Canadian Tire Mechanic Tool set Phishing Contest from Microsoft Outlook

Posted by Dave Yadallee on Wednesday, February 28. 2024

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 28 Feb 2024 07:34:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1rfL0A-000000001xI-1nA0

for dave@doctor.nl2k.ab.ca;

Wed, 28 Feb 2024 07:33:42 -0700

Resent-From: The Doctor

Resent-Date: Wed, 28 Feb 2024 07:33:42 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-dm6nam11rlnn2073.outbound.protection.outlook.com ([40.95.38.73]:29518 helo=NAM11-DM6-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.97.1 (FreeBSD))

id 1rfJ3b-00000000Inq-1awv

for games@nl2k.ab.ca;

Wed, 28 Feb 2024 05:29:11 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=dlryVpMxh2IJpeNjfLtiGv8pYskHjS2KEEnnjIQFebNxwEVZMqzeG9H08fFqP88lxYAXu03dI0XOCA6yJnwzIXO7wvMihqFIfIQY67Q/8o54QOHB26mk3yrKBzbBgzW81osaOl3R36RnCOdR50XWoJ7ZIpT33SJd8T3N4y6Jx9F5oX+895YYA2AZwKIXGa32ynfntzpBH6Aw+ftZc9UGtFByDo1lDJgej7lHBJ20gLjbHnFvWl3c7vpSCqt2Tby+4BMa3LnDESt78SKyL/0AGc0fyABlBVOD86ntgUauAc6oASkNiYcxHl2pFFXQDaGVb8vV7K0QWPD2LT3M4OBCBA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=tfYpexrvbVid6MS2zxHSUiWJTukRDlyLmnIk5ni1gxs=;

b=NZMfG4fuRbQW+ANZxkf4BaLKAJRNTZ3F9ITzazTJT0w+QGmzmTdwOpzhySKpt2mFh7r4c6ENonlVFdZ3XfEARxLRzkow/UFQJZ96ib2wO8SAjQnH9a38t6XQTDKwiY87dj+3ZeRGVzSWYodC3ypR1boBLrfjfKNxSQoU8z5aRTfynFj0EdMLBKZXAeEZZDddlha9L0c+VKe4sNDoiC1i7gz4bSXu6KgSM7YwThBWgivv+bb6+rUk4fuad6BBCxpKaNO5E7xL8ZcqVTEEKngjxDXn3AO/G7ROHVR1ze7WZOOjaZMCE7rUYbFM7qXMAq35AZz1ERRKH3x9j4iUvYtstg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is

45.79.109.171) smtp.rcpttodomain=nl2k.ab.ca smtp.helo=fghytmlo.kfdf.sbs;

dmarc=none action=none header.from=fghytmlo.kfdf.sbs; dkim=none (message not

signed); arc=none (0)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.79.109.171)

smtp.helo=fghytmlo.kfdf.sbs; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=fghytmlo.kfdf.sbs;

Subject: "message for games"

MIME-Version: 1.0

X-TOI-MSGID: <101741417077062.AC354F821938C.1705442930402@fghytmlo.kfdf.sbs>

From: Canadian Tire Department

In-Reply-To:

To: games@nl2k.ab.ca

Content-Transfer-Encoding: 8bit

Content-Type: text/html; charset="UTF-8"

CC: games@nl2k.ab.ca

Date: Wed, 28 Feb 2024 12:27:02 +0000

Message-ID:

<0f240ea9-6039-472c-a9e6-f6f652424ca8@DM6NAM12FT068.eop-nam12.prod.protection.outlook.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DM6NAM12FT068:EE_|PH7PR20MB6353:EE_

X-MS-Office365-Filtering-Correlation-Id: 77fcec19-cbbb-4774-d093-08dc38589171

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

CQZEGGHtcJnqv1A8gA7o4gSJHSmRv3w4ayCgqklHh2IAiuYImgVnUSxZ3Ph9PICDUNMomCahyi2lar4Ae2OTftvYTn7RcpTyBRqHCwGPoEJOEe483y9ZHmWsYMaxIgDT0a3i52VXuytvFPZQQAf3lKgftznuf9Z3kfQJLrOR1MNcIjxC0SQDiJ7hSuSvc1Z74hYceq8YAABlRoJgJY8oXlThT7RwqOOjJ0gO44KIdue4loEh7sRQp/G6fKMHPtbF4dvvxgLh4jVOhn4j1f3dxxMnuTioxAN12zfRxxWgb4nidiUe3PC4omAeo4ib9n0ujq0IRH/nfOeD35Dea0nT/ahH8A/l7oUb0PRWtUu4WWLOD7/wf41kt+qjnnbLJstj2YPnvy503bRWJJV+zT1TBcLmKiT6tRlXv2X4P2IQ7CuCnqC8f0rn35m9+DsYTnucU3ZjWW0rnxrG2Ib4akbK43MsAN0rFLZ+Hv789kRx5SKc3X1UGm+KeSo3ziWx6TQ5Qa3/f3PJkhDicLXUBNlQ104bw0sSz1YfURAwA+VXpn5ot+9Sj6yGm6yFk3hRYs2kRr3oYVC1NvR1DseVrDAwTOD4kL/6TamWW0j9i8Nvcs2O1xezG4z8hcIonlYfBRF1GS2CU6+ulcxwHTlSjRLFLAlURZ8h4WxMSYPNyXxzxkSj3cEri2KLwNNn4rRBUYeMouuq+fEdJU7xeJJqynw2992ORmb+5+/fQKRvuy5Po3g=

X-Forefront-Antispam-Report:

CIP:45.79.109.171;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:fghytmlo.kfdf.sbs;PTR:45-79-109-171.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(35950700004)(82310400014);DIR:OUT;SFP:1022;

X-OriginatorOrg: fghytmlo.kfdf.sbs

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2024 12:27:02.6794

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 77fcec19-cbbb-4774-d093-08dc38589171

X-MS-Exchange-CrossTenant-Id: f55e1df8-735b-45e3-bec7-b3d3e251697f

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f55e1df8-735b-45e3-bec7-b3d3e251697f;Ip=[45.79.109.171];Helo=[fghytmlo.kfdf.sbs]

X-MS-Exchange-CrossTenant-AuthSource:

DM6NAM12FT068.eop-nam12.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR20MB6353

(1) Notifications

▂▃Welcome ▃▂

🅲🅾🅽🅶🆁🅰🆃🆄🅻🅰🆃🅸🅾🅽🆂!

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Name

Homepage

In reply to

Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enter the string from the spam-prevention image above: