Hi,

I got an order through today that immediately looked suspicious. The IP address came back as belonging to EV1 servers. The address from a whois on the domain and the contact address didn't match. I cancelled the order and refunded the paypal payment. I then sent an email to the customer explaining why I cancelled and asked them to offer an explanation if they still wish to go ahead.

I didn't expect a reply for one minute however they emailed back within 30 mins. The explanation was that they have a dedicated for all their business use. I have since replied asking them to clarify on the contact discrepancies.

Now the reply has thrown me slightly. Every dodgy order in the past has never responded to emails so I'm in two minds now and in need of some advice.

What do you think, good or bad order?

All views are appreciated :)

Adam

I personally watch over new accounts. If the IP from the person does not match their location used during sign-up, they are automatically refunded with a following e-mail explaning what happened.

Else, I just accept the payment and watch over thier account. They are as genuine as anyone else until PayPal e-mails me saying a payment has been put "on-hold".

Sounds fishy to me.

What's the EV1 IP address in question?

I have several blocked since EV1 refuses to do anything, and it always seems to be the same few IP addresses trying to place fraudulent orders.

I would say it's fraudulent, and to not go through with the order... why would they be using another dedicated server providers IP? If you have any doubts, you can always still call the phone number they used to signup.

Thats what I thought it seems strange to want a shared account when you have a dedicated sat there, especially when all you need is 100mb/1gb. I'm put off even more as the domain used for the paypal account is registered to someone in the phillipines. I've had no reply from the second email yet, even if i do I don't think I'll be accepting them as a customer.

The IP in question is: 207.44.192.32

Olly I see you're from spalding, quite surprised to see someone else from lincolnshire on here. I'm from skegness/lincoln depending on the day of the week :P

Ev1 does do dial up too accounts too so you need to take that into play.

Ev1 does do dial up too accounts too so you need to take that into play.

That's something I didn't know. This customer however accepted that it was a dedicated and stated that they use it for business use. Seems kinda strange, why not just browse the net from your local pc??

Thanks for the info though, i'll keep it in mind for the future :)

Dedicated as in a dedicated server?

Or do EV1 offer dedicated IP's for their internet services?

sorry should have been clearer, I meant dedicated server. The reply I got from the customer stated

"I have a dedicated server. I use it all all my business related work."

That's something I didn't know. This customer however accepted that it was a dedicated and stated that they use it for business use. Seems kinda strange, why not just browse the net from your local pc??

Thanks for the info though, i'll keep it in mind for the future :)

Well, we have several Windows 2003 servers that we use to surf with from remote locations but...If I were you I would refund the payment and move on, not a healthy order.

Good luck

The refunds already done, I normally wouldn't give it a second thought it was just the reply that threw me. using the windows server from a remote location is understandable, but I bet you wouldn't be using it to order a small shared hosting package :)

The refunds already done, I normally wouldn't give it a second thought it was just the reply that threw me. using the windows server from a remote location is understandable, but I bet you wouldn't be using it to order a small shared hosting package :)

No I would not, looks like someone is trying to hide their tracks.

I think so too, I've just had a reply stating that they recently purchased the domain off someone and this is why the contact details are different. However the domain was only registered a few days ago......

Hi,

I got an order through today that immediately looked suspicious. The IP address came back as belonging to EV1 servers. The address from a whois on the domain and the contact address didn't match. I cancelled the order and refunded the paypal payment. I then sent an email to the customer explaining why I cancelled and asked them to offer an explanation if they still wish to go ahead.

I didn't expect a reply for one minute however they emailed back within 30 mins. The explanation was that they have a dedicated for all their business use. I have since replied asking them to clarify on the contact discrepancies.

Now the reply has thrown me slightly. Every dodgy order in the past has never responded to emails so I'm in two minds now and in need of some advice.

What do you think, good or bad order?

All views are appreciated :)

Adam


I have had dodgy orders with the customer replying.

My way of approaching such situations are:
- Email the customer with any questions you have (which you are doing)
- Ask them the nature of the website
- Call them at the billing telephone number
- Does the email address supplied match the paypal email address? Only correspond to the paypal address. If it doesn't match. Attempt to contact the paypal email. If you get no reply. Discontinue with the order.

Our fraud system and automatic telephone verification stops 95% of fraud orders from ever getting the chance to sign up and pay. They are cheap and convenient. I would recommend you invest if you haven't already done so. I personally recommend maxmind.com

I also noticed the red flags with an order that was just placed. came here, did a search of the IP, and found this thread.

They chose my cheapest plan, but for me to register a domain for them. After reading this thread I searched to see if the domain was still available, but its not, it was registered three days ago and is hosted at a fairly large shared host now.

Hi,

I got an order through today that immediately looked suspicious. The IP address came back as belonging to EV1 servers. The address from a whois on the domain and the contact address didn't match. I cancelled the order and refunded the paypal payment. I then sent an email to the customer explaining why I cancelled and asked them to offer an explanation if they still wish to go ahead.

I didn't expect a reply for one minute however they emailed back within 30 mins. The explanation was that they have a dedicated for all their business use. I have since replied asking them to clarify on the contact discrepancies.

Now the reply has thrown me slightly. Every dodgy order in the past has never responded to emails so I'm in two minds now and in need of some advice.

What do you think, good or bad order?

All views are appreciated :)

Adam
There are too many frauds from Vietnam and Malaysia and they are using web-site IPs which are proxy surfing IPs , simply ask ID Scan within 24hours to provide.

i watch every new account that comes in and make sure its not suspicious like that and would do exactly what you do

I am currently communicating with the customer via the paypal; email address so I don't think it's a stolen account. However it still seems like a very weird situation to me, especially if another order was placed with another provider using the same IP.

I think I'll call them on monday to confirm details. Apparently the site will be used as a tech portal.

sounds fishy...

yeah. attempting to register a domain thats been registered already, 2 days earlier, and most like fraudulently at i'm sure a handful of sites, pretty darn fishy. probably hit others as well, just off some peoples radar, or the hosts don't care. oh well, another example why to stay vigilante and check up on suspicions when the red flags start going up. this is 2 times in the last 30 days that these forums helped me out with this.

Could be running though a proxy?
My home address sits behind a ev1 box, but a rdns on the ip and a whois on the domain gives them all the confirmation they would need..

I'm all for the use of proxies etc, as long as they aren't abused..

This may be the case with your "customer" I'd give the number a quick holler. :)

Answer:
207.44.192.32 PTR record: ns2.helpinghost.com. [TTL 7200s] [A=67.15.80.26] *ERROR* A record does not point back to original IP.

Maybe accept it and watch carefully and see how it plays out

Well just to finish this thread I decided to decline the order. I had a gut feeling about it and looking at a few of the facts I'm sure this was the right thing to do (wrong whois, saying he bought the domain from someone when it was only registered 2 days before, wanting a shared account when he had a dedicated etc. etc.)

If anyone does get an order from this IP and accepts it I'd like to hear how it pans out