C:\>nslookup 默认服务器: public1.114dns.com Address: 114.114.114.114 > set qt=txt > cpibj.com.cn 服务器: public1.114dns.com Address: 114.114.114.114 非权威应答: cpibj.com.cn text = "qqmail-site-verification=b72f361daa3048ca5b64be6b1670252f65ced90d851" cpibj.com.cn text = "MS=D2EBDFFED7F601051E24E409E3F0F36697658F03" cpibj.com.cn text = "v=spf1 ip4:123.117.136.189 ip4:114.255.252.30 ip4:114.255.252.17 -all"
发送的钓鱼邮件如下:
相关邮件源码如下:
感觉碰到玄学了,攻击者能直接利用,我却复现不了。。。提示没通过 SPF 校验。。。
MAIL FROM:<maildaemon@evtfwavaiq.com> MAIL FROM:<mail@ucemtiut.com> MAIL FROM: <ri@hgsteels.com.cn> MAIL FROM: <csl@cybernaut.com.cn> MAIL FROM: <vzef@sanan-ic.com> MAIL FROM: <oheproxbo@dongfanghuaxing.com> MAIL FROM:<weicen252390@163.com> MAIL FROM:<duna@nojz.com> MAIL FROM:<poster@tbnliu.com> MAIL FROM: <trlkvlqjb@jorsun.com.cn> MAIL FROM: <vizvpnvkl@svihk.com> MAIL FROM: <qsbp@tjtuoke.com> MAIL FROM:<null@cfelklp.com> MAIL FROM: <jl@amh-group.com> MAIL FROM: <ul@swifts.com.cn> MAIL FROM: <zdzlnok@mtrhz.com.cn> MAIL FROM: <rwwmlp@xreb.com> MAIL FROM:<list@wtqedcscw.com> MAIL FROM:<fengyaxin1989@163.com> MAIL FROM: <gnfgujpw@tsingke.com.cn> MAIL FROM: <ycm@boschhuayu-steering.com> MAIL FROM: <wk@sprandi.com> MAIL FROM:<customersupport@actybu.com> MAIL FROM: <fm@trinasolar.com> MAIL FROM: <aigweje@buick-xtbl.com> MAIL FROM: <tehm@aeonbj.com> MAIL FROM:<master@njtlntb.com> MAIL FROM:<arru@ukee.com> MAIL FROM: <ugc@guardian-hygiene.com> MAIL FROM: <kkueeflm@wuhanrt.com> MAIL FROM: <mm@wineversun.com> MAIL FROM: <cdlcmrku@cieol.cn> MAIL FROM:<notification@exihmm.com> MAIL FROM:<spam@gwcwqimgu.com> MAIL FROM: <hlegudhno@dffhs.com.cn> MAIL FROM: <uzr@cggc.cn> MAIL FROM: <zmcmcq@darcyad.com> MAIL FROM: <lnwxw@bzwiremesh.com> MAIL FROM: <agscqub@kyland.com> MAIL FROM:<poster@jgndrd.com> MAIL FROM:<list-request@njnaa.com> MAIL FROM: <dx@xiuke.com> MAIL FROM: <sn@dkjraa2ke.com> MAIL FROM:<ispfeedback@mpjextlfoi.com> MAIL FROM:<notification@bhbihnov.com> MAIL FROM: <fzn@cnoocshell.com> MAIL FROM:<security@psikpa.com> MAIL FROM: <ash@cnpccei.cn> MAIL FROM: <nv@pluke.com> MAIL FROM: <hnwzkyhe@wh.hascovision.com> MAIL FROM: <cxqij@vanchiptech.com> MAIL FROM:<wnxvaj@bnrn.com> MAIL FROM:<noreply@oitxnad.com> MAIL FROM: <qmqclmpu@minimob.com> MAIL FROM: <kcvhouh@szsjke.com> MAIL FROM: <qtiblyob@ycjingxin.com> MAIL FROM: <zrcql@way-on.com> MAIL FROM:<billing@jjewwpsvz.com> MAIL FROM:<security@hxhqbbq.com> MAIL FROM:<www-data@vidsuv.com> MAIL FROM:<www-data@czpttbjyvu.com> MAIL FROM:<hr@bdpiqjaseu.com> MAIL FROM:<omrlzu@xict.com> MAIL FROM:<mails@hnsetrtpxt.com> MAIL FROM:<cscec2bthxmu@163.com> MAIL FROM: <lgyebm@xiankexin.com> MAIL FROM: <bdkqco@starlake.com.cn> MAIL FROM:<master@yjjma.com> MAIL FROM: <bmahnsb@huntersun.com.cn> MAIL FROM: <xmpnjssdj@totalcare.com> MAIL FROM:<ispfeedback@wgrthlt.com> MAIL FROM:<uucp@syjxr.com> MAIL FROM:<jutzp@pprpv.com> MAIL FROM: <reeybxf@test-tech.com.cn> MAIL FROM: <dbg@crystalcg.com> MAIL FROM: <ct@bjhuixin.com> MAIL FROM: <newfaus@fnholding.cn> MAIL FROM: <jermpkcvg@bayair.com> MAIL FROM: <epmka@siasun.com> MAIL FROM: <pxowoczka@ramadaplazafuxianlake.com> MAIL FROM: <bswdebc@cnlongxin.com> MAIL FROM: <tillqnr@xiake.com> MAIL FROM:<compliance@wbmmxl.com> MAIL FROM: <jueshjk@feds.com.cn> MAIL FROM:<15737915238@163.com> MAIL FROM: <glq@arcplus.com.cn> MAIL FROM: <qw@swifts.com.cn> MAIL FROM: <ohdtpk@gct-cloud.com> MAIL FROM:<root@glcsaona.com> MAIL FROM:<inoc@ukvmutxrc.com> MAIL FROM:<webmaster@sknvbdlzh.com> MAIL FROM: <mwf@icss.com.cn> MAIL FROM: <hrafv@ljpuke.com> MAIL FROM: <penodrm@sinvo.cn> MAIL FROM: <sxwjjj@lcfuturecenter.com> MAIL FROM: <zwmrhgnyr@nanmengke.com> MAIL FROM: <bdfzxee@huntersun.com.cn> MAIL FROM:<xqccjiachao@163.com> MAIL FROM: <ijbjsyckt@cuboke.com> MAIL FROM:<web@uvqcohu.com> MAIL FROM:<hr@jqraeqkbc.com> MAIL FROM:<root@iqhxbs.com> MAIL FROM:<ioica@cmww.com> MAIL FROM:<18930179576@163.com> MAIL FROM: <pipwsgfii@hopefulrubber.com>1 、关于伪造钓鱼邮件相同邮件头进行复现:
220 smtp ready HELO cpibj.com.cn 250 spic.com.cn HELO, pleased to meet cpibj.com.cn MAIL FROM: <mqnds@cpibj.com.cn> 250 OK RCPT TO: <chenhuan01@****.com.cn> 250 OK DATA 354 go ahead Date: T我按照以上格式,通过 telnet 命令还有 python 脚本去发件,都是提示「 556 remote ip check error.(SPF online: 发信 ip 与 Mail From 地址不一致)」,所以接下来不知道怎么办了。
目前这封邮件是没有被邮件安全网关拦截的,是「投递成功」状态,也没有被标记为垃圾邮件。
黑产是怎么实现这种方式的批量钓鱼邮件投递啊。。。求大佬解惑!