注册一个歪果网站,验证码迟迟不来,于是翻了一下垃圾箱,看到了这封来自宇宙行的地址为[email protected]
标题为"您的工行电子密码器需要校准,请立即登录进行校准"的邮件,内容如下:
确认了一下域名 icbc.com.cn 准确无误啊,毕竟人家是果企,中文里面用个半角标点也是正常的。但是内容里面的链接http://103 。 239 。 75 。 87:9898/dzmmq/login=-=-==--------===.htm
(已改为全角点号防误点)却是个 IP 地址。查了一下这个 IP ,显示是当前正在进行爱疯火热抢购的一个特别行正区的。所以巨硬把它分到垃圾件里也是有它的道理的。
开了隐私模式,打开了这个网站:
看起来神似官网,中间图片还是轮播的。然而匆忙之余并没有标题,底部的备案号和一堆链接全是图!片!,想必程序员也是被逼太紧先上线再说。登录框右边的两大链接都是 # 的并且没有 js handle 它们。随便输入了点数字提交,显示需要拿出密码器按步骤操作,地址栏结尾是 .asp
的。
x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=none (sender IP is 101.254.179.143) [email protected]; dkim=none header.d=icbc.com.cn; x-hmca=none [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: s1:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTk5F26YpePF8RpK6lOj3PnWxth079WqZvEowaqW20NuqZ8M5ag6TJF5A43DdCiG0d6F9FXx2CpjUGxuS+R3RbrPYlxCXFWVA2R3Czdcqoi6JpHdA+FVr/9Ap5/X3iAf2ybvsJbes0xKZ/zS4K9b8U1EIrj0cJyWmfNtcB1iIriloj2nZXaES1Ke39opekNPgZ5k+gSDAynQ1GqWhw2oufwVB3XccNi2r8gLEiX7JSJTmA==
Received: from icbc.com.cn ([101.254.179.143]) by BAY004-MC5F12.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
Wed, 23 Sep 2015 02:53:18 -0700
From: =?GB2312?B?1tC5+rmkyczS+NDQ?= <webmaster@icbc.com.cn>
Subject:
=?GB2312?B?xPq1xLmk0NC159fTw9zC68b30OjSqtCj17wsx+vBory0tcfCvL340NDQo9e8?=
To: [email protected]
Content-Type: text/html;charset="GB2312"
Reply-To: [email protected]
Date: Wed, 23 Sep 2015 17:53:17 +0800
X-Priority: 3
X-Mailer: FoxMail 3.11 Release [cn]
Return-Path: [email protected]
Message-ID: <BAY004-MC5F12EpTX5V00012196@BAY004-MC5F12.hotmail.com>
X-OriginalArrivalTime: 23 Sep 2015 09:53:18.0626 (UTC) FILETIME=[ACA08020:01D0F5E5]
<table width="80%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr><td align="left">
×e?′μ?1¤DDó??§£ o<br><br>
?úo?£??ú°ìàíμ?1¤DDμ?×ó?ü???÷ê±?ó????′??úò??¨??ò?,?ú?éí¨1yD £×?1¤ò?μ?×ó?ü???÷1|?üD £?yμ?×ó?ü???÷ê±?ó£?è·±£?y3 £ê1ó?,??×?±?o?μ?×ó?ü???÷oó<a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><font color="red"><b>á¢?′μ???</b></font></a>??DDD £×?;???ú′?à′ 2?±?£??′??á??a £?</td></tr>
<tr><td align="right">?D1ú1¤éìò?DD</td></tr>
</table><br><br><br>
<table width="80%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_01.jpg" width="950"></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_02.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_03.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_04.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_05.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_06.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_07.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_08.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_09.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_10.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_11.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_12.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_13.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_14.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_15.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_16.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_17.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_18.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_19.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_20.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_21.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/pic_22.jpg" width="950" /></a></td></tr>
<tr><td align="center"><a target="_blank" href="http://103.239.75.87:9898/dzmmq/login=-=-==--------===.htm"><img border="0" src="http://v.icbc.com.cn/userfiles/Resources/ICBC/1???ò3??/2015/0216zhanghgjs/del.jpg" width="950"></a></td></tr>
</table><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>