I received a targeted phishing attempt from an azurecomm.net service (see some header samples below) I could not find anywhere to really report these, they appear to be using 365 servers and I don't really know where to report that either.
How are these being reported or investigated? I changed the target email to "targeted user" for obvious reasons.
Authentication-Results: ppe-hosted.com; spf=pass
smtp.mailfrom=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net;
dkim=pass header.d=azurecomm.net header.s=selector1-azurecomm-prod-net;
dmarc=pass header.from=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net
header.policy=none;
X-Virus-Scanned: Proofpoint Essentials engine
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11acsn2176.outbound.protection.outlook.com [104.47.58.176])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx1-us1.ppe-hosted.com (PPE Hosted ESMTP Server) with ESMTPS id 30B6190006E
for <targeted user>; Tue, 2 Jan 2024 12:27:28 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Yb11szuEBqB8zrKaXnesRa9kSWiOGmycFvMkqGgVUQaOGvFwT6k7WJnNEZ6LOk1wLCOBEMuFnWZFLBkhhXK+Usk1Nn2gna3YXO3X7d5D8pA7Pz7XdMZAfZi4P+LzJ7UjWIo1jGNuWlQ1nm4pUt5nNbR8Kea0HFGfJ+o7o5R3/oT7zF2sJ/3kEiB4o+ej6BhGdasdT1ftxuROlY2WFxwi8EK36U3/dCGb0D9xmje/sC1NxbebETuF3UQydrfZRaLG/mgh7LltIhUhbiV7UKt8hj/5OSSvhS6oZ/YCfYNnx5M5GkmLxZGpYVcRrIrrw9synWqzhzipEFoP479Excv5Nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=pffiV0hB1Dt4hwNGDjx5jbaLMgrqYTCrXL8G2GN3vB8=;
b=EVbCi6JNZtr4wMw8uO2dvgXmzKk0Gpc98SuPnZHsGPsNCrRXYqe4aV4lUpGaieK3ciTSUodRjsRp4ZcSVYm9Yuby0WmpKG+9PJYIwSyIpbFR+ibNYlXqghLNfWsZos+vCw6yz+MApmGgAHffR34cGR4iMt0mFVtX8g5uBE5JOol6YIPTwraOwUuOU0ejM2Z2fQ9m5b2dmU2TsKjpZIFfK/nDJ2P1peWNDuo9t6t9iAYjVbPfHfLqAFc7hrfZ2iD14Qm0YfSxMYM5tU3775p7xwTWdw9zuVI6BbmTyCpOxsFqankTagA+P+MVrIA0I+L7UcRrizp/84YzeJevpdUrig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none
action=none
header.from=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net; dkim=none
(message not signed); arc=none
Received: from PH8PR20CA0005.namprd20.prod.outlook.com (2603:10b6:510:23c::13)
by PH7P221MB1255.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:304::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.24; Tue, 2 Jan
2024 12:27:25 +0000
Received: from SN1PEPF0002BA51.namprd03.prod.outlook.com
(2603:10b6:510:23c:cafe::33) by PH8PR20CA0005.outlook.office365.com
(2603:10b6:510:23c::13) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.13 via Frontend
Transport; Tue, 2 Jan 2024 12:27:25 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 13.64.107.177)
smtp.mailfrom=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net;
dkim=none (message not signed) header.d=none;dmarc=none action=none
header.from=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net;
Received: from idsworker-554f5bf778-x5hl4 (13.64.107.177) by
SN1PEPF0002BA51.mail.protection.outlook.com (10.167.242.74) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7159.9 via Frontend Transport; Tue, 2 Jan 2024 12:27:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=azurecomm.net;
s=selector1-azurecomm-prod-net; c=relaxed/relaxed; t=1704198445;
h=from:to:cc:subject:date:message-id;
bh=pffiV0hB1Dt4hwNGDjx5jbaLMgrqYTCrXL8G2GN3vB8=;
b=+CDuk8nGOKqPBNIBo96PbB9YGphvi681O3D8mRJD9PODRkJUUPhGhRu+bv9OrJupgahFZayZ8a2
FtKXkC3RyHEBR0MqJ69bomlndCpaSy6pkU7vtn3gzast5zzMaKTy+xNctdQQKtnav2yjDnD6qb8H3
vM6+NIDjoq3nWuqwXGDp2WetgD9EWflcJ0MoJU1PIqTLlxaJZQcrlB97UuJUtZBojibGNGg7CRy3u
5Sp56VL7WkpvE7M2gzkBD9gzxodSgYtilddByzYcbmJvD5uJ47kjPFaF4/U0Mh5nfPpppyrEmDdDy
29sIdTY02AJqUigc7hABOgvZ8nqFgbrPa8cg==
Message-ID: <202401021227.de3450956bcc471398ba83de6f0b7d13-NVZWS5D4IFBVGRKNIFEUYLKQKJHUILSFGJDDAQJSHEZDSNBRHE2EGMSFHA3DERRQIJATENBZIFDECRRZHB6FG3LUOA======@microsoft.com>
Sender: SIgnNow
<signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>
From: SIgnNow <signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>
Reply-To: SIgnNow
<signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>
To: target <targeted user>
Subject: *SIGNATURE REQUESTED* Reminder: Waiting for you to sign
Bethelwoodscenter - DRAWDOWN NOTICE execution copy
Date: Tue, 2 Jan 2024 12:27:25 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA51:EE_FirstParty-ACSPROD-V3|PH7P221MB1255:EE_FirstParty-ACSPROD-V3
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 606ec06c-238f-4a70-cd96-08dc0b8e2d49
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kmVg3rmLRTSwqdXFzaxZn2iNOT96P/GOugNx44weGOGitHVfbIHn2ZX0pDYlZ25yjzoo3PO/pFeuMXYpxUNCN1sUsu0HIjphLeKlhVb8hQGC06hBbma3WfMHAjznHJoEoiubanuGOi/6gUnzDmAIq3mflx8In78IdoRlQCmeXe/wuyGMBlki9IZGAD8++Jo+kBMlYRGLGuzmd+1rv8T56oA5OERdis+2B5EPN5gl7v4q4Nhdnli3AKixI6WPEctcYWxLZI6T3fv1rrZ3qi0kk8huwitrVF6dvz69Pzh+lEUEQyg3TuwBQUIXq0uSGd/YsFuR4ExpofdWV15XuLfpU8KcKGgBWkkHZB9niTkz0Hbku2f9lDwOKJVssQs4P3mTI3XUVNtEVfnJ/jsCi3G+lCFuYoeiEQX1kiESWd9ACKC+hRUfyIVQ3nZBydsOlyPKAYglhzEc0CdrepHIQGh+hDVgLaGBqgDV/R/W10NJZDulfZpj4vYzNAen50akeINoVOAYcjzTY1TwSm7jpAagzXb/Q2RymiHFl2wmOuI1Nf4Y/cEQWp1dXRMwc6ttaj1TDLhYEiZUuabjAK9pKefUY0W8chffKV/hIvEFdbJ/WjJfrLXsk8ETT9FIcCxBO5xpn6Jf4VZfD7v4qV1CBhAeEZXfrj39Jt/P8sGxtFsJ54ZJN9EWuTFdtqz0kbRNIH+MS9Ii7GVvGl1Uxe4UCBLv5A==
X-Forefront-Antispam-Report: CIP:13.64.107.177;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:idsworker-554f5bf778-x5hl4;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(396003)(136003)(376002)(346002)(42606007)(39860400002)(230473577357003)(230373577357003)(230922051799003)(451199024)(64100799003)(61400799012)(76236004)(83380400001)(2906002)(316002)(36736006)(9316004)(68406010)(8936002)(8676002)(6916009)(81166007)(6496006)(356005)(36756003)(956004)(86362001)(498600001)(41300700001)(7846003)(15650500001)(5660300002)(9686003)(3450700001)(336012)(4042699003)(166002)(6486002)(26005)(1076003)(32163005);DIR:OUT;SFP:1021;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: JZGA2bmCsAhhlJzzUM6GYWKM+H9ZzqZgZxJ1eFJBGuBLJ7Hz87sasNuOy7GdNEVKm5RGHIb5ZVdseKdMI8q7ZA0uhfv8B1nCG8Th2v+SyyaCIxz3P0kOZpEnO+BuW+b7YXokao6+W1L/MkY05qwUQgn0KKQg5syKHsJJVwQH93CIuxU7okLvffIFG4yOGmpNik4TQdwhfLbx2Hp7S3Fy5RCLUHt91gh+2q40KTYBJzSOX/+Qv/0JNqoB0JVHJbtZ6ByfcP3pbJiNnhgTFwUH9bE8vKF8p/V6b7LqX1wh77+shvO+IDgpR4mm1O8a0FtLaS7G9l8OgJG3wrk4YKrkXZTdw3TR/M3uxjCXQS1Aw4IdQ811BP7x2mGYoeHCCyZu3Sn32efk0SXkjvG3d3lHug==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 12:27:25.1434
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 606ec06c-238f-4a70-cd96-08dc0b8e2d49
X-MS-Exchange-CrossTenant-Id: d36d7cc4-24da-420d-b079-f539546c1956
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d36d7cc4-24da-420d-b079-f539546c1956;Ip=[13.64.107.177];Helo=[idsworker-554f5bf778-x5hl4]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-SN1PEPF0002BA51.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7P221MB1255
X-MDID: 1704198448-UpQmXYZ40IGf
X-MDID-I: us2;at1;1704198448;UpQmXYZ40IGf;<signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>;d2c20b428a9cd97f988effd995d79377
Return-Path: signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net