Jump to content
Sign in to follow this  
dra007

Why is this braking down the parser?

Recommended Posts

Can anyone explain why this IP is screwing up the parser?

Tracking link: http://p4cardsonline.com/srg/

[report history]

Resolves to 61.191.108.118

Routing details for 61.191.108.118

[refresh/show] Cached whois for 61.191.108.118 : wang[at]mail.hf.ah.cninfo.net anti-spam[at]ns.chinanet.cn.net hostmaster[at]ns.chinanet.cn.net

abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net

abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net

Using last resort contacts wang[at]mail.hf.ah.cninfo.net postmaster[at]chinanet.cn.net anti-spam[at]chinanet.cn.net ctsummary[at]special.abuse.net

wang[at]mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces)

Using wang#mail.hf.ah.cninfo.net[at]devnull.spamcop.net for statistical tracking.

postmaster[at]chinanet.cn.net bounces (99 sent : 20164 bounces)

Using postmaster#chinanet.cn.net[at]devnull.spamcop.net for statistical tracking.

ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net

ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net

Fatal error parsing spam: Connect failed in s_whois: Interrupted system call 65.123.149.123[at]whois.arin.net

Try again later?

Share this post


Link to post
Share on other sites

Can't duplicate it by using just the URL in the single-line mode. The Tracking URL of the actual spam parse would help here.

Error states that there was a problem in making a call / connection to ARIN ... From this end, anything could have happened.

But, it's a pretty odd set of data that gets returned ...

whois -h whois.arin.net 65.123.149.123 ...

Qwest Communications NET-QWEST-BLKS-4 (NET-65-112-0-0-1)

65.112.0.0 - 65.127.255.255

HI MESA PONTIAC BUICK GMC Q0106-65-123-149-120 (NET-65-123-149-120-1)

65.123.149.120 - 65.123.149.127

OrgName: HI MESA PONTIAC BUICK GMC

OrgID: HMPBG-1

Address: 501 EMELIO LOPEZ

City: LOS LUNAS

StateProv: NM

PostalCode: 87031

Country: US

NetRange: 65.123.149.120 - 65.123.149.127

CIDR: 65.123.149.120/29

NetName: Q0106-65-123-149-120

NetHandle: NET-65-123-149-120-1

Parent: NET-65-112-0-0-1

NetType: Reassigned

Comment:

RegDate: 2004-01-08

Updated: 2004-01-08

AbuseHandle: BST39-ARIN

AbuseName: STARKEY, BRYAN

AbusePhone: +1-505-864-4409

AbuseEmail: bser[at]aol.com

OrgTechHandle: BST39-ARIN

OrgTechName: STARKEY, BRYAN

OrgTechPhone: +1-505-864-4409

OrgTechEmail: bser[at]aol.com

Share this post


Link to post
Share on other sites

OK, interesting ... ARIN worked just fine when I was looking up your stuff ... However, just tried looking up another IP and got this response (probably what the parser was choking on) ...

10/03/04 22:31:45 IP block 67.52.59.244

Trying 67.52.59.244 at ARIN

Trying 67.52.59 at ARIN

failed, couldn't connect to host

Share this post


Link to post
Share on other sites

I see, they are blocking the check... I put the same spam e-mail through the parser again and came up with something totally different. It's only when you look at the tracking details that the aol address is even mentioned:

Tracking details

Display data:

"whois 65.123.149.123[at]whois.arin.net" (Getting contact from whois.arin.net )

   checking NET-65-123-149-120-1

   Display data:

   "whois NET-65-123-149-120-1[at]whois.arin.net" (Getting contact from whois.arin.net )

   Found AbuseEmail in whois bser[at]aol.com

   Ignoring small (7 IP) network

   checking NET-65-112-0-0-1

   Display data:

   "whois NET-65-112-0-0-1[at]whois.arin.net" (Getting contact from whois.arin.net )

   Found AbuseEmail in whois abuse[at]qwest.net

   65.112.0.0 - 65.127.255.255:abuse[at]qwest.net

Routing details for 65.123.149.123

Using best contacts abuse-nonverbose[at]qwest.net

...qwest was actually larted.. Oddly, I got a run of this spam today, each taking a different route:

/snip

We are now proud to offer a safe and =

secure method to Free TV via the new P4/P5 series cards.

Please Go To  http://p4cardsonline.com/srg/

P4 Hack finally is Out, Get it first while its available.

Reminds me of a scam I have come across recently!

Edited by dra007

Share this post


Link to post
Share on other sites
I see, they are blocking the check...

I don't quite see "blocking the check" ... connectivity issues is what I was pointing out.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×