Sindbad~EG File Manager

Return-Path: <takedown-response+70210677@netcraft.com>
Delivered-To: infinitibizsol@server1.infinitibizsol.com
Received: from server1.infinitibizsol.com
	by server1.infinitibizsol.com with LMTP
	id mMrILsYnNGgj7goAAQ9a8w
	(envelope-from <takedown-response+70210677@netcraft.com>)
	for <infinitibizsol@server1.infinitibizsol.com>; Mon, 26 May 2025 08:35:18 +0000
Return-path: <takedown-response+70210677@netcraft.com>
Envelope-to: info@sunrisesolarinc.net
Delivery-date: Mon, 26 May 2025 08:35:18 +0000
Received: from mail-1c.netcraft.com ([52.31.138.216]:48535)
	by server1.infinitibizsol.com with esmtps  (TLS1.3) tls TLS_AES_256_GCM_SHA384
	(Exim 4.98.1)
	(envelope-from <takedown-response+70210677@netcraft.com>)
	id 1uJTIj-0000000326A-3QFk
	for info@sunrisesolarinc.net;
	Mon, 26 May 2025 08:35:18 +0000
Received: from sweeper.netcraft.com (sweeper.netcraft.com [10.9.3.82])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mail-1c.netcraft.com (Postfix) with ESMTPS id 3EE7F24CE
	for <info@sunrisesolarinc.net>; Mon, 26 May 2025 08:33:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
	s=default202405-yu9bqteb95aqcfpg; t=1748248426;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2IPAm3otCopBsjvDE39jcs2j2BuVr1IUOK+XS74Kv4o=;
	b=h7ZqEZxAp+iTjcXEHk+mE+BCwLXE6KIeU45mq50CdzIycd1ZRe3vbNcdehAKqvNxLfjMce
	Fsne7iKPX4WNf3gg1OTCnPbUeTy5TbQvn+1fMUGZDEfy4W/FxdiC6e/K3KHRxjgeXNDFlV
	eEkOuM8y1d2kXUegkgN4KIotQP7V6N8iFa8m4oRP2ZqGWQECTLdjMLzUR3r97Xu8L42rAN
	alWO8CuyvsSDga2LMYx2I62OMwBWfc2xKIVKf9V/fkqy2E1nA9pVoq4fLQqFI6bSv3vgZp
	FFS64/hpy/L9fp/5H1irRe1daXaH+BU9d1XHIDJ0KEo87RAcbq91Adqn9Z3VwA==
Received: by sweeper.netcraft.com (Postfix, from userid 48)
	id 346C2A0A; Mon, 26 May 2025 08:33:46 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: multipart/report; boundary="_----------=_174824842636142840"; report-type="feedback-report"
MIME-Version: 1.0
Date: Mon, 26 May 2025 08:33:46 +0000
From: Netcraft Takedown Service <takedown-response+70210677@netcraft.com>
Subject: Re: Issue 70210677: Phishing attack at hxxp://mail.sunrisesolarinc[.]net/ing/de/mkfile.php?p=login
X-Sending-User: 10453
To: info@sunrisesolarinc.net
Message-Id: <39f2e16ecf6f5c4a47c203b143df922d@takedown.netcraft.com>
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
X-Spam-Status: No, score=-0.2
X-Spam-Score: -1
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server1.infinitibizsol.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Hi there, Please could we get an update on this case? Kind
    regards, 
 Content analysis details:   (-0.2 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URI: netcraft.com]
                             [URI: xarf.org]
                             [URI: ing.de]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                          [52.31.138.216 listed in sa-trusted.bondedsender.org]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [52.31.138.216 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [52.31.138.216 listed in sa-accredit.habeas.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                             domain
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
  0.0 KAM_SHORT              Use of a URL Shortener for very short URL
X-Spam-Flag: NO

This is a multi-part message in MIME format.

--_----------=_174824842636142840
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Hi there,

Please could we get an update on this case?

Kind regards,

Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600


-----Original Message-----

From: Netcraft Takedown Service <takedown-response+70210677@netcraft.com>
To: info@sunrisesolarinc.net
Subject: Issue 70210677: Phishing attack at hxxp://mail.sunrisesolarinc[.]net/ing/de/mkfile.php?p=login
Attachments: Unnamed Attachment (https://takedown.netcraft.com/view_attachment.php?hash=0d73ea0e48d55a40235f857f0a3f2bd2), xarf.json (https://takedown.netcraft.com/view_attachment.php?hash=d5708bf161e36822701817907e707d59)

Hello,

We have discovered a phishing attack on your network.

hxxp://mail.sunrisesolarinc[.]net/ing/de/mkfile.php?p=login [162.0.223.40]

It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
Germany

You may not have been aware of this attack, however, you are still responsible for removing it.

This attack targets our customer, ING Germany, website URL https://www.ing.de/.

Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.

Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.

More information about the detected issue is provided at https://incident.netcraft.com/e9e0c37ead0e/

NEW: A beta version of our next generation incident reports is available at https://beta.incident.netcraft.com/reports/ncavdjbtspb4ugt4yks5n4
See https://beta.incident.netcraft.com/about for more details including API support. Please contact incident-feedback@netcraft.com with any feedback or for more information.

Kind regards,

Netcraft

Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 70212518

To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: support@netcraft.com.

This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_174824842636142840
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Mon, 26 May 2025 08:33:46 +0000

Feedback-Type: xarf
User-Agent: Netcraft
Version: 1
--_----------=_174824842636142840
Content-Disposition: attachment; filename="xarf.json"
Content-Transfer-Encoding: base64
Content-Type: application/json; charset=utf-8; name="xarf.json"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Mon, 26 May 2025 08:33:46 +0000

eyJSZXBvcnRlckluZm8iOnsiUmVwb3J0ZXJPcmdEb21haW4iOiJuZXRjcmFmdC5jb20iLCJSZXBv
cnRlck9yZyI6Ik5ldGNyYWZ0IiwiUmVwb3J0ZXJPcmdFbWFpbCI6InRha2Vkb3duLXJlc3BvbnNl
KzcwMjEwNjc3QG5ldGNyYWZ0LmNvbSJ9LCJEaXNjbG9zdXJlIjp0cnVlLCJPbkJlaGFsZk9mIjp7
IkNvbXBsYWluYW50T3JnRG9tYWluIjoid3d3LmluZy5kZSIsIkNvbXBsYWluYW50T3JnRW1haWwi
OiJ0YWtlZG93bi1yZXNwb25zZSs3MDIxMDY3N0BuZXRjcmFmdC5jb20iLCJDb21wbGFpbmFudE9y
ZyI6IklORyBHZXJtYW55In0sIlJlcG9ydCI6eyJTb3VyY2VJcCI6IjE2Mi4wLjIyMy40MCIsIlJl
cG9ydENsYXNzIjoiQ29udGVudCIsIkZpcnN0U2VlbiI6IjIwMjUtMDUtMTZUMDc6NTU6MTZaIiwi
UmVwb3J0ZXJDYXNlSUQiOiI3MDIxMjUxOCIsIlJlcG9ydFR5cGUiOiJQaGlzaGluZyIsIkRhdGUi
OiIyMDI1LTA1LTI2VDA4OjE0OjU3WiIsIlNvdXJjZVVybCI6Imh0dHA6Ly9tYWlsLnN1bnJpc2Vz
b2xhcmluYy5uZXQvaW5nL2RlL21rZmlsZS5waHA/cD1sb2dpbiIsIlJlcG9ydGVyTm90ZXMiOiJT
ZWUgaHR0cHM6Ly9pbmNpZGVudC5uZXRjcmFmdC5jb20vZTllMGMzN2VhZDBlLyBmb3IgbW9yZSBp
bmZvcm1hdGlvbiJ9LCJWZXJzaW9uIjoiMSJ9

--_----------=_174824842636142840--