Hi United! -> Chase.US Was:Re: abuse.clue @ Sprint? (phish in barrel, pictures @ 11:00)

Martin Hannigan hannigan at renesys.com
Mon Apr 3 20:11:58 UTC 2006





At 02:17 PM 4/3/2006, neal rauhauser wrote:



>   Got this forwarded to me by an associate - seems he tried the 
> usual channels and is having no luck. I suppose there are 
> professional phishermen out there but it sure would be nice to cut 
> to the Chase on this one. Heh ... get it ... Chase?
>
>
>--- phish report
>
>
>We got a bunch of e-mails this morning, purporting to be from 
>Chase.com; when you click the link in the message, though, you go to 
>the following site;
>
>hhhttp://cpe-24-221-82-147.mi.sprintbbd.net:81/colappmgr/colportal/prospect.php?_n 
>fpb=change_form
>



Hey United guys: chase.us? The registrar is appears absent again. 
Maybe you slam dunk it?
This Chase phish is really getting out of hand. I'm getting them 
daily from 2 to 5 times
in the last week.

They are being very resilient on the page source. They're everywhere.


Phish source:

http://www.fugawi.net/~hannigan/chasephish.txt

Spam:

http://www.fugawi.net/~hannigan/chasespam.txt

NS:

Non-authoritative answer:
chase.us        nameserver = authns.lax.mysite.com.
chase.us        nameserver = authns.nyc.mysite.com.
chase.us        nameserver = authns.iad.mysite.com.

Authoritative answers can be found from:
authns.iad.mysite.com   internet address = 64.136.35.146
authns.lax.mysite.com   internet address = 64.136.28.28
authns.nyc.mysite.com   internet address = 64.136.20.28



-M<







--
Martin Hannigan                                (c) 617-388-2663
Renesys Corporation                            (w) 617-395-8574
Member of Technical Staff                      Network Operations
                                                hannigan at renesys.com  




More information about the NANOG mailing list