Hi!

https://online.regions.com/ibsregion...lt/confirm.cfm
- Firstly, I get a message on Firefox (1.0.3) - "The connection to online.regions.com has terminated unexpectedly. Some data may have been transferred". In IE, "cannot find server, The page cannot be displayed". It is down I think.

Well, I have been receiving this Regions Bank scam almost daily with my regular yahoo account. Even if I already report it as spam, I still received it from time to time. Now, I used a different e-mail account (and provider) just to avoid such spam.


62.193.214.56 - some company named Plesk:
This is the Plesk™ default page

If you see this page it means:

1) hosting for this domain is not configured
or
2) there's no such domain registered in Plesk.

For more information please contact @adminemail@.
212.80.144.5 - Network Error
Network Error (tcp_error)

A communication error occurred: "Operation timed out"
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.

For assistance, contact your network support team.
The pertinent header info indicates NL (Netherlands) and FR (France) as the source:
Using RIPE.net:
212.80.144.5 - SPAIN
62.193.214.56 - FRANCE


FYI, I think this link leads to the REAL Regions Bank - http://www.regions.com/personal_home.shtml -

*And the REAL link that the SCAM SITE copied - https://secure.regionsnet.com/EBanki...faultAffiliate

And one more observation, almost all the link in the scam site (aside from the login link) links back to the REAL site to show it's legit. OLD PHISHING...

Lastly, digging further, you may also want to check other pages inside the source of the scam link - hXXp://www.m4r0c4n.com/REGIONS/measures.htm

THIS IS THE SECRET - from the source - hXXp://www.m4r0c4n.com/REGIONS/user.htm
Code:
name="logonForm" method="POST" action="signon.php" onsubmit="if (this.disabled) return false;
It is really nice and fun digging some!

-GONE