[EIDXA] Fake Email
Jason Joens NR0X
Jason at nr0x.org
Tue Mar 7 19:29:29 EST 2017
Hi guys,
This kind of scam is pretty common. The email is pretending to be from
Chase, but if you look at the header, you can see its from Chase AcctSec.
Team chasesecurity-team_noreplies at chse.com which you can tell is bogus
because your chase credit card company wouldn't be smart enough not to
misspell their domain name. If you click on the link, you can see a rather
nice copy of a Chase website, which is asking for login credentials. Go
ahead and makeup something fake to put in there and it will bring you to a
screen asking for credit card info. Try clicking some random links on the
page and you will find that none of them work, instead telling you that you
have to verify your identity first. Another clue is that the site forwards
you to http://45.64.1.59, which I trace to Jakarta, Indonesia. I found a
nameserver and did a whois search on it. Here are the results..
In short, don't believe everything you read. They love trying to sound
official and scare you into giving your info away.
Jason NR0X
Domain Name: MAINTENIS.COM
Registry Domain ID: 1944449125_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2015-07-03T18:25:38.00Z
Creation Date: 2015-07-04T01:25:19.00Z
Registrar Registration Expiration Date: 2020-07-04T01:25:19.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Domain Status: ok https://www.icann.org/epp#ok
Registry Registrant ID:
Registrant Name: DOMAIN ADMINISTRATOR
Registrant Organization: PT. MASTER WEB NETWORK
Registrant Street: CYBER BUILDING 9TH FLOOR
Registrant Street: JL. KUNINGAN BARAT NO.8
Registrant City: JAKARTA
Registrant State/Province: ID
Registrant Postal Code: 12710
Registrant Country: ID
Registrant Phone: +62.5269312
Registrant Phone Ext:
Registrant Fax: +62.5269311
Registrant Fax Ext:
Registrant Email: HOSTMASTER at MASTERWEBNET.COM
Registry Admin ID:
Admin Name: DOMAIN ADMINISTRATOR
Admin Organization: PT. MASTER WEB NETWORK
Admin Street: CYBER BUILDING 9TH FLOOR
Admin Street: JL. KUNINGAN BARAT NO.8
Admin City: JAKARTA
Admin State/Province: ID
Admin Postal Code: 12710
Admin Country: ID
Admin Phone: +62.5269312
Admin Phone Ext:
Admin Fax: +62.5269311
Admin Fax Ext:
Admin Email: HOSTMASTER at MASTERWEBNET.COM
Registry Tech ID:
Tech Name: DOMAIN ADMINISTRATOR
Tech Organization: PT. MASTER WEB NETWORK
Tech Street: CYBER BUILDING 9TH FLOOR
Tech Street: JL. KUNINGAN BARAT NO.8
Tech City: JAKARTA
Tech State/Province: ID
Tech Postal Code: 12710
Tech Country: ID
Tech Phone: +62.5269312
Tech Phone Ext:
Tech Fax: +62.5269311
Tech Fax Ext:
Tech Email: HOSTMASTER at MASTERWEBNET.COM
Name Server: DNS1.MASTERWEBNET.COM
Name Server: DNS2.MASTERWEB.NET
Name Server: DNS3.MASTERWEB.COM
Name Server: DNS4.MASTERWEBNET.COM
DNSSEC: unSigned
Registrar Abuse Contact Email: abuse at enom.com
Registrar Abuse Contact Phone: +1.4252982646
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
>>> Last update of WHOIS database: 2015-07-03T18:25:38.00Z <<< -----Original
Message-----
From: EIDXA [mailto:eidxa-bounces at mailman.qth.net] On Behalf Of Chase
AcctSec. Team chasesecurity-team_noreplies--- via EIDXA
Sent: Tuesday, March 7, 2017 8:04 AM
To: eidxa at mailman.qth.net
Cc: Chase AcctSec. Team chasesecurity-team_noreplies at chse.com
Subject: [EIDXA] Account Suspension
More information about the EIDXA
mailing list