Ace Vacuum Phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 10 Jan 2024 19:47:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rNl5P-000000002cl-1JJA
for dave@doctor.nl2k.ab.ca;
Wed, 10 Jan 2024 19:46:27 -0700
Resent-From: The Doctor
Resent-Date: Wed, 10 Jan 2024 19:46:27 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam11on2086.outbound.protection.outlook.com ([40.107.223.86]:36896 helo=NAM11-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rNjvi-00000000Oqt-1VZZ
for root@nk.ca;
Wed, 10 Jan 2024 18:32:26 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=aYej2KD3h6tD9Y3SQXbok6E9tR5RcDhLJR7wi+56WGZK8hGjSDT+iVhYg9Dbo0ia/K99IcTORgpDNl6ClhBr7nLqUng8P+6j24Yu6nYQo1PsT4UMlAv+BNGqzqadfd0vcT9mP3YFcEyU4ssx/IILASFPwZWdz3AAmJFkzvUgdElSEiwR+bEW7VTu1fkJdZNexUl3D4t+L6OdIdScOpiInqJYY4M8ZfeK+d+C4jE3yWXr8z0cxPpORion6B0ew/tCJ1tLYHeCAhWc/kepihy56+ypxjJnzYEeDphA8Cb+eSUigbmwTeYQPEV8hEszNFzJ2H3MMyEnyrCS2ouc34R/Vg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=NoPTkDzZTgZrzJ25ssIzorqiV8q4HpFp5WxeT2VXxYA=;
b=VFscgvq7DdfA+Pg3AfDE7GgSQIxIcnoHrwcdNIsEwg0b6rcKmZobI8WXPlVFVRew60XY8cHLUKlD0MO4Dt6Kn2aZLgKBiz5JAaV2VuRkZutzmgeBCoOg0I2A2UGd2aphTN/u9yoE/7RdRPdTrMlD5EjjKpNiIpprCqF/X1UgvB22mdt6wkEj7j4v7RJK2c/jAoA5ZEaMqpMjXQDU9yLeqBdbdYRfXddWPYrEXZ+TWUoRtoSkEYgVXAHhJ1V7AjvBltPMdUpqQTxhmHq8ZyWfyyj5o9R6Q5a1pPEGhT53utUvC6P/QPciBmwTlZGe2a8MAtQPgUjrboap0OWk5Ua9tg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
172.105.148.13) smtp.rcpttodomain=nk.ca
smtp.mailfrom=4pfvf63.onmicrosoft.com; dmarc=none action=none
header.from=4pfvf63.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=4pfvf63.onmicrosoft.com; s=selector1-4pfvf63-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=NoPTkDzZTgZrzJ25ssIzorqiV8q4HpFp5WxeT2VXxYA=;
b=l+85mv3S+21uacWbnoShgKIYjFOnbPN74djQ0J0qEQ8YS8rkKppoatviE1ZdC5Sk2Y+/Tf+LxTnMfBdng67binOrmrvLnYHEL2amRv1UiBOMcS6TtMzjY1VcCC6fPh5w5CyMo9gLLoQwKG7zE/JnTyiI+vst8483X2oSghmimX76oe6tZGJxO2CYkxqzv8YVzObI1eV3pvhfw1h2M/03up5mf5RgCZJKnJqfQC8kGLipzkPAXSQTUjuvCrfYGql4ftqsWcBKF+lLT51BJ6hOehybITWfViKLF4v3GrWQh9905UIXa3i8jykjTcTVryeLBzXdZ50U1OK9RW/uL8XdoA==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.105.148.13)
smtp.mailfrom=4pfvf63.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=4pfvf63.onmicrosoft.com;
Importance: high
From: Ace Hardware
MIME-Version: 1.0
Subject: Order Confirmation - Craftsman Wet/Dry Vacuum
Content-Transfer-Encoding: 7bit
In-Reply-To:
Content-Type: text/html; charset="UTF-8"
To: root@nk.ca
CC: root@nk.ca
Date: Thu, 11 Jan 2024 02:25:36 +0100
Message-ID:
<4948888c-640a-42c3-8004-f41f4ca77147@DS3PEPF000099D7.namprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS3PEPF000099D7:EE_|IA1PR10MB7165:EE_
X-MS-Office365-Filtering-Correlation-Id: f2f7be5d-b042-4051-01de-08dc1244df72
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
fJx9CBbx8UF/ZdNPrni1manx60tJDIHmvqUkt8Ic1rtvEmRhhNWubuc+FP3pftBILgnRDSPlin7/nw0BESNMFVsKplwRWiH378IdAwn9KRUFF6CSgxyPbagaDLc+zaXmfM1sAwwxONwFumtfEY8s9KvOP3qOaMnoLW7RUZRYZGiingfcDV2MRkXPv3Ecai9EPogxazOri1Ku+U2M5MuS3oNpCVwJYNkr7pqkWZVxVrGjOEbCn4C+zPRnXRmxpsVrQURbgRXK+qzERvGkisRPYoyqEcz/MdByl9bwl4NDeT9ZWG/vmY7KiVwnHpt9xNBmcaNGi9EmUgwwZ8y7SMjyeifZ7yXbjPV/4rL8O7d7psV9p/7oQitBNx57/K5Uqd/YzGFhFPlejcZfiuvxWRyqJfgBZH/d3PNl3CFFXjE0t/9oukr1t6xYqX/9Uhvj0xt4UHJ8WOOFHk2rjghMZRzM4hV2uwuk2vJmHU+SO52Q3D747jRYcnlwKicOGVcIqbonLbNtUqpt9sBQCbZJdvTNjg==
X-Forefront-Antispam-Report:
CIP:172.105.148.13;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.thompson.com;PTR:172-105-148-13.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(396003)(39860400002)(376002)(346002)(136003)(230922051799003)(1690799017)(186009)(82310400011)(64100799003)(61400799012)(451199024)(7200799017)(46966006)(36840700001)(40470700004)(2906002)(5660300002)(336012)(8676002)(9686003)(31696002)(26005)(558084003)(478600001)(70206006)(86362001)(67280400001)(8936002)(316002)(41320700001)(42186006)(786003)(6916009)(70586007)(36860700001)(81166007)(82740400003)(34070700002)(47076005)(4326008)(166002)(41300700001)(40460700003)(40480700001)(8400799017)(66899024);DIR:OUT;SFP:1101;
X-OriginatorOrg: 4pfvf63.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2024 01:30:19.4540
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f2f7be5d-b042-4051-01de-08dc1244df72
X-MS-Exchange-CrossTenant-Id: 90903da3-5cf4-445f-8a84-a419febd4dd7
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=90903da3-5cf4-445f-8a84-a419febd4dd7;Ip=[172.105.148.13];Helo=[mail.thompson.com]
X-MS-Exchange-CrossTenant-AuthSource:
DS3PEPF000099D7.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR10MB7165
(1) Notifications
I1.17KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 10 Jan 2024 19:47:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rNl5P-000000002cl-1JJA
for dave@doctor.nl2k.ab.ca;
Wed, 10 Jan 2024 19:46:27 -0700
Resent-From: The Doctor
Resent-Date: Wed, 10 Jan 2024 19:46:27 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam11on2086.outbound.protection.outlook.com ([40.107.223.86]:36896 helo=NAM11-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rNjvi-00000000Oqt-1VZZ
for root@nk.ca;
Wed, 10 Jan 2024 18:32:26 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=aYej2KD3h6tD9Y3SQXbok6E9tR5RcDhLJR7wi+56WGZK8hGjSDT+iVhYg9Dbo0ia/K99IcTORgpDNl6ClhBr7nLqUng8P+6j24Yu6nYQo1PsT4UMlAv+BNGqzqadfd0vcT9mP3YFcEyU4ssx/IILASFPwZWdz3AAmJFkzvUgdElSEiwR+bEW7VTu1fkJdZNexUl3D4t+L6OdIdScOpiInqJYY4M8ZfeK+d+C4jE3yWXr8z0cxPpORion6B0ew/tCJ1tLYHeCAhWc/kepihy56+ypxjJnzYEeDphA8Cb+eSUigbmwTeYQPEV8hEszNFzJ2H3MMyEnyrCS2ouc34R/Vg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=NoPTkDzZTgZrzJ25ssIzorqiV8q4HpFp5WxeT2VXxYA=;
b=VFscgvq7DdfA+Pg3AfDE7GgSQIxIcnoHrwcdNIsEwg0b6rcKmZobI8WXPlVFVRew60XY8cHLUKlD0MO4Dt6Kn2aZLgKBiz5JAaV2VuRkZutzmgeBCoOg0I2A2UGd2aphTN/u9yoE/7RdRPdTrMlD5EjjKpNiIpprCqF/X1UgvB22mdt6wkEj7j4v7RJK2c/jAoA5ZEaMqpMjXQDU9yLeqBdbdYRfXddWPYrEXZ+TWUoRtoSkEYgVXAHhJ1V7AjvBltPMdUpqQTxhmHq8ZyWfyyj5o9R6Q5a1pPEGhT53utUvC6P/QPciBmwTlZGe2a8MAtQPgUjrboap0OWk5Ua9tg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
172.105.148.13) smtp.rcpttodomain=nk.ca
smtp.mailfrom=4pfvf63.onmicrosoft.com; dmarc=none action=none
header.from=4pfvf63.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=4pfvf63.onmicrosoft.com; s=selector1-4pfvf63-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=NoPTkDzZTgZrzJ25ssIzorqiV8q4HpFp5WxeT2VXxYA=;
b=l+85mv3S+21uacWbnoShgKIYjFOnbPN74djQ0J0qEQ8YS8rkKppoatviE1ZdC5Sk2Y+/Tf+LxTnMfBdng67binOrmrvLnYHEL2amRv1UiBOMcS6TtMzjY1VcCC6fPh5w5CyMo9gLLoQwKG7zE/JnTyiI+vst8483X2oSghmimX76oe6tZGJxO2CYkxqzv8YVzObI1eV3pvhfw1h2M/03up5mf5RgCZJKnJqfQC8kGLipzkPAXSQTUjuvCrfYGql4ftqsWcBKF+lLT51BJ6hOehybITWfViKLF4v3GrWQh9905UIXa3i8jykjTcTVryeLBzXdZ50U1OK9RW/uL8XdoA==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.105.148.13)
smtp.mailfrom=4pfvf63.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=4pfvf63.onmicrosoft.com;
Importance: high
From: Ace Hardware
MIME-Version: 1.0
Subject: Order Confirmation - Craftsman Wet/Dry Vacuum
Content-Transfer-Encoding: 7bit
In-Reply-To:
Content-Type: text/html; charset="UTF-8"
To: root@nk.ca
CC: root@nk.ca
Date: Thu, 11 Jan 2024 02:25:36 +0100
Message-ID:
<4948888c-640a-42c3-8004-f41f4ca77147@DS3PEPF000099D7.namprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS3PEPF000099D7:EE_|IA1PR10MB7165:EE_
X-MS-Office365-Filtering-Correlation-Id: f2f7be5d-b042-4051-01de-08dc1244df72
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
fJx9CBbx8UF/ZdNPrni1manx60tJDIHmvqUkt8Ic1rtvEmRhhNWubuc+FP3pftBILgnRDSPlin7/nw0BESNMFVsKplwRWiH378IdAwn9KRUFF6CSgxyPbagaDLc+zaXmfM1sAwwxONwFumtfEY8s9KvOP3qOaMnoLW7RUZRYZGiingfcDV2MRkXPv3Ecai9EPogxazOri1Ku+U2M5MuS3oNpCVwJYNkr7pqkWZVxVrGjOEbCn4C+zPRnXRmxpsVrQURbgRXK+qzERvGkisRPYoyqEcz/MdByl9bwl4NDeT9ZWG/vmY7KiVwnHpt9xNBmcaNGi9EmUgwwZ8y7SMjyeifZ7yXbjPV/4rL8O7d7psV9p/7oQitBNx57/K5Uqd/YzGFhFPlejcZfiuvxWRyqJfgBZH/d3PNl3CFFXjE0t/9oukr1t6xYqX/9Uhvj0xt4UHJ8WOOFHk2rjghMZRzM4hV2uwuk2vJmHU+SO52Q3D747jRYcnlwKicOGVcIqbonLbNtUqpt9sBQCbZJdvTNjg==
X-Forefront-Antispam-Report:
CIP:172.105.148.13;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.thompson.com;PTR:172-105-148-13.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(396003)(39860400002)(376002)(346002)(136003)(230922051799003)(1690799017)(186009)(82310400011)(64100799003)(61400799012)(451199024)(7200799017)(46966006)(36840700001)(40470700004)(2906002)(5660300002)(336012)(8676002)(9686003)(31696002)(26005)(558084003)(478600001)(70206006)(86362001)(67280400001)(8936002)(316002)(41320700001)(42186006)(786003)(6916009)(70586007)(36860700001)(81166007)(82740400003)(34070700002)(47076005)(4326008)(166002)(41300700001)(40460700003)(40480700001)(8400799017)(66899024);DIR:OUT;SFP:1101;
X-OriginatorOrg: 4pfvf63.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2024 01:30:19.4540
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f2f7be5d-b042-4051-01de-08dc1244df72
X-MS-Exchange-CrossTenant-Id: 90903da3-5cf4-445f-8a84-a419febd4dd7
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=90903da3-5cf4-445f-8a84-a419febd4dd7;Ip=[172.105.148.13];Helo=[mail.thompson.com]
X-MS-Exchange-CrossTenant-AuthSource:
DS3PEPF000099D7.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR10MB7165
I1.17KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments