North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Hi United! -> Chase.US Was:Re: abuse.clue @ Sprint? (phish in barrel, pictures @ 11:00)

  • From: Martin Hannigan
  • Date: Mon Apr 03 16:13:35 2006 


At 02:17 PM 4/3/2006, neal rauhauser wrote:
Got this forwarded to me by an associate - seems he tried the usual channels and is having no luck. I suppose there are professional phishermen out there but it sure would be nice to cut to the Chase on this one. Heh ... get it ... Chase?


--- phish report


We got a bunch of e-mails this morning, purporting to be from Chase.com; when you click the link in the message, though, you go to the following site;

hhhttp://cpe-24-221-82-147.mi.sprintbbd.net:81/colappmgr/colportal/prospect.php?_n fpb=change_form



Hey United guys: chase.us? The registrar is appears absent again. Maybe you slam dunk it?
This Chase phish is really getting out of hand. I'm getting them daily from 2 to 5 times
in the last week.

They are being very resilient on the page source. They're everywhere.


Phish source:

http://www.fugawi.net/~hannigan/chasephish.txt

Spam:

http://www.fugawi.net/~hannigan/chasespam.txt

NS:

Non-authoritative answer:
chase.us nameserver = authns.lax.mysite.com.
chase.us nameserver = authns.nyc.mysite.com.
chase.us nameserver = authns.iad.mysite.com.

Authoritative answers can be found from:
authns.iad.mysite.com internet address = 64.136.35.146
authns.lax.mysite.com internet address = 64.136.28.28
authns.nyc.mysite.com internet address = 64.136.20.28



-M<







--
Martin Hannigan (c) 617-388-2663
Renesys Corporation (w) 617-395-8574
Member of Technical Staff Network Operations
[email protected]