02-21-08, 02:27 PM
|
#37
|
|
Stowaway
Posts: n/a
Downloads:
Uploads:
|
Quote:
|
Originally Posted by Tango589
Hey Zayphod, I found out the following header information for you from AOL, hope its useful...
Return-Path: <fmf@oued.org>
Received: from rly-me08.mx.aol.com (rly-me08.mail.aol.com [172.20.83.42]) by air-me07.mail.aol.com (v121.4) with ESMTP id MAILINME073-9d347bb1e40390; Tue, 19 Feb 2008 13:22:12 -0500
Received: from main.brightideasproductions.com (main.brightideasproductions.com [72.51.34.31]) by rly-me08.mx.aol.com (v121.4) with ESMTP id MAILRELAYINME087-9d347bb1e40390; Tue, 19 Feb 2008 13:21:52 -0500
Received: from [81.91.227.14] (helo=User)
--SNIP--
Good luck with this! |
http://network-tools.com/default.asp?prog=trace&host=81.91.227.14
81.91.227.14 is from Benin(BJ) in region Africa
TraceRoute to 81.91.227.14 [unitec14.intnet.bj]
Benin is just two countries east of Nigeria. At work, we have just about all of Benin blocked off at the router level because of the huge amounts of credit card fraud coming from there. Lots of Nigerians work out of there because so much of Nigeria's IP space is being blocked by ISP admins tired of the fact that nothing legitimate comes out of that country. Benin is definately where this originated from.
BTW oued.org in the return path looks pretty bogus as well.
http://network-tools.com/default.asp?prog=express&host=oued.org
Hosted in the USA but not much to it, just a log-in page. Created back on Oct 2005, registered to someone in what looks like Egypt.
(main.brightideasproductions.com [72.51.34.31]) was used as a relay, just in case AOL had decided to block the 81.91.*.* group of IP's. Send the e-mail with headers to abuse@serverbeach.com so they can get that mail server locked down. BTW, brightideasproductions.com is what added those "abuse info" lines to the headers.
Last edited by Zayphod; 02-21-08 at 02:48 PM.
|
|
|
|