Kroger Cookware Phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 12 Jan 2024 19:09:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rOTRY-000000008WA-06jT
for dave@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:08:16 -0700
Resent-From: The Doctor
Resent-Date: Fri, 12 Jan 2024 19:08:16 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-am6eur05on2118.outbound.protection.outlook.com ([40.107.22.118]:16608 helo=EUR05-AM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rOTJj-0000000083Z-2B1t
for doctor@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:00:15 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=FUsE+6bK+Fp0FGKq6RiU6C1AwTke351i6/iGIoP6D41NulAywByHD4L/pBcytapc4NBfwpoqKr5lIBUcjBGg/A3VsjygFwNlS3Gd2QkbEv0HA0qxAL+hIfazoZLdbRmd1pF7BbC6mBCGRpWP7384L3Pa6puZagDx7npuLAHeg8Q/Z+OPJrfsxAWq4SUMrm2LJlKPaMQrf8LizPPQyHSd0DqcIUMZwbIiD9TGOTElt5oMNP042LnfOfn9B5XZvm5fTTCYz7dwhIGhb6IoUTyfQWRaUdLkEWk+28WTuXwJ8kNwWcAFD8gN9uqhY1Ejwl/NYj8lQkqU8VGs0nN6cmqmTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=RH0Cf2jYZpmLhK90TKzy2U69L83UvT4G5coVkyG4Hp9khIEa3LutBz8/GPhJsNFAar+w0i/nmtLQITFCwjsZ0RF1V3Bet50HQli4mVVtrSsHu6BkkHy324uZPEwSYDweqVXGaFlwOJP0LOW4IQBuAKE00hBDJTuJsFW8mKC9cGh8zNeg9dqUoVPTdk3ZfIfsg/wRZf0G77PdDlW1i6wJIPCMoK01DXXcSr+1zDEcO0TEiTwPmKYpUDapUfesPVD3mEj9JGEHv/ei4ydxvLficDE9O3ah1MFgjuPy857Y4Y9qmShigHEPhuN9YUCWyLV/k9qmiif0b5aXY3aXARTFAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
45.79.214.223) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.mailfrom=t03ms.onmicrosoft.com; dmarc=none action=none
header.from=t03ms.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=T03MS.onmicrosoft.com;
s=selector1-T03MS-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=d40+gnlI61+56OpcjDzW4idP6HJTvnjSyGx27fVUQLDA5bE+hMStiyGWQMFy11NkbB72n6HGtfOlzAOhOgfAq8LsprTcCWCWJ4BIvwRQMKDBbElH+K2Ja8vTQq6XKLAKT5w4RcB8hdZI7TurTzhOv+ZmqGSzMhVr7oiTinO8Ki8Yo/gDbF9O1QZ2BI7InWwzG6f9rPmBoSRuXgdYWeIdkfhZB/SLU0m/wfHR8KadChNU2t0/RP19Qmd5SEoS8WcJLpqMyfo2u9LQPJkrsEFUabrO6IGYVZ42foIlJnKCmTMtuqygCwWBf1lIz8TMuqAWBkELtqkrlzj86o5/+s4A/g==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.79.214.223)
smtp.mailfrom=T03MS.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=T03MS.onmicrosoft.com;
Importance: high
MIME-Version: 1.0
In-Reply-To:
From: Kroger Shipment
To: doctor@doctor.nl2k.ab.ca
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
CC: doctor@doctor.nl2k.ab.ca
Date: Sat, 13 Jan 2024 02:54:50 +0100
Subject: Make a Difference, Get Rewarded: Survey Now
Message-ID:
<3828a566-1310-4e4e-9b45-723d6b23a2e7@AM3PEPF0000A78E.eurprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM3PEPF0000A78E:EE_|DU0PR07MB8995:EE_
X-MS-Office365-Filtering-Correlation-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
eZMPPT4vpjqcEs5BY5e3Amn/A16PiSsc5MMFFDxUItyAaN1Y93clw65npU95WVx9zStYiDdv2lqXRDt0RfvI2wRh5F3poDPNOuhk/w9HZf6VjlEdyzN/xNjTw90eg1KcjW29akPO6IBk4pNF3SNJf8ElqmfWihlmfOUc+eiimerwPb2sDRu6WicFOXp6xM93mmMX+dtpSUQiPanCM6CU6rjCCkoo5u80PkCejFClAwlOs3z6KVFFqUjee2YfdE1ZJdi6pOtkN63b48FYP4F5bXyNeaWdG7q2iPyCUbEh/VCicbfxQIIdvvmuPbxmB1mytC5nAPpjwgkfjRSZgHS2eSZTGCBhdXKCx+CPqhAy2tqjF0OXuh3rmVRFvEt9Uqo+uPKf/HyNfr5TL9afUTfnjtJWPqq9BNbBIKDj8TJqN/s28OY/WAqz44Y57BabhJBWCbEwlzEu2WiC0QBwxq93uuOsNCpyp5vg45+wP8/lF1TKeURlI9dFJO+ZJdm7QyU4X0l0jDgYgEultpxbd6+6zwVv972uR+sbYpmGDQ2TbJA=
X-Forefront-Antispam-Report:
CIP:45.79.214.223;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schinner.com;PTR:45-79-214-223.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(376002)(136003)(396003)(39860400002)(346002)(230922051799003)(1690799017)(451199024)(7200799017)(64100799003)(82310400011)(61400799012)(186009)(36840700001)(46966006)(40470700004)(478600001)(31696002)(41320700001)(47076005)(36860700001)(26005)(41300700001)(336012)(9686003)(40460700003)(40480700001)(5660300002)(166002)(70586007)(2906002)(70206006)(558084003)(8936002)(6916009)(42186006)(786003)(67280400001)(81166007)(4326008)(316002)(8400799017)(8676002)(34070700002)(86362001)(82740400003)(154513002);DIR:OUT;SFP:1102;
X-OriginatorOrg: T03MS.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2024 01:58:03.0193
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-CrossTenant-Id: 797ffa7c-6432-40c5-8603-f3a97de60bb8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=797ffa7c-6432-40c5-8603-f3a97de60bb8;Ip=[45.79.214.223];Helo=[mail.schinner.com]
X-MS-Exchange-CrossTenant-AuthSource:
AM3PEPF0000A78E.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR07MB8995
(1) Notifications
I1.18KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 12 Jan 2024 19:09:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rOTRY-000000008WA-06jT
for dave@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:08:16 -0700
Resent-From: The Doctor
Resent-Date: Fri, 12 Jan 2024 19:08:16 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-am6eur05on2118.outbound.protection.outlook.com ([40.107.22.118]:16608 helo=EUR05-AM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rOTJj-0000000083Z-2B1t
for doctor@doctor.nl2k.ab.ca;
Fri, 12 Jan 2024 19:00:15 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=FUsE+6bK+Fp0FGKq6RiU6C1AwTke351i6/iGIoP6D41NulAywByHD4L/pBcytapc4NBfwpoqKr5lIBUcjBGg/A3VsjygFwNlS3Gd2QkbEv0HA0qxAL+hIfazoZLdbRmd1pF7BbC6mBCGRpWP7384L3Pa6puZagDx7npuLAHeg8Q/Z+OPJrfsxAWq4SUMrm2LJlKPaMQrf8LizPPQyHSd0DqcIUMZwbIiD9TGOTElt5oMNP042LnfOfn9B5XZvm5fTTCYz7dwhIGhb6IoUTyfQWRaUdLkEWk+28WTuXwJ8kNwWcAFD8gN9uqhY1Ejwl/NYj8lQkqU8VGs0nN6cmqmTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=RH0Cf2jYZpmLhK90TKzy2U69L83UvT4G5coVkyG4Hp9khIEa3LutBz8/GPhJsNFAar+w0i/nmtLQITFCwjsZ0RF1V3Bet50HQli4mVVtrSsHu6BkkHy324uZPEwSYDweqVXGaFlwOJP0LOW4IQBuAKE00hBDJTuJsFW8mKC9cGh8zNeg9dqUoVPTdk3ZfIfsg/wRZf0G77PdDlW1i6wJIPCMoK01DXXcSr+1zDEcO0TEiTwPmKYpUDapUfesPVD3mEj9JGEHv/ei4ydxvLficDE9O3ah1MFgjuPy857Y4Y9qmShigHEPhuN9YUCWyLV/k9qmiif0b5aXY3aXARTFAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
45.79.214.223) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.mailfrom=t03ms.onmicrosoft.com; dmarc=none action=none
header.from=t03ms.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=T03MS.onmicrosoft.com;
s=selector1-T03MS-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=5s/JrhR+8hr3NCZyczYZoJ6/+ocuXxvZUGwp/MQHOqo=;
b=d40+gnlI61+56OpcjDzW4idP6HJTvnjSyGx27fVUQLDA5bE+hMStiyGWQMFy11NkbB72n6HGtfOlzAOhOgfAq8LsprTcCWCWJ4BIvwRQMKDBbElH+K2Ja8vTQq6XKLAKT5w4RcB8hdZI7TurTzhOv+ZmqGSzMhVr7oiTinO8Ki8Yo/gDbF9O1QZ2BI7InWwzG6f9rPmBoSRuXgdYWeIdkfhZB/SLU0m/wfHR8KadChNU2t0/RP19Qmd5SEoS8WcJLpqMyfo2u9LQPJkrsEFUabrO6IGYVZ42foIlJnKCmTMtuqygCwWBf1lIz8TMuqAWBkELtqkrlzj86o5/+s4A/g==
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.79.214.223)
smtp.mailfrom=T03MS.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=T03MS.onmicrosoft.com;
Importance: high
MIME-Version: 1.0
In-Reply-To:
From: Kroger Shipment
To: doctor@doctor.nl2k.ab.ca
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
CC: doctor@doctor.nl2k.ab.ca
Date: Sat, 13 Jan 2024 02:54:50 +0100
Subject: Make a Difference, Get Rewarded: Survey Now
Message-ID:
<3828a566-1310-4e4e-9b45-723d6b23a2e7@AM3PEPF0000A78E.eurprd04.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM3PEPF0000A78E:EE_|DU0PR07MB8995:EE_
X-MS-Office365-Filtering-Correlation-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
eZMPPT4vpjqcEs5BY5e3Amn/A16PiSsc5MMFFDxUItyAaN1Y93clw65npU95WVx9zStYiDdv2lqXRDt0RfvI2wRh5F3poDPNOuhk/w9HZf6VjlEdyzN/xNjTw90eg1KcjW29akPO6IBk4pNF3SNJf8ElqmfWihlmfOUc+eiimerwPb2sDRu6WicFOXp6xM93mmMX+dtpSUQiPanCM6CU6rjCCkoo5u80PkCejFClAwlOs3z6KVFFqUjee2YfdE1ZJdi6pOtkN63b48FYP4F5bXyNeaWdG7q2iPyCUbEh/VCicbfxQIIdvvmuPbxmB1mytC5nAPpjwgkfjRSZgHS2eSZTGCBhdXKCx+CPqhAy2tqjF0OXuh3rmVRFvEt9Uqo+uPKf/HyNfr5TL9afUTfnjtJWPqq9BNbBIKDj8TJqN/s28OY/WAqz44Y57BabhJBWCbEwlzEu2WiC0QBwxq93uuOsNCpyp5vg45+wP8/lF1TKeURlI9dFJO+ZJdm7QyU4X0l0jDgYgEultpxbd6+6zwVv972uR+sbYpmGDQ2TbJA=
X-Forefront-Antispam-Report:
CIP:45.79.214.223;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.schinner.com;PTR:45-79-214-223.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(376002)(136003)(396003)(39860400002)(346002)(230922051799003)(1690799017)(451199024)(7200799017)(64100799003)(82310400011)(61400799012)(186009)(36840700001)(46966006)(40470700004)(478600001)(31696002)(41320700001)(47076005)(36860700001)(26005)(41300700001)(336012)(9686003)(40460700003)(40480700001)(5660300002)(166002)(70586007)(2906002)(70206006)(558084003)(8936002)(6916009)(42186006)(786003)(67280400001)(81166007)(4326008)(316002)(8400799017)(8676002)(34070700002)(86362001)(82740400003)(154513002);DIR:OUT;SFP:1102;
X-OriginatorOrg: T03MS.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2024 01:58:03.0193
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8fd7d978-dfcd-4cb9-1da9-08dc13db13e6
X-MS-Exchange-CrossTenant-Id: 797ffa7c-6432-40c5-8603-f3a97de60bb8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=797ffa7c-6432-40c5-8603-f3a97de60bb8;Ip=[45.79.214.223];Helo=[mail.schinner.com]
X-MS-Exchange-CrossTenant-AuthSource:
AM3PEPF0000A78E.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR07MB8995
I1.18KL0LD35.4KI2.16KwhoissourceRank10.8MPIN0Summary reportDiagnosisDensity00n/a
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments