You got invoice from DocuSign Electronic Service
OK so we have another set of Office 365 phishing htm attachments received from [email protected].
They browsers are sent to the following Google page when they click the link: http://feedproxy.google.com/~r/mowefghhjw/~3/fgWWCnM6YOE/pomade.php
![]()
| |
 |
| Please review and sign an invoice. |
|
|
Dear Recipient,
Please review this invoice
It is an automatically created notice.
|
| |
|
This message holds a secure link to DocuSign. Please do not share this access code with other people.
Other Signing Way
Visit DocuSign, click on 'Access Documents', enter the security code: FEAB6A95F7
About Our Service
Sign documents in just minutes. It is secure. No matter if you're at work, home or on-the-go -- Our service provides a trusted solution for Digital Operations Management.
Have questions regarding an Invoice?
If you need to edit the document or have questions about the details in the document, please reach out to the sender by emailing them directly.
If you cannot sign an invoice, visit the Help page on our support .
This message was sent to you by DocuSign Electronic Signature Service.
|
|
|
Received: from Server.domain.suffix (192.168.x) by Server.domain.suffix
(192.168.x) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.221.12 via Mailbox
Transport; Tue, 22 Jun 2021 17:39:52 +0100
Received: from Server.domain.suffix (192.168.144.120) by Server.domain.suffix
(192.168.x) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.221.12; Tue, 22 Jun
2021 17:39:20 +0100
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (104.47.21.50) by
Server.domain.suffix (192.168.x) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.221.12
via Frontend Transport; Tue, 22 Jun 2021 17:39:20 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=X+WQd8QVbUsVY3HkiTq0UgaKlfxg1w74XbrbklsAasbyXuiuEBSQGYeOSI0P7ugPscCtF7RFHJtlkjs0O88gNhact7aZOCOucbE4kPS/XItEnTCaBHWIWHp1+iP/6xmlkGf/NqeJxAZKf/wIfwP5gojuQstrImWS3nckwrlWZ89WymIB5tFJcIiXIJUByDqixH2/3LT7+s3JXo7QJu/NUWkr0VH095uaZRmTYwyTHoFDKLSICDPSkQqqHEx0wXTfQoir34rFBNIBG8uNiw6z3mxdh/Ja3xKtHIAFjiXjamY+uNIdJgDqPxA9WPPXRaypVLuTGWb6fkcY+wf6j5FcnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Ca1fRc/fpBf7jMQat4FGPUF8qybMX7z/CMtyyYBnV0w=;
b=Yk5o1X/UlG/dcnc/ku+BNa5VFefuJXwkbMy3rBXkodldsHrM2HBRRud/ZQWSQtmdJQCfiLTmn/shGDCIHWTFo7GHJ6xCOVS2B4JYTRpXjPSYO63Y6SZaXTeZSMFnQ12Os1UzreOJc9xsSY8HvUieCCah+QW20aZ5pHTdIq3qJ/QozSJST/9A5jXketBxIfjeB7Fq62f3i/BoRGEJFXIZUh4O4zhuj9d+YHa3n7EyRzV+n2d1X9IRw0FZVpbSW7xexLlx/A8zy8hkTIVR+EXQIhJwDr3+ClZIkVrPq9RiyQimoPdvt4AtuoTFmsSxWnhgTo5Kbtw2AaSFAJIyUR0vBg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sirclesnet.onmicrosoft.com; s=selector1-sirclesnet-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Ca1fRc/fpBf7jMQat4FGPUF8qybMX7z/CMtyyYBnV0w=;
b=ljc9ah5e764bB+hTJLDff1V07PEb8RntSsl4mrFp7P4MiKQHcxFwVCiPwUxXKPTZq9t90xA+kgbzenlV4ZkvtKh8RWcDIpQLwA+VfAkvTz9EGdXLaqYucqTjVT03VlAB7RZ5YucY83WSjCQrckzHCleh6uroJ+CWA7DTQDroJuU=
Received: from CWLP123CA0074.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:5b::14)
by CWXP123MB4966.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:121::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.19; Tue, 22 Jun
2021 16:39:09 +0000
Received: from CWLGBR01FT016.eop-gbr01.prod.protection.outlook.com
(2603:10a6:401:5b:cafe::a9) by CWLP123CA0074.outlook.office365.com
(2603:10a6:401:5b::14) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18 via Frontend
Transport; Tue, 22 Jun 2021 16:39:09 +0000
Authentication-Results: spf=pass (sender IP is x.x.x.x)
smtp.mailfrom=hollingsworth-engineering.com; sircl.es; dkim=none (message not
signed) header.d=none;sircl.es; dmarc=pass action=none
header.from=hollingsworth-engineering.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of
hollingsworth-engineering.com designates x.x.x.x as permitted sender)
receiver=protection.outlook.com; client-ip=x.x.x.x;
helo=Amadeus.domain.suffix;
Received: from Server.domain.suffix (x) by
CWLGBR01FT016.mail.protection.outlook.com (10.152.40.105) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4242.16 via Frontend Transport; Tue, 22 Jun 2021 16:39:09 +0000
Received: from Server.domain.suffix (192.168.x) by Server.domain.suffix
(192.168.144.129) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.221.12; Tue, 22 Jun
2021 17:39:08 +0100
Received: from Server.domain.suffix (192.168.144.120) by Server.domain.suffix
(192.168.x) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.221.12; Tue, 22 Jun
2021 17:39:04 +0100
Received: from hollingsworth-engineering.com (178.216.138.89) by
Server.domain.suffix (192.168.x) with Microsoft SMTP Server id 15.2.221.12
via Frontend Transport; Tue, 22 Jun 2021 17:39:04 +0100
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple;
s=default; d=hollingsworth-engineering.com;
h=Date:From:Message-ID:To:List-Unsubscribe:Subject:MIME-Version:Content-Type;
b=ea2aqYy4urr+9qgFP3N8l8EWBcEZkmRVE95753cPr7Y37H5RfP4dMMZe+0NdxOuhJ+uhb81qOgyDbx4YocJuimdsa7aMmtFGXkqZRDBdnX23u4R3crnX/xgE+SiDX927RJmp3F3T/KQ8v/rq4tLdrJyPHABo+4fHKjfEs+4rShc=;
Date: Tue, 22 Jun 2021 18:39:10 +0200
From: "DocuSign Electronic Signature Service"
<[email protected]>
Message-ID: <[email protected]>
To: <[email protected]>
List-Unsubscribe: <https://hollingsworth-engineering.com/unsubscribe?redirect=byPhU287>, <mailto:[email protected]?subject=unsubscribe-6>
Subject: You got invoice from DocuSign Electronic Service
MIME-Version: 1.0
Content-Type: multipart/alternatve; boundary="_439_301128026320"
Return-Path: [email protected]
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 3f610b88-c50a-474d-84ba-049b02b4744d:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0d9a8a29-2b52-4917-31f9-08d9359c423f
X-MS-TrafficTypeDiagnostic: CWXP123MB4966:
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-BCC: [email protected]
X-Forefront-Antispam-Report: CIP:x.x.x.x;CTRY:GB;LANG:en;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:Server.domain.suffix;PTR:mail.domain.suffix;CAT:HPHISH;SFS:(16670700002)(58800400005)(103116003)(356005)(7696005)(6666004)(6862004)(336012)(2616005)(7636003)(1096003)(956004)(22186003)(55016002)(564344004)(4743002)(36756003)(8676002)(26005)(33964004)(51570400009);DIR:INB;
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: =?utf-8?B?SGdEVXZUbUc0QnB5Q1hqdGJhbXVzNzNSc1FldS9zeUxLMExibWZSczJseHJj?=
=?utf-8?B?bW1DUmRmdjRMNFVEZkpWUEF4SzJ6dmUzRk1FdEQ3eW5uWThjNnptdkNvVWJt?=
=?utf-8?B?L2N2dVU0RTRtUWxIV0I3S3l0aFNuREV1Z1FhdUdLdkZlTm01RzI2UlhpNG1v?=
=?utf-8?B?dDE2WkdSV1FudTgxRnI3T3U3M3BhMG5yRkl4eDRKVnpNWUgzbGNJS2tQS2lt?=
=?utf-8?B?NEEraFR5YkM3TmJWSllHL1ZST25mYzJoY29LTmJKSXJjQXpzWW93SVRRQ3dW?=
=?utf-8?B?ZTJvbE1SZEduWWErMmNjNVNvQ0pPSm9aRTZ5OXdhYUZxZitGYkJsQmkxYVBy?=
=?utf-8?B?am5ZR2lPK2VMRjRoVjZzY3BFOTRTb0J5ZjFVWHRYWHZSYVNpNHYrcE9xTzd4?=
=?utf-8?B?OXJLZDJ3UVRoMGE3NWlWVTVaKzBIMXZLUEZ5VW1QN1JnRzlEOGtTVHpCcjNC?=
=?utf-8?B?ZjFVRU1kbHpDVk0zSm16RUZ4QzlaYmpjNC9WTjlhSXRsTCtZbE4wUkdIZ0Nk?=
=?utf-8?B?eUFoazZCVEx2NTZqWE45T0hFN0YzN0lVcVk4clpFOUY5bGZxME9lcHVGRExK?=
=?utf-8?B?Rk1nRDJEcTNmSm1xVk9KL3M5RkhYVTMybnlWRldBK3VRTzNmcmdKK0VNbDdt?=
=?utf-8?B?Tk1XeGxrWXJJckRJNllGOEM0WFRvQjZUU1pGcDlrbmtlQ09mTTQ0MmsxdEJQ?=
=?utf-8?B?Y1JXNWw1Z1k4SWdSem95WmZsQVlSSlZMaW1STSt2aEk5aFpOdEg0VUtzWGtu?=
=?utf-8?B?a1ljYjNFWWdFVDQwamJlb215aDRiZ0I3S1I4Q3BzckRZaG41QUpGOGNMUlFP?=
=?utf-8?B?NFl2eTRrNUNXTFozckFpaDk5b1kyUElVWVRTVGdXUUdrME1UV09nbFQzWVJE?=
=?utf-8?B?UWFqeitUOUJVODZCeUZDNWNuQjM2eEF5ME5pMmNrZ1NMM2V3aXNldGc3ZDRV?=
=?utf-8?B?TGtmczlia2xtZzh3YXFXQ3BFY0pXS2xnT29WdHdDZk01bG00NmVTdGxqK0Vp?=
=?utf-8?B?YTNGRVJobXlPSjB0aW5KL1IwOG1DNGhDRUdBUEo4WXgrMmthem81VDdCV0Yy?=
=?utf-8?B?R0dTc3V2cWN6MURnMjNQZHZZSlZLcW1odkRENExhNmtTRmUzMVRoak5lZWll?=
=?utf-8?B?cmhyV1FUaWpNY2N0bElORWtHdldBSjRjY1VLZjdYUTBiaVozRWI5VFhTR2dD?=
=?utf-8?B?RUdWTTJJY1R3OUZrSFYvaXd2dlIyVU5ReXJDaHFXWjkya0tNVCt3eFdLdko2?=
=?utf-8?B?QmxJNEtROGNwRTYzbzAzQWNpWkVKejZjSDVGYW1jVDNyV0VEMHZpcGRQdG4r?=
=?utf-8?B?VnlUcjJ4em5wSHZvcHl6S1UrakpNT3JCbUM1OENVQjgwOGtKbUdaMkZIMWNN?=
=?utf-8?B?RzhDN2NSZU1WcWVrT1NpaFpkUWMyOFlLWEJ0U2dwZlZNa0E4TWk0NlhBajFW?=
=?utf-8?B?ZEFRam43RWRBd2JNWW5RZjI2TFptbU9wbjBzTDdiQllzc2xPc0pORmxtZHda?=
=?utf-8?B?cng1Zlhvemo0VmFTMEJGQkt0N2M4alBrZStDa1VHUWRlZ3EyeHVzTWlMV3Rv?=
=?utf-8?B?Q0txRjRDWUdWc3hKRWJEMlAvZWJFZUFvVjJDWENqQzhqdXpEeEh4YjNiZXVE?=
=?utf-8?B?TDA1eXdxOXcvM0dlT0xtcHpRQ013Mk01L09vZ1pjNnFKdUZBTzJXNDVSc1Ft?=
=?utf-8?B?eTNuQ0RERmMyVE9Dd0xTMllGeDlvQ1IvbnBmZGp1Vk1mdEZzSFVZR3QyZDU0?=
=?utf-8?B?SnlCY2dncFl1YmZPYi9Rd1cxU2Zza2QzdTUvRUVMbEt6dGVkZGpHMUQ3d0x2?=
=?utf-8?B?SjR3azNMMjFOSHl4UTBjTG9DNWloU2pRK0pEMk9nK3QwY3c5RGVwOTUwM3pV?=
=?utf-8?B?K3hGUHk2enNxRENzakJzOU9pYzhHajB2aStLNDg2SGlrcUZUS2VTbTVUcDZP?=
=?utf-8?B?cTJ6WGp5N2IyN2dYaFBPTFd5QWY0WlNJVDJaRkJlNTRCcG1MUEhxNWRGWHlW?=
=?utf-8?B?eHcvcmlqbGtlcmZ3aytsdUtaVFR5WGdjWG4ybkJzMlBtSmdpU1Ezc1o0R0dr?=
=?utf-8?B?TndhbUx5NG90a05OODN2NTh2THZ0eklFV2ZUL1lYMUpsV0MyZVd6RnhpWHJs?=
=?utf-8?B?aHRsNXUwSCtuaWNvbmZKdmViVGtZUjRpWE9TWkEwUVlFaitHV2Z0Tlc1eUpN?=
=?utf-8?B?MnFKRFZEa3NwQVBIYTNQbXk3MUhZVjRMMmk4aS82Zkhzak5Uc3JNNEhBa0dJ?=
=?utf-8?B?bUtyZHQxd0VSWkVSK0poYVdzdmJVQlBIZ2dPdzIvMWE5NlhlN1RIUS9jNThz?=
=?utf-8?B?UTNHME83WDJib25jOTlMamlJaFlhVzNVSXlMY1lla2oyNE9KUkd3Z3hRekhH?=
=?utf-8?B?Q0tDV2xSMFM0a1ZSdDl6eVplbmdUL3VpSlIxVm9TeWthZlNmY3BDN2tmakZ5?=
=?utf-8?B?VVJ6L0tZZXc1SDdvWmN5LzZmREJCcHZDVGV4a2M3V0ViaHdSR2JuQ1YvUXRt?=
=?utf-8?B?NnZKK1Zka0Z5OHBPckcyM1Q2dUpreVRteVJNOE5QVjdjMlBzbk5GWWM5RXFH?=
=?utf-8?B?clVnWWV2blVTMW4vREJMOEF4VUF6dlFCdmFBUFNSTUxrMFJZcDlacTM3QU5D?=
=?utf-8?B?RVdsc2tuVHIzamUvaXB4KzIrcU5vRXNuT0c1emg1bFl0bC9zckh0MnA0Qm5Y?=
=?utf-8?B?OTVnK3c0OGtOb1BtRXBvNUs1M2xEbE4zV05hVW8veGRJOEc2c2RoVVZZL2NP?=
=?utf-8?B?aVd4TjducFN5cHJPVUhXelJwS3RYUHF1c0wvQjdTeDVxNTlOazVaNytqdGho?=
=?utf-8?B?RitPUEhXRFVpclhtWCtsRGdGT1FNdU1CL2VJWGNFMUxFVmRmK1Fja2RvSk9z?=
=?utf-8?B?Rm9YSFpOSS9TU01RTXpZVWNWMXhHajVMNWpGTk5seTdqUEdLYVk5WmtrQUJh?=
=?utf-8?B?WFB6akowMUkraCtkQjlLY0o4SmUraUVrcmVLNHRZcGN0VStCUld1NTI1dFdl?=
=?utf-8?B?YzBONzE3M0NJaTRqekVVbTEybXhSTXFPRFJYU20xQ0dEc09oM1d6c1RYTTR5?=
=?utf-8?B?b2FYUlpVaUJHaWQ1YVJPc0pyUzBGL0xnOU5KU0F6QVpzSXNyRlZuTmlQUmR5?=
=?utf-8?B?ZDlhV3FVZU1SWWp2YmdBVGtpTnlzeXJvN3I0WEM4UWlYNFhwS01aSWJMY1Vm?=
=?utf-8?B?N2QybEQ2RDdzRU5aVG9MZWpoQ3Jnb1RvU2ljM3o1M0l4RGJWME5MZUV6bkl6?=
=?utf-8?B?ZXA5dXpFM3BhZ0VmYk9rUG9ib0N4VC9HODBJaHpGeFVvdWpLSVR5cGRUVE1Q?=
=?utf-8?B?WW5pZEl3alB4MjVYZ0pJcWhwUW9TdGJLNkZpdUJPeWp5Ymx3Mm9oeFp6RGI5?=
=?utf-8?B?L3lzY2ova2swdWo1SW82aHJEdkhheGU4UzJjWjhYdVl4YkdHRjZYZkJ1dGVw?=
=?utf-8?B?V2h1S1F5aU5mVHEyNHFucHppVE5EUHBJWm5iK0k1MlBxQmk3RkFnb0c2dWtp?=
=?utf-8?B?VCtrWXhjOExETWJsZlJId2s0WHBhaUczcDQxR2R2TWQvR25SZDJqcC9PY2NR?=
=?utf-8?B?S3g0NnJxZGpiZFVDc1d1Q2I1dnpzeHlwQ1hNSk1rK0I5c2dCa3g4Z3R5U29s?=
=?utf-8?B?QzRHSkRscHF4K2NSMFhpSFdzZmFHR2E0VGE4em5STU84N3dJOUpybVJud2RM?=
=?utf-8?B?aDM3dkpXM0FDRXpic0VBU01oeGkzalhEWFVjc25CSGRXSEMvM1VLbWc3b0VU?=
=?utf-8?B?MkFtb2M2Q0RwTWlOQlVOSkNtODRiNGM4NDBDMXVSTGMyb1hpZHVHWmNpK1lI?=
=?utf-8?Q?r+vVY=3D?=
X-ExternalRecipientOutboundConnectors: 3f610b88-c50a-474d-84ba-049b02b4744d
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2021 16:39:09.1594
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0d9a8a29-2b52-4917-31f9-08d9359c423f
X-MS-Exchange-CrossTenant-Id: 3f610b88-c50a-474d-84ba-049b02b4744d
X-MS-Exchange-CrossTenant-AuthSource: CWLGBR01FT016.eop-gbr01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP123MB4966
X-MS-Exchange-Organization-Network-Message-Id: 06bb1f32-5e24-4c02-83d2-08d9359c48cf
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: Server.domain.suffix
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:32.5423977
X-MS-Exchange-Processed-By-BccFoldering: 15.02.0221.018
So what happens when we click the link?
Where we are presented with a download, which when we open, we see:
Erm, it's OK, we'll pass thanks.
We are not going to open this on a live PC but perhaps we will have a test on a laptop later and let you know what we find....