Phishing: Survey & News Sites hosted at the Ukraine

by Rudolf Faix 2. July 2015 06:11

After thinking a long time about the purpose of the sites fifty-news.com, multitrendo.com, tempoquiz.com. trastnews.com, vacantsurvey.com, wheresurvey.com, whosurvey.com and the other sites hosted there, I got their purpose. They are only available for phishing the passwords of your payment provider. Especially if you expect a payment and you get a faked email from your payment provider for an account verification you'll will not wait a long time and make this account verification.

Take a look at the "Paypal" email - she is in German language (my account has been made in Austria) - the translation of the important parts gets described afterwards:

Paypal Phishing

Why this email is a phishing email:

  • Paypal will never use the email address access@access.com
  • The message "... der Zeit Ihrer letzen Anmeldung,Ihr PayPal-Konto ist vorübergehend blockiert" - English: "... since you logged off the last time your PayPal-account is temporary blocked" is known from PayPal. With this you are getting invited to follow the link provided at "Klicken Sie bitte Jetzt Zugriff wiederherstellen" (English: "Click Restore the Access Now"). This link and the button leads to http://kolbe.bz/logins/ - not really to PayPal.
  • The same link http://kolbe.bz/logins/ get found at the end of the message where is nothing else written than "Please don't answer to this email we are not reading this email. If you have questions then login to your account and click on contact".

kolbe.bz is an hacked Word Press site - you can see the Word Press logo if you are using http://kolbe.bz/login instead http://kolbe.bz/logins/. If you are using http://kolbe.bz/logins/ then you see a copy of the PayPal page:

Paypal phishing site

kolbe.bz redirects the traffic to serveusers.com. The domain serveusers.com belongs to the hosting provider Network OperationsZZZ ChangeIP located in Miami, USA.

The website gets found at the IP:

 
IP Address Country Region City ISP
 
187.108.192.56 Brazil  Sao Paulo Sao Paulo Snh Servicos De Internet Ltda.

 

The email got sent from the following IP:

 
IP Address Country Region City ISP
 
67.225.220.93 United States  Michigan Lansing Liquid Web Inc.

 

At the moment are the following domains at the same servers available - you should avoid this sites:

  • actutrend.com
  • deepopros.com
  • direxnews.com
  • domnovost.com
  • driftofnews.com
  • enqueteok.com
  • espovote.com
  • exponovost.com
  • fifty-news.com
  • formalquiz.com
  • fractualites.com
  • frenqu.com
  • froround.com
  • gateopros.com
  • globynews.com
  • guruopros.com
  • innofnews.com
  • iorkquest.com
  • lifevesti.com
  • line-quiz.com
  • mail.fractualites.com
  • maxopros.com
  • multitrendo.com
  • news-doc.com
  • novvest.com
  • ok-quiz.com
  • okactualites.com
  • okanket.com
  • okinterview.com
  • onopros.com
  • oproska.com
  • oprosofnew.com
  • peoplesep.com
  • personquiz.com
  • plusopros.com
  • posteok.com
  • prevopros.com
  • qlorynews.com
  • qualyquiz.com
  • questbsn.com
  • quizinfor.com
  • randnov.com
  • rugonews.com
  • start-surves.com
  • start-survey.com
  • start-surveys.com
  • starts-survey.com
  • survey-full.com
  • surveysoks.com
  • teamopros.com
  • tempoquiz.com
  • timevesti.com
  • timezquest.com
  • trastnews.com
  • trendonews.com
  • unnonews.com
  • up-actu.com
  • upenqu.com
  • vacantsurvey.com
  • votescomp.com
  • wheresurvey.com
  • whosurvey.com
  • zeeround.com

Never click on a link in a received email in such a case. Go directly to the site by entering the link manually.

 

Tags: , , , , , ,

Fraud & Scam

Follow me

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis. By browsing or using content from this site you accept the full legal disclaimer of this website.



hit counters