Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30109.outbound.protection.outlook.com [40.107.3.109]) by anna.lesderid.net (Postfix) with ESMTP id BDFABDBBA2 for ; Sun, 12 Feb 2017 21:30:07 +0100 (CET) Received: from DB5PR06MB1272.eurprd06.prod.outlook.com (10.162.156.26) by DB5PR06MB1271.eurprd06.prod.outlook.com (10.162.156.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Sun, 12 Feb 2017 20:30:03 +0000 Received: from DB5PR06MB1272.eurprd06.prod.outlook.com ([10.162.156.26]) by DB5PR06MB1272.eurprd06.prod.outlook.com ([10.162.156.26]) with mapi id 15.01.0888.030; Sun, 12 Feb 2017 20:30:03 +0000 From: TE_SEGURIDAD_SERVICIO_ANTIFRAUDE To: "1332490874ca44ff8eadf6e08eaa272e.protect@whoisguard.com" <1332490874ca44ff8eadf6e08eaa272e.protect@whoisguard.com>, "abuse@lainfile.pw" CC: DS_TSOL_phishing Subject: RE: We have detected that LAINFILE is hosting a fraudulent website that offers a Phishing scam against Sociedad Estatal de Correos y Telegrafos Thread-Topic: We have detected that LAINFILE is hosting a fraudulent website that offers a Phishing scam against Sociedad Estatal de Correos y Telegrafos Thread-Index: AdKC68BFUqrZJjuGStG6+b4lUd5XXwCd3O5AAALEL/A= Date: Sun, 12 Feb 2017 20:30:03 +0000 Message-ID: References: Accept-Language: en-US Content-Language: es-ES X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=servicio.antifraude@telefonica.com; x-originating-ip: [92.185.39.32] x-ms-office365-filtering-correlation-id: d63a00ed-c10e-45e0-3939-08d45385ecc5 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:DB5PR06MB1271; x-microsoft-exchange-diagnostics: 1;DB5PR06MB1271;7:F9gH7DeLGiUAvDX1falGd0TPFgoM0mA/RHjX5/NOFFOrS870v7bx/RBahsp3d1y0llgy9ddrauFrLUAlwzJOanZ4e+T3ysHlAd+W2v2YcSXn111V3IoLzlwvfFfJ/GJCobpZ+yCeG+DQaFX4zDFenbCljXPoXj02bXkA//4sHH9Twgim2MSoFivRUYFaFSkLIt9GlgCc/ab73QQUYoDXkg/TIpRoBOIJURvHMxEXMnvwIOf6h6ym/yoqvaRQFwYCCw3kthZJvaCtkQDEwQ6e/VJ9cxLkDAC/Xt3h8MvxcjsZlWResc+ql+3810VWrWrHXB04Fj5ZmSjBW58z1gJSk99rKPVO8St/sq96EnyvFae+6PScsMF5h5jibFymsFwlQ4nWU71K45eA//fOMfvHUo1js4WV1zk2ioq+TrXW4lRvMev6KPTtsCTf+eRSata99CgCjznahBrxZ5JQ5KNL8LLTJCyQL8t2R4EHFKQr/4OkMjl2F4W9PLN30S7ktG4wHWPkix79QxPrG0otCqZbqA== x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(40392960112811)(21748063052155)(231250463719595); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6041248)(20161123564025)(20161123555025)(20161123558025)(20161123560025)(20161123562025)(6072148);SRVR:DB5PR06MB1271;BCL:0;PCL:0;RULEID:;SRVR:DB5PR06MB1271; x-forefront-prvs: 021670B4D2 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(7916002)(39450400003)(39840400002)(39860400002)(39850400002)(39410400002)(252514010)(189002)(199003)(790700001)(106356001)(66066001)(4326007)(3846002)(6116002)(105586002)(2906002)(76176999)(50986999)(53936002)(5660300001)(10710500007)(54356999)(8936002)(122556002)(3280700002)(33656002)(15650500001)(102836003)(92566002)(3660700001)(2900100001)(2501003)(7696004)(86362001)(8676002)(7110500001)(81156014)(38730400002)(101416001)(2420400007)(606005)(6436002)(77096006)(189998001)(25786008)(9686003)(97736004)(236005)(229853002)(6506006)(6306002)(68736007)(53346004)(54896002)(74316002)(55016002)(99286003)(7736002)(7906003)(107886003)(81166006)(6246003)(61373002)(9010500006)(19627235001)(18823205002);DIR:OUT;SFP:1102;SCL:1;SRVR:DB5PR06MB1271;H:DB5PR06MB1272.eurprd06.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_DB5PR06MB1272514C18469CA3D1B4DDDB82460DB5PR06MB1272eurp_" MIME-Version: 1.0 X-OriginatorOrg: telefonica.com X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2017 20:30:03.2345 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR06MB1271 --_000_DB5PR06MB1272514C18469CA3D1B4DDDB82460DB5PR06MB1272eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To the attention of LAINFILE webmaster, Telefonica Espa=F1a is managing the fraudulent actions against Sociedad Est= atal de Correos y Telegrafos and all related with Phishing incidents again= st this company. We have detected that your website (https://a.lainfile.pw) is hosting a fra= udulent website that offers a Phishing scam against Sociedad Estatal de Cor= reos y Telegrafos from the next URL(s): hxxps://a.lainfile.pw/CG/detalle_app-sidioma=3Des_es.htm?//ss/Satellite/sit= e/pagina-localizador_envios/busqueda-sidioma=3Des_ES with this IP: 163.172.151.248. This fraudulent content represents a misuse of the intellectual property of= Sociedad Estatal de Correos y Telegrafos , as well as to obtain personal i= nformation of their customers in order to get fraudulent access into their = bank accounts, use their credit cards, etc... We need your collaboration fo= r stopping this fraud, getting offline these fraudulent files. We keep waiting for your feedback against this incident. If you need furthe= r information please contact our SOC 24/7 at +34 900 102 230 (option 9) Best regards. ----------------------------------------------------------- CyberThreats - Anti-Fraud Service Telef=F3nica Espa=F1a Phone: +34 900102230 (option 9) Email: phishing@telefonica.com servicio.antifraude@telefonica.com ----------------------------------------------------------- --_000_DB5PR06MB1272514C18469CA3D1B4DDDB82460DB5PR06MB1272eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

To the attention of LAINFILE webmaster,<= /o:p>

 

Telefonica Espa=F1a is managing the fraudulent actio= ns against Sociedad Estatal de Correos y Telegrafos  and all related w= ith Phishing incidents against this company.

 

We have detected that your website (https://a.lainfile.pw) is hosting a fraudulent websit= e that offers a Phishing scam against Sociedad Estatal de Correos y Telegrafos = from the next URL(s):

 

hxxps://= a.lainfile.pw/CG/detalle_app-sidioma=3Des_es.htm?//ss/Satellite/site/pagina= -localizador_envios/busqueda-sidioma=3Des_ES

 

with this IP: 163.172.151.248.

 

This fraudulent content represents a misuse of the i= ntellectual property of Sociedad Estatal de Correos y Telegrafos , as well = as to obtain personal information of their customers in order to get fraudu= lent access into their bank accounts, use their credit cards, etc... We need your collaboration for stopping thi= s fraud, getting offline these fraudulent files.

 

We keep waiting for your feedback against this incid= ent. If you need further information please contact our SOC 24/7 at +34= 900 102 230 (option 9)

 

Best regards.

 

----------------------------------------------------= -------

CyberThreats - Anti-Fraud Service

Telef=F3nica Espa=F1a

 

Phone: +34 900102230 (option 9)

Email: ph= ishing@telefonica.com

         servicio.antifraude@telefonica.com

----------------------------------------------------= -------

 

--_000_DB5PR06MB1272514C18469CA3D1B4DDDB82460DB5PR06MB1272eurp_--