Kroger Cookware Phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 12 Jan 2024 19:09:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rOTRY-000000008WA-06jT
for dave@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:08:16 -0700
Resent-From: The Doctor
Resent-Date: Fri, 12 Jan 2024 19:08:16 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-am6eur05on2118.outbound.protection.outlook.com ([40.107.22.118]:16608 helo=EUR05-AM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rOTJj-0000000083Z-2B1t
for doctor@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:00:15 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=FUsE+6bK+Fp0FGKq6RiU6C1AwTke351i6/iGIoP6D41NulAywByHD4L/pBcytapc4NBfwpoqKr5lIBUcjBGg/A3VsjygFwNlS3Gd2QkbEv0HA0qxAL+hIfazoZLdbRmd1pF7BbC6mBCGRpWP7384L3Pa6puZagDx7npuLAHeg8Q/Z+OPJrfsxAWq4SUMrm2LJlKPaMQrf8LizPPQyHSd0DqcIUMZwbIiD9TGOTElt5oMNP042LnfOfn9B5XZvm5fTTCYz7dwhIGhb6IoUTyfQWRaUdLkEWk+28WTuXwJ8kNwWcAFD8gN9uqhY1Ejwl/NYj8lQkqU8VGs0nN6cmqmTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=RH0Cf2jYZpmLhK90TKzy2U69L83UvT4G5coVkyG4Hp9khIEa3LutBz8/GPhJsNFAar+w0i/nmtLQITFCwjsZ0RF1V3Bet50HQli4mVVtrSsHu6BkkHy324uZPEwSYDweqVXGaFlwOJP0LOW4IQBuAKE00hBDJTuJsFW8mKC9cGh8zNeg9dqUoVPTdk3ZfIfsg/wRZf0G77PdDlW1i6wJIPCMoK01DXXcSr+1zDEcO0TEiTwPmKYpUDapUfesPVD3mEj9JGEHv/ei4ydxvLficDE9O3ah1MFgjuPy857Y4Y9qmShigHEPhuN9YUCWyLV/k9qmiif0b5aXY3aXARTFAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
45.79.214.223) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.mailfrom=t03ms.onmicrosoft.com; dmarc=none action=none
header.from=t03ms.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=T03MS.onmicrosoft.com;
s=selector1-T03MS-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=d40+gnlI61+56OpcjDzW4idP6HJTvnjSyGx27fVUQLDA5bE+hMStiyGWQMFy11NkbB72n6HGtfOlzAOhOgfAq8LsprTcCWCWJ4BIvwRQMKDBbElH+K2Ja8vTQq6XKLAKT5w4RcB8hdZI7TurTzhOv+ZmqGSzMhVr7oiTinO8Ki8Yo/gDbF9O1QZ2BI7InWwzG6f9rPmBoSRuXgdYWeIdkfhZB/SLU0m/wfHR8KadChNU2t0/RP19Qmd5SEoS8WcJLpqMyfo2u9LQPJkrsEFUabrO6IGYVZ42foIlJnKCmTMtuqygCwWBf1lIz8TMuqAWBkELtqkrlzj86o5/+s4A/g==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.79.214.223)
smtp.mailfrom=T03MS.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=T03MS.onmicrosoft.com;
Importance: high
MIME-Version: 1.0
In-Reply-To:
From: Kroger Shipment
To: doctor@doctor.nl2k.ab.ca
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
CC: doctor@doctor.nl2k.ab.ca
Date: Sat, 13 Jan 2024 02:54:50 +0100
Subject: Make a Difference, Get Rewarded: Survey Now
Message-ID:
<3828a566-1310-4e4e-9b45-723d6b23a2e7@AM3PEPF0000A78E.eurprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM3PEPF0000A78E:EE_|DU0PR07MB8995:EE_
X-MS-Office365-Filtering-Correlation-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
eZMPPT4vpjqcEs5BY5e3Amn/A16PiSsc5MMFFDxUItyAaN1Y93clw65npU95WVx9zStYiDdv2lqXRDt0RfvI2wRh5F3poDPNOuhk/w9HZf6VjlEdyzN/xNjTw90eg1KcjW29akPO6IBk4pNF3SNJf8ElqmfWihlmfOUc+eiimerwPb2sDRu6WicFOXp6xM93mmMX+dtpSUQiPanCM6CU6rjCCkoo5u80PkCejFClAwlOs3z6KVFFqUjee2YfdE1ZJdi6pOtkN63b48FYP4F5bXyNeaWdG7q2iPyCUbEh/VCicbfxQIIdvvmuPbxmB1mytC5nAPpjwgkfjRSZgHS2eSZTGCBhdXKCx+CPqhAy2tqjF0OXuh3rmVRFvEt9Uqo+uPKf/HyNfr5TL9afUTfnjtJWPqq9BNbBIKDj8TJqN/s28OY/WAqz44Y57BabhJBWCbEwlzEu2WiC0QBwxq93uuOsNCpyp5vg45+wP8/lF1TKeURlI9dFJO+ZJdm7QyU4X0l0jDgYgEultpxbd6+6zwVv972uR+sbYpmGDQ2TbJA=
X-Forefront-Antispam-Report:
CIP:45.79.214.223;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schinner.com;PTR:45-79-214-223.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(376002)(136003)(396003)(39860400002)(346002)(230922051799003)(1690799017)(451199024)(7200799017)(64100799003)(82310400011)(61400799012)(186009)(36840700001)(46966006)(40470700004)(478600001)(31696002)(41320700001)(47076005)(36860700001)(26005)(41300700001)(336012)(9686003)(40460700003)(40480700001)(5660300002)(166002)(70586007)(2906002)(70206006)(558084003)(8936002)(6916009)(42186006)(786003)(67280400001)(81166007)(4326008)(316002)(8400799017)(8676002)(34070700002)(86362001)(82740400003)(154513002);DIR:OUT;SFP:1102;
X-OriginatorOrg: T03MS.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2024 01:58:03.0193
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-CrossTenant-Id: 797ffa7c-6432-40c5-8603-f3a97de60bb8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=797ffa7c-6432-40c5-8603-f3a97de60bb8;Ip=[45.79.214.223];Helo=[mail.schinner.com]
X-MS-Exchange-CrossTenant-AuthSource:
AM3PEPF0000A78E.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR07MB8995
(1) Notifications
I1.18KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 12 Jan 2024 19:09:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rOTRY-000000008WA-06jT
for dave@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:08:16 -0700
Resent-From: The Doctor
Resent-Date: Fri, 12 Jan 2024 19:08:16 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-am6eur05on2118.outbound.protection.outlook.com ([40.107.22.118]:16608 helo=EUR05-AM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rOTJj-0000000083Z-2B1t
for doctor@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:00:15 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=FUsE+6bK+Fp0FGKq6RiU6C1AwTke351i6/iGIoP6D41NulAywByHD4L/pBcytapc4NBfwpoqKr5lIBUcjBGg/A3VsjygFwNlS3Gd2QkbEv0HA0qxAL+hIfazoZLdbRmd1pF7BbC6mBCGRpWP7384L3Pa6puZagDx7npuLAHeg8Q/Z+OPJrfsxAWq4SUMrm2LJlKPaMQrf8LizPPQyHSd0DqcIUMZwbIiD9TGOTElt5oMNP042LnfOfn9B5XZvm5fTTCYz7dwhIGhb6IoUTyfQWRaUdLkEWk+28WTuXwJ8kNwWcAFD8gN9uqhY1Ejwl/NYj8lQkqU8VGs0nN6cmqmTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=RH0Cf2jYZpmLhK90TKzy2U69L83UvT4G5coVkyG4Hp9khIEa3LutBz8/GPhJsNFAar+w0i/nmtLQITFCwjsZ0RF1V3Bet50HQli4mVVtrSsHu6BkkHy324uZPEwSYDweqVXGaFlwOJP0LOW4IQBuAKE00hBDJTuJsFW8mKC9cGh8zNeg9dqUoVPTdk3ZfIfsg/wRZf0G77PdDlW1i6wJIPCMoK01DXXcSr+1zDEcO0TEiTwPmKYpUDapUfesPVD3mEj9JGEHv/ei4ydxvLficDE9O3ah1MFgjuPy857Y4Y9qmShigHEPhuN9YUCWyLV/k9qmiif0b5aXY3aXARTFAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
45.79.214.223) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.mailfrom=t03ms.onmicrosoft.com; dmarc=none action=none
header.from=t03ms.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=T03MS.onmicrosoft.com;
s=selector1-T03MS-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=d40+gnlI61+56OpcjDzW4idP6HJTvnjSyGx27fVUQLDA5bE+hMStiyGWQMFy11NkbB72n6HGtfOlzAOhOgfAq8LsprTcCWCWJ4BIvwRQMKDBbElH+K2Ja8vTQq6XKLAKT5w4RcB8hdZI7TurTzhOv+ZmqGSzMhVr7oiTinO8Ki8Yo/gDbF9O1QZ2BI7InWwzG6f9rPmBoSRuXgdYWeIdkfhZB/SLU0m/wfHR8KadChNU2t0/RP19Qmd5SEoS8WcJLpqMyfo2u9LQPJkrsEFUabrO6IGYVZ42foIlJnKCmTMtuqygCwWBf1lIz8TMuqAWBkELtqkrlzj86o5/+s4A/g==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.79.214.223)
smtp.mailfrom=T03MS.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=T03MS.onmicrosoft.com;
Importance: high
MIME-Version: 1.0
In-Reply-To:
From: Kroger Shipment
To: doctor@doctor.nl2k.ab.ca
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
CC: doctor@doctor.nl2k.ab.ca
Date: Sat, 13 Jan 2024 02:54:50 +0100
Subject: Make a Difference, Get Rewarded: Survey Now
Message-ID:
<3828a566-1310-4e4e-9b45-723d6b23a2e7@AM3PEPF0000A78E.eurprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM3PEPF0000A78E:EE_|DU0PR07MB8995:EE_
X-MS-Office365-Filtering-Correlation-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
eZMPPT4vpjqcEs5BY5e3Amn/A16PiSsc5MMFFDxUItyAaN1Y93clw65npU95WVx9zStYiDdv2lqXRDt0RfvI2wRh5F3poDPNOuhk/w9HZf6VjlEdyzN/xNjTw90eg1KcjW29akPO6IBk4pNF3SNJf8ElqmfWihlmfOUc+eiimerwPb2sDRu6WicFOXp6xM93mmMX+dtpSUQiPanCM6CU6rjCCkoo5u80PkCejFClAwlOs3z6KVFFqUjee2YfdE1ZJdi6pOtkN63b48FYP4F5bXyNeaWdG7q2iPyCUbEh/VCicbfxQIIdvvmuPbxmB1mytC5nAPpjwgkfjRSZgHS2eSZTGCBhdXKCx+CPqhAy2tqjF0OXuh3rmVRFvEt9Uqo+uPKf/HyNfr5TL9afUTfnjtJWPqq9BNbBIKDj8TJqN/s28OY/WAqz44Y57BabhJBWCbEwlzEu2WiC0QBwxq93uuOsNCpyp5vg45+wP8/lF1TKeURlI9dFJO+ZJdm7QyU4X0l0jDgYgEultpxbd6+6zwVv972uR+sbYpmGDQ2TbJA=
X-Forefront-Antispam-Report:
CIP:45.79.214.223;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schinner.com;PTR:45-79-214-223.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(376002)(136003)(396003)(39860400002)(346002)(230922051799003)(1690799017)(451199024)(7200799017)(64100799003)(82310400011)(61400799012)(186009)(36840700001)(46966006)(40470700004)(478600001)(31696002)(41320700001)(47076005)(36860700001)(26005)(41300700001)(336012)(9686003)(40460700003)(40480700001)(5660300002)(166002)(70586007)(2906002)(70206006)(558084003)(8936002)(6916009)(42186006)(786003)(67280400001)(81166007)(4326008)(316002)(8400799017)(8676002)(34070700002)(86362001)(82740400003)(154513002);DIR:OUT;SFP:1102;
X-OriginatorOrg: T03MS.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2024 01:58:03.0193
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-CrossTenant-Id: 797ffa7c-6432-40c5-8603-f3a97de60bb8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=797ffa7c-6432-40c5-8603-f3a97de60bb8;Ip=[45.79.214.223];Helo=[mail.schinner.com]
X-MS-Exchange-CrossTenant-AuthSource:
AM3PEPF0000A78E.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR07MB8995
I1.18KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a