Resolve 3289355434
John Hascall
john at iastate.edu
Tue Mar 14 20:11:00 UTC 2006
> I received a phishing scam email recently. No news there, but one
> thing that caught me off guard was the URL given in the email:
> http://3289355434:82/webscr/index.php
> I am not sure I understand how the domain 3289355434 can resolve to an
> IP, but it does.
> There is no TLD in that domain - could someone explain to me how that
> works?
It doesn't resolve to an IP because it is an IP address, albeit
in a form you don't see very often (except in this kind of scam).
> traceroute 3289355434
traceroute to 3289355434 (196.15.148.170), 30 hops max, 40 byte packets
1 router-129-186-144-0.iastate.edu (129.186.145.254) 1 ms 0 ms 1 ms
...
15 lipco-brokers-gw.telkom-ipnet.co.za (196.25.251.202) 330 ms 331 ms 329 ms
16 mail.lionshare.co.za (196.15.148.170) 332 ms 331 ms 332 ms
I rather doubt that paypal operates a server at
some legal services company in South Africa.
In my opinion, they've probably been "owned".
John
More information about the bind-users
mailing list