Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Is this a paypal scam?
From: "ja6.com" <maillist () ja6 com>
Date: Thu, 18 Mar 2004 16:27:26 -0500

Hmm, a quick search of ARIN (www.arin.net) and the APNIC (www.apnic.net)
reveals this IP is in CHINA. Unless PayPal is hosting servers in China, I would guess it is a scam.
Also seems kinda suspect that the IP does not have a reverse lookup assigned to it if it is valid.

For example one of Paypal's front end servers is 64.4.231.34 and resolves to www.paypal.com.

I wouldn't send them anything, but thats just me.

% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
*_inetnum_*:      218.62.0.0 - 218.62.127.255
netname:      CNCGROUP-JL
country:      CN
descr:        CNCGROUP jilin province network
admin-c:      CH444-AP <http://www.apnic.net/apnic-bin/whois.pl?searchtext=CH444-AP&form_type=advanced>
tech-c:       WT92-AP <http://www.apnic.net/apnic-bin/whois.pl?searchtext=WT92-AP&form_type=advanced>
status:       ALLOCATED NON-PORTABLE
changed:      abuse () cnc-noc net 20031016
mnt-by:       APNIC-HM <http://www.apnic.net/apnic-bin/whois.pl?searchtext=APNIC-HM&form_type=advanced>
mnt-lower:    MAINT-CNCGROUP-JL 
<http://www.apnic.net/apnic-bin/whois.pl?searchtext=MAINT-CNCGROUP-JL&form_type=advanced>
changed:      hm-changed () apnic net 20040301
source:       APNIC
*person*:       CNCGroup Hostmaster
_nic-hdl_:      CH444-AP
e-mail:       abuse () cnc-noc net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
phone:        +86-10-82990775
fax-no:       +86-10-82990885
country:      CN
changed:      abuse () cnc-noc net 20031027
mnt-by:       MAINT-CNCGROUP <http://www.apnic.net/apnic-bin/whois.pl?searchtext=MAINT-CNCGROUP&form_type=advanced>
source:       APNIC
*person*:       Wang Tiegang
_nic-hdl_:      WT92-AP
e-mail:       wtg () mail jl cn
address:      96,JieFang Road ChangChun 130021 China.
phone:        +86-431-8925217
fax-no:       +86-431-8925190
country:      CN
changed:      wtg () mail jl cn 20030117


mnt-by:       MAINT-CNCGROUP-JL 
<http://www.apnic.net/apnic-bin/whois.pl?searchtext=MAINT-CNCGROUP-JL&form_type=advanced>
source:       APNIC


----------------------
--Jon

jschmidt () buhler com wrote:

http://218.62.43.30/verify.html

Signed up for paypal 2 weeks ago, and then this came in the mail as a link in a paypal looking html email asking me to confirm by entering my credit card/account info. I've only purchased 1 thing since signing up; it was from ebay from a longtime seller with nearly 100% positive feedback, and I received the equipment as expected. If this is a scam, then maybe paypal has some employees passing new account info outside the company.

-jamie-

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault