Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0136.outbound.protection.outlook.com [104.47.0.136]) by anna.lesderid.net (Postfix) with ESMTP id A6D33D5E7F for ; Tue, 7 Feb 2017 16:19:57 +0100 (CET) Received: from DB4PR06MB298.eurprd06.prod.outlook.com (10.141.233.143) by DB4PR06MB299.eurprd06.prod.outlook.com (10.141.233.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Tue, 7 Feb 2017 15:19:55 +0000 Received: from DB4PR06MB298.eurprd06.prod.outlook.com ([fe80::61a7:f513:d2af:d50b]) by DB4PR06MB298.eurprd06.prod.outlook.com ([fe80::61a7:f513:d2af:d50b%15]) with mapi id 15.01.0888.022; Tue, 7 Feb 2017 15:19:54 +0000 From: MADALINA MARIA MARGINEAN To: "abuse@fuwafuwa.moe" CC: DS_TSOL_phishing Subject: We have detected that LAINFILE is hosting a fraudulent website that offers a Phishing scam against Sociedad Estatal de Correos y Telegrafos Thread-Topic: We have detected that LAINFILE is hosting a fraudulent website that offers a Phishing scam against Sociedad Estatal de Correos y Telegrafos Thread-Index: AdKBVUSr+uEpknC0RdGjCTFZUwQnUA== Date: Tue, 7 Feb 2017 15:19:54 +0000 Message-ID: Accept-Language: en-US Content-Language: es-ES X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=madalinamaria.marginean.ext@telefonica.com; x-originating-ip: [81.40.110.204] x-ms-office365-filtering-correlation-id: 95ed5465-eba5-42e9-1484-08d44f6cc526 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:DB4PR06MB299; x-microsoft-exchange-diagnostics: 1;DB4PR06MB299;7:+t08astRfQBN6NY+revnU5X5Ws+qIh/XKVEGyD3C9sQFdEQhdk1xC7f+kwidLr6fZzhXhgNUrn3CS8HSfE0WZDG5yL4xrCRs1CW4Y/EFacZ6eRidPGnhxIG4syDL/0EaTSY6PPoaiADydmQBEHdCcUnn+ufYnJs+uq4m1Zyu/BfqzvKNfbzBlXUVynqi9A7ehnR3FbJ2Yf02GXCLLRWY5AwyNT5dK/+RO9sqmgPJWbb8Q4d+MxH1RFbALAqS0K4RhIIAjcvXUCcuXdQSHDAsKYv06FlD6f8SZVos8FmQA0T8q0u4TMrNUvamx5oSBsZ/rr9iOFhE/5DLIJUjFwKMhqiBlDhv2B/aw9zfjoW5bVbawG2wXPU7oBeHNiX40Hj9CPjpj7QubkPKhacQmIjjgH4Geyc4mOgbZ0v143o+NMVI0aVeEiDqC/lMN3N7SmBJPvd5tNDGiyn4BBaizaX2xBLGfBn9BmiW7EHN4YTNKJw7ZY7O2scUjUtKT7URTqPThnXif67bxjXjaG6QS69RVg== x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(40392960112811)(21748063052155)(231250463719595); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(2017020603029)(20170203043)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123558025)(20161123562025)(6072148);SRVR:DB4PR06MB299;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB299; x-forefront-prvs: 0211965D06 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(7916002)(39860400002)(39450400003)(39840400002)(39850400002)(39410400002)(199003)(252514010)(189002)(6506006)(74316002)(8936002)(450100001)(236005)(2351001)(6306002)(54896002)(5640700003)(9686003)(99286003)(55016002)(6436002)(105586002)(7736002)(106356001)(3280700002)(10710500007)(110136004)(107886003)(5250100002)(4326007)(2906002)(2501003)(8676002)(81156014)(1730700003)(81166006)(6116002)(790700001)(102836003)(3846002)(38730400002)(50986999)(6916009)(86362001)(53936002)(54356999)(97736004)(189998001)(7110500001)(101416001)(7696004)(92566002)(2420400007)(5630700001)(15650500001)(3660700001)(5660300001)(68736007)(2900100001)(66066001)(33656002)(61373002)(9010500006)(18823205002)(19627235001);DIR:OUT;SFP:1102;SCL:1;SRVR:DB4PR06MB299;H:DB4PR06MB298.eurprd06.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_DB4PR06MB2984136127BD53D222B4AC5C9430DB4PR06MB298eurprd_" MIME-Version: 1.0 X-OriginatorOrg: telefonica.com X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2017 15:19:54.8211 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB299 --_000_DB4PR06MB2984136127BD53D222B4AC5C9430DB4PR06MB298eurprd_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To the attention of LAINFILE webmaster, Telefonica Espa=F1a is managing the fraudulent actions against Sociedad Est= atal de Correos y Telegrafos and all related with Phishing incidents again= st this company. We have detected that your website (https://a.lainfile.pw) is hosting a fra= udulent website that offers a Phishing scam against Sociedad Estatal de Cor= reos y Telegrafos from the next URL(s): hxxps://a.lainfile.pw/8E/detalle_app-sidioma=3Des_es.htm?//ss/Satellite/sit= e/pagina-localizador_envios/busqueda-sidioma=3Des_ES hxxps://a.lainfile.pw/7L/1.html with this IP: 163.172.151.248. This fraudulent content represents a misuse of the intellectual property of= Sociedad Estatal de Correos y Telegrafos , as well as to obtain personal i= nformation of their customers in order to get fraudulent access into their = bank accounts, use their credit cards, etc... We need your collaboration fo= r stopping this fraud, getting offline these fraudulent files. We keep waiting for your feedback against this incident. If you need furthe= r information please contact our SOC 24/7 at +34 900 102 230 (option 9) Best regards. ----------------------------------------------------------- CyberThreats - Anti-Fraud Service Telef=F3nica Espa=F1a Phone: +34 900102230 (option 9) Email: phishing@telefonica.com servicio.antifraude@telefonica.com ----------------------------------------------------------- --_000_DB4PR06MB2984136127BD53D222B4AC5C9430DB4PR06MB298eurprd_