Nomad Smoker Phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 08 Jan 2024 16:26:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rMyzo-00000000AeY-43w8
for dave@doctor.nl2k.ab.ca;
Mon, 08 Jan 2024 16:25:28 -0700
Resent-From: The Doctor
Resent-Date: Mon, 8 Jan 2024 16:25:28 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn8nam12on2056.outbound.protection.outlook.com ([40.107.237.56]:13857 helo=NAM12-BN8-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rMyhN-000000009ym-1IPp
for root@nk.ca;
Mon, 08 Jan 2024 16:06:29 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=NHuAztTU9nLJk3IUxPP1MSOADvuVzf419e+n6MP0PNFeZQz8axRr6ERjarFuOR0D3yNbg8WwKR8z7DhfSkFbFgkwHPDbNy494xKoSdFTHshW/cnvMi1HaYtRKtH2l0ljuwnVLu8lT3NZ2kLBOgmiSvOAKZOCxLf64w5Z2mwvCql+kZUkPEFcJtqgBh4lNYqG2XaZm06sioFVEvWQhPnvju1a5RQ7HCfgQTi1bXFYsS6SgXoSMa2Nd7b/0U/Y7M90Wnq1Esqg872own8Tzx3GJP9zFb40hZ17dPEH2fwmJbbaWaK9Osx5WazbTG+gcaak6m8f2BTzI7Sw1jMyuCtQNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=iH8JzlYutGVfwz33s6xVdq8EJjj3O6kClugDrGENlVo=;
b=E415tJoXJmQo6upreZnvd5e4NiLXqJXiWo+3h4nmPX2KsQWZ1t5xonCY2VQPKHFUuMXVFY2q2nGDwR9YP2Ihg0TKVDmv28Rb4XQyWevuwkvfOvPu79XYvrp3gP4OiRSaK0L4n+tHV4xhLNgcFhENLtKKgRkdd4xto/vHlImIHtIw1DrY2+Au9ElYzuCivR6eBoM3a3Q23cgLpRJbFD40vGOKrJpA1PJK5Xlj3FEinwXVDk6NLQhezTvrx24UkzTAX/HrjeK6FWOTxhDdt4dojISkf3r72FOxoXXxjUh7SpMkQhmyuR0pHpP3OjbeGrpEi2NcP7H0qeHMG3PkZu9Ccg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
23.92.29.38) smtp.rcpttodomain=nk.ca
smtp.mailfrom=yrhtxegrzf.onmicrosoft.com; dmarc=none action=none
header.from=yrhtxegrzf.onmicrosoft.com; dkim=none (message not signed);
arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=yrhtxegrzf.onmicrosoft.com; s=selector1-yrhtxegrzf-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=iH8JzlYutGVfwz33s6xVdq8EJjj3O6kClugDrGENlVo=;
b=joWuvhpMip+7ipj5XeHWFBGIZs/Ghr1DgJ5lTe9m8tQnnHbRUnYmVe1YPz1VCfqc+iehAzVAGwfWGrCLMCh0ZwRYLmB4ZWy27jC455o6APjboLgZohraSj08njqO08bsYPtL8Ty3x0XMhTQbH+COwwO6eoV9H6bRR7sBlAcf88Z1khSlD18Q+XtmzcZuJEo5YcgHhO4O3MBejzmomJyeVuw+CCabvJd19vGcqare02rZ/9jwrGs6YkS94RS/cDfmhLonRfESMHw3/dL6/q+xqU+rYmYn3gS28uIFQfP6OARC0sLd623cEDz57i5PZcNQ0dlLQOVsuAiKUkqxrHkaxA==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 23.92.29.38)
smtp.mailfrom=yrhtxegrzf.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=yrhtxegrzf.onmicrosoft.com;
In-Reply-To:
Date: Tue, 09 Jan 2024 00:00:44 +0100
Subject: Nomad Smoker - Your order has shipped!
Importance: high
CC: root@nk.ca
Content-Transfer-Encoding: 7bit
From: MemberSurveyPanel
MIME-Version: 1.0
To: root@nk.ca
Content-Type: text/html; charset="UTF-8"
Message-ID:
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: YQBCAN01FT015:EE_|MW3PR15MB3772:EE_
X-MS-Office365-Filtering-Correlation-Id: 7a1cbf13-9632-483a-514a-08dc109e3957
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
UqBbLRf0Fj1mwX7+tjvexlpbNufnyoNCJ/83sMgdgrhoiw0ke3xkFqb3FXMbJKyHDqBoNbDrHxvB2vaH2FeghH6BNP2UZz34oDgQLiT4//2ymb/3Evd6Q8KHeiA1HKh0m03b+XAcTFqFVEQ7CZeLdPsBFWScN2EqgVh9WySjgyqqkbP/X2f2a2SVrcnZ3ygRBHMadx4XE00/AviWQ4scAXrYSR33hTCENMk3jIpGHX856oCA56+yrrQN5uPN2HhuKrqtEGmojk0w28BnDZ/Mak+oo56IMlOGQoND8DuBdHlb4+qLRa9RitPXI7KPtt/YWvxNspzTmJkvJVJ1DwL/+ovuiUSFOPJU5K8xC5Nls07s+N9gjR5jKIUmdrM8fijXBHb52mJ1aQWBgQM4mGk7sYwDqLSmnNl00KGy0ajbr1uYb4x0TEUAXeULEhCjBaOSjc4nDXJV3D/eDSM/ZRIXk2XbK2xPP7Mt2b8cTci3tYsGRLMYRwUx6FHVTINZ3plT6du0jVRdTxfmEU8+f8nVyw==
X-Forefront-Antispam-Report:
CIP:23.92.29.38;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schinner.com;PTR:23-92-29-38.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(376002)(136003)(39860400002)(396003)(346002)(230922051799003)(82310400011)(61400799012)(1690799017)(451199024)(7200799017)(64100799003)(186009)(46966006)(36840700001)(40470700004)(41320700001)(26005)(9686003)(336012)(8676002)(40480700001)(8936002)(558084003)(6916009)(86362001)(67280400001)(786003)(478600001)(42186006)(316002)(4326008)(31696002)(70586007)(70206006)(46730400001)(82740400003)(166002)(81166007)(34020700004)(31686004)(47076005)(8400799017)(36860700001)(5660300002)(40460700003)(2906002)(41300700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: yrhtxegrzf.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2024 23:04:53.1574
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a1cbf13-9632-483a-514a-08dc109e3957
X-MS-Exchange-CrossTenant-Id: 8a39f6bf-c721-4dac-ac50-211aafef71fb
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8a39f6bf-c721-4dac-ac50-211aafef71fb;Ip=[23.92.29.38];Helo=[mail.schinner.com]
X-MS-Exchange-CrossTenant-AuthSource:
YQBCAN01FT015.eop-CAN01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3772
X-Antivirus: AVG (VPS 240108-2, 1/8/2024), Inbound message
X-Antivirus-Status: Clean
(1) Notifications
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 08 Jan 2024 16:26:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rMyzo-00000000AeY-43w8
for dave@doctor.nl2k.ab.ca;
Mon, 08 Jan 2024 16:25:28 -0700
Resent-From: The Doctor
Resent-Date: Mon, 8 Jan 2024 16:25:28 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn8nam12on2056.outbound.protection.outlook.com ([40.107.237.56]:13857 helo=NAM12-BN8-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rMyhN-000000009ym-1IPp
for root@nk.ca;
Mon, 08 Jan 2024 16:06:29 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=NHuAztTU9nLJk3IUxPP1MSOADvuVzf419e+n6MP0PNFeZQz8axRr6ERjarFuOR0D3yNbg8WwKR8z7DhfSkFbFgkwHPDbNy494xKoSdFTHshW/cnvMi1HaYtRKtH2l0ljuwnVLu8lT3NZ2kLBOgmiSvOAKZOCxLf64w5Z2mwvCql+kZUkPEFcJtqgBh4lNYqG2XaZm06sioFVEvWQhPnvju1a5RQ7HCfgQTi1bXFYsS6SgXoSMa2Nd7b/0U/Y7M90Wnq1Esqg872own8Tzx3GJP9zFb40hZ17dPEH2fwmJbbaWaK9Osx5WazbTG+gcaak6m8f2BTzI7Sw1jMyuCtQNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=iH8JzlYutGVfwz33s6xVdq8EJjj3O6kClugDrGENlVo=;
b=E415tJoXJmQo6upreZnvd5e4NiLXqJXiWo+3h4nmPX2KsQWZ1t5xonCY2VQPKHFUuMXVFY2q2nGDwR9YP2Ihg0TKVDmv28Rb4XQyWevuwkvfOvPu79XYvrp3gP4OiRSaK0L4n+tHV4xhLNgcFhENLtKKgRkdd4xto/vHlImIHtIw1DrY2+Au9ElYzuCivR6eBoM3a3Q23cgLpRJbFD40vGOKrJpA1PJK5Xlj3FEinwXVDk6NLQhezTvrx24UkzTAX/HrjeK6FWOTxhDdt4dojISkf3r72FOxoXXxjUh7SpMkQhmyuR0pHpP3OjbeGrpEi2NcP7H0qeHMG3PkZu9Ccg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
23.92.29.38) smtp.rcpttodomain=nk.ca
smtp.mailfrom=yrhtxegrzf.onmicrosoft.com; dmarc=none action=none
header.from=yrhtxegrzf.onmicrosoft.com; dkim=none (message not signed);
arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=yrhtxegrzf.onmicrosoft.com; s=selector1-yrhtxegrzf-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=iH8JzlYutGVfwz33s6xVdq8EJjj3O6kClugDrGENlVo=;
b=joWuvhpMip+7ipj5XeHWFBGIZs/Ghr1DgJ5lTe9m8tQnnHbRUnYmVe1YPz1VCfqc+iehAzVAGwfWGrCLMCh0ZwRYLmB4ZWy27jC455o6APjboLgZohraSj08njqO08bsYPtL8Ty3x0XMhTQbH+COwwO6eoV9H6bRR7sBlAcf88Z1khSlD18Q+XtmzcZuJEo5YcgHhO4O3MBejzmomJyeVuw+CCabvJd19vGcqare02rZ/9jwrGs6YkS94RS/cDfmhLonRfESMHw3/dL6/q+xqU+rYmYn3gS28uIFQfP6OARC0sLd623cEDz57i5PZcNQ0dlLQOVsuAiKUkqxrHkaxA==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 23.92.29.38)
smtp.mailfrom=yrhtxegrzf.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=yrhtxegrzf.onmicrosoft.com;
In-Reply-To:
Date: Tue, 09 Jan 2024 00:00:44 +0100
Subject: Nomad Smoker - Your order has shipped!
Importance: high
CC: root@nk.ca
Content-Transfer-Encoding: 7bit
From: MemberSurveyPanel
MIME-Version: 1.0
To: root@nk.ca
Content-Type: text/html; charset="UTF-8"
Message-ID:
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: YQBCAN01FT015:EE_|MW3PR15MB3772:EE_
X-MS-Office365-Filtering-Correlation-Id: 7a1cbf13-9632-483a-514a-08dc109e3957
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
UqBbLRf0Fj1mwX7+tjvexlpbNufnyoNCJ/83sMgdgrhoiw0ke3xkFqb3FXMbJKyHDqBoNbDrHxvB2vaH2FeghH6BNP2UZz34oDgQLiT4//2ymb/3Evd6Q8KHeiA1HKh0m03b+XAcTFqFVEQ7CZeLdPsBFWScN2EqgVh9WySjgyqqkbP/X2f2a2SVrcnZ3ygRBHMadx4XE00/AviWQ4scAXrYSR33hTCENMk3jIpGHX856oCA56+yrrQN5uPN2HhuKrqtEGmojk0w28BnDZ/Mak+oo56IMlOGQoND8DuBdHlb4+qLRa9RitPXI7KPtt/YWvxNspzTmJkvJVJ1DwL/+ovuiUSFOPJU5K8xC5Nls07s+N9gjR5jKIUmdrM8fijXBHb52mJ1aQWBgQM4mGk7sYwDqLSmnNl00KGy0ajbr1uYb4x0TEUAXeULEhCjBaOSjc4nDXJV3D/eDSM/ZRIXk2XbK2xPP7Mt2b8cTci3tYsGRLMYRwUx6FHVTINZ3plT6du0jVRdTxfmEU8+f8nVyw==
X-Forefront-Antispam-Report:
CIP:23.92.29.38;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schinner.com;PTR:23-92-29-38.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(376002)(136003)(39860400002)(396003)(346002)(230922051799003)(82310400011)(61400799012)(1690799017)(451199024)(7200799017)(64100799003)(186009)(46966006)(36840700001)(40470700004)(41320700001)(26005)(9686003)(336012)(8676002)(40480700001)(8936002)(558084003)(6916009)(86362001)(67280400001)(786003)(478600001)(42186006)(316002)(4326008)(31696002)(70586007)(70206006)(46730400001)(82740400003)(166002)(81166007)(34020700004)(31686004)(47076005)(8400799017)(36860700001)(5660300002)(40460700003)(2906002)(41300700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: yrhtxegrzf.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2024 23:04:53.1574
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a1cbf13-9632-483a-514a-08dc109e3957
X-MS-Exchange-CrossTenant-Id: 8a39f6bf-c721-4dac-ac50-211aafef71fb
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8a39f6bf-c721-4dac-ac50-211aafef71fb;Ip=[23.92.29.38];Helo=[mail.schinner.com]
X-MS-Exchange-CrossTenant-AuthSource:
YQBCAN01FT015.eop-CAN01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3772
X-Antivirus: AVG (VPS 240108-2, 1/8/2024), Inbound message
X-Antivirus-Status: Clean
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments