Joined: Jun 27, 2004 Posts: 8575 Location: Deep in the Heart of Texas
Posted: Thu Mar 30, 2006 9:26 pm Post subject: Fried Phish Mar 30: Chase @ Yahoo (US)
Phish Alert Full Report: /modules.php?name=Fried_Phish&fp=phish&id=1634&in=1 The email hyperlink directs to a US server hosting an imitation Chase login screen. The site was active at the time of investigation.
The domain has multiple DNS A records hosted on Yahoo servers:
;; ANSWER SECTION:
configchase.com. 599 IN A 216.39.58.65
configchase.com. 599 IN A 216.39.58.66
configchase.com. 599 IN A 216.39.58.67
configchase.com. 599 IN A 216.39.58.68
configchase.com. 599 IN A 216.39.58.63
configchase.com. 599 IN A 216.39.58.64
"14779 | US | arin | 2000-02-07 | INKTOMI-LAWSON - Inktomi Corporation"<br />
Generated and sent email phish alert to respective parties.
Quote:
From Thu Mar 30 16:09:24 2006
Received: from mail2.hagenhosting.com (ns1.hagenhosting.com [63.97.115.194])
by bugsbunny.castlecops.com (8.13.6/8.13.6) with ESMTP id k2UL9Oaq004962
for <>; Thu, 30 Mar 2006 16:09:24 -0500
Received: from mail0.njd.xo.com ([216.156.2.34] helo=mail.njd.xo.com)
by mail2.hagenhosting.com with esmtp (Exim 4.60)
(envelope-from <>)
id 1FP4Ob-0002pi-Of
for ; Thu, 30 Mar 2006 16:09:34 -0500
Received: from pro.dcwopsa1.com (100mbit.net [69.93.4.34] (may be forged))
by mail.njd.xo.com (8.11.6p2/8.8. with ESMTP id k2ULF9V28343
for <>; Thu, 30 Mar 2006 16:15:17 -0500 (EST)
Received: from nobody by pro.dcwopsa1.com with local (Exim 4.52)
id 1FP0QL-0001QZ-Tb
for ; Thu, 30 Mar 2006 18:55:06 +02
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
with ESMTP id k2ULF9V28343
