dra007 Posted October 4, 2004 Share Posted October 4, 2004 Can anyone explain why this IP is screwing up the parser? Tracking link: http://p4cardsonline.com/srg/ [report history] Resolves to 61.191.108.118 Routing details for 61.191.108.118 [refresh/show] Cached whois for 61.191.108.118 : wang[at]mail.hf.ah.cninfo.net anti-spam[at]ns.chinanet.cn.net hostmaster[at]ns.chinanet.cn.net abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net abuse net chinanet.cn.net = postmaster[at]chinanet.cn.net, anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net Using last resort contacts wang[at]mail.hf.ah.cninfo.net postmaster[at]chinanet.cn.net anti-spam[at]chinanet.cn.net ctsummary[at]special.abuse.net wang[at]mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces) Using wang#mail.hf.ah.cninfo.net[at]devnull.spamcop.net for statistical tracking. postmaster[at]chinanet.cn.net bounces (99 sent : 20164 bounces) Using postmaster#chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net Fatal error parsing spam: Connect failed in s_whois: Interrupted system call 65.123.149.123[at]whois.arin.net Try again later? Link to comment Share on other sites More sharing options...
Wazoo Posted October 4, 2004 Share Posted October 4, 2004 Can't duplicate it by using just the URL in the single-line mode. The Tracking URL of the actual spam parse would help here. Error states that there was a problem in making a call / connection to ARIN ... From this end, anything could have happened. But, it's a pretty odd set of data that gets returned ... whois -h whois.arin.net 65.123.149.123 ... Qwest Communications NET-QWEST-BLKS-4 (NET-65-112-0-0-1) 65.112.0.0 - 65.127.255.255 HI MESA PONTIAC BUICK GMC Q0106-65-123-149-120 (NET-65-123-149-120-1) 65.123.149.120 - 65.123.149.127 OrgName: HI MESA PONTIAC BUICK GMC OrgID: HMPBG-1 Address: 501 EMELIO LOPEZ City: LOS LUNAS StateProv: NM PostalCode: 87031 Country: US NetRange: 65.123.149.120 - 65.123.149.127 CIDR: 65.123.149.120/29 NetName: Q0106-65-123-149-120 NetHandle: NET-65-123-149-120-1 Parent: NET-65-112-0-0-1 NetType: Reassigned Comment: RegDate: 2004-01-08 Updated: 2004-01-08 AbuseHandle: BST39-ARIN AbuseName: STARKEY, BRYAN AbusePhone: +1-505-864-4409 AbuseEmail: bser[at]aol.com OrgTechHandle: BST39-ARIN OrgTechName: STARKEY, BRYAN OrgTechPhone: +1-505-864-4409 OrgTechEmail: bser[at]aol.com Link to comment Share on other sites More sharing options...
Wazoo Posted October 4, 2004 Share Posted October 4, 2004 OK, interesting ... ARIN worked just fine when I was looking up your stuff ... However, just tried looking up another IP and got this response (probably what the parser was choking on) ... 10/03/04 22:31:45 IP block 67.52.59.244 Trying 67.52.59.244 at ARIN Trying 67.52.59 at ARIN failed, couldn't connect to host Link to comment Share on other sites More sharing options...
dra007 Posted October 4, 2004 Author Share Posted October 4, 2004 I see, they are blocking the check... I put the same spam e-mail through the parser again and came up with something totally different. It's only when you look at the tracking details that the aol address is even mentioned: Tracking details Display data: "whois 65.123.149.123[at]whois.arin.net" (Getting contact from whois.arin.net ) checking NET-65-123-149-120-1 Display data: "whois NET-65-123-149-120-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois bser[at]aol.com Ignoring small (7 IP) network checking NET-65-112-0-0-1 Display data: "whois NET-65-112-0-0-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois abuse[at]qwest.net 65.112.0.0 - 65.127.255.255:abuse[at]qwest.net Routing details for 65.123.149.123 Using best contacts abuse-nonverbose[at]qwest.net ...qwest was actually larted.. Oddly, I got a run of this spam today, each taking a different route: /snip We are now proud to offer a safe and = secure method to Free TV via the new P4/P5 series cards. Please Go To http://p4cardsonline.com/srg/ P4 Hack finally is Out, Get it first while its available. Reminds me of a scam I have come across recently! Link to comment Share on other sites More sharing options...
Wazoo Posted October 4, 2004 Share Posted October 4, 2004 I see, they are blocking the check... I don't quite see "blocking the check" ... connectivity issues is what I was pointing out. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.