Re: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd)

[h . gold]

On these rockphish all the registrants are forged.  They are the victims 
of a previous ID theft phishing scam.

It's also true for domains registered expressly for the purpose of 
phishing .. as opposed to a hacked legit site.

ew

On 6 Jun 2007 at 14:43, John Holan wrote:

> 
> Hi
> Here comes the info
> Look at the email address for techs.
> 
> 
> Domain ID:D18267039-LRMS
> Domain Name:MCMACCOY.INFO
> Created On:05-Jun-2007 13:43:56 UTC
> Last Updated On:05-Jun-2007 13:55:41 UTC
> Expiration Date:05-Jun-2008 13:43:56 UTC
> Sponsoring Registrar:Register.com (R140-LRMS)
> Status:TRANSFER PROHIBITED
> Registrant ID:6A01930D5CDF7C71
> Registrant Name:Colin McMillan
> Registrant Organization:Colin McMillan
> Registrant Street1:402SanchezStreet
> Registrant Street2:
> Registrant Street3:
> Registrant City:SanFrancisco
> Registrant State/Province:CA
> Registrant Postal Code:94114
> Registrant Country:US
> Registrant Phone:+1.4158124526
> Registrant Phone Ext.:
> Registrant FAX:
> Registrant FAX Ext.:
> Registrant Email:[EMAIL PROTECTED]
> Admin ID:6A01930D5CDF7C71
> Admin Name:Colin McMillan
> Admin Organization:Colin McMillan
> Admin Street1:402SanchezStreet
> Admin Street2:
> Admin Street3:
> Admin City:SanFrancisco
> Admin State/Province:CA
> Admin Postal Code:94114
> Admin Country:US
> Admin Phone:+1.4158124526
> Admin Phone Ext.:
> Admin FAX:
> Admin FAX Ext.:
> Admin Email:[EMAIL PROTECTED]
> Billing ID:6A01930D5CDF7C71
> Billing Name:Colin McMillan
> Billing Organization:Colin McMillan
> Billing Street1:402SanchezStreet
> Billing Street2:
> Billing Street3:
> Billing City:SanFrancisco
> Billing State/Province:CA
> Billing Postal Code:94114
> Billing Country:US
> Billing Phone:+1.4158124526
> Billing Phone Ext.:
> Billing FAX:
> Billing FAX Ext.:
> Billing Email:[EMAIL PROTECTED]
> Tech ID:6A01930D5CDF7C71
> Tech Name:Colin McMillan
> Tech Organization:Colin McMillan
> Tech Street1:402SanchezStreet
> Tech Street2:
> Tech Street3:
> Tech City:SanFrancisco
> Tech State/Province:CA
> Tech Postal Code:94114
> Tech Country:US
> Tech Phone:+1.4158124526
> Tech Phone Ext.:
> Tech FAX:
> Tech FAX Ext.:
> Tech Email:[EMAIL PROTECTED]
> Name Server:NS6.1MAY-DAY.CN
> Name Server:NS3.1MAY-DAY.CN
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> Name Server: 
> 
> 
> John Holan
> 
> IS Analyst
> 
> 
> -----Original Message-----
> From: Steve Pirk [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, June 06, 2007 10:52 AM
> To: phishing@whitestar.linuxbox.org
> Subject: [phishing] Washington Mutual Bank US : Urgent Banking Service
> Email(fwd)
> 
> WaMu phshing site (soon?) at:
> 
> http://treasury.wamu.com.ibswamu.ssid23pyfnxrooebhd.mcmaccoy.info/conf
> ir m/cmserver/welcome/default/verify.cfm
> 
> whois does not return anything for mcmaccoy.info, so it could
> be a new domain being set up, or it has already been taken down.
> --
> Steve
> 
> ---------- Forwarded message ----------
> Return-Path: <[EMAIL PROTECTED]>
> Received: from amd-dfmtil7kjsn
>     (200.161.62.58.broad.gz.gd.dynamic.163data.com.cn [58.62.161.200]
> (may be
>     forged))
>  by mail.pirk.com (8.13.7/8.12.0.Beta19) with SMTP id
> l56DIEMc023124
>  for <[EMAIL PROTECTED]>; Wed, 6 Jun 2007 06:18:15 -0700
> Message-ID: <[EMAIL PROTECTED]>
> From: "WaMu Bank US Treasury & Cash Management'2007"
>     <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Washington Mutual Bank US : Urgent Banking Service Email
> Date: Wed, 06 Jun 2007 21:17:09 +0900 MIME-Version: 1.0 Content-Type:
> multipart/related;
>  type="multipart/alternative";
>  boundary="----=_NextPart_000_0016_01C7A880.0AAB57B0"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.2180
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> 
>    [IMAGE]
> 
>    Dear WaMu Treasury Management client!
> 
>    Our Technical Unit is running a scheduled software upgrade.
> 
>    By clicking on the link below you will start the procedure of the
>    client details confirmation:
> 
> 
> http://treasury.wamu.com.ibswamu.sess23pyfnxrooebhd/confirm/cmserver/w
> el come/default/verify.cfm
> 
>    These directions are to be mailed and followed by all Commercial
>    Treasury Services members of the WaMu .
> 
>    WaMu USA does apologize for the inconveniences caused to you, and
>    is very grateful for your help.
> 
>    If you are not user of the Washington Mutual US please delete this
>    notice!
> 
>    Copyright (c) 2007 WaMu : All Rights Reserved.
> _______________________________________________
> phishing mailing list
> phishing@whitestar.linuxbox.org
> http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
> 


_______________________________________________
phishing mailing list
phishing@whitestar.linuxbox.org
http://www.whitestar.linuxbox.org/mailman/listinfo/phishing