http://t.cn/RAR2EPh - SPAM

Iniciado por r32, 5 Mayo 2015, 21:45 PM

0 Miembros y 1 Visitante están viendo este tema.

r32

Hoy me ha llegado este mensaje:

x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=softfail (sender IP is 177.86.85.53; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=ildmtfumev@icloud.com; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=icloud.com; x-hmca=fail header.id=ildmtfumev@icloud.com
X-SID-PRA: ildmtfumev@icloud.com
X-AUTH-Result: FAIL
X-SID-Result: FAIL
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 4kU6N5vIigdQZ1PXxV4SlsQf+bE6DPf1q3Q2RZePiMhfETCaHvNokNMig8sWHRr579sJ6j4vU2qjsh5CxTsAJEQLJpCz48Y3iJma2G5RyODi+zuU33hCPCK+wAfqqcVmKGFhQamBN3YGSI/dEsyAI1gm+LX+zb0JvCR3nK/h71cpk05BB8jfSOm8gjxdT7IKGQhJFkKS4xMG3ABs+4c3j3VlU+oD1+e5
Received: from icloud.com ([177.86.85.53]) by COL004-MC2F43.hotmail.com with Microsoft SMTPSVC(7.5.7601.23008);
Sun, 3 May 2015 20:39:58 -0700
Message-ID: <013301d0861b$fbdd2ec0$639cfaec@pibryx>
From: "Size XXL" <ildmtfumev@icloud.com>
To: <twright2000@hotmail.com>,
<tommoe@hotmail.com>
Subject: Buddy, you can last all night
Date: Mon, 04 May 2015 05:39:54 -0-100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0130_01D0862C.BF65FEC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Return-Path: ildmtfumev@icloud.com
X-OriginalArrivalTime: 04 May 2015 03:39:59.0309 (UTC) FILETIME=[FEEF77D0:01D0861B]

This is a multi-part message in MIME format.

------=_NextPart_000_0130_01D0862C.BF65FEC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Don't bore your sex partner in bed. Follow theses 2 steps and Become a Sex =
Machine today!

hxtp://t.cn/RAR2EPh

Go Here For A Risk Free Trial...


Click here to unsubscribe
hxtp://t.cn/RAR2n7P
------=_NextPart_000_0130_01D0862C.BF65FEC0--


Revisando la url acortada:



Aquí el source de la página a la que se nos redirige: http://pastebin.com/Avcm7HB5

URL: hxtp://jraux.com/menstar

UQ: http://urlquery.net/queued.php?id=396934007
WH: http://whois.domaintools.com/118.193.198.105
IP   118.193.198.105
ASN   AS58879 Shanghai Anchang Network Security Technology Co.,Ltd.
Location   [China] China

System: Apache 2.2.15 (CentOS) port 80

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Male Pornstar Blog - Secrets To Fuck Like a Pornstar!</title>
</head>

<frameset rows="0,*" cols="*">
 <frame name="header" scrolling="no" noresize target="main" src="/menstar/top.html">
 <frame name="main" src="/menstar/index1.html">
 <noframes>
 <body>

 <p>This page uses frames, but your browser doesn't support them.</p>
 </body>
 </noframes>
</frameset>



Vista de los frames:

 <frame name="header" scrolling="no" noresize target="main" src="/menstar/top.html">
 <frame name="main" src="/menstar/index1.html">


Source "/menstar/index1.html": pastebin.com/x5ZAVqeJ

Otra página incluida en el source es: hxtp://secure.drowl.com


Saludos.




Cяow

No esta postear email?
perdonen por mi ignorancia pero no entiendo el post
MOD: hay ñiños...

scott_

Esos chinos nos quieren ver la cara :P
Muy bueno  ;-)
Si no intentas salvar una vida, jamás salvarás la de nadie más