Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40125.outbound.protection.outlook.com [40.107.4.125]) by anna.lesderid.net (Postfix) with ESMTP id A6ADFDBC91 for ; Mon, 13 Feb 2017 22:46:45 +0100 (CET) Received: from AM5PR0601MB2402.eurprd06.prod.outlook.com (10.173.91.135) by HE1PR06MB1273.eurprd06.prod.outlook.com (10.162.253.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Mon, 13 Feb 2017 21:46:41 +0000 Received: from AM5PR0601MB2402.eurprd06.prod.outlook.com ([10.173.91.135]) by AM5PR0601MB2402.eurprd06.prod.outlook.com ([10.173.91.135]) with mapi id 15.01.0888.030; Mon, 13 Feb 2017 21:46:42 +0000 From: JESUS MAQUEDA BUENO To: "les@fuwafuwa.moe" , "1332490874ca44ff8eadf6e08eaa272e.protect@whoisguard.com" <1332490874ca44ff8eadf6e08eaa272e.protect@whoisguard.com>, "abuse@lainfile.pw" CC: TE_SEGURIDAD_SERVICIO_ANTIFRAUDE , DS_TSOL_phishing Subject: We have detected that LAINFILE is hosting a fraudulent website that offers a Phishing scam against Sociedad Estatal de Correos y Telegrafos Thread-Topic: We have detected that LAINFILE is hosting a fraudulent website that offers a Phishing scam against Sociedad Estatal de Correos y Telegrafos Thread-Index: AdKGQqOnHEpur/ZVSEiCKuV0LymHMw== Date: Mon, 13 Feb 2017 21:46:41 +0000 Message-ID: Accept-Language: es-ES, en-US Content-Language: es-ES X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jesus.maquedabueno.ext@telefonica.com; x-originating-ip: [81.40.110.204] x-ms-office365-filtering-correlation-id: 41dc4568-969d-4a8d-0252-08d45459cc31 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:HE1PR06MB1273; x-microsoft-exchange-diagnostics: 1;HE1PR06MB1273;7:w2oKtMont5842WYNzlr+OT+NmL5AfHqoN8Jeqqo+zX14+nJZjfC7UqGqWUoX8AErtkugpMYxl56ZdTvn5FhT8H9K/a6N2AZk8ul8wL6HSt2nKhVwmmQkPGpRMFcZ6/aTsVf55Q3tvpkl5OwA9tYAxxTaZcN2OFc2bByV82xgL3gg2F6N3Q/6R1JRd8sV1ThGeNToGygfaHMUA8Qtv2CdCMJqgR0ooQs+nNl91CTUsWRDmBc4SZxsW7iN12MC8VWLzFtQNKzp3rFxNi17fvsGl0820Q8taKxJPcClmRyvTpDFnDTTbnH/+1rTt1llcpKS/G71BXKRAN6U1Lkg4ee/V0HtFqkI6RHfKJXWksSAj01kM7FTEaGJN4bm+V34ZV5PtnD6fSOcyOnBD1x3hrEqmj/qmq5wfGxdxZSQ0wKIcqxI3xmv5aw+jnjUAtxF+KeprxdUbCkiLN+IQxapsth17OahhJaJMCeO2yDeImW6Emy4FSm+i6N0qmUut89nbtcor/NiRHlsEx4PLIto5OMmVA== x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(40392960112811)(21748063052155)(231250463719595); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123558025)(20161123564025)(20161123562025)(20161123560025)(6072148);SRVR:HE1PR06MB1273;BCL:0;PCL:0;RULEID:;SRVR:HE1PR06MB1273; x-forefront-prvs: 02176E2458 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(7916002)(39410400002)(39450400003)(39840400002)(39850400002)(39860400002)(199003)(252514010)(189002)(33656002)(10710500007)(25786008)(6116002)(107886003)(102836003)(6436002)(66066001)(38730400002)(9686003)(790700001)(2201001)(122556002)(2501003)(54906002)(68736007)(77096006)(6506006)(81003)(2906002)(8936002)(99286003)(4326007)(81166006)(86362001)(3846002)(8676002)(7696004)(81156014)(55016002)(6306002)(53346004)(97736004)(74316002)(3280700002)(15650500001)(2420400007)(54896002)(3660700001)(7736002)(106356001)(105586002)(101416001)(5660300001)(189998001)(7110500001)(50986999)(92566002)(2900100001)(53936002)(54356999)(61373002)(9010500006)(18823205002)(19627235001);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR06MB1273;H:AM5PR0601MB2402.eurprd06.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_AM5PR0601MB24024035694461BC1C1FBFF9A9590AM5PR0601MB2402_" MIME-Version: 1.0 X-OriginatorOrg: telefonica.com X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2017 21:46:41.9898 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR06MB1273 --_000_AM5PR0601MB24024035694461BC1C1FBFF9A9590AM5PR0601MB2402_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To the attention of LAINFILE webmaster, Telefonica Espa=F1a is managing the fraudulent actions against Sociedad Est= atal de Correos y Telegrafos and all related with Phishing incidents again= st this company. We have detected that your website (https://a.lainfile.pw) is hosting a fra= udulent website that offers a Phishing scam against Sociedad Estatal de Cor= reos y Telegrafos from the next URL(s): hxxps://a.lainfile.pw/BD/detalle_app-sidioma=3Des_es.htm with this IP: 163.172.151.248. This fraudulent content represents a misuse of the intellectual property of= Sociedad Estatal de Correos y Telegrafos , as well as to obtain personal i= nformation of their customers in order to get fraudulent access into their = bank accounts, use their credit cards, etc... We need your collaboration fo= r stopping this fraud, getting offline these fraudulent files. We keep waiting for your feedback against this incident. If you need furthe= r information please contact our SOC 24/7 at +34 900 102 230 (option 9) Best regards. ----------------------------------------------------------- CyberThreats - Anti-Fraud Service Telef=F3nica Espa=F1a Phone: +34 900102230 (option 9) Email: phishing@telefonica.com servicio.antifraude@telefonica.com ----------------------------------------------------------- --_000_AM5PR0601MB24024035694461BC1C1FBFF9A9590AM5PR0601MB2402_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

To the attention of LAINFILE webmaster,

Telefonica Espa=F1a is managing the fraudulent actio= ns against Sociedad Estatal de Correos y Telegrafos  and all related w= ith Phishing incidents against this company.

We have detected that your website (https://a.lainfi= le.pw) is hosting a fraudulent website that offers a Phishing scam against = Sociedad Estatal de Correos y Telegrafos  from the next URL(s):

hxxps://a.lainfile.pw/BD/detalle_app-sidioma=3Des_es= .htm

with this IP: 163.172.151.248.

 

This fraudulent content represents a misuse of the i= ntellectual property of Sociedad Estatal de Correos y Telegrafos , as well = as to obtain personal information of their customers in order to get fraudu= lent access into their bank accounts, use their credit cards, etc... We need your collaboration for stopping thi= s fraud, getting offline these fraudulent files.

We keep waiting for your feedback against this incid= ent. If you need further information please contact our SOC 24/7 at +34= 900 102 230 (option 9)

Best regards.

----------------------------------------------------= -------

CyberThreats - Anti-Fraud Service

Telef=F3nica Espa=F1a

Phone: +34 900102230 (option 9)

Email: phishing@telefonica.com

         ser= vicio.antifraude@telefonica.com

----------------------------------------------------= -------

--_000_AM5PR0601MB24024035694461BC1C1FBFF9A9590AM5PR0601MB2402_--