDOQ7U/kXWtHCGpMlf5X9nkPiC8tdtIvDg2KO5NajBCtbNzCY1kjNvGng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
192.155.93.204) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.helo=mail.thompson.com; dmarc=none action=none
header.from=malcis.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=malcis.onmicrosoft.com; s=selector1-malcis-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yAxdiMhzSkivXmPMWFqC3Hq69ovLWyWd7r1EYzW2wJM=;
b=Z1uxfb8zqZnSrRQ+es44vck4rU1imuyf6/gNyvnv9sK4X9JDciFbJE05ITpPXC4SlJ0/FcWyMqfoEp7NqYXFkWOsfKiI+XH+6/m23v11qPV+d1+QdOXDr7CjsdlXA8IdPh/B4G98tdc0GeZimq8LlbkRom8l9/yYMl8iG9ogPX0duC7pxt2cksNitZZ+AW/gP6h5YHOf0d4viUj3yF6SSXXV5CUMA5fQRgmVvI9SEKl33DyJzcS9wnVmmmdyqyrTCeF5fESD43YINGFReybX+kOl8VugpypTRE1hQmV3LGrYPUsNU9yAwtFVWXYUt2Ke6WNY9Q0+ATj7p6zpWg5XyQ==
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 192.155.93.204)
smtp.helo=mail.thompson.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=malcis.onmicrosoft.com;
Subject: =?UTF-8?B?Q2VsZWJyYXRpbmcgSGFyYm9yIEZyZWlnaHQgYW5uaXZlcnNhcnkgd2l0aCBhbiBQaXR0c2J1cmdoIE1lY2hhbmljIFRvb2wgU2V0?=
MIME-Version: 1.0
To: doctor@doctor.nl2k.ab.ca
Importance: high
X-TOI-MSGID: <1919043148.2A9A964613146.1703985389649@thompson.com>
Date: Sun, 31 Dec 2023 02:16:29 +0100
Content-Type: text/html; charset="UTF-8"
From: =?UTF-8?B?SGFyYm9yIEZyZWlnaHQ=?=
Content-Transfer-Encoding: 7bit
CC: doctor@doctor.nl2k.ab.ca
In-Reply-To: <1foXLxI96ky2a3hP2rwASVZa6A1WRd@ZcqsLyUBeP.malcis.onmicrosoft.com>
Message-ID:
<589c6609-0dad-4f4b-b20d-f2b3cebed5df@BN8NAM12FT082.eop-nam12.prod.protection.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM12FT082:EE_|BY5PR22MB1921:EE_
X-MS-Office365-Filtering-Correlation-Id: fddcf1ed-44ce-4ed4-b865-08dc099e80d6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
+D+HdbXzUZDkC8II8e5ZKSiiHKgmmGejkSow92ER/boA38CzEWlxezEVRsVkMcPHRE3aal0JeFiZvwiCy3BdD3ItjmkkDPEZM53e8AiWM+pmXaTMfw1TITqKtB8jYu3hKJkyxse9rPzYMr8vbF5KWzaw2NMJN+MgpkqzFTwpbK8/MOE+Ehwmn11/HlPHxp5NrPereyOUdP2MCXedbjvwqg09exbgnm0ysfvS06mkrQ/eBTe4V4qOassfnyuV1dNVUZ9k8dxL1e3Gibn9QmRgE6cNUbvDXCLZvzGslTeFph9Ri7J4B5ZjRlFkLHWKfKVFDESXIUr2yHlpLtuDSjbp8AyDV7CR8VQxTDKBdVDDP+Yn7Fb7bS6FtcsR+E4lCmpFqdd2aN2K7UYXwZr7az5B/sJ9PVRv8s6uobOCh2Qo7YVj88mWdvvWiQA/s1oD0QVaHANdZOwp3ZwokS7KNxirv9rY0RQXJ5+9YhoDNmY3C2wbZ2r1AbxH3D10WjUrMZsE
X-Forefront-Antispam-Report:
CIP:192.155.93.204;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.thompson.com;PTR:192-155-93-204.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(39850400004)(396003)(346002)(376002)(136003)(230922051799003)(7200799017)(1690799017)(451199024)(64100799003)(82310400011)(61400799012)(46966006)(336012)(42882007)(26005)(9686003)(35950700001)(17440700003)(34020700004)(47076005)(5660300002)(19625305002)(4326008)(67280400001)(41300700001)(2906002)(498600001)(316002)(78352004)(786003)(8676002)(8936002)(70586007)(70206006)(6916009)(42186006)(31696002)(41320700001)(558084003)(81166007)(166002)(82740400003)(40480700001)(31686004)(8400799017);DIR:OUT;SFP:1501;
X-OriginatorOrg: malcis.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Dec 2023 01:19:14.5649
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fddcf1ed-44ce-4ed4-b865-08dc099e80d6
X-MS-Exchange-CrossTenant-Id: c7dc7f4c-7a03-4c13-85cd-0a4d483a5ff1
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c7dc7f4c-7a03-4c13-85cd-0a4d483a5ff1;Ip=[192.155.93.204];Helo=[mail.thompson.com]
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM12FT082.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR22MB1921
X-Antivirus: AVG (VPS 231231-0, 12/30/2023), Inbound message
X-Antivirus-Status: Clean
(1) Notifications
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 31 Dec 2023 04:23:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from
id 1rJttf-000000009AM-2PuY
for dave@doctor.nl2k.ab.ca;
Sun, 31 Dec 2023 04:22:23 -0700
Resent-From: The Doctor
Resent-Date: Sun, 31 Dec 2023 04:22:23 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam12hn2206.outbound.protection.outlook.com ([52.100.166.206]:44129 helo=NAM12-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97 (FreeBSD))
id 1rJkVS-00000000LGU-2bBB
for doctor@doctor.nl2k.ab.ca;
Sat, 30 Dec 2023 18:20:50 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=m2sVh3Z9GjFLYSVxxqC+BlANlEoWJExuOaRe+Y6Cwxgjp5hqEWxcJUc2qsCLeu7M9naXvn5jjcHkpqOpv24Avd2W2rDt/HZgAk28wOO7iFXChsVG/KU16yCVVkH2IgovBzNGwo5isqRryvXOCGmc5zd2CPwtp+4I3jCSyzOTwjqS6CS9qgUYBqbGEL0qZ81/vdnZgC2Hz40jg0WnZoqQxzPFIZXa/eBo4K2q5H/HdX1xK1jf5vnMXts+1qgQRKxJ+wITj+9h9nyCXz9kxhATHmYGXRDnB3+33KMgFI2l9QomHACXTm976NCYgyi2YV/AwPiF1DgfJEryHERQ8d3//g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=yAxdiMhzSkivXmPMWFqC3Hq69ovLWyWd7r1EYzW2wJM=;
b=iZ85OuA8ts0r8/ASgZOMr60qPLgs918J9iy/B2dXuu0qtdw522GAblr2eZipN3t3n7qQW5+dOAEVr9tS3m1SCcaV38D7cZ/Z9YQrMptPZqu9iZB8ABvzKXc84VPndN64EqG9G1C/HQGzakeGxIfUrSK2EcI9iIL9H9GYIlTDyvmA/PNYx6Al7w63hCZxg9Ez5/pnt0L95dEGFofcxcXxLRyG7aBvg6exDcQe+knQVoqOCxtTbzDXWlae8nbTWaRNBpHNEMBNXu/Nx1o7Fhk0fJZ3VZ1vUfDOQ7U/kXWtHCGpMlf5X9nkPiC8tdtIvDg2KO5NajBCtbNzCY1kjNvGng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
192.155.93.204) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.helo=mail.thompson.com; dmarc=none action=none
header.from=malcis.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=malcis.onmicrosoft.com; s=selector1-malcis-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yAxdiMhzSkivXmPMWFqC3Hq69ovLWyWd7r1EYzW2wJM=;
b=Z1uxfb8zqZnSrRQ+es44vck4rU1imuyf6/gNyvnv9sK4X9JDciFbJE05ITpPXC4SlJ0/FcWyMqfoEp7NqYXFkWOsfKiI+XH+6/m23v11qPV+d1+QdOXDr7CjsdlXA8IdPh/B4G98tdc0GeZimq8LlbkRom8l9/yYMl8iG9ogPX0duC7pxt2cksNitZZ+AW/gP6h5YHOf0d4viUj3yF6SSXXV5CUMA5fQRgmVvI9SEKl33DyJzcS9wnVmmmdyqyrTCeF5fESD43YINGFReybX+kOl8VugpypTRE1hQmV3LGrYPUsNU9yAwtFVWXYUt2Ke6WNY9Q0+ATj7p6zpWg5XyQ==
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 192.155.93.204)
smtp.helo=mail.thompson.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=malcis.onmicrosoft.com;
Subject: =?UTF-8?B?Q2VsZWJyYXRpbmcgSGFyYm9yIEZyZWlnaHQgYW5uaXZlcnNhcnkgd2l0aCBhbiBQaXR0c2J1cmdoIE1lY2hhbmljIFRvb2wgU2V0?=
MIME-Version: 1.0
To: doctor@doctor.nl2k.ab.ca
Importance: high
X-TOI-MSGID: <1919043148.2A9A964613146.1703985389649@thompson.com>
Date: Sun, 31 Dec 2023 02:16:29 +0100
Content-Type: text/html; charset="UTF-8"
From: =?UTF-8?B?SGFyYm9yIEZyZWlnaHQ=?=
Content-Transfer-Encoding: 7bit
CC: doctor@doctor.nl2k.ab.ca
In-Reply-To: <1foXLxI96ky2a3hP2rwASVZa6A1WRd@ZcqsLyUBeP.malcis.onmicrosoft.com>
Message-ID:
<589c6609-0dad-4f4b-b20d-f2b3cebed5df@BN8NAM12FT082.eop-nam12.prod.protection.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM12FT082:EE_|BY5PR22MB1921:EE_
X-MS-Office365-Filtering-Correlation-Id: fddcf1ed-44ce-4ed4-b865-08dc099e80d6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
+D+HdbXzUZDkC8II8e5ZKSiiHKgmmGejkSow92ER/boA38CzEWlxezEVRsVkMcPHRE3aal0JeFiZvwiCy3BdD3ItjmkkDPEZM53e8AiWM+pmXaTMfw1TITqKtB8jYu3hKJkyxse9rPzYMr8vbF5KWzaw2NMJN+MgpkqzFTwpbK8/MOE+Ehwmn11/HlPHxp5NrPereyOUdP2MCXedbjvwqg09exbgnm0ysfvS06mkrQ/eBTe4V4qOassfnyuV1dNVUZ9k8dxL1e3Gibn9QmRgE6cNUbvDXCLZvzGslTeFph9Ri7J4B5ZjRlFkLHWKfKVFDESXIUr2yHlpLtuDSjbp8AyDV7CR8VQxTDKBdVDDP+Yn7Fb7bS6FtcsR+E4lCmpFqdd2aN2K7UYXwZr7az5B/sJ9PVRv8s6uobOCh2Qo7YVj88mWdvvWiQA/s1oD0QVaHANdZOwp3ZwokS7KNxirv9rY0RQXJ5+9YhoDNmY3C2wbZ2r1AbxH3D10WjUrMZsE
X-Forefront-Antispam-Report:
CIP:192.155.93.204;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.thompson.com;PTR:192-155-93-204.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(39850400004)(396003)(346002)(376002)(136003)(230922051799003)(7200799017)(1690799017)(451199024)(64100799003)(82310400011)(61400799012)(46966006)(336012)(42882007)(26005)(9686003)(35950700001)(17440700003)(34020700004)(47076005)(5660300002)(19625305002)(4326008)(67280400001)(41300700001)(2906002)(498600001)(316002)(78352004)(786003)(8676002)(8936002)(70586007)(70206006)(6916009)(42186006)(31696002)(41320700001)(558084003)(81166007)(166002)(82740400003)(40480700001)(31686004)(8400799017);DIR:OUT;SFP:1501;
X-OriginatorOrg: malcis.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Dec 2023 01:19:14.5649
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fddcf1ed-44ce-4ed4-b865-08dc099e80d6
X-MS-Exchange-CrossTenant-Id: c7dc7f4c-7a03-4c13-85cd-0a4d483a5ff1
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c7dc7f4c-7a03-4c13-85cd-0a4d483a5ff1;Ip=[192.155.93.204];Helo=[mail.thompson.com]
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM12FT082.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR22MB1921
X-Antivirus: AVG (VPS 231231-0, 12/30/2023), Inbound message
X-Antivirus-Status: Clean
|
