Strange email

  • Thread starter Thread starter Carolyn
  • Start date Start date
C

Carolyn

I just received a strange email that had the subject listed as "The
Hurricane Started: Thu, 18 Sep 2003 09:39:52 2003 09:39:52 +0000".

They were using a spoofed address and the body of the message contained the
following (I removed some of the coding just in case)


" http://200 .187.137.10/microsoft/?6329858963634581" <img border="0"
src="http://200.187.137.10/microsoft/update.php"></body>"

What do you guys make of this one?
Carolyn
 
T.R. said:
Parsing input: 200.187.137.10
host 200.187.137.10 (getting name) =
10.137.187.200.in-addr.arpa.pegasusip.net.br.

Reporting addresses:
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)

OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY

ReferralServer: whois://whois.lacnic.net

NetRange: 200.0.0.0 - 200.255.255.255
CIDR: 200.0.0.0/8
NetName: LACNIC-200
NetHandle: NET-200-0-0-0-1
Parent:
NetType: Allocated to LACNIC
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.ORG
NameServer: NS.DNS.BR
NameServer: NS2.DNS.BR
Comment: This IP address range is under LACNIC responsibility for
further
Comment: allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details, or
check the
Comment: WHOIS server located at whois.lacnic.net
RegDate: 2002-07-27
Updated: 2003-06-12

TechHandle: LACNIC-ARIN
TechName: LACNIC Hostmaster
TechPhone: (+55) 11 5509-3522
TechEmail: (e-mail address removed)

OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Hostmaster
OrgTechPhone: (+55) 11 5509-3522
OrgTechEmail: (e-mail address removed)
Click to expand...

Thanks for the information. I am sending an abuse report right away.
Carolyn
 
How did you get this information? It would be great for finding out who is
hitting my website.
 
Back
Top