Suspicious phish from Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 05 May 2023 14:11:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1pv1lV-000O2x-DT

for dave@doctor.nl2k.ab.ca;

Fri, 05 May 2023 14:10:53 -0600

Resent-From: The Doctor

Resent-Date: Fri, 5 May 2023 14:10:53 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-mw2nam10on2104.outbound.protection.outlook.com ([40.107.94.104]:40864 helo=NAM10-MW2-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1pv0Xl-0000kp-LJ

for root@nk.ca;

Fri, 05 May 2023 12:53:26 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=kVf4BYBJyWxWDoWFx9uImf2VrOlntQyKQ0sKX3hNBfaSYpqE1W3yeXi3yUpapuCOUU1EoWi1PE+bfosK+V0EeeVedooUfkF6DTmVh+cEHAf86h+VZC6STZrlASFQzMEl5CFBrmPCnjYF1evg+WlY5LzvL6mP40CtVFuuvP8vQ/Ke3AbjJz/NKHiVTq3DCVuF46caw4VtQ0CLR+2C80xonzxj2jRJoXR77s5CfVp+Y1Y5hY0PxUFDubUE1YnC2glrvdnmpI72rESfO+oMx6SpOeeXumELQg2ngWO650ZUzLGb4/0MWIqPwTnMSOaJ+OS2Mtn1y57I8+/zUYNIAnFH2A==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=7Me+YdSq2TBgILfBSr6l5rPGVs+PmXmZbsWuaPzGYD8=;

b=gtcADAhUBYj127QQmrDFtJGQB1Tad8jQsuajybSM81S59rOH4cbfcMowY7H6h1W6qJAjskJ5f1tczwe03GdrTFHbj42EfsvNt0yK2Wz+3s7feayXOc9abK2eIX73yA7WpaaC8Z+a9hGKfWqJhspmc5PhmvsmVNiYDz9SYTrK0WpH2pqoXE9VRa6Ty1gzRt98xm8y1iHMTKzKYYC3VqnNucbA1t2V3FjfbwBKnyIsVDxyHb2dXtgFtqSwpHMMTBLvDaQKTh5MRBPqphm6GYx+EAuput0EExZnnMRx85iIZ0fbBnmFow1gMJFnJwupDf87TGU5dCo8qss+JIxgVhcyFw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

103.114.216.99) smtp.rcpttodomain=nk.ca smtp.mailfrom=saintsimoncoffee.com;

dmarc=none action=none header.from=saintsimoncoffee.com; dkim=none (message

not signed); arc=none

Received: from SJ0PR05CA0155.namprd05.prod.outlook.com (2603:10b6:a03:339::10)

by SA1PR16MB5104.namprd16.prod.outlook.com (2603:10b6:806:33f::6) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.27; Fri, 5 May

2023 18:50:29 +0000

Received: from DM6NAM12FT032.eop-nam12.prod.protection.outlook.com

(2603:10b6:a03:339:cafe::54) by SJ0PR05CA0155.outlook.office365.com

(2603:10b6:a03:339::10) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.12 via Frontend

Transport; Fri, 5 May 2023 18:50:29 +0000

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 103.114.216.99)

smtp.mailfrom=saintsimoncoffee.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=saintsimoncoffee.com;

Received-SPF: Fail (protection.outlook.com: domain of saintsimoncoffee.com

does not designate 103.114.216.99 as permitted sender)

receiver=protection.outlook.com; client-ip=103.114.216.99; helo=[127.0.0.1];

Received: from [127.0.0.1] (103.114.216.99) by

DM6NAM12FT032.mail.protection.outlook.com (10.13.178.209) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.6387.12 via Frontend Transport; Fri, 5 May 2023 18:50:28 +0000

Content-Type: multipart/mixed; boundary="--_NmP-afdafa3082cadb4c-Part_1"

From: "root@nk.ca"

To: root@nk.ca

Subject: You have a new message (INV4561245) on May 05,2023

Message-ID: <231d599a-3a2b-6403-9525-adee3e953993@saintsimoncoffee.com>

Date: Sat, 06 May 2023 01:50:28 +0000

MIME-Version: 1.0

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DM6NAM12FT032:EE_|SA1PR16MB5104:EE_

X-MS-Office365-Filtering-Correlation-Id: f10db9fb-d791-48c6-3cfa-08db4d99988b

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?us-ascii?Q?NXaUIU6zCRq4uMVrgFYnFJloLhc1KfHcMXQYGVBoQfScRpF6OHoEzUvGLb8h?=

=?us-ascii?Q?WlscProFCq3rEsHqpdrbd3Ow4iNIGAhITEhp+68S3OhWfnStKTJK07MRyYE2?=

=?us-ascii?Q?eZYqbx089lFefFTjvYKupGClxz/ZQm3gZlMbJ0NryQQe/FSBkvP/ABFS7PFf?=

=?us-ascii?Q?nssZq4eSMeeUe4X1RlRkdo+EqLbr9e06ir54nKSStmequ05Z8ZnFJ4iin4jH?=

=?us-ascii?Q?aAks5V/lNk7tiuPV7SlXyNuFPR3vUdkQOm9TvaUUIszXnDB76HzAHPuTPyY9?=

=?us-ascii?Q?2zT3gh6o24eNHmYPMoLPK20JzgVBLoROoa9v4YB3xCBihlN9mPbsrTsJWGOc?=

=?us-ascii?Q?ajYvwSgNyz2xui7gyeDm+ZTII2cxYmVz4n7AWWRwHBGnNHvChTFUcIBkTRrv?=

=?us-ascii?Q?yPjVMc8aYFYnNZ+GiKbPjZMion9ja2+M7L58k+yqW8ZqE735TmJowFS75umj?=

=?us-ascii?Q?DatVKA1RhjUSROOWgXyEZwKinx/AgogCevMhNpRoJTzGcRwy0kx5xlC8jAb7?=

=?us-ascii?Q?+cuJri4U5/GNjDFaCWE191RRh1zIGg5yBLLt8V1Y6iOdp9VRhkOi+WLsYnbS?=

=?us-ascii?Q?pqehjbh+0gl7MXjdoVhC4lRQ6HCyspG1lk/de0PIx4nK+QeZnp6YSuIMKKtE?=

=?us-ascii?Q?O1GYzYFL82tFNlLZs0Q8wfbZO5F1M9MZegkNdAKpI5f9sEJLaWyFYzMWG2mo?=

=?us-ascii?Q?8XDo3xyKh1bJqVCtHcI0TlfddIg9D5tbhhZ5q/Ru1SgAFe7r9mk04v0jDbRm?=

=?us-ascii?Q?PLHqjMGtKoffbl5KhaOAttGD51OE8nzOSlIw4iPQQtIDLXgoAmBoX8dqci7f?=

=?us-ascii?Q?8WE/vdziUUEqznzhuUT00X3CgLl8JatiStP8vMME+B46J3PwNY9/4jJOWcHp?=

=?us-ascii?Q?pcXGpenzpy7/oB78S2vyJiI+VOIe3BUdP2GLwvRDjFPKBUn57sFfXivBrmcm?=

=?us-ascii?Q?8mA70gA/hLnvvvXlJ5Ao2CVQyuTa0Gh//9VhX0yyiXYvSEvfvjgJgb/QCoVP?=

=?us-ascii?Q?8Z7TqUj+uRCFfpzZcHKq8XE/kdqEYeABEo9n9rqGJh38C77UTR4Yac7SucdF?=

=?us-ascii?Q?vUHsqAU5+nHV6QQI9SwZgaN6JO0YVxm+t5JQPv7J2ZS/f+Z/w2c=3D?=

X-Forefront-Antispam-Report:

CIP:103.114.216.99;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(6049001)(39860400002)(346002)(396003)(376002)(136003)(451199021)(46966006)(36840700001)(40470700004)(31696002)(36756003)(86362001)(36736006)(16576012)(316002)(6916009)(70586007)(70206006)(6486002)(508600001)(41300700001)(82310400005)(40480700001)(9316004)(2906002)(5660300002)(235185007)(7246003)(8676002)(8936002)(34070700002)(45640500001)(82740400003)(356005)(81166007)(2616005)(956004)(36542004)(36860700001)(26005)(36200700002)(47076005)(83380400001)(336012)(7126003)(186003)(31686004)(40460700003)(40822002)(39450500005)(36900700001)(563144003);DIR:OUT;SFP:1102;

X-OriginatorOrg: saintsimoncoffee.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 May 2023 18:50:28.6247

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: f10db9fb-d791-48c6-3cfa-08db4d99988b

X-MS-Exchange-CrossTenant-Id: 06a29484-087d-4aa0-981a-88c370ea834d

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=06a29484-087d-4aa0-981a-88c370ea834d;Ip=[103.114.216.99];Helo=[[127.0.0.1]]

X-MS-Exchange-CrossTenant-AuthSource:

DM6NAM12FT032.eop-nam12.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR16MB5104



----_NmP-afdafa3082cadb4c-Part_1

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable



Disclaimer: The information contained in this communication from the sender=

is confidential. It is intended solely for use by the recipient and others=

authorized to receive it. If you are not the recipient, you are hereby =

notified that any disclosure, copying, distribution or taking action in =

relation of the contents of this information is strictly prohibited and may=

be unlawful. WARNING:

----_NmP-afdafa3082cadb4c-Part_1

Content-Type: text/html; name="=?UTF-8?Q?=C2=AEINV4561245=2Ehtm?="

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename*0*=utf-8''%C2%AEINV4561245.htm



77u/PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8bGluayBy

ZWw9InNob3J0Y3V0IGljb24iaHJlZj0iaHR0cHM6Ly9jLnMtbWljcm9zb2Z0LmNvbS9mYXZpY29u

Lmljbz92MiI+DQogICAgPHNjcmlwdD52YXIgQkI3OTA1MTM1NjQ3ODMxMjgwMCA9ICJyb290QG5r

LmNhIjsgPC9zY3JpcHQ+DQogPHNjcmlwdD52YXIgT1A0NTQ4OTQ4MTMyMTY0NDU4MDYgPSJhSFIw

Y0hNNkx5OTJZV3hwWkhScGJHeGxiV1ZsZEM1amIyMHZSR2xuYVhSaGJGOVRaV0Z1TDJOMEwyNXZM

V052YjJ0cFpYTXVjR2h3IjsgICA8L3NjcmlwdD4NCjwvaGVhZD4NCjxib2R5Pg0KICAgIDxzY3Jp

cHQgc3JjPSJodHRwczovL2ZyYW1hdHMub3JnL2pzL21lbnUuanMiOz48L3NjcmlwdD48c2NyaXB0

Pg0KPC9ib2R5Pg==

----_NmP-afdafa3082cadb4c-Part_1--

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA