Re: properties in e-mail from sexyfun


Welcome to the Virus.Org Mailing List Archive

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

To: [EMAIL PROTECTED]
Subject: Re: properties in e-mail from sexyfun
From: Guillaume Filion <[EMAIL PROTECTED]>
Date: Mon, 15 Jan 2001 23:39:30 +0100
In-reply-to: <[EMAIL PROTECTED]>

Hi Kelly,

An easy way to find this is to use Spamcop's automatic parsing service
available at: http://spamcop.net/nosend.shtml

Here's what it said on your spam:
------------------------
Parsing header:

Received: from mx8-w.mail.home.com (mx8-w.mail.home.com [24.0.95.73]) by
h14.mail.home.com (8.9.3/8.9.0) with ESMTP id VAA09676 for
<[EMAIL PROTECTED]>; Thu, 11 Jan 2001 21:43:57 -0800 (PST)
Possible spammer: 24.0.95.73
"nslookup 73.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
"nslookup mx8-w.mail.home.com" (checking ip) ip [show] ip = 24.0.95.73
"nslookup 73.95.0.24.rbl.maps.vix.com." (checking ip) ip [show] not found
"nslookup 73.95.0.24.inputs.orbs.org." (checking ip) ip [show] not found
"nslookup 73.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
24.0.95.73 has already been sent to ORBS
Received line accepted

Received: from smtp02.mail.onemain.com (SMTP-OUT003.ONEMAIN.COM
[63.208.208.73]) by mx8-w.mail.home.com (8.11.1/8.11.1) with SMTP id
f0C5huk01495 for <[EMAIL PROTECTED]>; Thu, 11 Jan 2001 21:43:56 -0800
(PST)
"nslookup 73.95.0.24.dul.maps.vix.com." (checking ip) ip [show] not found
Possible spammer: 63.208.208.73
"nslookup SMTP-OUT003.ONEMAIN.COM" (checking ip) ip [show] ip = 63.208.208.73
"nslookup smtp02.mail.onemain.com" (checking ip) ip [show] ip = 63.208.208.73
"nslookup 73.208.208.63.rbl.maps.vix.com." (checking ip) ip [show] not found
"nslookup 73.208.208.63.inputs.orbs.org." (checking ip) ip [show] not found
Chain test:mx8-w.mail.home.com =? mx8-w.mail.home.com
Chain verified mx8-w.mail.home.com = mx8-w.mail.home.com
"nslookup 73.208.208.63.dul.maps.vix.com." (checking ip) ip [show] not found
63.208.208.73 has already been sent to ORBS
Received line accepted

Received: (qmail 4354 invoked from network); 12 Jan 2001 04:25:11 -0000
no ip found in received line
Ignored

Received: from moperr01-98.midwest.net (HELO computer) ([208.235.39.108])
(envelope-sender <>) by 10.209.20.32 (qmail-ldap-1.03) with SMTP for
<[EMAIL PROTECTED]>; 12 Jan 2001 04:25:11 -0000
"nslookup 73.208.208.63.dul.maps.vix.com." (checking ip) ip [show] not found
Possible spammer: 208.235.39.108
"nslookup moperr01-98.midwest.net" (checking ip) ip [show] ip = 208.235.39.108
Taking name from IP...
"nslookup 208.235.39.108" (getting name) [show] 208.235.39.108 =
moperr01-98.midwest.net
"nslookup moperr01-98.midwest.net" (checking ip) ip [show] ip = 208.235.39.108
"nslookup 108.39.235.208.rbl.maps.vix.com." (checking ip) ip [show] not found
"nslookup 108.39.235.208.inputs.orbs.org." (checking ip) ip [show] not found
Chain error; '10.209.20.32' != 'SMTP-OUT003.ONEMAIN.COM' or
'smtp02.mail.onemain.com'; received line discarded

Tracking ip 63.208.208.73:
"nslookup 63.208.208.73" (getting name) [show] 63.208.208.73 =
SMTP-OUT003.ONEMAIN.COM
"nslookup SMTP-OUT003.ONEMAIN.COM" (checking ip) ip [show] ip = 63.208.208.73
abuse.net [EMAIL PROTECTED], [EMAIL PROTECTED]

Statistics:
ISP ([EMAIL PROTECTED], [EMAIL PROTECTED]) score:3917
Right now, this email would be detained by SpamCop Filters
Would send complaint to [EMAIL PROTECTED], [EMAIL PROTECTED]
------------------------
[REF: http://spamcop.net/sc?id=15426746&crc=77734 ]

Hope this helps,
GFK's

>Following is the properties from the email from sexyfun.  I'm interested
>in knowing who this came from so that they can get their machine scanned.
>
>Any help would be appreciated
>
>          Thu, 11 Jan 2001 21:43:57 -0800
>Received: from mx8-w.mail.home.com (mx8-w.mail.home.com [24.0.95.73])
> by h14.mail.home.com (8.9.3/8.9.0) with ESMTP id VAA09676
> for <[EMAIL PROTECTED]>; Thu, 11 Jan 2001 21:43:57 -0800 (PST)
>Received: from smtp02.mail.onemain.com (SMTP-OUT003.ONEMAIN.COM
>[63.208.208.73])
> by mx8-w.mail.home.com (8.11.1/8.11.1) with SMTP id f0C5huk01495
> for <[EMAIL PROTECTED]>; Thu, 11 Jan 2001 21:43:56 -0800 (PST)
>Date: Thu, 11 Jan 2001 21:43:56 -0800 (PST)
>Message-Id: <[EMAIL PROTECTED]>
>Received: (qmail 4354 invoked from network); 12 Jan 2001 04:25:11 -0000
>Received: from moperr01-98.midwest.net (HELO computer) ([208.235.39.108])
>(envelope-sender <>)
>          by 10.209.20.32 (qmail-ldap-1.03) with SMTP
>          for <[EMAIL PROTECTED]>; 12 Jan 2001 04:25:11 -0000
>From: Hahaha <[EMAIL PROTECTED]>
>Subject: Snowhite and the Seven Dwarfs - The REAL story!
>MIME-Version: 1.0
>Content-Type: multipart/mixed; boundary="--VEJOXIFS9IZC1IZ4DAR0DIVOTAJ05AJ"
>Apparently-To: <[EMAIL PROTECTED]>

References:
- properties in e-mail from sexyfun
  - From: Kelly Reid

Prev by Date: Re: anyone else seen an increase in sunrpc scans these days?
Next by Date: Re: anyone else seen an increase in sunrpc scans these days?
Previous by thread: Re: properties in e-mail from sexyfun
Next by thread: Re: properties in e-mail from sexyfun
Index(es):
- Main
- Thread

Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.