Jump to content

Why is this braking down the parser?


dra007

Recommended Posts

Can anyone explain why this IP is screwing up the parser?

Tracking link: http://p4cardsonline.com/srg/

[report history]

Resolves to 61.191.108.118

Routing details for 61.191.108.118

[refresh/show] Cached whois for 61.191.108.118 : wang[at]mail.hf.ah.cninfo.net anti-spam[at]ns.chinanet.cn.net hostmaster[at]ns.chinanet.cn.net

abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net

abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net

Using last resort contacts wang[at]mail.hf.ah.cninfo.net postmaster[at]chinanet.cn.net anti-spam[at]chinanet.cn.net ctsummary[at]special.abuse.net

wang[at]mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces)

Using wang#mail.hf.ah.cninfo.net[at]devnull.spamcop.net for statistical tracking.

postmaster[at]chinanet.cn.net bounces (99 sent : 20164 bounces)

Using postmaster#chinanet.cn.net[at]devnull.spamcop.net for statistical tracking.

ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net

ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net

Fatal error parsing spam: Connect failed in s_whois: Interrupted system call 65.123.149.123[at]whois.arin.net

Try again later?

Link to comment
Share on other sites

Can't duplicate it by using just the URL in the single-line mode. The Tracking URL of the actual spam parse would help here.

Error states that there was a problem in making a call / connection to ARIN ... From this end, anything could have happened.

But, it's a pretty odd set of data that gets returned ...

whois -h whois.arin.net 65.123.149.123 ...

Qwest Communications NET-QWEST-BLKS-4 (NET-65-112-0-0-1)

65.112.0.0 - 65.127.255.255

HI MESA PONTIAC BUICK GMC Q0106-65-123-149-120 (NET-65-123-149-120-1)

65.123.149.120 - 65.123.149.127

OrgName: HI MESA PONTIAC BUICK GMC

OrgID: HMPBG-1

Address: 501 EMELIO LOPEZ

City: LOS LUNAS

StateProv: NM

PostalCode: 87031

Country: US

NetRange: 65.123.149.120 - 65.123.149.127

CIDR: 65.123.149.120/29

NetName: Q0106-65-123-149-120

NetHandle: NET-65-123-149-120-1

Parent: NET-65-112-0-0-1

NetType: Reassigned

Comment:

RegDate: 2004-01-08

Updated: 2004-01-08

AbuseHandle: BST39-ARIN

AbuseName: STARKEY, BRYAN

AbusePhone: +1-505-864-4409

AbuseEmail: bser[at]aol.com

OrgTechHandle: BST39-ARIN

OrgTechName: STARKEY, BRYAN

OrgTechPhone: +1-505-864-4409

OrgTechEmail: bser[at]aol.com

Link to comment
Share on other sites

OK, interesting ... ARIN worked just fine when I was looking up your stuff ... However, just tried looking up another IP and got this response (probably what the parser was choking on) ...

10/03/04 22:31:45 IP block 67.52.59.244

Trying 67.52.59.244 at ARIN

Trying 67.52.59 at ARIN

failed, couldn't connect to host

Link to comment
Share on other sites

I see, they are blocking the check... I put the same spam e-mail through the parser again and came up with something totally different. It's only when you look at the tracking details that the aol address is even mentioned:

Tracking details

Display data:

"whois 65.123.149.123[at]whois.arin.net" (Getting contact from whois.arin.net )

   checking NET-65-123-149-120-1

   Display data:

   "whois NET-65-123-149-120-1[at]whois.arin.net" (Getting contact from whois.arin.net )

   Found AbuseEmail in whois bser[at]aol.com

   Ignoring small (7 IP) network

   checking NET-65-112-0-0-1

   Display data:

   "whois NET-65-112-0-0-1[at]whois.arin.net" (Getting contact from whois.arin.net )

   Found AbuseEmail in whois abuse[at]qwest.net

   65.112.0.0 - 65.127.255.255:abuse[at]qwest.net

Routing details for 65.123.149.123

Using best contacts abuse-nonverbose[at]qwest.net

...qwest was actually larted.. Oddly, I got a run of this spam today, each taking a different route:

/snip

We are now proud to offer a safe and =

secure method to Free TV via the new P4/P5 series cards.

Please Go To  http://p4cardsonline.com/srg/

P4 Hack finally is Out, Get it first while its available.

Reminds me of a scam I have come across recently!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...