Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

can s.o. help?

9 views
Skip to first unread message

Leo Baumann

unread,
Oct 5, 2010, 9:52:32 AM10/5/10
to
hi,

I try to get information about the source of some private mails. The
important lines in the header are:

Received: from OLEG-F1AA52F1A0 (lenkap...@173.2.141.216 with plain)
by smtp109.mail.ne1.yahoo.com with SMTP; 04 Oct 2010 07:23:12 -0700
PDT
From: Lenusik <lenkap...@yahoo.com>
X-Mailer: The Bat! (v3.99.29) Professional
X-Priority: 3 (Normal)

- her e-mail-address is with costs by yahoo!
- OLEG-F1AA52F1A0 is in every mail the same, seems to be an IP of a
server of a provider in Argentina ..., what can it have to do with her?
- (lenkap...@173.2.141.216 with plain) this IP-address changes from
mail to mail ...
- Lenusik is a minimization of her first name ...
- lenkap...@yahoo.com is her e-mail-address
- The Bat! (that is clear for me ) ...

I think: E-mails are written from an office in Kasan / Russia (told me),
with The Bat! and not written on Yahoo-Internat-Page. The mails come over
POP-account there and Yahoo told me, that it costs money for the address by
Yahoo.com. The provider in Argentina is https://clientes.wiroos.com/.
Perhaps the office is a little construction-corporation in Kasan / Russia
(told me).

Can one of Your experts see any more information about "Lenusik" in this
header-lines?

Thanx very much for help, it's important.

regards Leo ...


Lumber Cartel, local 42

unread,
Oct 6, 2010, 1:15:15 PM10/6/10
to
On Oct 5, 6:52 am, "Leo Baumann" <leo-baum...@t-online.de> wrote:
> hi,
>
> I try to get information about the source of some private mails. The
> important lines in the header are:
>
> Received: from OLEG-F1AA52F1A0 (lenkapenk...@173.2.141.216 with plain)

>         by smtp109.mail.ne1.yahoo.com with SMTP; 04 Oct 2010 07:23:12 -0700
> PDT
[sNip]

> I think: E-mails are written from an office in Kasan / Russia (told me),
> with The Bat! and not written on Yahoo-Internat-Page. The mails come over
[sNip]

Actually, that IP address comes from New York, USA (the relevant WHOIS
record is included below). The IP doesn't seem to be on any DNSBLs,
so it's probably a new output point for your spammer. You can send a
complaint about the spam to the abuse contact listed below, and
because their IPs are clean I suspect that there's a good chance that
they'll likely handle it professionally and hopefully terminate the
spammer's account.

The eMail addresses are as easy to forge as a sender address on
regular postal mail (e.g., by writing the address of the sender in the
top-left corner of the envelope before mailing). So, never assume
that the eMail addresses used by spammers are theirs.

Good luck!

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;handle=NET-173-2-140-0-1?showDetails=true&showARIN=false
#

NetRange: 173.2.140.0 - 173.2.141.255
CIDR: 173.2.140.0/23
OriginAS: AS6128
NetName: OOL-CPE-NYK3NY-173-2-140-0-23
NetHandle: NET-173-2-140-0-1
Parent: NET-173-2-0-0-1
NetType: Reassigned
RegDate: 2009-01-04
Updated: 2009-01-04
Ref: http://whois.arin.net/rest/net/NET-173-2-140-0-1

CustName: Optimum Online (Cablevision Systems)
Address: 111 New South Road
City: Hicksville
StateProv: NY
PostalCode: 11801
Country: US
RegDate: 2009-01-04
Updated: 2009-01-04
Ref: http://whois.arin.net/rest/customer/C02125189

OrgAbuseHandle: OOLAB-ARIN
OrgAbuseName: OOL Hostmaster
OrgAbusePhone: +1-516-803-2400
OrgAbuseEmail: ab...@cv.net
OrgAbuseRef: http://whois.arin.net/rest/poc/OOLAB-ARIN

OrgTechHandle: OH4-ORG-ARIN
OrgTechName: OOL Hostmaster
OrgTechPhone: +1-516-803-3000
OrgTechEmail: hostm...@cv.net
OrgTechRef: http://whois.arin.net/rest/poc/OH4-ORG-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

--
The Lumber Cartel, local 42 (Canadian branch)
Beautiful British Columbia, Canada
http://www.lumbercartel.ca/

Leo Baumann

unread,
Oct 6, 2010, 2:20:09 PM10/6/10
to
... thanx! Leo ...


0 new messages