The Scamdex Scam Email Archive - Generic o

Subject:  (Chase Phishing)http://www.dhcp.com.br/_uti_inf.html
From:  "Antihotmail.com Internet Incident Reponse Team (IIRT)" <iirt@antihotmail.com>
Date:  Fri, 28 Apr 2006 09:25:32 -0700

A Scam Email with the Subject "(Chase Phishing)http://www.dhcp.com.br/_uti_inf.html" was received in one of Scamdex's honeypot email accounts on Fri, 28 Apr 2006 09:25:32 -0700 and has been classified as a Generic Scam. The sender was "Antihotmail.com Internet Incident Reponse Team (IIRT)" <iirt@antihotmail.com>, although it may have been spoofed.

This phishing site is being used for both Chase/JP Morgan and Branch Banking and
Trust

canonical name dhcpweb.takenet.com.br.
aliases www.dhcp.com.br
addresses 200.195.35.175
nserver:     ns.takenet.com.br
nserver:     ns2.takenet.com.br

Return-Path: <account@chase.com>
Delivered-To: spamcop-net-antihotmail@spamcop.net
Received: (qmail 20607 invoked from network); 28 Apr 2006 14:56:04 -0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade5
X-Spam-Level: ***************
X-Spam-Status: hits=15.0 tests=FORGED_MSGID_YAHOO,HTML_IMAGE_ONLY_28,
        HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_BOUND_DD_DIGITS,
        MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF,MSGID_SPAM_LETTERS,
        RCVD_NUMERIC_HELO,UNPARSEABLE_RELAY,URIBL_BLACK version=3.1.1
Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)
  by blade5.cesmail.net with SMTP; 28 Apr 2006 14:56:04 -0000
Received: from mailgate.cesmail.net ([216.154.195.36])
  by c60.cesmail.net with SMTP; 28 Apr 2006 10:55:47 -0400
X-IronPort-AV: i="4.04,164,1144036800";
   d="scan'208"; a="346897607:sNHT51503054"
Received: (qmail 4295 invoked from network); 28 Apr 2006 14:55:46 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
  by mailgate.cesmail.net with SMTP; 28 Apr 2006 14:55:46 -0000
X-RocketMail: 00000001;R---------------;5535
X-RocketUID: 0000101768
X-RocketMIF: 1145969646;3669;
X-RocketYMUMID: APXJjkQAAJwyRE4b7gSSE0CpLjY
X-Apparently-To: sgtpepper_1967@yahoo.com via 68.142.201.245; Tue, 25 Apr 2006
05:54:06 -0700
X-RocketRCL: 2726;1;1596475561;2768
X-Rocket-Spam: 83.150.204.44
X-YahooFilteredBulk: 83.150.204.44
X-Rocket-Track: cat=BK;
info=ip:BK<ip=83.150.204.44,policy=g-w0,n0,g100>;sv:UK<ip=68.142.202.232>
X-Originating-IP: [83.150.204.44]
Authentication-Results: mta237.mail.mud.yahoo.com
  from=chase.com; domainkeys=neutral (no sig)
Received: from popgate.cesmail.net [192.168.1.201]
        by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)
        for antihotmail@spamcop.net (single-drop); Fri, 28 Apr 2006 10:55:46 -0400
(EDT)
Received: from 83.150.204.44 (83.150.204.44)
  by mta237.mail.mud.yahoo.com with SMTP; Tue, 25 Apr 2006 05:54:05 -0700
Received: from 23.44.208.119 by ; Tue, 25 Apr 2006 06:46:35 -0700
Message-ID: <monstrosity@yahoo.com>
Date: Tue, 25 Apr 2006 16:52:35 +0300
From: "JPMorgan Chase & Co." <account@chase.com>
To: raj_nadella1@yahoo.com, cc14607@yahoo.com, nowhere_land@yahoo.com,
sgtpepper_1967@yahoo.com
Subject: Online Banking Disabled
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="--714696223379555106"
X-Mailer: MIME-tools 5.503 (Entity 5.501)
X-OriginalArrivalTime: Tue, 25 Apr 2006 09:49:35 -0400
Content-Length: 1162
X-SpamCop-Checked:
X-SpamCop-Disposition: Blocked SpamAssassin=15

----714696223379555106
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

&nbsp;&nbsp;&nbsp;<img src=3Dhttp://www.chase.com/ccpmweb/shared/image/cha=
seNewlogo.gif><div><br>&nbsp;&nbsp;<font face=3Dverdana color=3D"darkblue"=
 size=3D2><b> Dear JPMorgan Chase & Co. Customer,</b></font></div><br><br>=
<font face=3D"arial" size=3D2><DIV>&nbsp;&nbsp;&nbsp;Due to suspicious act=
ivities on your JPMorgan Chase & Co. online account registered on raj_nade=
lla1@yahoo.com we have<BR>&nbsp;&nbsp; temporarily <A href=3D"http://www.g=
oogle.com/url?q=3Dhttp://www.dhcp.com.br/_uti_inf.html";>DISABLED</A> acces=
s to your Online Banking session.</div><br><br></font><font face=3D"arial"=
 size=3D2><DIV>&nbsp;&nbsp;&nbsp;In order to reinstate your account and re=
sume Online Banking please&nbsp;<A href=3D"http://www.google.com/url?q=3Dh=
ttp://www.dhcp.com.br/_uti_inf.html">CONFIRM</A> your online <br>&nbsp;&nb=
sp;&nbsp;account, or you can call customer service Monday through Friday 8=
 a.m. EST to 1 a.m. EST and <br>&nbsp;&nbsp;&nbsp;Saturday 8 a.m. EST to 5=
 p.m. EST at 1-800-621-0361.</div><br><br><DIV>&nbsp;&nbsp;&nbsp;_________=
_____________________________________________________________</div><br><di=
v><font face=3Dverdana size=3D1>&nbsp;&nbsp;&nbsp;ABOUT THIS MESSAGE:<div>=
<font face=3Dverdana size=3D1>&nbsp;&nbsp;&nbsp;This message was delivered=
 to you as a JPMorgan Chase & Co. credit card customer to provide you acco=
unt<br>&nbsp;&nbsp;&nbsp;updates and information about your card benefits.=
 JPMorgan Chase & Co. values your privacy and your<br>&nbsp;&nbsp;&nbsp;pr=
eferences.</div><br><div><font face=3Dverdana size=3D1>&nbsp;&nbsp;&nbsp;Y=
our personal information is protected by state-of-the-art technology. For =
more detailed <br>&nbsp;&nbsp;&nbsp;security information, view our <A href=
=3D"http://www.chase.com/privacy";>Online Privacy Policy</A>. To request in=
 writing: JPMorgan Chase & Co. Privacy <br>&nbsp;&nbsp;&nbsp;Operations, 4=
51 Florida Street, Fourth Floor, LA2-9376, Baton Rouge, LA 70801</div><br>=
<div><font face=3Dverdana size=3D1>&nbsp;&nbsp;&nbsp;If you want to contac=
t JPMorgan Chase & Co., please do not reply to this message, but instead g=
o to <br>&nbsp;&nbsp;&nbsp;<A href=3D"http://www.chase.com";>http://www.cha=
se.com/</A>. For faster service, please enroll or log in to your account. =
Replies to<br>&nbsp;&nbsp;&nbsp;this message will not be read or responded=
 to.</div><br><div><font face=3Dverdana size=3D1>&nbsp;&nbsp;&nbsp;This em=
ail was sent to: raj_nadella1@yahoo.com</div><br><div><font face=3Dverdana=
 size=3D1>&nbsp;&nbsp;&nbsp;Copyright =A9 2006, JPMorgan Chase & Co. All R=
ights Reserved.</div>

----714696223379555106--



--


--
Questions can be sent to: iirt@antihotmail.com
Domain  Dossier: http://www.centralops.net/
Antihotmail.com Whois: http://whois.antihotmail.com

[Zero Tolerance towards Unsolicited Email]
This email is sent in compliance with our strict anti-abuse
regulations.You have received this email because we are a active
Spam fighting organization.If you do not wish to receive any mail
from our service you may permanently block your email address by
sending a email to: stop.complaints@antihotmail.com .

All UCE/BCE is subject to a US$500.00 fee per item. If you send UCE
(SPAM) to Antihotmail.com , you are agreeing to this charge for
processing your "email" and also agree to pay any and all costs
incurred in collecting this fee.