[89745] in North American Network Operators' Group
Hi United! -> Chase.US Was:Re: abuse.clue @ Sprint? (phish in
daemon@ATHENA.MIT.EDU (Martin Hannigan)
Mon Apr 3 16:12:51 2006
Date: Mon, 03 Apr 2006 16:11:58 -0400
To: NANGO <nanog@merit.edu>
From: Martin Hannigan <hannigan@renesys.com>
In-Reply-To: <443166A5.1040203@lists.rauhauser.net>
Errors-To: owner-nanog@merit.edu
At 02:17 PM 4/3/2006, neal rauhauser wrote:
> Got this forwarded to me by an associate - seems he tried the
> usual channels and is having no luck. I suppose there are
> professional phishermen out there but it sure would be nice to cut
> to the Chase on this one. Heh ... get it ... Chase?
>
>
>--- phish report
>
>
>We got a bunch of e-mails this morning, purporting to be from
>Chase.com; when you click the link in the message, though, you go to
>the following site;
>
>hhhttp://cpe-24-221-82-147.mi.sprintbbd.net:81/colappmgr/colportal/prospect.php?_n
>fpb=change_form
>
Hey United guys: chase.us? The registrar is appears absent again.
Maybe you slam dunk it?
This Chase phish is really getting out of hand. I'm getting them
daily from 2 to 5 times
in the last week.
They are being very resilient on the page source. They're everywhere.
Phish source:
http://www.fugawi.net/~hannigan/chasephish.txt
Spam:
http://www.fugawi.net/~hannigan/chasespam.txt
NS:
Non-authoritative answer:
chase.us nameserver = authns.lax.mysite.com.
chase.us nameserver = authns.nyc.mysite.com.
chase.us nameserver = authns.iad.mysite.com.
Authoritative answers can be found from:
authns.iad.mysite.com internet address = 64.136.35.146
authns.lax.mysite.com internet address = 64.136.28.28
authns.nyc.mysite.com internet address = 64.136.20.28
-M<
--
Martin Hannigan (c) 617-388-2663
Renesys Corporation (w) 617-395-8574
Member of Technical Staff Network Operations
hannigan@renesys.com
