Another virus
Hi there one and all, I got another e-mail recently containing a virus that was picked up and binned well before it hit my inbox, however thought someone could play with the header I can get from it and do a little investigating please. The only reason I ask is that the message came from "[email protected]" but obviously is wasn't 10W that we party with on PPRuNe. I have mailed him and alerted him to the fact I got this mail, and he has given me full permission for me to ask this here. Hope someone can help.
Cheers, 5mb X-YahooFilteredBulk: 81.103.54.144 Authentication-Results: mta801.mail.ukl.yahoo.com from=hotmail.com; domainkeys=neutral (no sig) X-Originating-IP: [81.103.54.144] Return-Path: <[email protected]> Received: from 81.103.54.144 (EHLO btinternet.com) (81.103.54.144) by mta801.mail.ukl.yahoo.com with SMTP; Tue, 15 Mar 2005 20:16:19 +0000 From: [email protected] To: <my email address removed> Subject: Re: letter Date: Tue, 15 Mar 2005 20:16:15 +0000 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0016----=_NextPart_000_0016" X-Priority: 3 X-MSMail-Priority: Normal This is a multi-part message in MIME format. ------=_NextPart_000_0016----=_NextPart_000_0016 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Your document is attached to this mail. +++ Attachment: No Virus found +++ MessageLabs AntiVirus - www.messagelabs.com ------=_NextPart_000_0016----=_NextPart_000_0016 Content-Type: application/octet-stream; name="letter.txt .pif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="letter.txt .pif" ------=_NextPart_000_0016----=_NextPart_000_0016-- |
According to the IP given in the header, it might be someone in the Guildford area who uses NTL as their ISP...
WHOIS results for 81.103.54.144 Generated by www.DNSstuff.com Location: United Kingdom [City: London, England] % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 81.103.48.0 - 81.103.55.255 netname: NTL descr: NTL Infrastructure - Guildford country: GB admin-c: NNMC1-RIPE tech-c: NNMC1-RIPE status: ASSIGNED PA mnt-by: AS5089-MNT remarks: INFRA-AW changed: **********@ntli.net 20021114 source: RIPE route: 81.102.0.0/15 descr: NTL-UK-IP-BLOCK origin: AS5089 mnt-by: AS5089-MNT changed: **********@ntli.net 20040929 source: RIPE role: NTLI Network Management Centre address: NTL Internet address: Crawley Court address: Winchester address: Hampshire address: SO21 2QA trouble: ------------------------------------------------------- trouble: For abuse notifications please - trouble: file an online case @ http://www.ntlworld.com/netreport trouble: +44 1633 710142 (Voicemail Only) trouble: ------------------------------------------------------- trouble: For peering issues/requests please - trouble: email : *******@ntli.net trouble: ------------------------------------------------------- admin-c: MH22007-RIPE admin-c: NR731-RIPE admin-c: CM1377-RIPE tech-c: MH22007-RIPE tech-c: CM1377-RIPE admin-c: NR731-RIPE nic-hdl: NNMC1-RIPE mnt-by: AS5089-MNT notify: *************@ntl.com e-mail: *************@ntl.com changed: **********@ntli.net 20030328 changed: **********@ntli.net 20030401 changed: **********@ntli.net 20030603 changed: **********@ntli.net 20030707 changed: **********@ntli.net 20040303 changed: **********@ntli.net 20040312 changed: **********@ntli.net 20040929 changed: *************@ntl.com 20050307 source: RIPE [The following lines added by www.dnsstuff.com per requirement by RIPE] This service is subject to the terms and conditions stated in the RIPE NCC Database Copyright Notice. Contact dnsstuff.com's 'info@' address to report problems regarding the functionality of the service. [If E-mail address(es) were hidden on this page, you can click here to get the results with the E-mail address. |
All times are GMT. The time now is 18:03. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.