Phish | Entries from Tuesday, January 2. 2024

Harbor Freight phish from Micosoft Outlook

Mechanic Tools set phish from Microsoft Outlook

Fedex phish from Microsoft Outlook

Lowe's Phish from Microsoft Outlook

Fedex Phish from South Africa

Posted by Dave Yadallee on Tuesday, January 2. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 02 Jan 2024 10:30:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rKiZg-00000000KiY-1LK5

for dave@doctor.nl2k.ab.ca;

Tue, 02 Jan 2024 10:29:08 -0700

Resent-From: The Doctor

Resent-Date: Tue, 2 Jan 2024 10:29:08 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-bn1nam02on2080.outbound.protection.outlook.com ([40.107.212.80]:42626 helo=NAM02-BN1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

(envelope-from )

id 1rKhWu-00000000ChL-3ECd

for root@nk.ca;

Tue, 02 Jan 2024 09:22:16 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=k2pMrfgkevuIUc/vYKjTJaBM642r8u67vICWVvWvqSDFU42vgmg4hUBEkCsUET9qcb3mLCujxm045IX9FPPzadforL9yhhFd3tNmNETULesl1mLU52opWebkd8fLSCnm0EC6fC4drQR8+bDQbUqJxX7PUa0F7+KDwKBqrFAgiXgP4VWONvK5LMjsn+515vJJogpcX2vWU99YllHdACmEilfypCeFI/59EErUcnOCNahtNRcg3+uHdyMJd3/j959kwWKMOHyypQqW5ds87K479Yz2hxYYpINGlNAPAwScYoT0DDaQiSK2+UZ2jRa5TiDqJstRWhxo9hf8eVn/OfDG9w==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=kxajbDdO+q5DNjRQgpRAOpOQ1PIcBAn3M6NWhLe01YU=;

b=TxyyAGPzeClcWAH4u9fEYPjXviABMX7hk9PV2NC9SFtxyNlmVwOztyGfQdFfv74LIyu8OTGGfR78PQHaG9jgrlYXDx2cPvcSCtxKYviXjKa7gA/bjx2MpsfCM46FJejKA649UYY/8BPWK4JDAbqMddKX34p2XK/w1XEek9khIWhc6q4ZXA1DTJgdjFD5jNQczjWNZ+DiwjTf65jVEsA04eZnKd/3vqmHBwwN5iVSsFSogarDQ2IO7o48sj+QcEocl39sSl3tVFgZkssjL5CpflJDvAWz1RvaopiWK2Ps+GsnxiQtnlZaQUPrx/84aXsJxQ69uYTTlrpkW1IHYHj6Rw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

78.46.149.17) smtp.rcpttodomain=nk.ca smtp.mailfrom=fw74778.onmicrosoft.com;

dmarc=none action=none header.from=fw74778.onmicrosoft.com; dkim=none

(message not signed); arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=fw74778.onmicrosoft.com; s=selector1-fw74778-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=kxajbDdO+q5DNjRQgpRAOpOQ1PIcBAn3M6NWhLe01YU=;

b=nnhCCtnwtDNgJL47wCw+80dFhVM8yI81bqh4y/HVtXArjFZEVonxMXjnJSEm9K0NcrXGFL6EVJqdKlvT3NBnnae1P1t3R926XeOjp8x41FOqudqlR/PiGr7xALKnNpc5FkVeAdPcVTfawnC/LrYAArheTEPlNiH72HsFce9yR3sTRamT1UQi2IczAZha6U66S4H3+jTr9lInBCt+XjJEJAZgOW7PcqIkJRWWSGvtHyKKmeRc86BShpaEAsyDjF859SqeUPZYQJ5aHePnh+1LVUEWKPAUtBLSv4gZ53pbAhUtjFMgwgvuBRnv3K/MArFlmXw8+uxjH03A/lBZQjGStQ==

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 78.46.149.17)

smtp.mailfrom=fw74778.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=fw74778.onmicrosoft.com;

Date: Tue, 02 Jan 2024 17:15:48 +0100

Subject: =?UTF-8?B?WW91IGhhdmUgd29uIGFuIFBpdHRzYnVyZ2ggTWVjaGFuaWMgVG9vbCBTZXQ=?=

Content-Type: text/html; charset="UTF-8"

MIME-Version: 1.0

From: =?UTF-8?B?SGFyYm9yIEZyZWlnaHQ=?=

Importance: high

Content-Transfer-Encoding: 7bit

In-Reply-To: <2VDkuretc0Ber3UmZTLTUCZcQD6Wms@mLPuMdrxkA.fw74778.onmicrosoft.com>

CC: root@nk.ca

X-TOI-MSGID: <1063958650.74A810259C49D.1704212148848@goldner.net>

To: root@nk.ca

Message-ID:

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9CD:EE_|CY8PR07MB9428:EE_

X-MS-Office365-Filtering-Correlation-Id: c5224b62-7a1a-49d7-9d20-08dc0baec427

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

iOc0+RrmnrXq8M73herKKL2vHoUoExRp1nTOBhjoi/+/dRF6is/ylK8iZN2QqckFBVM/91WKETSH3N49bOptZC93+iD6pSFXgyVABn21zeq99o7cLjsq8Nij8i9YuBbYlr6jqY/A8ijRQ0AtNNIcdaGvEUU5Uky/NQqAIPcbQsSHf4ovR4d5ycmY1Bu8FlCIgdsUHLMQEmuvVEuqb2DXyTh4V2di5Tqedba+jQr+lpgSgNaFAAY8XT74yYhuRM1fOEfivQdgBXdRiY+xoNtiNoUlGTRdib1XWVTpk6cKgJ9G+9b/xnJ269Rd48bFuiZJnMjBouq7zFhSknR8SPdMmyHqhOeiKUMupLMLOg6sNfxmCPn1po7Za1+Ibit5vYdMmXfNI9oN7lf8S4NbCCW8dIm5QhpgoRiAyUr8q6thJUZzklTsmTdLS552KV687NhzIhwq+h9arktRB4E6OwHEmshocROoktQ+lUmJWro9NlB3uBXMozGkBM615EYTgpdcCaksMP1XLuti7M83EkWF8XMUVkQus8Tg77PXbXUdCAg=

X-Forefront-Antispam-Report:

CIP:78.46.149.17;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.goldner.net;PTR:static.17.149.46.78.clients.your-server.de;CAT:NONE;SFS:(13230031)(376002)(136003)(396003)(39860400002)(346002)(230922051799003)(82310400011)(451199024)(186009)(7200799017)(1690799017)(64100799003)(61400799012)(36840700001)(46966006)(40470700004)(558084003)(19625305002)(2906002)(8936002)(8676002)(4326008)(316002)(6916009)(42186006)(8400799017)(786003)(67280400001)(86362001)(5660300002)(478600001)(31696002)(40460700003)(40480700001)(41300700001)(9686003)(26005)(336012)(166002)(47076005)(70206006)(70586007)(81166007)(82740400003)(41320700001)(36860700001)(18963002)(15913002);DIR:OUT;SFP:1101;

X-OriginatorOrg: fw74778.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 16:20:41.9788

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: c5224b62-7a1a-49d7-9d20-08dc0baec427

X-MS-Exchange-CrossTenant-Id: cf8e0fc4-379f-4956-955b-8d3e8197e989

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=cf8e0fc4-379f-4956-955b-8d3e8197e989;Ip=[78.46.149.17];Helo=[mail.goldner.net]

X-MS-Exchange-CrossTenant-AuthSource:

CY4PEPF0000E9CD.namprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR07MB9428

X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message

X-Antivirus-Status: Clean

(1) Notifications

Posted by Dave Yadallee on Tuesday, January 2. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 02 Jan 2024 07:11:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rKfTf-000000001TI-0Q1C

for dave@doctor.nl2k.ab.ca;

Tue, 02 Jan 2024 07:10:43 -0700

Resent-From: The Doctor

Resent-Date: Tue, 2 Jan 2024 07:10:43 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-sn1nam02hn2235.outbound.protection.outlook.com ([52.100.159.235]:52255 helo=NAM02-SN1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

id 1rKdJA-00000000NQu-1NWJ

for doctor@doctor.nl2k.ab.ca;

Tue, 02 Jan 2024 04:51:49 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=OFIIkV04cPh7Ym46zzkD0mmXOh7XHaWn63A8MqV0Sdw+atxKkJqoEyUdmc19GUzIvlRLItEDne4SwwlOwUglbDRXCUIgxUG1v9ZJ9+d/qEHlYo1afeBGor1z8gsa1ADDv8l0Fipb+9LyiUlKBiLSntY/jpbtX92z1O+4lOWsVgQCj4LfiN/LRKiaGd5E+zE/0naZ30T0gDFSFRk5yZWHc0JpvssQB2psIEmPgF47M7QMPlC7xzQkl3MUHQnW5Zr47L3uvNNML6QsYYtQ8dNtRDNCkh3kycDrpvoJNZ+mXJ02WpjySFIWUXN37RBXwpC3/DSVhOO7Us7tMHr0fIfrXw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=MC78I9Q5YmM5PDryJFREJ5tJMMsWlL3FNT+docx8cPY=;

b=YTqOTqfy1a9G2qrGcV596IWsMd2icmZE3bX6uZoW2W0DP5osQjDIJxBTpZxuaYHl2za/jlNwPbHzwt0xr7I/i2poUPicfT69Pnv2PG7XNBVJcJx1Tj3v1Bxs8TMCxRpJv6D3I7uyMhziD4WFu29/xihcF1fYsV/MjsSgcGfFnJaCJFGnrVs0ZWIcwF3mgvJcKydEW8bCGbZvobh9ciFzyfuPD0H5c+gy7U4a3lR8mwT82dUsCrk6aTOq6W06VHBTzHfxQF1ewxbwtt1Eydc7mqQRUckVqefdKSu5C8FlnstW7phIjUkELbz7rQrxq6+Z06mrQL/Jml0IsPTwtVJVEQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is

192.155.93.204) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.helo=mail.thompson.com; dmarc=none action=none

header.from=3ow5edrn42jm.onmicrosoft.com; dkim=none (message not signed);

arc=none (0)

X-MS-Exchange-Authentication-Results: spf=none (sender IP is 192.155.93.204)

smtp.helo=mail.thompson.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=3ow5edrn42jm.onmicrosoft.com;

In-Reply-To:

Content-Type: text/html; charset="UTF-8"

From: =?UTF-8?B?RGVhbHM=?=

X-TOI-MSGID: <1348308374.0F5F6A2DCD55B.1704196121107@thompson.com>

Date: Tue, 02 Jan 2024 12:48:41 +0100

To: doctor@doctor.nl2k.ab.ca

Subject: =?UTF-8?B?WW91ciBjaGFuY2UgdG8gcmVjZWl2ZSBhIEZSRUUgUGl0dHNidXJnaCBNZWNoYW5pYyBUb29sIFNldA==?=

Importance: high

Content-Transfer-Encoding: 7bit

MIME-Version: 1.0

CC: doctor@doctor.nl2k.ab.ca

Message-ID:

<9be35cfd-c58c-4fb0-8980-da967734d23c@DM6NAM12FT116.eop-nam12.prod.protection.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DM6NAM12FT116:EE_|CYXPR08MB9295:EE_

X-MS-Office365-Filtering-Correlation-Id: 1c7a1d21-4e4f-4fbe-439b-08dc0b88f921

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

rjLgszH6TAbiWMacLBqjMws5rnoJLomVXwvcDQ4fZxaNAoyzFE55UxuAEhxTzgh4xD04iL5WtfwzwvFXRT3iR3T70zzIhpax3TMUvEkGxeERPz4M7mTIM+XWyfzqPQ9uLhGU2SP6/Lj+YMwcQQgF/3Ga1+0n4HoidJSvNN/gN8gsfe/La/6WHO6PfRBoBoTBHrlAM3lBuJ+zpVy7UyvXzrUX8LaVILzAeK4HXYD1+3inYLKHgfC2NLuDJukoFxyK7h7rM5SMg51MeI5zjYzVOvkU8kWvJeFTMx22hPNj8GSOiWWYHfgH46pNGpfTeYlvmNTJi5Pri/mfSRLB+EUTl7Z4j5dEYCKXKY3Z5wqV98UgosiFTK5dLlVwHIWiqzODkUBTVEJ5QUvwQ2fEExvo2wWwUCu6aV86zs6H/BIwjOkUyPTIXoNvIOTxmTqnmHImtfCKJMUBZ6Gl12d9JsxqPKhEWdzcp+0T5yFAwFN5bnlilyFwqUZkC2uSI03NWeEoqt+/z9l5XDvvNQDRF4ytZQ==

X-Forefront-Antispam-Report:

CIP:192.155.93.204;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.thompson.com;PTR:192-155-93-204.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(346002)(376002)(39860400002)(396003)(136003)(230922051799003)(1800799012)(64100799003)(82310400011)(1690799017)(7200799017)(451199024)(46966006)(31686004)(41320700001)(558084003)(40480700001)(8400799017)(70206006)(6916009)(9686003)(70586007)(31696002)(336012)(166002)(81166007)(42882007)(34020700004)(17440700003)(41300700001)(26005)(47076005)(67280400001)(2906002)(5660300002)(19625305002)(4326008)(498600001)(316002)(82740400003)(35950700001)(8676002)(42186006)(786003)(78352004)(8936002)(27303002);DIR:OUT;SFP:1501;

X-OriginatorOrg: 3ow5edrn42jm.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 11:50:10.1838

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 1c7a1d21-4e4f-4fbe-439b-08dc0b88f921

X-MS-Exchange-CrossTenant-Id: 996fe34f-a6c1-47c2-90c4-af43d614eed4

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=996fe34f-a6c1-47c2-90c4-af43d614eed4;Ip=[192.155.93.204];Helo=[mail.thompson.com]

X-MS-Exchange-CrossTenant-AuthSource:

DM6NAM12FT116.eop-nam12.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYXPR08MB9295

X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message

X-Antivirus-Status: Clean

(1) Notifications

Posted by Dave Yadallee on Tuesday, January 2. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 01 Jan 2024 21:12:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rKW7X-00000000GaX-3T0B

for dave@doctor.nl2k.ab.ca;

Mon, 01 Jan 2024 21:11:17 -0700

Resent-From: The Doctor

Resent-Date: Mon, 1 Jan 2024 21:11:15 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-he1eur01on2085.outbound.protection.outlook.com ([40.107.13.85]:38918 helo=EUR01-HE1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

(envelope-from )

id 1rKT6T-000000005lP-3zw6

for doctor@doctor.nl2k.ab.ca;

Mon, 01 Jan 2024 17:58:02 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=dI8a83nJ4TKmUchF2CPCrBeTNt4DLkBSpRIgJQRfzakBZATHBYy1YsG43pIMLuWgMTpRIm37e1bnZUVjwqiEeCfQlnC55u6JF+cFSsMxwS+ampcaoSz3auLOoSBCgcnXCrYlugx982kyboYF4ob0NVOKRpR6iO357tseITwaaJj40x+MW1DjArImGpXPinTwcgxhnJ7WvThX5nqYWkuydsrvhdjjI/V8Nkc6UQWvxgiXDSzNt5S9HngSOD0uFNyJ3mlatqvf0Wy0/HPPQqjPN/oW3Nel4CFweMiYXjAxtvrzMlILkhxDxWi20l3RiPEcgggngGn9Rf2BWiRTuIEO6Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=Iu86pevGI6f3Kn2y95ZVE5hQCCxLzGNRLecx+H3nPw8=;

b=fRpXRYxCE/G3PfpkfL9fr1zmBCCyQCuOMIO/UVOy22ArFFkimXJhZvmfpKelK+76grVYVONx6GyIEoV9JT1ILcbXockAOmvknezLb48t8AZwEwnDOQM1lYKZMaDksmlgyhzc5nqXcpUla+65S86Uq9vtp7ThtM4iB9BG1r4mVfPh2F/GrdVYr8AJFXz95IpXgT5B0R35YVmmNktrGLWFF6na5advaIcCOHl00XAH1AQv62VICT73xOLpPxpiu8zZ4TUZvd+zw+iMM5jmOkycAePQzzVViuKGpJMyRRnxKU3p4l3ZnJ29ev7KwDvFdkir552kMDu962b0Fs2JSBsD0w==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

172.233.201.235) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=sp001ms.onmicrosoft.com; dmarc=none action=none

header.from=sp001ms.onmicrosoft.com; dkim=none (message not signed); arc=none

(0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.233.201.235)

smtp.mailfrom=SP001MS.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=SP001MS.onmicrosoft.com;

From: =?UTF-8?B?U2hpcHBpbmcgRGVwYXJ0bWVudA==?=

MIME-Version: 1.0

Date: Tue, 02 Jan 2024 01:41:51 +0100

Subject: important for doctor

Importance: high

X-TOI-MSGID: <2038403522.3B481D63B29B5.1704156111307@walsh.com>

In-Reply-To:

To: doctor@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; charset="UTF-8";boundary="PART.U9poIpL.wzrizmjc"

Message-ID: <010783659492603039d9ee-c69a3509-5c85-481d-822e-ba65c204e1ba-000000@ibm.com>

CC: doctor@doctor.nl2k.ab.ca

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DB5PEPF00014B91:EE_|AM0P193MB0563:EE_

X-MS-Office365-Filtering-Correlation-Id: 04b48100-4654-4146-c419-08dc0b2da4bc

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

SSEhpUIue6YqnQm1CS//WN2/4AJGsFluTVkX4qNMRhxUZjLcd8xZE3ojPMeG7m1V8iep3/srpMSRXCI0nhIw5Pzh2WCg7OZsGqpiql3OfugeULP57oQr75JQTIyxIrU/G1zLpvECDim1W2n5xPLBpgmlGNpBcM9RWH8DDrcjYCxVn6CNGCcEgkFFlAq5j4lT44kLZoORbYqKxsAaF5st8gGv0b6y8iygqMBMuTmPW3lx+bUS1p13rIo7uLsvLUkrm1o0Ultakg4kbD6huGtChaxOTlHtiCzl85QmjjshSMPTOBLd+LybLk35QAopbG5putRpDlLosDWQ54/XwOPwtXVddxMzdFFM9qv5tixhKneZHhmy0xGQusnQUFCNS1zgBkN1pIbo6imofX4NCTVDRrOLFb+uQIgTO8x9nfHdYQxgHhbWlmTdpla6yb5G/tQ2CyY1V0X7P21bytjIwE6ggQVn8sBQc7Xu1Hmqr1hmu//rhLAONljYXt2sY6EqlgkBxXdG98t2DHXwug5636ALrT++irIGGOySExLf5ak2Jk/Ks20WrCQyKD5jdY2qMxpPJPb4kEp5vssTyRLqNrFG1iEbOXgyWZVHPOkjccn86GZblhk2JWJpxn/jsHfnObgWgYRdhQGZl+QPzstRMLHDKECtxOB8UNcF8/FnKeMshSL2v3t9s2ualIwgR2VeXzYQYCinzIj8k+M5sLAiUfv6EjRN8vU9jLNgjVEC16tkwINjt9ZSclVEZTnUeQAhl5NtkFWSIE79D8MJ9rNg7dq0csy7sq9MAshuptCE+dO7Zj5+mTB30ywgDQiONNItATn/vJHL6/Dwy7tAiOPvg5G97A==

X-Forefront-Antispam-Report:

CIP:172.233.201.235;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.walsh.com;PTR:172-233-201-235.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(376002)(346002)(39860400002)(396003)(136003)(230922051799003)(64100799003)(186009)(7200799017)(451199024)(1690799017)(82310400011)(61400799012)(36840700001)(46966006)(40470700004)(41320700001)(564344004)(36756003)(40480700001)(8400799017)(40460700003)(3082699003)(6082699003)(66899024)(6916009)(9686003)(33964004)(70586007)(70206006)(336012)(82740400003)(81166007)(166002)(83380400001)(47076005)(26005)(34020700004)(2906002)(5660300002)(4326008)(478600001)(41300700001)(3480700007)(36860700001)(786003)(316002)(42186006)(7116003)(8936002)(8676002)(1406899027);DIR:OUT;SFP:1101;

X-OriginatorOrg: SP001MS.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 00:56:24.3004

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 04b48100-4654-4146-c419-08dc0b2da4bc

X-MS-Exchange-CrossTenant-Id: 54df9498-ecf9-49f8-a5cb-a75466b90ebd

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=54df9498-ecf9-49f8-a5cb-a75466b90ebd;Ip=[172.233.201.235];Helo=[mail.walsh.com]

X-MS-Exchange-CrossTenant-AuthSource:

DB5PEPF00014B91.eurprd02.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P193MB0563

X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message

X-Antivirus-Status: Clean

--PART.U9poIpL.wzrizmjc

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset="UTF-8"

(2564) Notifications

If you no longer wish to receive these emails, you may unsubscribe by

clicking here.

--PART.U9poIpL.wzrizmjc--

Posted by Dave Yadallee on Tuesday, January 2. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 31 Dec 2023 16:15:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rK50z-000000002Gf-2Cf8

for dave@doctor.nl2k.ab.ca;

Sun, 31 Dec 2023 16:14:41 -0700

Resent-From: The Doctor

Resent-Date: Sun, 31 Dec 2023 16:14:41 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-am0eur02on2085.outbound.protection.outlook.com ([40.107.247.85]:5920 helo=EUR02-AM0-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

(envelope-from )

id 1rK1ws-00000000J5S-10yw

for doctor@doctor.nl2k.ab.ca;

Sun, 31 Dec 2023 12:58:18 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=Al9Aeh7dWxyNQ4/exk0Zy6pVIHFeZu3u7j/fc0VzSMC9n1SmSzbMWyoOMHNezJNA1/uY2JRwaj2Dj8jkeQIwMbx8adC1qC/DSBO88omeRBrG4oRq6PjsAEPzMdCwtSo7P2Mtw6Rn2YsoZnXVa8ZYz5Zq3WLWe/CyiqDnRMEVgqxtcGs5/w9CXR1leXJ1Je6kuJIQR+gbr5XCR+4Z0sBjHCEO81pvn3iAVKnoUn7VNuXprsyQQAcO5F5/q18C6OCENSwaKKACVrRchThdkQ1uUg16DYYbcmwiN2fXk1NLEGXv43ZiJxHt3jkItRx8HyxP5EgyJZlCtz83ars4pumdhw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=782cJaxP1H2rldUD0jfD1MxkRGlm/LI3U+xBl3yrEPI=;

b=CP8fmr+zL2YsE6/GPy1Cpl+t85GOFUBLhnolX7whHzbl504JGd1JoMABQWnm252wlEMmb/RoNKpV5V1zv4JuDQ4gPmfB5zXAtiRHb5OY59xaEPdnU+lR+SdfVUQmAELk3E+Vf3nh5AX4N1tSV6f2L1RUUk9r3Lb8FzIY9VhPs4tX/HxhKuC6mL5raefpBQN/xP2+6EwJT2twXubCNjq9NitYNubKL8TrHT9JudHd110A9+svnN+STI2mHtZHtzX/YHPeGxCe+oE5aYyNSwya8CsmYZf3dO6gaYNtjoiBCMSRkChaJyTuVeFFVeNG1GtvI2BqxPehwH/V5n9mUvycjQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

172.234.30.81) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.mailfrom=jymmgqxbugfoo.onmicrosoft.com; dmarc=none action=none

header.from=jymmgqxbugfoo.onmicrosoft.com; dkim=none (message not signed);

arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.234.30.81)

smtp.mailfrom=jymmgqxbugfoo.onmicrosoft.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none

header.from=jymmgqxbugfoo.onmicrosoft.com;

Message-ID: <010798921223393039d9ee-c69a3509-5c85-481d-822e-ba65c204e1ba-000000@lows.com>

From: Lowe's Rewards

CC: doctor@doctor.nl2k.ab.ca

In-Reply-To:

Importance: high

To: doctor@doctor.nl2k.ab.ca

MIME-Version: 1.0

Content-Type: multipart/alternative; charset="UTF-8";boundary="PART.FWWUXTX.dyxoqoog"

Subject: Makita 6-pc Combo Kit - Shipment Pending

Date: Sun, 31 Dec 2023 20:23:22 +0100

X-TOI-MSGID: <1298919912.3BD68B9824062.1704050602476@schinner.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: AMS0EPF000001B0:EE_|AM7P194MB0851:EE_

X-MS-Office365-Filtering-Correlation-Id: e4335dee-0764-4de4-f087-08dc0a3a9b1b

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

6RhXM33xY7ngLSxicUpSaCW1uWMkJ5Uj40RbCUww7Ge8L3cVDWJ/XWskyV97M68dacrD00kj4Xiu8q1Fg+Nf2tCY3ZDs9/Cx2ck6rJ+137JrZ7+e2036zWWhYJ/tgYT414vLN0PQXCpoPBE3m8zTIiFmAqC01+w8R9fouO/pe5XEUceH5/a7o/K58suZx+TWGJgcRhfgWfcdHOjRYDK1JYbiOAIuYZDQHQINEzfliCQaJITt0iHRjNqGW/9bzgwJGpUlvkQ8/5fMaJo6UFK/fZqd9gZaJyfio/M+E+o859xle0u7wI+hZZXNDuVccec9E2dMxddkcb90KXkgh+mieq0PK3rVUDm7FMtHgMpndbzt7y1/4WQNCIOQHLNGiwAqZ7DoHFfODJnWf2y6NQ9NodsXJRPGBFqeNqbdKlpLZgG56P1EBHx8ayRP5EQQn5oe6u4YVNaavkImYNg0qilpQTZ5NANGfkhD5zkZr/UQqW+uyB50YhB1piy54O6GAMYoPSyjZIx2b6bC17DDxFPPZYKnL33ivhYNqJmabaQwyWLrd1p3ilSjAkztCVxSkoR4VJcVCRWEroKbhLkJMXnXvFNkjN9nbVyCE+eiPY0X2bqrXyr0A4tINJI9exlC11HEo+Bk71VRj+jirJJYKzJY2TH5WEhTEnqAc6MdFnIYVV3/nU4GexEbaAgYB+OzZx7K4RBHapUWpNaiWUlAgM3yTHmfigDTejR+iynLuy6hDWG1SyuGWR+g2cyamKuqa9DC4YCPaZ/Xhe6Cpu4wUIaSFImEPgiOA9E3lA+2FgdY1DQ=

X-Forefront-Antispam-Report:

CIP:172.234.30.81;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schinner.com;PTR:172-234-30-81.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(136003)(346002)(396003)(39860400002)(376002)(230922051799003)(1800799012)(186009)(64100799003)(82310400011)(7200799017)(1690799017)(451199024)(46966006)(40470700004)(36840700001)(36860700001)(478600001)(40460700003)(41300700001)(82740400003)(8400799017)(6916009)(166002)(36756003)(4326008)(316002)(786003)(81166007)(42186006)(70206006)(70586007)(33964004)(9686003)(47076005)(336012)(26005)(40480700001)(83380400001)(8936002)(8676002)(34020700004)(564344004)(2906002)(5660300002)(41320700001)(66899024)(1406899027);DIR:OUT;SFP:1101;

X-OriginatorOrg: jymmgqxbugfoo.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Dec 2023 19:56:40.3792

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: e4335dee-0764-4de4-f087-08dc0a3a9b1b

X-MS-Exchange-CrossTenant-Id: f4cc3e89-0934-4905-bf95-877cb6adb575

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f4cc3e89-0934-4905-bf95-877cb6adb575;Ip=[172.234.30.81];Helo=[mail.schinner.com]

X-MS-Exchange-CrossTenant-AuthSource:

AMS0EPF000001B0.eurprd05.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P194MB0851

X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message

X-Antivirus-Status: Clean

--PART.FWWUXTX.dyxoqoog

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset="UTF-8"

(0071) Notifications

If you no longer wish to receive these emails, you may unsubscribe by

clicking here.

--PART.FWWUXTX.dyxoqoog--

January '24

Posted by Dave Yadallee on Tuesday, January 2. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 31 Dec 2023 16:15:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))

(envelope-from )

id 1rK51A-000000002Kh-169O

for dave@doctor.nl2k.ab.ca;

Sun, 31 Dec 2023 16:14:52 -0700

Resent-From: The Doctor

Resent-Date: Sun, 31 Dec 2023 16:14:52 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from bluetreeconceptscc.dedicated.co.za ([197.242.151.29]:51332 helo=honmotakeshi.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.97 (FreeBSD))

(envelope-from )

id 1rK1xi-00000000JKM-078Y

for sales@nk.ca;

Sun, 31 Dec 2023 12:59:11 -0700

Received: by honmotakeshi.com (Postfix, from userid 33)

id E3BC21A833E; Sun, 31 Dec 2023 21:36:24 +0200 (SAST)

To: sales@nk.ca

Subject: Take advantage of our latest delivery services in 2023. Don't miss the chance to pick up your parcels.

Date: Sun, 31 Dec 2023 21:36:24 +0200

From: FedEx Express

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_bd4f61d44a375811b1d508398d254b7b"

Content-Transfer-Encoding: 8bit

X-Spam_score: 14.4

X-Spam_score_int: 144

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear sales@nk.ca, Your package NÂ° CA10090R67**** is under

transport. You've missed your scheduled delivery due to incorrect address.

We ask you to pay the fees of 0.99 CAD to schedule a new attempt of delivery

using the button below:

Content analysis details: (14.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: tt.vg]

1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all mail

and suggests discarding the rest

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=service%40fedex.com;ip=197.242.151.29;r=doctor.nl2k.ab.ca]

2.0 WIKI_IMG URI: Image from wikipedia

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.3 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

1.6 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Take advantage of our latest delivery services in 2023. Don't miss the chance to pick up your parcels.

X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message

X-Antivirus-Status: Clean

This is a multi-part message in MIME format.

--b1_bd4f61d44a375811b1d508398d254b7b

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Dear sales@nk.ca,

Your package NÂ°Â CA10090R67****Â is under transport.

You've missed your scheduled delivery due to incorrect address. We ask you to pay the fees ofÂ 0.99 CADÂ to schedule a new attempt of deliveryÂ using the button below:

Receive your delivery

This is your last notice before the package is returned to sender in accordance with our terms of use.

*Arrived at FedEx Post Office Origin Facility: 12.31.2023 11:00:51 AM

--b1_bd4f61d44a375811b1d508398d254b7b

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

Dear sales@nk.ca,

Your package NÂ°Â CA10090R67****Â is under transport.

You've missed your scheduled delivery due to incorrect address. We ask you to pay the fees ofÂ 0.99 CADÂ to schedule a new attempt of deliveryÂ using the button below:

Receive your delivery

This is your last notice before the package is returned to sender in accordance with our terms of use.

*Arrived at FedEx Post Office Origin Facility: 12.31.2023 11:00:51 AM

--b1_bd4f61d44a375811b1d508398d254b7b--