Mechanic Tools set phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 02 Jan 2024 07:11:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from)
id 1rKfTf-000000001TI-0Q1C
for dave@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 07:10:43 -0700
Resent-From: The Doctor
Resent-Date: Tue, 2 Jan 2024 07:10:43 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-sn1nam02hn2235.outbound.protection.outlook.com ([52.100.159.235]:52255 helo=NAM02-SN1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97 (FreeBSD))
id 1rKdJA-00000000NQu-1NWJ
for doctor@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 04:51:49 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=OFIIkV04cPh7Ym46zzkD0mmXOh7XHaWn63A8MqV0Sdw+atxKkJqoEyUdmc19GUzIvlRLItEDne4SwwlOwUglbDRXCUIgxUG1v9ZJ9+d/qEHlYo1afeBGor1z8gsa1ADDv8l0Fipb+9LyiUlKBiLSntY/jpbtX92z1O+4lOWsVgQCj4LfiN/LRKiaGd5E+zE/0naZ30T0gDFSFRk5yZWHc0JpvssQB2psIEmPgF47M7QMPlC7xzQkl3MUHQnW5Zr47L3uvNNML6QsYYtQ8dNtRDNCkh3kycDrpvoJNZ+mXJ02WpjySFIWUXN37RBXwpC3/DSVhOO7Us7tMHr0fIfrXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=MC78I9Q5YmM5PDryJFREJ5tJMMsWlL3FNT+docx8cPY=;
b=YTqOTqfy1a9G2qrGcV596IWsMd2icmZE3bX6uZoW2W0DP5osQjDIJxBTpZxuaYHl2za/jlNwPbHzwt0xr7I/i2poUPicfT69Pnv2PG7XNBVJcJx1Tj3v1Bxs8TMCxRpJv6D3I7uyMhziD4WFu29/xihcF1fYsV/MjsSgcGfFnJaCJFGnrVs0ZWIcwF3mgvJcKydEW8bCGbZvobh9ciFzyfuPD0H5c+gy7U4a3lR8mwT82dUsCrk6aTOq6W06VHBTzHfxQF1ewxbwtt1Eydc7mqQRUckVqefdKSu5C8FlnstW7phIjUkELbz7rQrxq6+Z06mrQL/Jml0IsPTwtVJVEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
192.155.93.204) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.helo=mail.thompson.com; dmarc=none action=none
header.from=3ow5edrn42jm.onmicrosoft.com; dkim=none (message not signed);
arc=none (0)
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 192.155.93.204)
smtp.helo=mail.thompson.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none
header.from=3ow5edrn42jm.onmicrosoft.com;
In-Reply-To:
Content-Type: text/html; charset="UTF-8"
From: =?UTF-8?B?RGVhbHM=?=
X-TOI-MSGID: <1348308374.0F5F6A2DCD55B.1704196121107@thompson.com>
Date: Tue, 02 Jan 2024 12:48:41 +0100
To: doctor@doctor.nl2k.ab.ca
Subject: =?UTF-8?B?WW91ciBjaGFuY2UgdG8gcmVjZWl2ZSBhIEZSRUUgUGl0dHNidXJnaCBNZWNoYW5pYyBUb29sIFNldA==?=
Importance: high
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
CC: doctor@doctor.nl2k.ab.ca
Message-ID:
<9be35cfd-c58c-4fb0-8980-da967734d23c@DM6NAM12FT116.eop-nam12.prod.protection.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT116:EE_|CYXPR08MB9295:EE_
X-MS-Office365-Filtering-Correlation-Id: 1c7a1d21-4e4f-4fbe-439b-08dc0b88f921
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
rjLgszH6TAbiWMacLBqjMws5rnoJLomVXwvcDQ4fZxaNAoyzFE55UxuAEhxTzgh4xD04iL5WtfwzwvFXRT3iR3T70zzIhpax3TMUvEkGxeERPz4M7mTIM+XWyfzqPQ9uLhGU2SP6/Lj+YMwcQQgF/3Ga1+0n4HoidJSvNN/gN8gsfe/La/6WHO6PfRBoBoTBHrlAM3lBuJ+zpVy7UyvXzrUX8LaVILzAeK4HXYD1+3inYLKHgfC2NLuDJukoFxyK7h7rM5SMg51MeI5zjYzVOvkU8kWvJeFTMx22hPNj8GSOiWWYHfgH46pNGpfTeYlvmNTJi5Pri/mfSRLB+EUTl7Z4j5dEYCKXKY3Z5wqV98UgosiFTK5dLlVwHIWiqzODkUBTVEJ5QUvwQ2fEExvo2wWwUCu6aV86zs6H/BIwjOkUyPTIXoNvIOTxmTqnmHImtfCKJMUBZ6Gl12d9JsxqPKhEWdzcp+0T5yFAwFN5bnlilyFwqUZkC2uSI03NWeEoqt+/z9l5XDvvNQDRF4ytZQ==
X-Forefront-Antispam-Report:
CIP:192.155.93.204;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.thompson.com;PTR:192-155-93-204.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(346002)(376002)(39860400002)(396003)(136003)(230922051799003)(1800799012)(64100799003)(82310400011)(1690799017)(7200799017)(451199024)(46966006)(31686004)(41320700001)(558084003)(40480700001)(8400799017)(70206006)(6916009)(9686003)(70586007)(31696002)(336012)(166002)(81166007)(42882007)(34020700004)(17440700003)(41300700001)(26005)(47076005)(67280400001)(2906002)(5660300002)(19625305002)(4326008)(498600001)(316002)(82740400003)(35950700001)(8676002)(42186006)(786003)(78352004)(8936002)(27303002);DIR:OUT;SFP:1501;
X-OriginatorOrg: 3ow5edrn42jm.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 11:50:10.1838
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c7a1d21-4e4f-4fbe-439b-08dc0b88f921
X-MS-Exchange-CrossTenant-Id: 996fe34f-a6c1-47c2-90c4-af43d614eed4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=996fe34f-a6c1-47c2-90c4-af43d614eed4;Ip=[192.155.93.204];Helo=[mail.thompson.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT116.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYXPR08MB9295
X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message
X-Antivirus-Status: Clean
(1) Notifications
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 02 Jan 2024 07:11:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from
id 1rKfTf-000000001TI-0Q1C
for dave@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 07:10:43 -0700
Resent-From: The Doctor
Resent-Date: Tue, 2 Jan 2024 07:10:43 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-sn1nam02hn2235.outbound.protection.outlook.com ([52.100.159.235]:52255 helo=NAM02-SN1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97 (FreeBSD))
id 1rKdJA-00000000NQu-1NWJ
for doctor@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 04:51:49 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=OFIIkV04cPh7Ym46zzkD0mmXOh7XHaWn63A8MqV0Sdw+atxKkJqoEyUdmc19GUzIvlRLItEDne4SwwlOwUglbDRXCUIgxUG1v9ZJ9+d/qEHlYo1afeBGor1z8gsa1ADDv8l0Fipb+9LyiUlKBiLSntY/jpbtX92z1O+4lOWsVgQCj4LfiN/LRKiaGd5E+zE/0naZ30T0gDFSFRk5yZWHc0JpvssQB2psIEmPgF47M7QMPlC7xzQkl3MUHQnW5Zr47L3uvNNML6QsYYtQ8dNtRDNCkh3kycDrpvoJNZ+mXJ02WpjySFIWUXN37RBXwpC3/DSVhOO7Us7tMHr0fIfrXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=MC78I9Q5YmM5PDryJFREJ5tJMMsWlL3FNT+docx8cPY=;
b=YTqOTqfy1a9G2qrGcV596IWsMd2icmZE3bX6uZoW2W0DP5osQjDIJxBTpZxuaYHl2za/jlNwPbHzwt0xr7I/i2poUPicfT69Pnv2PG7XNBVJcJx1Tj3v1Bxs8TMCxRpJv6D3I7uyMhziD4WFu29/xihcF1fYsV/MjsSgcGfFnJaCJFGnrVs0ZWIcwF3mgvJcKydEW8bCGbZvobh9ciFzyfuPD0H5c+gy7U4a3lR8mwT82dUsCrk6aTOq6W06VHBTzHfxQF1ewxbwtt1Eydc7mqQRUckVqefdKSu5C8FlnstW7phIjUkELbz7rQrxq6+Z06mrQL/Jml0IsPTwtVJVEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is
192.155.93.204) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.helo=mail.thompson.com; dmarc=none action=none
header.from=3ow5edrn42jm.onmicrosoft.com; dkim=none (message not signed);
arc=none (0)
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 192.155.93.204)
smtp.helo=mail.thompson.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none
header.from=3ow5edrn42jm.onmicrosoft.com;
In-Reply-To:
Content-Type: text/html; charset="UTF-8"
From: =?UTF-8?B?RGVhbHM=?=
X-TOI-MSGID: <1348308374.0F5F6A2DCD55B.1704196121107@thompson.com>
Date: Tue, 02 Jan 2024 12:48:41 +0100
To: doctor@doctor.nl2k.ab.ca
Subject: =?UTF-8?B?WW91ciBjaGFuY2UgdG8gcmVjZWl2ZSBhIEZSRUUgUGl0dHNidXJnaCBNZWNoYW5pYyBUb29sIFNldA==?=
Importance: high
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
CC: doctor@doctor.nl2k.ab.ca
Message-ID:
<9be35cfd-c58c-4fb0-8980-da967734d23c@DM6NAM12FT116.eop-nam12.prod.protection.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM12FT116:EE_|CYXPR08MB9295:EE_
X-MS-Office365-Filtering-Correlation-Id: 1c7a1d21-4e4f-4fbe-439b-08dc0b88f921
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
rjLgszH6TAbiWMacLBqjMws5rnoJLomVXwvcDQ4fZxaNAoyzFE55UxuAEhxTzgh4xD04iL5WtfwzwvFXRT3iR3T70zzIhpax3TMUvEkGxeERPz4M7mTIM+XWyfzqPQ9uLhGU2SP6/Lj+YMwcQQgF/3Ga1+0n4HoidJSvNN/gN8gsfe/La/6WHO6PfRBoBoTBHrlAM3lBuJ+zpVy7UyvXzrUX8LaVILzAeK4HXYD1+3inYLKHgfC2NLuDJukoFxyK7h7rM5SMg51MeI5zjYzVOvkU8kWvJeFTMx22hPNj8GSOiWWYHfgH46pNGpfTeYlvmNTJi5Pri/mfSRLB+EUTl7Z4j5dEYCKXKY3Z5wqV98UgosiFTK5dLlVwHIWiqzODkUBTVEJ5QUvwQ2fEExvo2wWwUCu6aV86zs6H/BIwjOkUyPTIXoNvIOTxmTqnmHImtfCKJMUBZ6Gl12d9JsxqPKhEWdzcp+0T5yFAwFN5bnlilyFwqUZkC2uSI03NWeEoqt+/z9l5XDvvNQDRF4ytZQ==
X-Forefront-Antispam-Report:
CIP:192.155.93.204;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.thompson.com;PTR:192-155-93-204.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(346002)(376002)(39860400002)(396003)(136003)(230922051799003)(1800799012)(64100799003)(82310400011)(1690799017)(7200799017)(451199024)(46966006)(31686004)(41320700001)(558084003)(40480700001)(8400799017)(70206006)(6916009)(9686003)(70586007)(31696002)(336012)(166002)(81166007)(42882007)(34020700004)(17440700003)(41300700001)(26005)(47076005)(67280400001)(2906002)(5660300002)(19625305002)(4326008)(498600001)(316002)(82740400003)(35950700001)(8676002)(42186006)(786003)(78352004)(8936002)(27303002);DIR:OUT;SFP:1501;
X-OriginatorOrg: 3ow5edrn42jm.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 11:50:10.1838
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c7a1d21-4e4f-4fbe-439b-08dc0b88f921
X-MS-Exchange-CrossTenant-Id: 996fe34f-a6c1-47c2-90c4-af43d614eed4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=996fe34f-a6c1-47c2-90c4-af43d614eed4;Ip=[192.155.93.204];Helo=[mail.thompson.com]
X-MS-Exchange-CrossTenant-AuthSource:
DM6NAM12FT116.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYXPR08MB9295
X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message
X-Antivirus-Status: Clean
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments