From: Ellen K.
His last name is HAQ?
On Wed, 22 Nov 2006 00:01:20 -0500, Gary Britt
wrote in message
:
>Geo, I'm sure you're right. You know far more about this than I, but how
>did you get .au (Australia ?) for the spammer?
>
>This is what I got when I ran a whois and whosip on 203.101.174.122.
>
>C:\Utility > whois 203.101.174.122
>
>Whois v1.01 - Domain information lookup utility
>Sysinternals - www.sysinternals.com
>Copyright (C) 2005 Mark Russinovich
>
>The requested name is valid and was found in the database, but it does not
>have the
>correct associated data being resolved for.
>
>
>C:\Utility > whosip 203.101.174.122
>
>WHOIS Source: APNIC
>IP Address: 203.101.174.122
>Country: Pakistan
>Network Name: CYBERNET
>Owner Name: CYBER INTERNET SERVICES (PVT.) LTD.
> From IP: 203.101.160.0
>To IP: 203.101.191.255
>Allocated: Yes
>Contact Name: ANSARUL HAQ
>Address: A-904, 9TH FLOOR LAKSON SQUARE BUILDING#3, SARWAR SHAHEED
>ROAD, KARACH
>I-74200 PAKISTAN
>Email: eng{at}cyber.net.pk
>Abuse Email:
>Phone: +092-021-568-1752
>Fax: +092-021-568-2711
>
>
>
>
>Geo wrote:
>> someone in .au
>>
>> Geo.
>>
>> "John Beamish" wrote in message
>> news:op.tjbf98uvm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
>> When I ask Opera to show all headers, this is what I see:
>>
>> From: "Rogers Yahoo! Mail Virus Protection"
>> To: JLBeamish{at}rogers.com
>> Date: Mon, 20 Nov 2006 07:50:16 -0500
>> Subject: [Bulk] Alert: Virus Detected but not Cleaned - Attachment Removed
>> [Fwd: Photo]
>> MIME-Version: 1.0
>> Content-Type: multipart/mixed;
boundary="0-1470195255-1164027006-30396"
>>
>> --0-1470195255-1164027006-30396
>> Content-Type: text/plain; charset=us-ascii
>> Content-Id:
>> Content-Disposition: inline
>>
>>
>>
>> --0-1470195255-1164027006-30396
>> Content-Type: message/rfc822
>>
>> X-Apparently-To: jlbeamish{at}rogers.com via 206.190.39.224; Mon, 20 Nov 2006
>> 02:30:35 -0800
>> X-YahooFilteredBulk: 203.101.174.122
>> X-Originating-IP: [203.101.174.122]
>> Authentication-Results: mta106.rog.mail.re2.yahoo.com
>> from=nls.net; domainkeys=neutral (no sig)
>> Received: from 203.101.174.122 (HELO u9p6k3) (203.101.174.122)
>> by mta106.rog.mail.re2.yahoo.com with SMTP; Mon, 20 Nov 2006 02:30:35
>> -0800
>> From: "georger"
>> To:
>> Subject: Fwd: Photo
>> MIME-Version: 1.0
>> Content-Type: multipart/mixed;
>> boundary="----=_NextPart_8.39519560337067E-02"
>>
>> This is a multi-part message in MIME format.
>>
>> ------=_NextPart_8.39519560337067E-02
>> Content-Type: text/html; format=flowed
>> Content-Transfer-Encoding: quoted-printable
>>
>>
>>
>> > charset=3Dwindows-1252">
>>
>>
>>
>>
>> ![3D""]() > src=3D"photo"=20
>> width=3D130 align=3Dbaseline
border=3D0> > style=3D"WIDTH: 134px; HEIGHT: 180px" height=3D180
alt=3D"" hspace=3D0=20
>> src=3D"photo2" width=3D130 align=3Dbaseline=20
>> border=3D0>
![]() > HEIGHT: 180px"=20
>> height=3D180 alt=3D"" hspace=3D0
src=3D"photo3" width=3D130 =
>> align=3Dbaseline=20
>> border=3D0>
>> =20
>>
photo &n=
>>
bsp; &nb=
>> sp; =20
>>
photo2 &=
>>
nbsp; &n=
>> bsp; =20
>> photo3
>>
>>
>> ------=_NextPart_8.39519560337067E-02
>> Content-Type: application/x-msdownload; name="Attachments001.BHX"
>> Content-Transfer-Encoding: base64
>> Content-Disposition: attachment; filename="Attachments001.BHX"
>>
>>
>> ------=_NextPart_8.39519560337067E-02--
>>
>>
>> --0-1470195255-1164027006-30396
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Sun, 19 Nov 2006 15:24:05 -0500, Geo wrote:
>>
>>> Post the headers from one of these emails, I need to see those to
>>> determine
>>> the source.
>>>
>>> Geo.
>>>
>>> "Gary Britt"
wrote in message
>>> news:4560965a$1{at}w3.nls.net...
>>>> I ran a full virus scan and spyware scan right after this
started just
>>>> to
>>> be
>>>> safe. Nothing here as far as I can tell.
>>>
>>>
>>
>>
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267 270
@PATH: 379/45 1 633/267
|