I know this is probably illegal as all get out, but I just realized that since the registrant info is forged, could someone not contact the forged victim via email and have them say "ok" to a domain transfer? I know this one is transfer prohibited, but on some domains it may not be.
Then again, maybe the "admin" could email Register.com and request a deletion of the domain... Ok, Steve, time to shut up :-) -- Steve On Wed, 6 Jun 2007 [EMAIL PROTECTED] wrote: > > On these rockphish all the registrants are forged. They are the victims > of a previous ID theft phishing scam. > > It's also true for domains registered expressly for the purpose of > phishing .. as opposed to a hacked legit site. > > ew > > On 6 Jun 2007 at 14:43, John Holan wrote: > > > > > Hi > > Here comes the info > > Look at the email address for techs. > > > > > > Domain ID:D18267039-LRMS > > Domain Name:MCMACCOY.INFO > > Created On:05-Jun-2007 13:43:56 UTC > > Last Updated On:05-Jun-2007 13:55:41 UTC > > Expiration Date:05-Jun-2008 13:43:56 UTC > > Sponsoring Registrar:Register.com (R140-LRMS) > > Status:TRANSFER PROHIBITED > > Registrant ID:6A01930D5CDF7C71 > > Registrant Name:Colin McMillan > > Registrant Organization:Colin McMillan > > Registrant Street1:402SanchezStreet > > Registrant Street2: > > Registrant Street3: > > Registrant City:SanFrancisco > > Registrant State/Province:CA > > Registrant Postal Code:94114 > > Registrant Country:US > > Registrant Phone:+1.4158124526 > > Registrant Phone Ext.: > > Registrant FAX: > > Registrant FAX Ext.: > > Registrant Email:[EMAIL PROTECTED] > > Admin ID:6A01930D5CDF7C71 > > Admin Name:Colin McMillan > > Admin Organization:Colin McMillan > > Admin Street1:402SanchezStreet > > Admin Street2: > > Admin Street3: > > Admin City:SanFrancisco > > Admin State/Province:CA > > Admin Postal Code:94114 > > Admin Country:US > > Admin Phone:+1.4158124526 > > Admin Phone Ext.: > > Admin FAX: > > Admin FAX Ext.: > > Admin Email:[EMAIL PROTECTED] > > Billing ID:6A01930D5CDF7C71 > > Billing Name:Colin McMillan > > Billing Organization:Colin McMillan > > Billing Street1:402SanchezStreet > > Billing Street2: > > Billing Street3: > > Billing City:SanFrancisco > > Billing State/Province:CA > > Billing Postal Code:94114 > > Billing Country:US > > Billing Phone:+1.4158124526 > > Billing Phone Ext.: > > Billing FAX: > > Billing FAX Ext.: > > Billing Email:[EMAIL PROTECTED] > > Tech ID:6A01930D5CDF7C71 > > Tech Name:Colin McMillan > > Tech Organization:Colin McMillan > > Tech Street1:402SanchezStreet > > Tech Street2: > > Tech Street3: > > Tech City:SanFrancisco > > Tech State/Province:CA > > Tech Postal Code:94114 > > Tech Country:US > > Tech Phone:+1.4158124526 > > Tech Phone Ext.: > > Tech FAX: > > Tech FAX Ext.: > > Tech Email:[EMAIL PROTECTED] > > Name Server:NS6.1MAY-DAY.CN > > Name Server:NS3.1MAY-DAY.CN > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > Name Server: > > > > > > John Holan > > > > IS Analyst > > > > > > -----Original Message----- > > From: Steve Pirk [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 06, 2007 10:52 AM > > To: [email protected] > > Subject: [phishing] Washington Mutual Bank US : Urgent Banking Service > > Email(fwd) > > > > WaMu phshing site (soon?) at: > > > > http://treasury.wamu.com.ibswamu.ssid23pyfnxrooebhd.mcmaccoy.info/conf > > ir m/cmserver/welcome/default/verify.cfm > > > > whois does not return anything for mcmaccoy.info, so it could > > be a new domain being set up, or it has already been taken down. > > -- > > Steve > > > > ---------- Forwarded message ---------- > > Return-Path: <[EMAIL PROTECTED]> > > Received: from amd-dfmtil7kjsn > > (200.161.62.58.broad.gz.gd.dynamic.163data.com.cn [58.62.161.200] > > (may be > > forged)) > > by mail.pirk.com (8.13.7/8.12.0.Beta19) with SMTP id > > l56DIEMc023124 > > for <[EMAIL PROTECTED]>; Wed, 6 Jun 2007 06:18:15 -0700 > > Message-ID: <[EMAIL PROTECTED]> > > From: "WaMu Bank US Treasury & Cash Management'2007" > > <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Washington Mutual Bank US : Urgent Banking Service Email > > Date: Wed, 06 Jun 2007 21:17:09 +0900 MIME-Version: 1.0 Content-Type: > > multipart/related; > > type="multipart/alternative"; > > boundary="----=_NextPart_000_0016_01C7A880.0AAB57B0" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2900.2180 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > > > > [IMAGE] > > > > Dear WaMu Treasury Management client! > > > > Our Technical Unit is running a scheduled software upgrade. > > > > By clicking on the link below you will start the procedure of the > > client details confirmation: > > > > > > http://treasury.wamu.com.ibswamu.sess23pyfnxrooebhd/confirm/cmserver/w > > el come/default/verify.cfm > > > > These directions are to be mailed and followed by all Commercial > > Treasury Services members of the WaMu . > > > > WaMu USA does apologize for the inconveniences caused to you, and > > is very grateful for your help. > > > > If you are not user of the Washington Mutual US please delete this > > notice! > > > > Copyright (c) 2007 WaMu : All Rights Reserved. > > _______________________________________________ > > phishing mailing list > > [email protected] > > http://www.whitestar.linuxbox.org/mailman/listinfo/phishing > > > > > _______________________________________________ > phishing mailing list > [email protected] > http://www.whitestar.linuxbox.org/mailman/listinfo/phishing > _______________________________________________ phishing mailing list [email protected] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
