Temu phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 02 Jan 2024 11:57:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rKjwh-0000000028Z-3mnO
for dave@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 11:56:59 -0700
Resent-From: The Doctor
Resent-Date: Tue, 2 Jan 2024 11:56:59 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam10on2131.outbound.protection.outlook.com ([40.107.93.131]:9184 helo=NAM10-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rKjjj-000000001rw-1aFK
for doctor@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 11:43:39 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=T1ydZU8YbNTYFFhdanxrN2HN+49Ro0z/1CtxFGdNXG9/TS8pnvLIYNawHuh9RNe4HWJd83kFNuKNqueWNRba8G2KqGyG0fCHw3olzQZ4/wawlfUCbMkK6dzYM6soLtlOuTiywSht01uH8AXYzCNsjEZKQKuOml3ZoQbcsVftJbYuLG0b22XINtg8uyrLBWWOx/jsLqEGMOgvEzNMUlE96LP0r7oa2rbQkZRTMRxBLLnH/3c4xY/qy0lsBziMLSVCUSElQZD8z5nEZId2RLkYrFA4eqZyarLVkpqpo+Dus0Y3gQD3efsrSq+fJeE0xEicW7JTaZfG5C761AowouJWsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=zzPK+VjwXPWxt4PJlnTASyBUbKfnomIDa1C9PFs//ek=;
b=LENqKZTJJXPJv8VNexoR+faOnpwHIDj0SU0qOgwvmaU4UMz6JTohIbwGMbaGxDa93goib8jmakPP6IxhmiOO9ykLa79dfmzvkAlkWbZIiYIqOwx05U5SscyK3ib8oXPNvEDzBE7wLiWEuFaSIdFfp/qZGOUJP2OzOj39txfzh/ZbPerUEqKyM0fpQw8xAcXRtqNeJTWYNNcejYo5ln1TJ5bo6Vbj0b8jBU5eqmYrpwfvNfbvfbNweVB6DZh5z3mggyPjn4GzRnMNEz9DzVt0aORN0L8kjP3BxvmmJIY16pZdnt95HRx9MYNP5S6jdL15TjeG3qmin57Hp2U+bdF4sA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
65.108.56.167) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.mailfrom=xkgkfwf.onmicrosoft.com; dmarc=none action=none
header.from=xkgkfwf.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
Received: from BL1PR13CA0291.namprd13.prod.outlook.com (2603:10b6:208:2bc::26)
by BN8PR07MB7074.namprd07.prod.outlook.com (2603:10b6:408:da::22) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.25; Tue, 2 Jan
2024 18:42:04 +0000
Received: from BL02EPF0001A0FD.namprd03.prod.outlook.com
(2603:10b6:208:2bc:cafe::49) by BL1PR13CA0291.outlook.office365.com
(2603:10b6:208:2bc::26) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.12 via Frontend
Transport; Tue, 2 Jan 2024 18:42:04 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 65.108.56.167)
smtp.mailfrom=xkgkfwf.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=xkgkfwf.onmicrosoft.com;
Received-SPF: Fail (protection.outlook.com: domain of xkgkfwf.onmicrosoft.com
does not designate 65.108.56.167 as permitted sender)
receiver=protection.outlook.com; client-ip=65.108.56.167;
helo=mail.hirthe.net;
Received: from mail.hirthe.net (65.108.56.167) by
BL02EPF0001A0FD.mail.protection.outlook.com (10.167.242.104) with Microsoft
SMTP Server id 15.20.7159.9 via Frontend Transport; Tue, 2 Jan 2024 18:42:04
+0000
X-TOI-MSGID: <1573888518.D5638C58E93E0.1704220537585@hirthe.net>
CC: doctor@doctor.nl2k.ab.ca
MIME-Version: 1.0
Date: Tue, 02 Jan 2024 19:35:37 +0100
From: Temu Rewards
To: doctor@doctor.nl2k.ab.ca
Sender: mailapp-java@xkgkfwf.onmicrosoft.com
Content-Type: multipart/alternative; charset="UTF-8";boundary="PART_O7f2.jysgjybw"
In-Reply-To:
Importance: high
Subject: Notice for doctor, You Are Our January Winner_!!
Message-ID:
<45485664-0727-463f-ad6e-10fda0d2168d@BL02EPF0001A0FD.namprd03.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL02EPF0001A0FD:EE_|BN8PR07MB7074:EE_
X-MS-Office365-Filtering-Correlation-Id: 0088e490-dbe6-4daa-6b56-08dc0bc28401
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
zxdX7jVdlSYnsbg23qxYMaQV1ICfHsA8Pt8m0oOOSTyfTy41W8ZPJMS+lsvVlNCIs1OvaUDrc4INKP0dfPxMBrvZ99jIMZG7lF32ch8EekGKtjZ9BYMQ+2ErsU3a9GZJNWRJp9e0OGWvQisZxWTBagmIIZZqK/+3P8WTuYE/54wBVKPGX28Eyvci5F3eOE2FCeZMBO/54HwoBTsaqgc5sz8VafRSAla2H0CJd1ntaXguws9tx3HZPVGvcJfYuVZ6oeXhBCOOMsvzikyubjhWlsYKInwkprBI4hZMN2GRsq3+FNRjz39VCCOCEDcOu0zAKT6DpeEiODbMd3Z0Lw66yrqjEW2DFiBEeCVt3oYN77qydkpp3XUh60bLr7X9qmxbNBliMoSQioAxMQKTMjAvY2ZozyOcnTL/nppNPdztBnhk/T+OXGfgTZ32Kk/WjCIen2qiAfHP1PzdIaCwcH74mQLbUe1HzBJ/fXRDX598PgXZi5NbTZtwdegIqyqffX44GZRMNj58eWYaby5BdHzAQaB6u+hs5w85BUR7U5i5kWA=
X-Forefront-Antispam-Report:
CIP:65.108.56.167;CTRY:FI;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.hirthe.net;PTR:static.167.56.108.65.clients.your-server.de;CAT:NONE;SFS:(13230031)(39850400004)(346002)(396003)(136003)(376002)(230922051799003)(82310400011)(1690799017)(64100799003)(451199024)(186009)(61400799012)(7200799017)(46966006)(40470700004)(36840700001)(70206006)(956004)(26005)(47076005)(41300700001)(336012)(81166007)(356005)(316002)(82740400003)(8936002)(8676002)(166002)(786003)(36860700001)(19625305002)(4326008)(2906002)(118246002)(36736006)(478600001)(5660300002)(6666004)(6512007)(7846003)(33964004)(70586007)(6486002)(6506007)(9686003)(6916009)(31696002)(41320700001)(9316004)(40460700003)(8400799017)(40480700001)(564344004)(66899024)(18023003)(83022004);DIR:OUT;SFP:1102;
X-OriginatorOrg: xkgkfwf.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 18:42:04.3358
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0088e490-dbe6-4daa-6b56-08dc0bc28401
X-MS-Exchange-CrossTenant-Id: 369eaebd-1dbd-4bb4-ac89-8125bbfb1441
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=369eaebd-1dbd-4bb4-ac89-8125bbfb1441;Ip=[65.108.56.167];Helo=[mail.hirthe.net]
X-MS-Exchange-CrossTenant-AuthSource:
BL02EPF0001A0FD.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR07MB7074
X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message
X-Antivirus-Status: Clean
--PART_O7f2.jysgjybw
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="UTF-8"
(6601) Notifications For YOU
--PART_O7f2.jysgjybw--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 02 Jan 2024 11:57:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rKjwh-0000000028Z-3mnO
for dave@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 11:56:59 -0700
Resent-From: The Doctor
Resent-Date: Tue, 2 Jan 2024 11:56:59 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm6nam10on2131.outbound.protection.outlook.com ([40.107.93.131]:9184 helo=NAM10-DM6-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rKjjj-000000001rw-1aFK
for doctor@doctor.nl2k.ab.ca;
Tue, 02 Jan 2024 11:43:39 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=T1ydZU8YbNTYFFhdanxrN2HN+49Ro0z/1CtxFGdNXG9/TS8pnvLIYNawHuh9RNe4HWJd83kFNuKNqueWNRba8G2KqGyG0fCHw3olzQZ4/wawlfUCbMkK6dzYM6soLtlOuTiywSht01uH8AXYzCNsjEZKQKuOml3ZoQbcsVftJbYuLG0b22XINtg8uyrLBWWOx/jsLqEGMOgvEzNMUlE96LP0r7oa2rbQkZRTMRxBLLnH/3c4xY/qy0lsBziMLSVCUSElQZD8z5nEZId2RLkYrFA4eqZyarLVkpqpo+Dus0Y3gQD3efsrSq+fJeE0xEicW7JTaZfG5C761AowouJWsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=zzPK+VjwXPWxt4PJlnTASyBUbKfnomIDa1C9PFs//ek=;
b=LENqKZTJJXPJv8VNexoR+faOnpwHIDj0SU0qOgwvmaU4UMz6JTohIbwGMbaGxDa93goib8jmakPP6IxhmiOO9ykLa79dfmzvkAlkWbZIiYIqOwx05U5SscyK3ib8oXPNvEDzBE7wLiWEuFaSIdFfp/qZGOUJP2OzOj39txfzh/ZbPerUEqKyM0fpQw8xAcXRtqNeJTWYNNcejYo5ln1TJ5bo6Vbj0b8jBU5eqmYrpwfvNfbvfbNweVB6DZh5z3mggyPjn4GzRnMNEz9DzVt0aORN0L8kjP3BxvmmJIY16pZdnt95HRx9MYNP5S6jdL15TjeG3qmin57Hp2U+bdF4sA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
65.108.56.167) smtp.rcpttodomain=doctor.nl2k.ab.ca
smtp.mailfrom=xkgkfwf.onmicrosoft.com; dmarc=none action=none
header.from=xkgkfwf.onmicrosoft.com; dkim=none (message not signed); arc=none
(0)
Received: from BL1PR13CA0291.namprd13.prod.outlook.com (2603:10b6:208:2bc::26)
by BN8PR07MB7074.namprd07.prod.outlook.com (2603:10b6:408:da::22) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.25; Tue, 2 Jan
2024 18:42:04 +0000
Received: from BL02EPF0001A0FD.namprd03.prod.outlook.com
(2603:10b6:208:2bc:cafe::49) by BL1PR13CA0291.outlook.office365.com
(2603:10b6:208:2bc::26) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.12 via Frontend
Transport; Tue, 2 Jan 2024 18:42:04 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 65.108.56.167)
smtp.mailfrom=xkgkfwf.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=xkgkfwf.onmicrosoft.com;
Received-SPF: Fail (protection.outlook.com: domain of xkgkfwf.onmicrosoft.com
does not designate 65.108.56.167 as permitted sender)
receiver=protection.outlook.com; client-ip=65.108.56.167;
helo=mail.hirthe.net;
Received: from mail.hirthe.net (65.108.56.167) by
BL02EPF0001A0FD.mail.protection.outlook.com (10.167.242.104) with Microsoft
SMTP Server id 15.20.7159.9 via Frontend Transport; Tue, 2 Jan 2024 18:42:04
+0000
X-TOI-MSGID: <1573888518.D5638C58E93E0.1704220537585@hirthe.net>
CC: doctor@doctor.nl2k.ab.ca
MIME-Version: 1.0
Date: Tue, 02 Jan 2024 19:35:37 +0100
From: Temu Rewards
To: doctor@doctor.nl2k.ab.ca
Sender: mailapp-java@xkgkfwf.onmicrosoft.com
Content-Type: multipart/alternative; charset="UTF-8";boundary="PART_O7f2.jysgjybw"
In-Reply-To:
Importance: high
Subject: Notice for doctor, You Are Our January Winner_!!
Message-ID:
<45485664-0727-463f-ad6e-10fda0d2168d@BL02EPF0001A0FD.namprd03.prod.outlook.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL02EPF0001A0FD:EE_|BN8PR07MB7074:EE_
X-MS-Office365-Filtering-Correlation-Id: 0088e490-dbe6-4daa-6b56-08dc0bc28401
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
zxdX7jVdlSYnsbg23qxYMaQV1ICfHsA8Pt8m0oOOSTyfTy41W8ZPJMS+lsvVlNCIs1OvaUDrc4INKP0dfPxMBrvZ99jIMZG7lF32ch8EekGKtjZ9BYMQ+2ErsU3a9GZJNWRJp9e0OGWvQisZxWTBagmIIZZqK/+3P8WTuYE/54wBVKPGX28Eyvci5F3eOE2FCeZMBO/54HwoBTsaqgc5sz8VafRSAla2H0CJd1ntaXguws9tx3HZPVGvcJfYuVZ6oeXhBCOOMsvzikyubjhWlsYKInwkprBI4hZMN2GRsq3+FNRjz39VCCOCEDcOu0zAKT6DpeEiODbMd3Z0Lw66yrqjEW2DFiBEeCVt3oYN77qydkpp3XUh60bLr7X9qmxbNBliMoSQioAxMQKTMjAvY2ZozyOcnTL/nppNPdztBnhk/T+OXGfgTZ32Kk/WjCIen2qiAfHP1PzdIaCwcH74mQLbUe1HzBJ/fXRDX598PgXZi5NbTZtwdegIqyqffX44GZRMNj58eWYaby5BdHzAQaB6u+hs5w85BUR7U5i5kWA=
X-Forefront-Antispam-Report:
CIP:65.108.56.167;CTRY:FI;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.hirthe.net;PTR:static.167.56.108.65.clients.your-server.de;CAT:NONE;SFS:(13230031)(39850400004)(346002)(396003)(136003)(376002)(230922051799003)(82310400011)(1690799017)(64100799003)(451199024)(186009)(61400799012)(7200799017)(46966006)(40470700004)(36840700001)(70206006)(956004)(26005)(47076005)(41300700001)(336012)(81166007)(356005)(316002)(82740400003)(8936002)(8676002)(166002)(786003)(36860700001)(19625305002)(4326008)(2906002)(118246002)(36736006)(478600001)(5660300002)(6666004)(6512007)(7846003)(33964004)(70586007)(6486002)(6506007)(9686003)(6916009)(31696002)(41320700001)(9316004)(40460700003)(8400799017)(40480700001)(564344004)(66899024)(18023003)(83022004);DIR:OUT;SFP:1102;
X-OriginatorOrg: xkgkfwf.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 18:42:04.3358
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0088e490-dbe6-4daa-6b56-08dc0bc28401
X-MS-Exchange-CrossTenant-Id: 369eaebd-1dbd-4bb4-ac89-8125bbfb1441
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=369eaebd-1dbd-4bb4-ac89-8125bbfb1441;Ip=[65.108.56.167];Helo=[mail.hirthe.net]
X-MS-Exchange-CrossTenant-AuthSource:
BL02EPF0001A0FD.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR07MB7074
X-Antivirus: AVG (VPS 240102-4, 1/2/2024), Inbound message
X-Antivirus-Status: Clean
--PART_O7f2.jysgjybw
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="UTF-8"
|
--PART_O7f2.jysgjybw--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments