Strange URL Configuration: domain.com at 12345
Tilman Schmidt
Tilman.Schmidt at sema.de
Mon May 29 13:28:07 UTC 2000
At 06:26 29.05.00 +0000, Ron Parker wrote:
>I received spam today with a response url:
>
> http://www.rankingtothetop.com@1078106110/
>
>Funny thing is, this works! My questions:
>
>1. How does this work (i.e., I enter this into my browser and the page
>comes up).
The part after the @ determines the server. If this is a decimal number
many resolvers interpret it as a numeric IP address. The part before
the @ is just sent along as the username in the HTTP request and
probably ignored by the server.
>2. How do I decipher this to find out what the IP is for this site (or
>real domain name) or ISP so I can complain about the spam.
1078106110 = 0x404297FE = 0x40.0x42.0x97.0xFE = 64.66.151.254
A reverse lookup yields SERVFAIL consistently, and I suspect this is
intentional, given the names of the servers for the reverse domain:
151.66.64.in-addr.arpa. 5d16h47m13s IN NS NS.SITEPROTECT.COM.
151.66.64.in-addr.arpa. 5d16h47m13s IN NS NS2.SITEPROTECT.COM.
whois.arin.net says the address belongs to:
Hostway Corporation (NETBLK-HOSTWAY-03)
216 W. Jackson Blvd. Suite 325
Chicago, IL 60610
US
Netname: HOSTWAY-03
Netblock: 64.66.128.0 - 64.66.159.255
Maintainer: HSWY
Coordinator:
Network, Administrator (AN94-ARIN) noc at HOSTWAY.NET
312-782-7875
Hope that helps.
--
Tilman Schmidt E-Mail: Tilman.Schmidt at sema.de (office)
Sema Group Koeln, Germany tilman at schmidt.bn.uunet.de (private)
More information about the bind-users
mailing list