Sindbad~EG File Manager
| Current Path : /home/infinitibizsol/mail/new/ |
|
|
| Current File : /home/infinitibizsol/mail/new/1747382186.M107717P1382719.server1.infinitibizsol.com,S=8819,W=8984 |
Return-Path: <takedown-response+70210677@netcraft.com>
Delivered-To: infinitibizsol@server1.infinitibizsol.com
Received: from server1.infinitibizsol.com
by server1.infinitibizsol.com with LMTP
id QJgwBqrvJmg/GRUAAQ9a8w
(envelope-from <takedown-response+70210677@netcraft.com>)
for <infinitibizsol@server1.infinitibizsol.com>; Fri, 16 May 2025 07:56:26 +0000
Return-path: <takedown-response+70210677@netcraft.com>
Envelope-to: support@sunrisesolarinc.net
Delivery-date: Fri, 16 May 2025 07:56:26 +0000
Received: from mail-1c.netcraft.com ([52.31.138.216]:45905)
by server1.infinitibizsol.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98.1)
(envelope-from <takedown-response+70210677@netcraft.com>)
id 1uFpva-00000005nVV-3rz0
for support@sunrisesolarinc.net;
Fri, 16 May 2025 07:56:26 +0000
Received: from walleye.netcraft.com (unknown [10.9.0.81])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mail-1c.netcraft.com (Postfix) with ESMTPS id 6614D6DB9
for <support@sunrisesolarinc.net>; Fri, 16 May 2025 07:55:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
s=default202405-yu9bqteb95aqcfpg; t=1747382111;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=sfzlPatam40qvWlDHxu7S9w/DkehJqPMNLjOgBiOm94=;
b=YUpGNCMz0/xPcUQDn+ZZGcHgKM2QAdbUojEak++Mqy1yqzlF1WaB0x/stjF0ah/oUL6AXK
+e0imQRsJir/ZsJuSuHkSeRiNJGR0YL+ExlSWacrWk0oVI4jA+tOynVhm+NQqKSfKV10/d
Gm/rA5A2vrOv/LvedKW7JBUO56rGrLOFQDDE1TDa+TeeNm0npcVkU0tbNeMNrsiw+/ZxWS
rkygeW6G3aulfO7GOkgKTU8SSXZGSghTQaAlG6MH0Y1hSoXQAd3/5xrNALQzzBSoNW3mVV
7S89njnl6CTS4z4jiKNBVi0p3DPnjv81nL3qmaXkLKNoZPZYB8vAHdZT4Gs1mA==
Received: by walleye.netcraft.com (Postfix, from userid 507)
id 5F8EC1A50; Fri, 16 May 2025 07:55:11 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: multipart/report; boundary="_----------=_17473821114052603922"; report-type="feedback-report"
MIME-Version: 1.0
Date: Fri, 16 May 2025 07:55:11 +0000
From: Netcraft Takedown Service <takedown-response+70210677@netcraft.com>
Subject: Issue 70210677: Phishing attack at hxxp://mail.sunrisesolarinc[.]net/ing/de/484790af13b2c86328a34f0530830d2c.php
To: support@sunrisesolarinc.net
Message-Id: <a38f551084ccb6cbe8a64f5ad09330ca@takedown.netcraft.com>
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
X-Spam-Status: No, score=-0.2
X-Spam-Score: -1
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server1.infinitibizsol.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Hello, We have discovered a phishing attack on your network.
hxxp://mail.sunrisesolarinc[.]net/ing/de/484790af13b2c86328a34f0530830d2c.php
[162.0.223.40] hxxp://sunrisesolarinc[.]net/ing/de/index.php?p=login [162.0.223.40]
hxxp://sunrisesolarinc[.]net/ing/de/bd [...]
Content analysis details: (-0.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[52.31.138.216 listed in bl.score.senderscore.com]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URI: netcraft.com]
[URI: xarf.org]
[URI: ing.de]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[52.31.138.216 listed in sa-accredit.habeas.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 KAM_SHORT Use of a URL Shortener for very short URL
X-Spam-Flag: NO
This is a multi-part message in MIME format.
--_----------=_17473821114052603922
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Hello,
We have discovered a phishing attack on your network.
hxxp://mail.sunrisesolarinc[.]net/ing/de/484790af13b2c86328a34f0530830d2c.php [162.0.223.40]
hxxp://sunrisesolarinc[.]net/ing/de/index.php?p=login [162.0.223.40]
hxxp://sunrisesolarinc[.]net/ing/de/bd714ffa1bf161876203cb172b385e10.php [162.0.223.40]
hxxp://www[.]sunrisesolarinc[.]net/ing/ [162.0.223.40]
hxxp://www[.]sunrisesolarinc[.]net/ing/de/mkfile.php?p=login [162.0.223.40]
It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
Germany
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, ING Germany, website URL https://www.ing.de/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.
More information about the detected issue is provided at https://incident.netcraft.com/1dbee4478cbd/
NEW: A beta version of our next generation incident reports is available at https://beta.incident.netcraft.com/reports/ncavdjbtspb4ugt4yks5n4
See https://beta.incident.netcraft.com/about for more details including API support. Please contact incident-feedback@netcraft.com with any feedback or for more information.
Kind regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 70212396
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: support@netcraft.com.
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_17473821114052603922
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Fri, 16 May 2025 07:55:11 +0000
Feedback-Type: xarf
User-Agent: Netcraft
Version: 1
--_----------=_17473821114052603922
Content-Disposition: attachment; filename="xarf.json"
Content-Transfer-Encoding: base64
Content-Type: application/json; charset=utf-8; name="xarf.json"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Fri, 16 May 2025 07:55:11 +0000
eyJPbkJlaGFsZk9mIjp7IkNvbXBsYWluYW50T3JnRW1haWwiOiJ0YWtlZG93bi1yZXNwb25zZSs3
MDIxMDY3N0BuZXRjcmFmdC5jb20iLCJDb21wbGFpbmFudE9yZyI6IklORyBHZXJtYW55IiwiQ29t
cGxhaW5hbnRPcmdEb21haW4iOiJ3d3cuaW5nLmRlIn0sIlZlcnNpb24iOiIxIiwiUmVwb3J0ZXJJ
bmZvIjp7IlJlcG9ydGVyT3JnRG9tYWluIjoibmV0Y3JhZnQuY29tIiwiUmVwb3J0ZXJPcmdFbWFp
bCI6InRha2Vkb3duLXJlc3BvbnNlKzcwMjEwNjc3QG5ldGNyYWZ0LmNvbSIsIlJlcG9ydGVyT3Jn
IjoiTmV0Y3JhZnQifSwiRGlzY2xvc3VyZSI6dHJ1ZSwiUmVwb3J0Ijp7IlJlcG9ydGVyTm90ZXMi
OiJTZWUgaHR0cHM6Ly9pbmNpZGVudC5uZXRjcmFmdC5jb20vMWRiZWU0NDc4Y2JkLyBmb3IgbW9y
ZSBpbmZvcm1hdGlvbiIsIlJlcG9ydGVyQ2FzZUlEIjoiNzAyMTIzOTYiLCJSZXBvcnRUeXBlIjoi
UGhpc2hpbmciLCJEYXRlIjoiMjAyNS0wNS0xNlQwNzo1NDozNFoiLCJSZXBvcnRDbGFzcyI6IkNv
bnRlbnQiLCJTb3VyY2VJcCI6IjE2Mi4wLjIyMy40MCIsIlNvdXJjZVVybCI6Imh0dHA6Ly9tYWls
LnN1bnJpc2Vzb2xhcmluYy5uZXQvaW5nL2RlLzQ4NDc5MGFmMTNiMmM4NjMyOGEzNGYwNTMwODMw
ZDJjLnBocCJ9fQ==
--_----------=_17473821114052603922--
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists