Re: properties in e-mail from sexyfun

[Rob Hughes <[EMAIL PROTECTED]>]

Return-Path: <[EMAIL PROTECTED]>
Received: from mh7-sfba.mail.home.com ([24.0.95.236])
          by femail7.sdc1.sfba.home.com
          (InterMail vM.4.01.03.00 201-229-121) with ESMTP
          id
<[EMAIL PROTECTED]
com>
          for <[EMAIL PROTECTED]>;
          Sun, 14 Jan 2001 09:46:57 -0800
Received: from mx7-sfba.mail.home.com (mx7-sfba.mail.home.com
[24.0.95.232])
	by mh7-sfba.mail.home.com (8.9.3/8.9.0) with ESMTP id JAA01165
	for <[EMAIL PROTECTED]>; Sun, 14 Jan 2001 09:46:57 -0800 (PST)
Received: from host2.wfdns2.com (host2.wfdns2.com [209.239.38.26])
	by mx7-sfba.mail.home.com (8.11.1/8.11.1) with ESMTP id
f0EHkrG07498
	for <[EMAIL PROTECTED]>; Sun, 14 Jan 2001 09:46:53 -0800 (PST)
Received: (from [EMAIL PROTECTED])
	by host2.wfdns2.com (8.10.2/8.10.2) id f0EHkqf28020
	for [EMAIL PROTECTED]; Sun, 14 Jan 2001 12:46:52 -0500
Received: from cheryl (slip-32-102-97-111.tx.us.prserv.net
[32.102.97.111])
	by host2.wfdns2.com (8.10.2/8.10.2) with SMTP id f0EHkem28006
	for <[EMAIL PROTECTED]>; Sun, 14 Jan 2001 12:46:40 -0500
Date: Sun, 14 Jan 2001 12:46:40 -0500
Message-Id: <[EMAIL PROTECTED]>
From: Hahaha <[EMAIL PROTECTED]>
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VEBOXM34HU745YF0HM38LQBOT"
Apparently-To: <[EMAIL PROTECTED]>

This one seems to have come from a network belonging to IBMGLOBALSERV,
but the domain seems to belong to ATT

IBM Global Services (NETBLK-IBMGLOBALSERV)
   4 Bedford Farms
   Bedford, NH 03110-6528
   US

   Netname: IBMGLOBALSERV
   Netblock: 32.0.0.0 - 32.255.255.255

   Coordinator:
      Sides Jr., Phil  (PS4071-ARIN)  [EMAIL PROTECTED]
      (603)224-3815 (FAX) (781)623-8379 (FAX) (781)623-8379

   Domain System inverse mapping provided by:

   NS.UK.IBM.NET		152.158.16.48
   NS.DE.IBM.NET		152.158.2.48
   NS.NL.IBM.NET		152.158.36.48

   Record last updated on 01-Sep-1999.
   Database last updated on 13-Jan-2001 18:21:34 EDT.

Registrant:
AT&T Global Network Services (PRSERV-DOM)
   231 N. Martingale Road
   Schaumburg, IL 60173
   US

   Domain Name: PRSERV.NET

   Administrative Contact:
      Sammons, Greg  (GSX208)  [EMAIL PROTECTED]
      AT&T Global Network Services
      231 N. Martingale Road
      Schaumburg , IL 60173
      847-240-3230 (FAX) 847-240-4817
   Technical Contact:
      Administrator, Dns  (DA694)  [EMAIL PROTECTED]
      ATT Global Network Solutions
      500 Mamaroneck Ave.
      Harrison, NY 10528
      800-566-0056 Opt 2 (FAX) 914-899-4555
   Billing Contact:
      Irwin, Lori  (LI381)  [EMAIL PROTECTED]
      IBM Network Services
      425 N. Martingale Rd, Suite 300
      Schaumburg , IL 60173
      847-706-2863 (FAX) 847-240-8230

   Record last updated on 21-Sep-2000.
   Record expires on 30-Sep-2005.
   Record created on 30-Sep-1998.
   Database last updated on 14-Jan-2001 08:38:06 EST.

   Domain servers in listed order:

   NS1.US.PRSERV.NET		165.87.194.244
   NS4.US.PRSERV.NET		165.87.201.244
   NS3.US.PRSERV.NET		165.87.201.243

As determined by the injection record:
Received: from cheryl (slip-32-102-97-111.tx.us.prserv.net
[32.102.97.111])
	by host2.wfdns2.com (8.10.2/8.10.2) with SMTP id f0EHkem28006
	for <[EMAIL PROTECTED]>; Sun, 14 Jan 2001 12:46:40 -0500


prserv.net doesn't seem to resolve though, though the IP address does
resolve to the apparent sender. Now I just need to track down who this
"prserv.net actually belongs to

Rob Hughes
Network Analyst
Voice (H) (972) 918-0980
Voice (W) (972) 856-3232
Voice (C) (214) 282-7996
Email [EMAIL PROTECTED], [EMAIL PROTECTED]
___________________________________________

"Try not to become a man of success but rather try to become a man of
value." -- Albert Einstein

> -----Original Message-----
> From: Incidents Mailing List [mailto:[EMAIL PROTECTED]
> Behalf Of Kelly Reid
> Sent: Friday, January 12, 2001 4:17 AM
> To: [EMAIL PROTECTED]
> Subject: properties in e-mail from sexyfun
>
>
> Following is the properties from the email from sexyfun.  I'm
> interested in knowing who this came from so that they can get
> their machine scanned.
>
> Any help would be appreciated
>
>           Thu, 11 Jan 2001 21:43:57 -0800
> Received: from mx8-w.mail.home.com (mx8-w.mail.home.com [24.0.95.73])
>  by h14.mail.home.com (8.9.3/8.9.0) with ESMTP id VAA09676
>  for <[EMAIL PROTECTED]>; Thu, 11 Jan 2001 21:43:57 -0800 (PST)
> Received: from smtp02.mail.onemain.com
> (SMTP-OUT003.ONEMAIN.COM [63.208.208.73])
>  by mx8-w.mail.home.com (8.11.1/8.11.1) with SMTP id f0C5huk01495
>  for <[EMAIL PROTECTED]>; Thu, 11 Jan 2001 21:43:56 -0800 (PST)
> Date: Thu, 11 Jan 2001 21:43:56 -0800 (PST)
> Message-Id: <[EMAIL PROTECTED]>
> Received: (qmail 4354 invoked from network); 12 Jan 2001
> 04:25:11 -0000
> Received: from moperr01-98.midwest.net (HELO computer)
> ([208.235.39.108]) (envelope-sender <>)
>           by 10.209.20.32 (qmail-ldap-1.03) with SMTP
>           for <[EMAIL PROTECTED]>; 12 Jan 2001 04:25:11 -0000
> From: Hahaha <[EMAIL PROTECTED]>
> Subject: Snowhite and the Seven Dwarfs - The REAL story!
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="--VEJOXIFS9IZC1IZ4DAR0DIVOTAJ05AJ"
> Apparently-To: <[EMAIL PROTECTED]>
>


Attachment:
bin00003.bin

Attachment: bin00005.bin
Description: "Description: "smime.p7s""