Jump to content

Faked address not parsing correctly


Recommended Posts

This certainly appears to be a redirect that the parser doesn't recognize:

Parsing input: http://my.netzero.net/s/lc?s=140591&u=http...om/auto2/?iybrd

host = my.nyc.netzero.net (cached)

No recent reports, no history available

[report history]

Resolves to

Routing details for

Report routing for spamdesk[at]support.juno.com

Statistics: not listed in bl.spamcop.net

More Information.. not listed in dnsbl.njabl.org not listed in dnsbl.njabl.org not listed in cbl.abuseat.org not listed in dnsbl.sorbs.net not listed in relays.ordb.org.

Reporting addresses:


Link to comment
Share on other sites

The URL below doesn't parse properly.  Not sure if parser thinks it's a redirect, or if the handoff isn't seen.


Based on what I see, why would you think that it redirects? Ahhh, it looks totally different in quoted window ..... Ok, I'm going to go on a totally different tack here ...

The current IE exploit of the non-printable character may be an issue here. If so, then there's also an issue with the translation of code you cut/pasted into this post, the way this app translates it, and the way it gets handled on this screen (IE6sp1all-patches, etc) .... What I see in the posted link (in the quote box) includes the section ....?iybrd]http: ..... In the exploit, the "]" would be the non-printable character.

I thiink I'd rather see the "real" code, which of course, would include the full headers to see what you actually received, vice what I think I'm seeing after too many translations ... and to see a "real" copy, it looks like a referral back to the NNTP side of the house is going to be required, specifically, posting the spam over in spamcop.spam ....

Yes, I know, not an answer, but you have perhaps opened up another "problem" area <g>

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...