From: Gary Britt
Geo, I'm sure you're right. You know far more about this than I, but how
did you get .au (Australia ?) for the spammer?
This is what I got when I ran a whois and whosip on 203.101.174.122.
C:\Utility > whois 203.101.174.122
Whois v1.01 - Domain information lookup utility Sysinternals -
www.sysinternals.com Copyright (C) 2005 Mark Russinovich
The requested name is valid and was found in the database, but it does not have the
correct associated data being resolved for.
C:\Utility > whosip 203.101.174.122
WHOIS Source: APNIC
IP Address: 203.101.174.122
Country: Pakistan
Network Name: CYBERNET
Owner Name: CYBER INTERNET SERVICES (PVT.) LTD.
From IP: 203.101.160.0
To IP: 203.101.191.255
Allocated: Yes
Contact Name: ANSARUL HAQ
Address: A-904, 9TH FLOOR LAKSON SQUARE BUILDING#3, SARWAR SHAHEED
ROAD, KARACH
I-74200 PAKISTAN
Email: eng{at}cyber.net.pk
Abuse Email:
Phone: +092-021-568-1752
Fax: +092-021-568-2711
Geo wrote:
> someone in .au
>
> Geo.
>
> "John Beamish" wrote in message
> news:op.tjbf98uvm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
> When I ask Opera to show all headers, this is what I see:
>
> From: "Rogers Yahoo! Mail Virus Protection"
> To: JLBeamish{at}rogers.com
> Date: Mon, 20 Nov 2006 07:50:16 -0500
> Subject: [Bulk] Alert: Virus Detected but not Cleaned - Attachment Removed
> [Fwd: Photo]
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
boundary="0-1470195255-1164027006-30396"
>
> --0-1470195255-1164027006-30396
> Content-Type: text/plain; charset=us-ascii
> Content-Id:
> Content-Disposition: inline
>
>
>
> --0-1470195255-1164027006-30396
> Content-Type: message/rfc822
>
> X-Apparently-To: jlbeamish{at}rogers.com via 206.190.39.224; Mon, 20 Nov 2006
> 02:30:35 -0800
> X-YahooFilteredBulk: 203.101.174.122
> X-Originating-IP: [203.101.174.122]
> Authentication-Results: mta106.rog.mail.re2.yahoo.com
> from=nls.net; domainkeys=neutral (no sig)
> Received: from 203.101.174.122 (HELO u9p6k3) (203.101.174.122)
> by mta106.rog.mail.re2.yahoo.com with SMTP; Mon, 20 Nov 2006 02:30:35
> -0800
> From: "georger"
> To:
> Subject: Fwd: Photo
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----=_NextPart_8.39519560337067E-02"
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_8.39519560337067E-02
> Content-Type: text/html; format=flowed
> Content-Transfer-Encoding: quoted-printable
>
>
>
> charset=3Dwindows-1252">
>
>
>
>
> ![3D""]() src=3D"photo"=20
> width=3D130 align=3Dbaseline
border=3D0> style=3D"WIDTH: 134px; HEIGHT: 180px" height=3D180
alt=3D"" hspace=3D0=20
> src=3D"photo2" width=3D130 align=3Dbaseline=20
> border=3D0>
![]() HEIGHT: 180px"=20
> height=3D180 alt=3D"" hspace=3D0 src=3D"photo3"
width=3D130 =
> align=3Dbaseline=20
> border=3D0>
> =20
>
photo &n=
>
bsp; &nb=
> sp; =20
>
photo2 &=
>
nbsp; &n=
> bsp; =20
> photo3
>
>
> ------=_NextPart_8.39519560337067E-02
> Content-Type: application/x-msdownload; name="Attachments001.BHX"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="Attachments001.BHX"
>
>
> ------=_NextPart_8.39519560337067E-02--
>
>
> --0-1470195255-1164027006-30396
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Sun, 19 Nov 2006 15:24:05 -0500, Geo wrote:
>
>> Post the headers from one of these emails, I need to see those to
>> determine
>> the source.
>>
>> Geo.
>>
>> "Gary Britt"
wrote in message
>> news:4560965a$1{at}w3.nls.net...
>>> I ran a full virus scan and spyware scan right after this started just
>>> to
>> be
>>> safe. Nothing here as far as I can tell.
>>
>>
>
>
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267 270
@PATH: 379/45 1 633/267
|