javascript? on my friends page?

Monday, September 17th, 2007 12:41 pm
afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
[personal profile] afuna


What should actually be showing up in that entry is the welcome video of OSX Leopard.

It's definitely not something being done by lj-toys, and I get the ad-filled page when I visit the page directly, so it's not just within the iframe. Somehow, Firefox is directing me to the wrong site/domain. But how? And why?

Not cache, because it persists after I clear and restart.
Not an extension, because I'm reproducing in an empty profile. Actually, for that reason, shouldn't be cache, either.

nslookup from my machine returns a different result versus the nslookup from [livejournal.com profile] ciaran_h's server. Plus, lj-toys works properly on Safari, but not on Firefox; I don't know why.


First from my computer:
@home:~/ $ nslookup lj-toys.com
Server: 202.205.253.248
Address: 202.205.253.248#53

Non-authoritative answer:
Name: lj-toys.com
Address: 66.45.238.60
Name: lj-toys.com
Address: 66.45.238.61

Then from Ciaran's server:
@neo:~$ nslookup lj-toys.com
Server: 69.56.222.10
Address: 69.56.222.10#53

Non-authoritative answer:
Name: lj-toys.com
Address: 204.9.177.18


Fu: 0
That site: eleventy-one

Update:
Dre fixed it <3 Added a line to /etc/hosts, and now I have no problems. It's hacky, but it works. *purrs at Dre*
  • Current Mood: confused
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2007-09-17 07:26 am (UTC)
From: [identity profile] exor674.livejournal.com
It should be noted, both of FuFu's browsers give the same IP address from a simple "what is my IP" page

Date: 2007-09-17 07:53 am (UTC)
afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
From: [personal profile] afuna
*chu*

Date: 2007-09-17 09:18 am (UTC)
From: [identity profile] soph.livejournal.com
My guess is it's a DNS thing. Firefox, for some odd reason I can't completely understand, don't do DNS requests via the given SOCKS proxy. Instead, DNS requests go, I believe, via the OS. The IP address being returned from Fu's machine, 202.205.253.248, is in this netblock:

inetnum:      202.205.252.0 - 202.205.253.255
netname:      MOED-CN
descr:        ~{=LS}2?K^Ia~}
descr:        dormitory of Ministry of education
descr:        Beijing, Beijing 100101, China
country:      CN
remarks:      conn-id BJ001547
admin-c:      SL4-AP
tech-c:       SL4-AP
tech-c:       CER-AP
remarks:      origin AS4538
changed:      hostmaster@net.edu.cn 20030805
mnt-by:       MAINT-CERNET-AP
status:       ASSIGNED NON-PORTABLE
source:       APNIC

role:         CERNET Helpdesk
address:      Room 224, Main Building
address:      Tsinghua University
address:      Beijing 100084, China
country:      CN
phone:        +86-10-6278-4049
fax-no:       +86-10-6278-5933
e-mail:       cernet-helpdesk-ip@net.edu.cn
trouble:      abuse@net.edu.cn
admin-c:      XL1-CN
tech-c:       SZ2-AP
nic-hdl:      CER-AP
remarks:      Point of Contact for admin-c
mnt-by:       MAINT-CERNET-AP
changed:      cernet-helpdesk-ip@net.edu.cn 20010903
source:       APNIC

person:       Song Li
address:      Network Center
address:      dormitory of Ministry of education
address:      Beijing, Beijing 100101, China
nic-hdl:      SL4-AP
e-mail:       lis@broadband.edu.cn
phone:        +86-10-65226655-2218
fax-no:       +86-10-85181010
changed:      hostmaster@net.edu.cn 20030805
mnt-by:       MAINT-CERNET-AP
source:       APNIC


I'm guessing Safari isn't affected because it does DNS requests internally, and does it via the SOCKS proxy.

The DNS for whatismyip doesn't change, and both browsers use the SOCKS proxy, hence both of them showing the same IP. In other words, lj-toys is being targeted.

Date: 2007-09-17 09:20 am (UTC)
From: [identity profile] exor674.livejournal.com
Erk, why is China doing that... :(

Also, I had her use http://andreanall.com/1180/whoami.pl and not whatismyip.com heh (didn't know about the latter's existance).

I was trying to rule out something simple first :D.

Date: 2007-09-17 09:32 am (UTC)
From: [identity profile] soph.livejournal.com
I got it wrong, see my reply below.

Date: 2007-09-17 09:31 am (UTC)
From: [identity profile] soph.livejournal.com
Sorry, I'm stupid. That isn't the IP Afuna got, that's the DNS server. The netblock for the IP Fu got is:

network:Class-Name:network
network:ID:NETBLK-INTSRV.66.45.224.0/19
network:Auth-Area:66.45.224.0/19
network:Network-Name:INTSRV-66.45.238.56
network:IP-Network:66.45.238.56/29
network:Org-Name:iHoldings.com, Inc.
network:Street-Address:13205 SW 137th Ave, Suite #133
network:City:Miami
network:State:FL
network:Country-Code:US
network:Created:20040201
network:Updated:20050401
network:Updated-By:detain@interserver.net

network:Class-Name:network
network:ID:NETBLK-INTSRV.66.45.224.0/19
network:Auth-Area:66.45.224.0/19
network:Network-Name:INTSRV-66.45.238.32
network:IP-Network:66.45.238.32/27
network:Org-Name:jvds.com
network:Street-Address:P.O. Box 577
network:City:Franklin Lakes
network:State:NJ
network:Postal-Code:07417
network:Country-Code:US
network:Created:20040201
network:Updated:20050401
network:Updated-By:detain@interserver.net


So, uh, that's weird. Not sure what's up with that.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only