Jump to content
Sign in to follow this  
LAArt

Faked address not parsing correctly

Recommended Posts

This certainly appears to be a redirect that the parser doesn't recognize:

Parsing input: http://my.netzero.net/s/lc?s=140591&u=http...om/auto2/?iybrd

host 64.136.21.230 = my.nyc.netzero.net (cached)

No recent reports, no history available

[report history]

Resolves to 64.136.21.230

Routing details for 64.136.21.230

Report routing for 64.136.21.230: spamdesk[at]support.juno.com

Statistics:

64.136.21.230 not listed in bl.spamcop.net

More Information..

64.136.21.230 not listed in dnsbl.njabl.org

64.136.21.230 not listed in dnsbl.njabl.org

64.136.21.230 not listed in cbl.abuseat.org

64.136.21.230 not listed in dnsbl.sorbs.net

64.136.21.230 not listed in relays.ordb.org.

Reporting addresses:

spamdesk[at]support.juno.com

Share this post


Link to post
Share on other sites
The URL below doesn't parse properly.  Not sure if parser thinks it's a redirect, or if the handoff isn't seen.

http://my.netzero.net/s/lc?s=140591&u=http...om/auto2/?iybrd

Based on what I see, why would you think that it redirects? Ahhh, it looks totally different in quoted window ..... Ok, I'm going to go on a totally different tack here ...

The current IE exploit of the non-printable character may be an issue here. If so, then there's also an issue with the translation of code you cut/pasted into this post, the way this app translates it, and the way it gets handled on this screen (IE6sp1all-patches, etc) .... What I see in the posted link (in the quote box) includes the section ....?iybrd]http: ..... In the exploit, the "]" would be the non-printable character.

I thiink I'd rather see the "real" code, which of course, would include the full headers to see what you actually received, vice what I think I'm seeing after too many translations ... and to see a "real" copy, it looks like a referral back to the NNTP side of the house is going to be required, specifically, posting the spam over in spamcop.spam ....

Yes, I know, not an answer, but you have perhaps opened up another "problem" area <g>

Edited by Wazoo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×