Jump to content

[Resolved] Parser blocked for Yahoo lookups?


Farelf
 Share

Recommended Posts

http://www.spamcop.net/sc?id=z3093036426z7...d449282c746bb6z and http://members.spamcop.net/sc?track=http%3...pacsecurity.com

"Cannot resolve h ttp://www.westpacsecurity.co m/

No valid email addresses found, sorry!"

But

C:\Documents and Settings\...>nslookup

Non-authoritative answer:

Name: westpacsecurity.com

Address: 216.39.57.104

Appears to point straight to AltaVista/Yahoo:

WHOIS Source: ARIN

IP Address: 216.39.57.104

Country: USA - California

Network Name: NETBLK-INTERNET-BLK-1-AV

Owner Name: AltaVista Company

From IP: 216.39.48.0

To IP: 216.39.63.255

Allocated: Yes

... Yahoo nameservice too.

> set type=ns

> westpacsecurity.com

Non-authoritative answer:

westpacsecurity.com nameserver = ns9.san.yahoo.com

westpacsecurity.com nameserver = yns1.yahoo.com

westpacsecurity.com nameserver = yns2.yahoo.com

westpacsecurity.com nameserver = ns8.san.yahoo.com

yns1.yahoo.com internet address = 98.136.43.32

yns2.yahoo.com internet address = 66.196.84.168

ns8.san.yahoo.com internet address = 98.136.43.32

ns9.san.yahoo.com internet address = 66.196.84.168

>exit

No particular reason seen why the website IP query might not be found by SC (using IDServe.exe):

Initiating server query ...

Looking up IP address for domain: www.westpacsecurity.com

The IP address for the domain is: 216.39.57.104

Connecting to the server on standard HTTP port: 80

[Connected] Requesting the server's default page.

... unless P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" means something to querying agents?? I don't know enough about this stuff.

Yahoo advised of the errant site and invited to consider how SC blocked and appropriateness of that action.

Also melbourneit contacted about the domain registration, cc: spoof[at]westpac.com.au My ISP won't let me forward the copies many seem to require, hope they learn to cope with SC tracking URLs.

Link to comment
Share on other sites

Gave it a few hours, n case it was simply proprogation delay .. However, SamSpade under Windows, using OpenDNS isn't happy yet ...

Dig www.westpacsecurity.com[at]208.67.220.220 ...

Non-authoritative answer

Recursive queries supported by this server

Query for www.westpacsecurity.com type=255 class=1

dns www.westpacsecurity.com

No data of requested type

(Host doesn't exist - try Dig for MX record)

Browsing http://www.westpacsecurity.com/

No such server as www.westpacsecurity.com

just in case it was the www. screwing things up;

Dig westpacsecurity.com[at]208.67.220.220 ...

Non-authoritative answer

Recursive queries supported by this server

Query for westpacsecurity.com type=255 class=1

dns westpacsecurity.com

No data of requested type

(Host doesn't exist - try Dig for MX record)

whois -h whois.melbourneit.com westpacsecurity.com ...

Domain Name.......... westpacsecurity.com

Creation Date........ 2009-07-08

Registration Date.... 2009-07-08

Expiry Date.......... 2010-07-08

Hard to get much 'newer' than this ...

Name Server.......... yns1.yahoo.com

Name Server.......... yns2.yahoo.com

Browsing http://westpacsecurity.com/

No such server as westpacsecurity.com

Fetching http://216.39.57.104/ ...

Host: 216.39.57.104

HTTP/1.1 400 Bad Request

P3P: policyref="http://info.yahoo.com/w3c/p3p.xml"

X-Host: p4w10.geo.re4.yahoo.com

X-INKT-URI: http://us.geocities.com/server-errors/pd_bad_request.html

X-INKT-SITE: http://us.geocities.com/server-errors

So, simply put, I don't see it either, no not sure I could complain about the parser.

Link to comment
Share on other sites

Gave it a few hours, n case it was simply proprogation delay .. However, SamSpade under Windows, using OpenDNS isn't happy yet ...
Aha - thanks for all that.
...So, simply put, I don't see it either, no not sure I could complain about the parser.
Right - for some reason it is responsive enough locally (if it can be seen in the W. coast it can probably be seen anywhere in Oz). Still, it is an "Australasian" phish, no real need for that site to be running well anywhere else.

[on edit] Now I can't get it either - alternative hypothesis, someone has taken it down already. Awesome.

Link to comment
Share on other sites

I couldn't resolve it [at] 7AM local this morning.
Thanks Rick, it seems to be globally gone now, no DNS records working - though DomainDossier still shows what was. Domain registration seems intact but, as we know, registrars operate in a different world and feel it is not their business to ask questions about the business models of their registrants, no matter how 'apparent' the criminality. To be fair, they have a point in law on matters of evidence and an explicit contract of some sort to uphold. Well, good luck to melbourneit if they want to hold out, in Australia, against one of the Australian 'big four' banks (heck, it's a moot point whether even the Aus federal government can pull that off). Anyway, registration records are (currently) defective in the particulars of name servers.

Marking this resolved - as Wazoo pointed out, nothing to do with the parser or reporting (anymore, if ever it was).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...