PPRuNe Forums - View Single Post - Is this a virus I've been sent???
Thread: Is this a virus I've been sent???
View Single Post
Old 16th December 2004 | 11:48
  #7 (permalink)  
Naples Air Center, Inc.
The Oracle
 
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
5milesbaby,

There should have been a lot more to the header. As an example:

Return-Path: <[email protected]>
Received: from cdk.cdk.net (root@localhost)
by naples-air-center.com (8.11.6/8.11.6) with ESMTP id iBG7eYN16628;
Wed, 15 Dec 2004 23:40:34 -0800
X-ClientAddr: 221.127.7.245
Received: from 65.18.128.126 ([221.127.7.245])
by cdk.cdk.net (8.11.6/8.11.6) with SMTP id iBG7eMj16617;
Wed, 15 Dec 2004 23:40:23 -0800
Received: from 136.34.126.240 by 221.127.7.245; Thu, 16 Dec 2004 08:39:17 +0100
Message-ID: <[email protected]>
From: "Sharon" <[email protected]>
Reply-To: "Sharon" <[email protected]>
To: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: we carry real vicodin
Date: Thu, 16 Dec 2004 02:39:17 -0500
X-Mailer: AOL 9.0 for Windows US sub 212
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--7740178784474255283"
X-Priority: 3
X-MSMail-Priority: Normal
X-IP: 116.56.246.0
And with a little digging you see this email was generated with an AOL Client out of:

inetnum: 221.124.0.0 - 221.127.255.255
netname: HGC
descr: Hutchison Global Communications
country: HK
admin-c: IH17-AP
tech-c: IH17-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-HK-HGCADMIN
status: ALLOCATED PORTABLE
remarks: This object can only be modified by APNIC hostmaster
remarks: If you wish to modify this object details please
remarks: send email to [email protected] with your organisation
remarks: account name in the subject line.
changed: [email protected] 20040209
changed: [email protected] 20040212
source: APNIC

person: ITMM HGC
nic-hdl: IH17-AP
e-mail: [email protected]
remarks: ---------------------
remarks: for spamming/hacking complaints
remarks: send reports to
remarks: [email protected]
remarks: ---------------------
address: 2/F COSCO-HIT TOWER,
address: TERMINAL 8 EAST, CONTAINER PORT,
address: ROAD SOUTHKWAI CHUNG,
address: HONG KONG
phone: +852-21229555
fax-no: +852-21239523
country: HK
changed: [email protected] 20040207
mnt-by: MAINT-HK-HGCADMIN
source: APNIC
In your case, it looks like the email came from (But I cannot give any more details without the full header):

inetnum: 81.103.48.0 - 81.103.55.255
netname: NTL
descr: NTL Infrastructure - Guildford
country: GB
admin-c: NNMC1-RIPE
tech-c: NNMC1-RIPE
status: ASSIGNED PA
mnt-by: AS5089-MNT
remarks: INFRA-AW
changed: [email protected] 20021114
source: RIPE
route: 81.102.0.0/15
descr: NTL-UK-IP-BLOCK
origin: AS5089
mnt-by: AS5089-MNT
changed: [email protected] 20040929
source: RIPE
role: NTLI Network Management Centre
address: NTL Internet
address: Crawley Court
address: Winchester
address: Hampshire
address: SO21 2QA
trouble: -------------------------------------------------------
trouble: For abuse notifications please -
trouble: file an online case @ http://www.ntlworld.com/netreport
trouble: +44 1633 710142 (Voicemail Only)
trouble: -------------------------------------------------------
trouble: For peering issues/requests please -
trouble: email : [email protected]
trouble: -------------------------------------------------------
admin-c: MH22007-RIPE
admin-c: CF2297-RIPE
admin-c: CM1377-RIPE
tech-c: MH22007-RIPE
tech-c: CF2297-RIPE
tech-c: CM1377-RIPE
nic-hdl: NNMC1-RIPE
mnt-by: AS5089-MNT
notify: [email protected]
e-mail: [email protected]
changed: [email protected] 20030328
changed: [email protected] 20030401
changed: [email protected] 20030603
changed: [email protected] 20030707
changed: [email protected] 20040303
changed: [email protected] 20040312
changed: [email protected] 20040929
source: RIPE
Take Care,

Richard
Naples Air Center, Inc. is offline