Possible PayPal Phishing Website Implicating APLUS.NET Again - Part 1
TOKYO (MacHouse) - An international cyber scum group sent out a familiar spam message, misrepresenting the online payment company. The subject line of the spam message is your PayPal account balance. (See Screenshot 01.) It’s the second phishing message of the day involving PayPal.
 Screenshot 01 - Source: MacHouse |
 Screenshot 02 - Source: Aplus.net |
 Screenshot 03 - Source: Aplus.net |
There are two URLs shown in the message. These URLs share the same underlying link, which is http://ftbfqde9on.web.aplus.net/. The domain sounds familiar. Right… Just about 10 days ago, we reported an active PayPal phishing website hosted at the same domain. This domain belongs to Aplus.net Internet Services. (Screenshot 02 shows the index page of Aplus.net’s website.)
If you access the URL stated above, you may end up with a 404 error page. (See Screenshot 03.) For now, there is no PayPal phishing website hosted at the given URL.
What does 404 error mean, anyway? The 404 error means the web server is accessible but a particular page doesn’t exist. In fact, at the time of our investigation, there was a server accessible at http://ftbfqde9on.web.aplus.net. The IP address of the web server is 66.226.64.49, which belongs to Aplus.net. It was Aplus.net that harbored a PayPal phishing website 10 days ago. It was Aplus.net that harbored a PayPal phishing website in November 16. It doesn’t take a rocket scientist to see a crucial pattern, does it? Even my 10-year-old niece could see it.
We will have a detailed report for this matter in several hours.
References:
Warning: Active PayPal Phishing Website Found at APLUS.NET - Part 2
Warning: Active PayPal Phishing Website Found at APLUS.NET - Part 1
Active PayPal Phishing Website Ex San Diego, CA, USA - Part 2
Active PayPal Phishing Website Ex San Diego, CA, USA - Part 1
Beware of French PayPal Phishing Website Hosted at WordPress Blog (Prenez garde d’un site Web phishing de PayPal accueilli à infantmemories.com.)
Beware of PayPal Phishing Mail Circulated by Moroccan Cyber Criminal Group
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
December 9th, 2008 at 9:44 am
Hello,
On behalf of Aplus.net I would like to explain how our system works, and why you are seeing a 404 error page. We have, for our customers’ convenience, put in place these “utility” domains which our customers can use to upload their sites in the event that they do not yet have a domain, or their domain does not currently resolve. These utility domains have a format of *.web.aplus.net. If you were to test any combination of random numbers and letters in the place of the “*” you will still get a 404 error. This is because all of these subdomains are automatically resolved to our hosting platform ( this provides instant activation of the plan). Though you are still seeing a 404 error and that domain is resolving, I can assure you that there is no such site anymore.
We have very strict policies against fraud and work very closely with paypal, eBay, Bank of America, and many others to terminate all accounts suspected of fraudulent activity as soon as possible. We also have a team dedicated to the prevention of fraud. Unfortunately, not all fraudulent activity can be detected immediately. It is for this reason that we rely upon and appreciate complaints that assist us in locating such accounts. We would like to ask that if you ever notice such an account in the future, please send the URL to abuse@aplus.net and we guarantee you that the issue will be investigated, and, if necessary, the site will be terminated as soon as possible.
Thank you,
James Dimitrov
Manager, Customer Care
Aplus.net
December 9th, 2008 at 10:00 am
Mr. Dimitrov,
We investigate a few hundred Internet security issues each year. Internet security news was hosted at machouse.mhvt.net before. And we made this subject independent more than a year ago and gave a separate subdomain. We are too busy to help every single victim. We are not funded by tax payers’ money. Perhaps, you may want to consult law enforcement or government agencies.
As explained here, we no longer give anybody a kind notification about a website exploitation. Although we intend to develop an automatic notification system, it will cost us several thousand dollars and sufficient time. Since nobody bothers to make a donation, we don’t bother to develop one, which doesn’t suggest that you should do.
December 9th, 2008 at 10:17 am
Hello,
I apologize that my last few sentences were not as clear as I wanted them to be. I meant to say that we also rely upon the complaints of all end-users, as well as any person who feels he/she is a victim of such fraud. I have absolutely no doubt that your organization is aware of how to deal with such cases, and I was simply trying to emphasize how important the role of the end-user is. While we do, as I mentioned, work together with many major organizations and the authorities to stop fraudulent activity, we feel that the role of the end-user is just as important and always appreciate when someone helps us by reporting such activity to us, whether by email or phone.
Thank you.
James Dimitrov
Manager, Customer Care
Aplus.net