[GTER] RES: Enxurrada de pishing from UOL
Marcos Algeri
malgeri at gmail.com
Thu Dec 10 13:48:38 -02 2009
Vou mandar 2 header "fresquinhos" para não deixar o email muito grande:
Header 1:
Received: from gw-email01.wln.com.br [201.33.224.21] by wln.com.br with ESMTP
(SMTPD-8.22) id A6D70390; Thu, 10 Dec 2009 13:42:15 -0200
Received-SPF: pass (uol.com.br: 200.221.4.168 is authorized to use
'leotta-info1976 at uol.com.br' in 'mfrom' identity (mechanism
'ip4:200.221.4.0/24' matched)) receiver=gw-email01.wln.com.br;
identity=mailfrom; envelope-from="leotta-info1976 at uol.com.br";
helo=relay5.uol.com.br; client-ip=200.221.4.168
Received: from relay5.uol.com.br (relay5.uol.com.br [200.221.4.168])
by gw-email01.wln.com.br (Postfix) with ESMTP id 590B577805D
for <webmaster at wln.com.br>; Thu, 10 Dec 2009 13:42:39 -0200 (BRST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by shark2.uol.com.br (Postfix) with ESMTP id 70F1F12B11612;
Thu, 10 Dec 2009 13:42:39 -0200 (BRST)
Received: from shark2.adm.intranet (localhost.localdomain [127.0.0.1])
by shark2.uol.com.br (Postfix) with ESMTP id 1641D12B0F8AD;
Thu, 10 Dec 2009 13:42:24 -0200 (BRST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=uol.com.br; s=ubz;
t=1260459758; bh=IPY6qk5lICyJ4WywYxkvHwWZMG59FXjH6e2nFaf/sMo=;
h=Date:From:To:Message-Id:Subject:Mime-Version:Content-Type;
b=N4sOnhlKguKX6tOgagfjuy5cjZYVQ7oagqogN4pc6hGtHd8QH3vNfl4R2EFrPJzbO
/M5sNcEfCapotNXV27viHXi9+Tkkfg2ZAzF8h7Vo4fp3w5SwqmiGDJMNHcZWGpok5G
WuReMzZxgn5KVGIDd2oxjAQuQJwRvBTBoPK3DL/A=
Received: from localhost.localdomain (weasel9.srv.intranet [172.26.14.73])
by shark2.adm.intranet (Postfix) with ESMTP id F041D886D2F1;
Thu, 10 Dec 2009 13:42:23 -0200 (BRST)
Date: Thu, 10 Dec 2009 13:42:23 -0200
From: Convite Orkut Beta! <leotta-info1976 at uol.com.br>
To: webmaster at wem.com.br
Message-Id: <4b2116dfecf11_65a39e34bf43e3 at weasel9.tmail>
Subject: Orkut beta10/12/200913:42:08
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
X-SenderIP: 187.49.0.4
X-SIG5: 2d8d38a90a9c1505c0b9736957f1e4f5
X-WLN-MailScanner-Information: Contate seu provedor para maiores informacoes
X-WLN-MailScanner-ID: 590B577805D.A1719
X-WLN-MailScanner: Considerado Limpo
X-WLN-MailScanner-From: leotta-info1976 at uol.com.br
X-Spam-Status: No
X-RCPT-TO: <webmaster at wln.com.br>
Status: U
X-UIDL: 525149568
X-IMail-ThreadID: 16d602190000f720
Header 2:
Received: from gw-email01.wln.com.br [201.33.224.21] by wln.com.br with ESMTP
(SMTPD-8.22) id AFBF05DC; Thu, 10 Dec 2009 13:11:59 -0200
Received-SPF: pass (uol.com.br: 200.221.4.169 is authorized to use
'marcelerick-leotta at uol.com.br' in 'mfrom' identity (mechanism
'ip4:200.221.4.0/24' matched)) receiver=gw-email01.wln.com.br;
identity=mailfrom; envelope-from="marcelerick-leotta at uol.com.br";
helo=relay6.uol.com.br; client-ip=200.221.4.169
Received: from relay6.uol.com.br (relay6.uol.com.br [200.221.4.169])
by gw-email01.wln.com.br (Postfix) with ESMTP id 4F0A97780B7
for <webmaster at wln.com.br>; Thu, 10 Dec 2009 13:12:25 -0200 (BRST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by shark3.uol.com.br (Postfix) with ESMTP id B8BEC1A9A93FB;
Thu, 10 Dec 2009 13:12:23 -0200 (BRST)
Received: from shark3.adm.intranet (localhost.localdomain [127.0.0.1])
by shark3.uol.com.br (Postfix) with ESMTP id B77421A9AA2A5;
Thu, 10 Dec 2009 13:12:11 -0200 (BRST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=uol.com.br; s=ubz;
t=1260457943; bh=IPY6qk5lICyJ4WywYxkvHwWZMG59FXjH6e2nFaf/sMo=;
h=Date:From:To:Message-Id:Subject:Mime-Version:Content-Type;
b=T+OydJ8AqyHYpE8Xs8X7e1zsNCdjq9sYtyP9vzqkfOvqKBNxe7WDbicW8GrzusLRp
0oiozeTc73fME1xUO5N80upfwKAFKLbcy11j9laWwFl4gLraRLMj5ZgtpuL/DGAYlv
5kwbV33AgkAvP5VFdxza0MDQjZUu32FA8UbX2dBo=
Received: from localhost.localdomain (weasel10.srv.intranet [172.26.14.75])
by shark3.adm.intranet (Postfix) with ESMTP id 969E8994533;
Thu, 10 Dec 2009 13:12:11 -0200 (BRST)
Date: Thu, 10 Dec 2009 13:12:12 -0200
From: Convite Orkut Beta! <marcelerick-leotta at uol.com.br>
To: webmaster at widesys.com.br
Message-Id: <4b210fccd8afe_366497e93e418c at weasel10.tmail>
Subject: Orkut beta10/12/200913:11:55
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
X-SenderIP: 201.42.211.208
X-SIG5: 2d8d38a90a9c1505c0b9736957f1e4f5
X-WLN-MailScanner-Information: Contate seu provedor para maiores informacoes
X-WLN-MailScanner-ID: 4F0A97780B7.AC4C2
X-WLN-MailScanner: Considerado Limpo
X-WLN-MailScanner-From: marcelerick-leotta at uol.com.br
X-Spam-Status: Ro
X-RCPT-TO: <webmaster at wln.com.br>
Status: U
X-UIDL: 525149567
X-IMail-ThreadID: 0fbf027d0000ef44
Att
Marcos Algeri
2009/12/10 Cleber - Listas <cleber-listas at inetweb.com.br>:
> Marcos,
> Compartilhe com a Lista o Header das mensagens que pode nos ajudar tbém a
> gerar o bloqueio e a acionar o UOL.
>
>
> -----Mensagem original-----
> De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em
> nome de Marcos Algeri
> Enviada em: quinta-feira, 10 de dezembro de 2009 11:05
> Para: gter at eng.registro.br
> Assunto: [GTER] Enxurrada de pishing from UOL
>
> Bom dia,
>
> Alguém também está recebendo incansávelmente uma grande quantidade de "lixo"
> vindo de servidores da UOL?
> Eles vem com o subject parecido com: "Orkut beta10/12/200910:24:25"
> Recebi durante toda a madrugada (e meu celular não me deixou dormir
> direito).
> Penso que sejam máquinas de clientes enviando email sem nem mesmo a pessoa
> saber, pois no envelope-from está vindo de várias contas...
>
> Já reportei abuse várias vezes, mas até agora nada. Penso em fazer um
> bloqueio temporário, até que receba uma resposta da equipe de Abuse.
>
> Att
>
> Marcos Algeri
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
More information about the gter
mailing list