RE: Hi United! -> Chase.US Was:Re: abuse.clue @ Sprint? (phish in barrel, pictures @ 11:00)
Got this forwarded to me by an associate - seems he tried the usual channels and is having no luck. I suppose there are professional phishermen out there but it sure would be nice to cut to the Chase on this one. Heh ... get it ... Chase?
--- phish report
We got a bunch of e-mails this morning, purporting to be from Chase.com; when you click the link in the message, though, you go to the following site;
hhhttp://cpe-24-221-82-147.mi.sprintbbd.net:81/colappmgr/colportal/pros
I'll see to it that this domain is shutdown from our service. Kevin Pawloski | Security Engineer - United Online | kpawloski at corp.untd.com | VoIP - kevin at netzero.net -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Martin Hannigan Sent: Monday, April 03, 2006 1:12 PM To: NANGO Subject: Hi United! -> Chase.US Was:Re: abuse.clue @ Sprint? (phish in barrel, pictures @ 11:00) At 02:17 PM 4/3/2006, neal rauhauser wrote: pect.php?_n
fpb=change_form
Hey United guys: chase.us? The registrar is appears absent again. Maybe you slam dunk it? This Chase phish is really getting out of hand. I'm getting them daily from 2 to 5 times in the last week. They are being very resilient on the page source. They're everywhere. Phish source: http://www.fugawi.net/~hannigan/chasephish.txt Spam: http://www.fugawi.net/~hannigan/chasespam.txt NS: Non-authoritative answer: chase.us nameserver = authns.lax.mysite.com. chase.us nameserver = authns.nyc.mysite.com. chase.us nameserver = authns.iad.mysite.com. Authoritative answers can be found from: authns.iad.mysite.com internet address = 64.136.35.146 authns.lax.mysite.com internet address = 64.136.28.28 authns.nyc.mysite.com internet address = 64.136.20.28 -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com
participants (1)
-
Pawloski, Kevin