Another Active PayPal Phishing Website Targeting German Users - Part 2
TOKYO (MacHouse) - As we reported a few hours ago, an organized phishing scam group circulated a spam message written in German, implicating online payment company PayPal. The title of the message is Anmelden in Ihrem Konto und das Problem behoben werden. (See Screenshot 01.) The underlying link in the spam message that says Klicken Sie hier, um sich in is
http://billandsandra.net/picture/docs/
aktualisieren-paypalSie-Ihre-Kontoinformationen/index.htm (A continuous URL is divided into two lines.)
That’s where a phishing website is currently hosted, targeting German PayPal users. (See Screenshot 02.) And there is no redirection website involved this time. This is the second straight day in which a cyber criminal group circulated a spam message to advertise a PayPal phishing website hosted at the domain of billandsandra.net.
 Screenshot 01 - Source: MacHouse |
 Screenshot 02 - Source: billandsandra.net |
 Screenshot 03 - Source: MacHouse |
Let’s first find out where the phishing message originates from. Screenshot 03 shows the HTML source code of the phishing message. It indicates that the phishing message comes from the server at web14.internetx.de. (Screenshot 04 show the index page of the website at internetx.de.) That’s the origin of the phishing message because server’s actual IP address (62.116.130.180) matches one of the addresses shown in the header. Once again, the header suggests that the mail sender accessing the server is from South Korea with the IP address of 61.97.118.90.
 Screenshot 04 - Source: InterNetX GmbH |
 Screenshot 05 - Source: canaca.com |
 Screenshot 06 - Source: canaca.com |
As I noted earlier, as shown in Screenshot 02, the actual PayPal phishing website is hosted at the domain of billandsandra.net. The host of this website is traced to a Canadian web hosting company called Canaca-com Inc (canaca.com). (Screenshot 05 shows the index page of web hosting company’s website.) Since this is the second straight day in which German PayPal users are targeted, we gave a kind notification to the web hosting company some 40 minutes ago. (See Screenshot 06.) Let’s see how fast they will respond.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
Related stories:
New Active PayPal Phishing Website Targeting German Users - Part 2
Another Active PayPal Phishing Website Targeting German Users - Part 1
New Active PayPal Phishing Website Targeting German Users - Part 1
Active Phishing Website Targeting German PayPal Users - Part 2
Active Phishing Website Targeting German PayPal Users - Part 1
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.