[SURBL-Discuss] Fw: Your August eNewsletter from U.S. Bank

Bill Landry billl at pointshare.com
Tue Aug 24 18:30:47 CEST 2004 

----- Original Message ----- 
From: "Jeff Chan" <jeffc at surbl.org>


> That's not too useful without headers and it doesn't prove it's
> not a phish.

Yep, didn't realize it would look like garbage once it got posted to the
list

> How did you determine that usbank-email.MUNGEDcom really belongs
> to U.S. Bank?

Here is what my search came up with:
==========
whois usbank.com:
Registrant:
U.S. Bancorp Licensing, Inc. (NACLVTHKBD)
   800 Nicollet Mall, EP-MN-BB02
   Minneapolis, MN 55402
   US

   Domain Name: USBANK.COM

   Administrative Contact, Technical Contact:
      Administrator, Domainname ContactMiddleName  (CPESDLZPEI)
domainadmin at usbank.com
      U.S. Bancorp
      2751 Shepard Rd, EP-MN-BB2
      St. Paul, MN 55116
      US
      (651) 205-0265 fax: 123 123 1234

   Record expires on 15-Feb-2009.
   Record created on 14-Feb-1995.
   Database last updated on 24-Aug-2004 20:06:49 EDT.

   Domain servers in listed order:

   NS3.USBANK.COM               170.135.240.25
   NS1.USBANK.COM               156.36.1.18
===========
whois usbank-e-mail.com:
Registrant:
U.S. Bancorp Licensing, Inc. (AWMADPAZID)
   800 Nicollet Mall, EP-MN-BB02
   Minneapolis, MN 55402
   US

   Domain Name: USBANK-EMAIL.COM

   Administrative Contact:
      Administrator, Domainname ContactMiddleName  (CPESDLZPEI)
domainadmin at usbank.com
      U.S. Bancorp
      2751 Shepard Rd, EP-MN-BB2
      St. Paul, MN 55116
      US
      (651) 205-0265 fax: 123 123 1234

   Technical Contact:
      Network Solutions, LLC.  (HOST-ORG)
customerservice at networksolutions.com
      13200 Woodland Park Drive
      Herndon, VA 20171-3025
      US
      1-888-642-9675 fax: 571-434-4620

   Record expires on 24-Feb-2007.
   Record created on 24-Feb-2004.
   Database last updated on 24-Aug-2004 20:07:42 EDT.

   Domain servers in listed order:

   NS.ONCE.COM                  207.189.106.105
   NS2.ONCE.COM                 207.189.106.108
   NS3.ONCE.COM                 207.162.212.83
==========

Both domains were registered through Network Solutions.  Same corporate
address and phone number, and when I called the phone number listed above, I
got the voice mail of a US Bank employee named Mark Marrow (probably the
zone technical contact).  And, most importantly, the account logon links
take you to the official US Bank web site, not some spoofed URL.

I have forwarded the newsletter e-mail as an attachment this time, so
hopefully it will come through intact for viewing, including the original
message headers.

I have seen many US Bank, Pay-Pal, E-Bay, Citi Bank, etc., phishing e-mails,
and this is clearly not one.  Anyway, let me know what you plan to do with
this one.

Thanks,

Bill

More information about the Discuss mailing list