packinair

I know there are ways through the details but I don't know how.. a mail was sent to me through my website and want the address it came from .. can anyone help?


Return-Path: <[email protected]>
Received: from rly-yj02.mx.aol.com (rly-yj02.mail.aol.com [172.18.180.162]) by air-yj04.mail.aol.com (v97.14) with ESMTP id MAILINYJ43-ae983ff5609278; Fri, 02 Jan 2004 07:14:10 -0500
Received: from smtpout-1-1a.secureserver.net (smtpout-1-1a.secureserver.net [64.202.166.20]) by rly-yj02.mx.aol.com (v97.10) with ESMTP id MAILRELAYINYJ22-7f83ff5608b11; Fri, 02 Jan 2004 07:14:03 -0500
Received: (qmail 14669 invoked from network); 2 Jan 2004 12:14:06 -0000
Received: from hosting101.secureserver.net (63.241.136.201)
by smtpout-1-1a.secureserver.net with SMTP; 2 Jan 2004 12:14:06 -0000
Date: 02 Jan 2004 05:13:52 -0700
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: From Stupidfastboats.com
MIME-Version: 1.0
X-AOL-IP: 172.18.180.162
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <[email protected]>

Dirty Race Girl

You can go to www.samspade.org and run a Traceroute on it (using the IP) and get some information that way (where it originated from, what server was being used, what hops it took along the way, etc....) Then run an IP Whois, from that same tool page to find out who the site is registered to, by cross referencing the DNS Entry and the IP. (Note that you have 2 separate IP's in that detail up there, not including your own AOL IP (the 172 number).

These "tools" are all on the index page of Sam Spade, and you can just paste your info into the boxes there.

Hope this helps some!

Keith

I love Samspade, very good basic toolset.

Looks like someone's spoofing your email. Pesky little bastages out there. I could recommend some really cool utility tools to track them down, but probably not much you can do. If they're spoofing your email, the header info will come back with spoofed info as well. Almost 40% of this stuff is distributed through home user computers without them even knowing it.

packinair

Here is another one. same moron.. they are being sent through my website to me.. I tried that link and can't figure it out


Return-Path: <[email protected]>
Received: from rly-xk05.mx.aol.com (rly-xk05.mail.aol.com [172.20.83.42]) by air-xk04.mail.aol.com (v97.14) with ESMTP id MAILINXK44-59e3ff7c7aa30; Sun, 04 Jan 2004 02:58:42 -0500
Received: from smtpout-1-1a.secureserver.net (smtpout-1-1a.secureserver.net [64.202.166.20]) by rly-xk05.mx.aol.com (v97.10) with ESMTP id MAILRELAYINXK58-59e3ff7c7aa30; Sun, 04 Jan 2004 02:58:35 -0500
Received: (qmail 14075 invoked from network); 4 Jan 2004 07:58:52 -0000
Received: from hosting101.secureserver.net (63.241.136.201)
by smtpout-1-1a.secureserver.net with SMTP; 4 Jan 2004 07:58:52 -0000
Date: 04 Jan 2004 00:58:23 -0700
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: From Stupidfastboats.com
MIME-Version: 1.0
X-AOL-IP: 64.202.166.20
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <[email protected]>

Keith

You mean you tried SamSpade? Just put in the IP address or other domain info, then click on "Do Stuff", it will come back with all sorts of info.

Do you own Stupidfastboats domain? I didn't spend a whole lot of time looking into it more, but you might want to check if you have an old Matt's Script like formmail.pl file or similar email form that's being exploited on your server.

Just a hunch, but looking at the blackhole list it sure appears like that could be the problem. At least that's the most common one. If it's not your own form, it could be someone elses on a shared server. They all need to be secured or you'll all get "bounced".

packinair

he is not spoofing my address.... just keeps telling me to go F myself and calling me names.... want to mess back with him.. the e-mail might not help cause it is more of a notification e-mail