Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40127.outbound.protection.outlook.com [40.107.4.127]) by anna.lesderid.net (Postfix) with ESMTP id 7AFE0DBA5A for <les@fuwafuwa.moe>; Sat, 11 Feb 2017 08:22:34 +0100 (CET)
Received: from VI1PR06MB1823.eurprd06.prod.outlook.com (10.165.237.153) by DB4PR06MB299.eurprd06.prod.outlook.com (10.141.233.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Sat, 11 Feb 2017 07:22:30 +0000
Received: from VI1PR06MB1823.eurprd06.prod.outlook.com ([10.165.237.153]) by VI1PR06MB1823.eurprd06.prod.outlook.com ([10.165.237.153]) with mapi id 15.01.0888.029; Sat, 11 Feb 2017 07:22:30 +0000
From: CARLOS MARTIN PEREZ <carlos.martinperez.ext@telefonica.com>
To: Les De Ridder <les@fuwafuwa.moe>
CC: DS_TSOL_phishing <phishing@telefonica.com>, MADALINA MARIA MARGINEAN <madalinamaria.marginean.ext@telefonica.com>
Subject: RE: We have detected that fuwafuwa.moe is hosting a fraudulent website
Thread-Topic: We have detected that fuwafuwa.moe is hosting a fraudulent website
Thread-Index: AQHSg8WlBa1+vVUoGU6QMPIOlfme3aFixk0AgABtNQCAADLJYA==
Date: Sat, 11 Feb 2017 07:22:29 +0000
Message-ID: <VI1PR06MB1823F36A7272ED3EF7A271E9BD470@VI1PR06MB1823.eurprd06.prod.outlook.com>
References: <DB4PR06MB298B4BA591B10D953CB2F7EC9440@DB4PR06MB298.eurprd06.prod.outlook.com> <CALx8yCxdLSc-VTC-42aME3hMO7MVEhm47=KUrh_R2PzK1sSF7w@mail.gmail.com> <DB4PR06MB2985FD2A163C0D1E468CB82C9440@DB4PR06MB298.eurprd06.prod.outlook.com> <CALx8yCxiL2+RBh-t7k0AfJodb7yLb7hcoyKqX_ruX-2P4V22-w@mail.gmail.com>
In-Reply-To: <CALx8yCxiL2+RBh-t7k0AfJodb7yLb7hcoyKqX_ruX-2P4V22-w@mail.gmail.com>
Accept-Language: es-ES, en-US
Content-Language: es-ES
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=carlos.martinperez.ext@telefonica.com;
x-originating-ip: [83.35.97.250]
x-ms-office365-filtering-correlation-id: 50029630-4558-47e4-aa69-08d4524ebd32
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:DB4PR06MB299;
x-microsoft-exchange-diagnostics: 1;DB4PR06MB299;7:RGC2IfcJmW2Fu/NN6Yjd+qkYf82EnNW0JemXNrbr/VPrU0+Ynjaq577144B/WwXeTxOiH0Rd1LQaHu+OPOmuRHRz93xb6NDB3EAqK+kv90ybCVtfTj4M3MGNWzUglZbHzbdN0RJo9c4WlxHs7Jy7HK3J/z/zQZhmYzB58rnejgBBNMe+FEZETNmXs4+Bh36Ek80QAgLaKMyVKwy/mbqWya+DkXkuvYIOuJn5XsztkYKLi9Yeq/i9h1zPJkGGYx4+h32sTeQN2KJX5bzXGysnOaLZZx0DTWmqgVP2pmCY1DxIDSy80Jlai4ubTfPMxopyTqtFTxYr7+4qfqjGIrR8ariNX/Af5nHxcPrUi1w8Bgy0BRQa9xonO3TlaVjoemKtwHsCQYhO5R3uTm8lB1G2VEW+EWZtLF1QWWA/lNuKYXaRjkpO1j+qCatKNS9998i+ySV1sirttyfHQtoHgN5qzA0P4tkAJYX7WwY6OggjFaug1+pfId/ZYi3UeN2i1nngZ9kGJCSFfRCW5WfRyDzH9w==
x-microsoft-antispam-prvs: <DB4PR06MB299E97D87E699698836508CBD470@DB4PR06MB299.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(40392960112811)(158342451672863)(209352067349851)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(102415395)(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(20161123558025)(6072148);SRVR:DB4PR06MB299;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB299;
x-forefront-prvs: 0215D7173F
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(7916002)(39850400002)(39410400002)(39860400002)(39840400002)(39450400003)(252514010)(504964003)(24454002)(199003)(189002)(76176999)(86362001)(97736004)(6916009)(7110500001)(54356999)(7696004)(33656002)(2950100002)(99936001)(53946003)(101416001)(53936002)(50986999)(2900100001)(733005)(92566002)(5660300001)(68736007)(93886004)(189998001)(2420400007)(345774005)(15650500001)(105586002)(3660700001)(106356001)(81156014)(8936002)(8676002)(81166006)(106116001)(6306002)(54896002)(77096006)(99286003)(55016002)(450100001)(9686003)(236005)(54556002)(6436002)(54906002)(107886003)(6506006)(38730400002)(4326007)(53386004)(6246003)(110136004)(53346004)(122556002)(25786008)(606005)(7736002)(74316002)(102836003)(66066001)(790700001)(2906002)(6116002)(1680700002)(10710500007)(7906003)(3846002)(3280700002)(229853002)(7099028)(9010500006)(19627235001)(18823205002);DIR:OUT;SFP:1102;SCL:1;SRVR:DB4PR06MB299;H:VI1PR06MB1823.eurprd06.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related; boundary="_011_VI1PR06MB1823F36A7272ED3EF7A271E9BD470VI1PR06MB1823eurp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2017 07:22:29.9192 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB299

Hi,
 
Thank you for removing the phishing files.
 
We also reported the JS and CSS because they are part of the Correos website (exactly the same as you saw on the screenshots) and they are only be used on these phishing scams.
 
However, thank you for all your help. If we detect another phishing scam we inform you.
 
Have a nice day.
 
Best regards
 
------------------------------------------------------------------
CARLOS MARTIN PEREZ
CyberThreats - Servicio Antifraude
Telefónica España
Tlf:  +34 900102230 (opción 9)
Email: carlos.martinperez.ext@telefonica.com
--------------------------------------------------------------------