I got a virus zttacthment emai i was wonsing how to track it.
X-Originating-IP: [74.202.25.43]
Received: from 74-202-25-43.static.twtelecom.net (74-202-25-43.static.twtelecom.net [74.202.25.43] (may be forged))
by flph262.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) wit
is there anyway to track a spoofed email
is there anyway to track a spoofed email
Comptia a+ n+
The sender ip address does indeed belong to a block of ips owned by telecom. However, it's unlikely that the message actually was sent from that ip address. More likely someone else has an infected computer with a virus that sends itself to email addresses found on the computer and randamly uses the different addresses in the From: field, masking where the message actually is sent from. The ip address is also likely randomized.
Telecom thech could check if they have assigned that ip to a customer and then check if that customer has an infected comp, but that's not likely going to happen because there's no undisputable evidence the message was sent from a telecom user.
The ip address does resolve though, to a computer running MS Internet Information Server: http://74.202.25.43 (under construction page)
These are the services available at that server:
http://74.202.25.43:8080/ resolves to a password protected root directory.
http://74.202.25.43:1723/ establishes a connection to port 1723 but there's no further negotiations. (point to point tunnelling/vpn)
The comp is probably using the submission port (587) for smtp (sending mail).
More than likely this is a home user's computer who is running these services, knowingly or unknowingly. Probably knowingly.
Thus it would pay to notify telecom abuse that you have been receiving malicious messages, include full email headers if you email them a report.
Telecom thech could check if they have assigned that ip to a customer and then check if that customer has an infected comp, but that's not likely going to happen because there's no undisputable evidence the message was sent from a telecom user.
The ip address does resolve though, to a computer running MS Internet Information Server: http://74.202.25.43 (under construction page)
These are the services available at that server:
Code: Select all
d830:~# nmap -P0 74.202.25.43
Starting Nmap 5.00 ( http://nmap.org ) at 2010-04-01 21:01 EDT
Interesting ports on 74-202-25-43.static.twtelecom.net (74.202.25.43):
Not shown: 992 filtered ports
PORT STATE SERVICE
80/tcp open http
110/tcp closed pop3
113/tcp closed auth
443/tcp closed https
587/tcp closed submission
1723/tcp open pptp
3389/tcp open ms-term-serv
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 5.09 secondshttp://74.202.25.43:1723/ establishes a connection to port 1723 but there's no further negotiations. (point to point tunnelling/vpn)
The comp is probably using the submission port (587) for smtp (sending mail).
More than likely this is a home user's computer who is running these services, knowingly or unknowingly. Probably knowingly.
Thus it would pay to notify telecom abuse that you have been receiving malicious messages, include full email headers if you email them a report.
No one has any right to force data on you
and command you to believe it or else.
If it is not true for you, it isn't true.
LRH
and command you to believe it or else.
If it is not true for you, it isn't true.
LRH
thanks i was just wondering i got hit with that email eailer this year it's odd i do have someting that is being shipped to me but luckly windows defender saw it right away.
That's the part i couldn't figure out how did the message still get sent to me even though it was for a different user and you explained why it did perfectly.
I got to admit i have to go back to school and do some re reading it's amazing how much you forget when you don't apply it.
That's the part i couldn't figure out how did the message still get sent to me even though it was for a different user and you explained why it did perfectly.
I got to admit i have to go back to school and do some re reading it's amazing how much you forget when you don't apply it.
Comptia a+ n+
maybe this will help some what i should report it though.
I had an old email account from yahoo that fowarded to wowway then to me that is why it threw me off
You would think that two isps would have caught thst the message was sent to a different user but stlil somehow got to me.
I think your right i'll write wow and att see what they think i guess alot of people have been getting hit by this one.
I had an old email account from yahoo that fowarded to wowway then to me that is why it threw me off
You would think that two isps would have caught thst the message was sent to a different user but stlil somehow got to me.
I think your right i'll write wow and att see what they think i guess alot of people have been getting hit by this one.
Comptia a+ n+