Rar se mai intampla zilele astea sa primesc spam care sa treaca de filtrele gmail. Cand se-ntampla, e prilej de sarbatoare. Sa analizam, asadar.
Spamul meu are si poza, precum spammer-ul I, II, III si cel de Oscar.. Citeste-l pe muzica Beastilor, fiindca-s convins ca deja te-ai delectat cu Monty Python.
Header-ele vizibile, cum e de asteptat, nu spun mare lucru. Asa ca ne uitam la ce-i curat si-adevarat:
Delivered-To: <mah gmail> Received: by 10.229.219.207 with SMTP id hv15cs16888qcb; Sat, 21 May 2011 17:41:40 -0700 (PDT) Received: by 10.224.187.73 with SMTP id cv9mr732806qab.26.1306024900657; Sat, 21 May 2011 17:41:40 -0700 (PDT) Return-Path: <crollastick@hotmail.it> Received: from mta1144.mail.sk1.yahoo.com (mta1144.mail.sk1.yahoo.com [74.6.140.108]) by mx.google.com with SMTP id k10si9528172qcu.205.2011.05.21.17.41.39; Sat, 21 May 2011 17:41:40 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning crollastick@hotmail.it does not designate 74.6.140.108 as permitted sender) client-ip=74.6.140.108; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning crollastick@hotmail.it does not designate 74.6.140.108 as permitted sender) smtp.mail=crollastick@hotmail.it; dkim=neutral (body hash did not verify) header.i=@yahoo.com Received: (qmail 37387 invoked by uid 6007); 22 May 2011 00:41:39 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1306024899; bh=acjJkU56M8XCZky+Q9+Q7M+7+invf0GeEWu3zi3JnUo=; h=X-Yahoo-Forwarded:Return-Path:X-YahooFilteredBulk:Received-SPF:X-YMailISG:X-Originating-IP:Authentication-Results:Received:Received:X-Originating-IP:X-Originating-Email:Message-ID:Return-Path:From:To:Reply-To:Subject:Date:MIME-Version:Content-Type:X-Priority:X-MSMail-Priority:Importance:X-Mailer:X-MimeOLE:X-OriginalArrivalTime; b=RePfkVIWUv8FaWaPZdZTXFLrdStwDusOpU59lZo6TlIWwSNvQcYD77Al2VLRt+EDS2qKcEYuZW1NUoUMJea5vYUJ/5XdR2bTYSv6fTHLnE8lF4Gu5xuYk+17BLRKjmlRUetOFNoultXrgfB32Eq+pbhI34+EWFjkGyKbIjcMe7U= X-Yahoo-Forwarded: from <mah yahoo> to <mah gmail> Return-Path: <crollastick@hotmail.it> X-YahooFilteredBulk: 157.55.0.213 Received-SPF: pass (mta1144.mail.sk1.yahoo.com: domain of crollastick@hotmail.it designates 157.55.0.213 as permitted sender) X-YMailISG: (..)-- X-Originating-IP: [157.55.0.213] Authentication-Results: mta1144.mail.sk1.yahoo.com from=hotmail.it; domainkeys=neutral (no sig); from=hotmail.it; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO dub0-omc1-s14.dub0.hotmail.com) (157.55.0.213) by mta1144.mail.sk1.yahoo.com with SMTP; Sat, 21 May 2011 17:41:39 -0700 Received: from DUB106-DS2 ([157.55.0.237]) by dub0-omc1-s14.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Sat, 21 May 2011 17:41:36 -0700 X-Originating-IP: [190.238.251.221] X-Originating-Email: [crollastick@hotmail.it] Message-ID: <DUB106-ds2FE426CD9C8983008E800CA730@phx.gbl> Return-Path: crollastick@hotmail.it From: Ray Hernandez <crollastick@hotmail.it> To: <burlhelms@yahoo.com> Reply-To: avgustina.avgust@aol.com Subject: So it is pleasant to write to you Date: Sun, 22 May 2011 04:41:53 +0400 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000B_DE3AB8A3.5B8F6858" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8064.206 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8064.206 X-OriginalArrivalTime: 22 May 2011 00:41:36.0923 (UTC) FILETIME=[01BBB6B0:01CC1819] This is a multi-part message in MIME format. ------=_NextPart_000_000B_DE3AB8A3.5B8F6858 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: binary
Ce ne intereseaza aici este de unde a originat spam-ul. Primul X-Originating-IP, 190.238.251.221, este in Peru:
netnum: 190.238/15
status: allocated
owner: Telefonica del Peru S.A.A.
ownerid: PE-TPSA-LACNIC
responsible: Administrador de Red
address: Jorge Basadre, 592, 505
address: L27 - Lima - LI
country: PE
phone: +51 1 2109687 []
owner-c: JOR
tech-c: JOR
abuse-c: JOR
created: 20110118
changed: 20110118
nic-hdl: JOR
person: System Admine-mail:
address: Jorge Basadre 592, 592, 505
address: L27 - Lima - LI
country: PE
phone: +51 01 2109687 []
created: 20020926
changed: 20030829
Al doilea, 157.55.0.213 apartine de Microsoft si este probabil un nod hotmail. In concluzie, emailul a originat in Peru de la IP-ul mai sus mentionat, de dialup si a fost trimis prin hotmail (collastick@hotmail.it) catre o adresa a mea de Yahoo, de unde a fost forwarded catre adresa de gmail. E ciudat ca nici Yahoo si in special nici Google n-au reusit sa prinda spamul.
Ce zice in traducere avtomaticeskaia Goagal?
|
Good afternoon!
|
Buna ziua!
|
Now you know. Iubeste-o pe Avgustina daca simti nevoia. Are stima de sine, ti-a salvat emailul si nu-si trimite poze pe Internet. Doar vine dintr-o tara care-a castigat Eurovision.
(Sincer sa fiu, ma-ndoiesc ca Azerbaidjan participa la Eurovision fiindca nu-i taman europeana tara, dar de cand cu Borat nu se mai stie..)
N-am stat sa trimit email la abuse@ fiindca-i pierdere de timp, iar cu datele trecute aici poate face oricine asta. Chiar si tu!
Sources / More info: ch-spam
),
internet ()
. Dacă ţi-a plăcut articolul, PinIt-uieste-l, ReddIt-eaza-l, stumble-uieste-l altora, trimite-l pe WhatsApp
yMess şi consideră abonarea la fluxul RSS sau prin email. Ma poti de asemenea gasi pe Google. Trackback
Aici vei găsi ştiri inedite, articole hazoase, perspective originale in politică, societate, economie şi relaţii interumane. QUESTIONS (Intrebări)? We got Answers (Răspunsuri există)!
