Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - An international organized cyber crime group sent out a spam message targeting German PayPal users more than 15 hours ago. The title of the message is Mit eingeschränktem Zugriff: Stellen Sie Ihr. It’s different from the one that was sent out 24 hours before. And the message is quite simple. It only says






Sie haben 1 neue Nachricht Security Alert!

Anmelden in Ihrem Konto und das Problem behoben werden.

Klicken Sie hier, um sich in

The PayPal Team






(See Screenshot 01.) The underlying URL behind the hyperlink is http://200.123.132.188/PP/
paypal-aktualisieren-Sie-Ihre-Kontoinformationen/index.htm. (A continuous URL is divided into two parts.)

Screenshot 01 - Source: MacHouse

Screenshot 02 - Source: 200.123.132.188

Screenshot 03 - Source: Rosenblum Eye Centers

Clicking on the hyperlink in the message, one will be directed to a phishing website hosted in Buenos Aires, Argentine. (See Screenshot 02.) It’s the same host of the phishing website that we reported two days ago. Furthermore, the origin of the phishing message is also the same. It comes from the mail server maintained by a Manhattan/New York-based organization called Rosenblum Eye Centers (Screenshot 03 shows the index page of Rosenblum Eye Centers’ website at rosenblumeyecenters.com.). 

Screenshot 04 shows the HTML source code of the phishing message. Just as in the last case, the header indicates that the true origin of the message is the IP address of 64.32.177.103, whose node name is correctly recorded as mail.rosenblumeyecenters.com.

Screenshot 04 - Source: MacHouse

Screenshot 05 - Source: Rosenblum Eye Centers

Screenshot 06 - Source: MedNet Technologies

More than 15 hours ago, we used their contact form (See Screenshot 05.) to give a kind notification to Rosenblum Eye Centers that their mail server had been used to circulate PayPal phishing messages. We also advised the organization to contact MedNet Technologies, which appears to maintain Rosenblum Eye Centers’ website. (Screenshot 06 shows the index page of MedNet Technologies’ website.) Despite our effort, the same phishing act has been repeated.

In fact, this is the best time of the year for cyber criminals to exploit Internet users. It is very common for them to send out phishing messages over the weekend. Many businesses in Europe and North America have entered a long weekend that will continue until Christmas. So they are likely to manage to send out phishing messages from Rosenblum Eye Centers’ mail server at least until December 26th.






Related stories:

Active PayPal Phishing Website Ex Argentine Targeting German Users - Part 2
Active PayPal Phishing Website Ex Argentine Targeting German Users - Part 1
Another Active PayPal Phishing Website Targeting German Users - Part 2
New Active PayPal Phishing Website Targeting German Users - Part 2
Another Active PayPal Phishing Website Targeting German Users - Part 1
New Active PayPal Phishing Website Targeting German Users - Part 1
Active Phishing Website Targeting German PayPal Users - Part 2
Active Phishing Website Targeting German PayPal Users - Part 1

********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?