Rock phish information - dslreports.com

nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest 1 edit	reply to nwrickert Rock phish report Jul 26, 2007 The Thursday report: 14814 81.215.226.34 userconfirmationform-id6704444956.ebay.com.tryret.biz 14816 81.215.226.34 moneymanagergps.session-96724.citizensbank.com.klinher.com 14827 NXDOMAIN moneymanagergps.session-90070080.citizensbank.com.port.kg 14828 NXDOMAIN moneymanagergps.session-2964757.citizensbank.com.m1.kg 14829 phish_is_down moneymanagergps.session-658687.citizensbank.com.buhank.ws 14830 NXDOMAIN moneymanagergps.session-36755.citizensbank.com.kolobokid.hk 14831 NXDOMAIN moneymanagergps.session-78063.citizensbank.com.pachuser.hk 14832 NXDOMAIN moneymanagergps.session-488675.citizensbank.com.cordchi.cc 14833 NXDOMAIN moneymanagergps.session-569906917.citizensbank.com.floher.biz 14834 24.137.123.184 nfbconnect-34938890.northforkbank.com.kgs.kg 14835 NXDOMAIN moneymanagergps.session-261913669.citizensbank.com.cordchi.cc 14836 NXDOMAIN userconfirmationform-id91705.ebay.com.buhank.info 14837 NXDOMAIN moneymanagergps.session-86544808.citizensbank.com.toptenret.us 14840 81.215.226.34 moneymanagergps.session-216458.citizensbank.com.troniek.com 14842 24.137.123.184 nfbconnect-07219.northforkbank.com.stack.kg 14852 202.158.89.132 moneymanagergps.session-313159.citizensbank.com.mulity.st 14853 NXDOMAIN moneymanagergps.session-97701488.citizensbank.com.toptenret.us 14855 200.109.61.147 moneymanagergps.session-70782.citizensbank.com.mulity.st Domain registration info Phish domain Registrar buhank.info REGISTER.COM 7/25/2007 (cancelled) buhank.ws unknown 7/25/2007 (suspended) cordchi.cc eNom 7/24/2007 (suspended) floher.biz GKG.NET 7/25/2007 (suspended) kgs.kg www.domain.kg 7/19/2007 klinher.com REGISTER.COM 7/25/2007 kolobokid.hk HKDNR 7/24/2007 (suspended) m1.kg www.domain.kg 7/19/2007 (suspended) mulity.st ST Registry 7/26/2006 pachuser.hk HKDNR 7/24/2007 (suspended) port.kg www.domain.kg 7/19/2007 (suspended) stack.kg www.domain.kg 7/16/2006 toptenret.us unknown 7/??/2007 troniek.com REGISTER.COM 7/25/2007 tryret.biz REGISTER.COM 7/25/2007 DNS server domain Registrar jumpmo.com REGISTER.COM 6/21/2007 mainvg.com REGISTER.COM 7/11/2007 nsduit.com REGISTER.COM 7/25/2007? (cancelled) sertwer.com GKG.NET 7/25/2007 (suspended) troniek.com REGISTER.COM 7/25/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
	to forum · permalink · · 2007-07-26 23:39:42 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 25, 2007 The report for Wednesday: 14790 phish_is_down webinfocus.id-957478063.mandtbank.com.hrugor.ws 14810 NXDOMAIN userconfirmationform-id413322394.ebay.com.cordet.cc 14811 81.215.226.34 moneymanagergps.session-8834908.citizensbank.com.tyhsa.us 14812 NXDOMAIN moneymanagergps.session-4056925555.citizensbank.com.cordet.cc 14813 NXDOMAIN moneymanagergps.session-50380.citizensbank.com.cordet.cc Domain registration info Phish domain Registrar cordet.cc eNom 7/24/2007 (suspended) hrugor.ws unknown 7/??/2007 (cancelled?) tyhsa.us REGISTER.COM 7/25/2007 DNS server domain Registrar cordchi.cc eNom 7/24/2007 (suspended) laninform.com REGISTER.COM 7/25/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-25 23:35:10 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 24, 2007 The Tuesday report: 14775 NXDOMAIN webinfocus.id-615337.mandtbank.com.gfhdmode.hk 14777 NXDOMAIN webinfocus.id-45999.mandtbank.com.lorii.hk 14780 NXDOMAIN moneymanagergps.session-748681.citizensbank.com.port.kg 14783 81.203.21.33 nfbconnect-8636715151.northforkbank.com.kgs.kg 14784 81.215.226.34 webinfocus.id-40462.mandtbank.com.hobotid.hk 14785 NXDOMAIN moneymanagergps.session-722132.citizensbank.com.m1.kg 14786 68.77.160.127 nfbconnect-564788.northforkbank.com.kgs.kg Domain registration info Phish domain Registrar gfhdmode.hk HKDNR 7/18/2007 (suspended) hobotid.hk HKDNR 7/24/2007 kgs.kg www.domain.kg 7/19/2007 lorii.hk HKDNR 7/23/2007 (suspended) m1.kg www.domain.kg 7/19/2007 (suspended) port.kg www.domain.kg 7/19/2007 (suspended) DNS server domain Registrar jumpmo.com REGISTER.COM 6/21/2007 mainvg.com REGISTER.COM 7/11/2007 mimoservice.hk HKDNR 7/06/2007 (suspended) -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-24 23:56:31 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 23, 2007 Here is the report for Monday: 14741 65.189.145.246 nfbconnect-88184279.northforkbank.com.kgs.kg 14744 74.78.114.62 nfbconnect-183260.northforkbank.com.stack.kg 14745 74.78.114.62 nfbconnect-777768.northforkbank.com.kkl.kg 14746 NXDOMAIN userconfirmationform-id74239001.ebay.com.brolok.biz 14747 74.78.114.62 nfbconnect-633034773.northforkbank.com.kkl.kg 14748 200.101.34.179 userconfirmationform-id155702397.ebay.com.mimocorp.hk 14749 74.78.114.62 nfbconnect-60663.northforkbank.com.dlo.st 14750 74.78.114.62 nfbconnect-2259190979.northforkbank.com.kkl.kg 14751 74.78.114.62 nfbconnect-374560081.northforkbank.com.kgs.kg 14752 75.41.15.168 nfbconnect-198985.northforkbank.com.dlo.st 14753 74.78.114.62 moneymanagergps.session-522909647.citizensbank.com.mod.kg 14754 75.41.15.168 nfbconnect-18108.northforkbank.com.stack.kg 14755 75.41.15.168 nfbconnect-166208375.northforkbank.com.stack.kg 14756 75.41.15.168 nfbconnect-43864.northforkbank.com.kkl.kg 14757 75.41.15.168 nfbconnect-8413639406.northforkbank.com.stack.kg 14760 200.101.34.179 webinfocus.id-171723564.mandtbank.com.olfor.hk 14765 phish_is_down webinfocus.id-83822284.mandtbank.com.lhot.nu 14766 69.230.213.108 moneymanagergps.session-1211213.citizensbank.com.ab.kg Domain registration info Phish domain Registrar ab.kg www.domain.kg 7/19/2007 brolok.biz unknown 7/19/2007? (cancelled) dlo.st ST Registry 7/17/2007 kgs.kg www.domain.kg 7/19/2007 kkl.kg www.domain.kg 7/17/2007 lhot.nu www.nunames.nu 7/23/2007 mimocorp.hk HKDNR 7/06/2007 mod.kg www.domain.kg 7/19/2007 olfor.hk HKDNR 7/23/2007 stack.kg www.domain.kg 7/16/2006 DNS server domain Registrar bonterson.st ST Registry 7/??/2007 (suspended) jumpmo.com REGISTER.COM 6/21/2007 mainvg.com REGISTER.COM 7/11/2007 mimoservice.hk HKDNR 7/06/2007 modernid.hk HKDNR 7/18/2007 (suspended) -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-24 00:14:20 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 22, 2007 It has been a week since we last saw a National City phish. It has been several days since we last saw SunTrust. NorthFork Bank is still being actively targetted. And there have been a couple aimed at eBay. Here is the Sunday report: 14713 24.217.108.65 nfbconnect-9573475977.northforkbank.com.stack.kg 14714 24.217.108.65 nfbconnect-05017.northforkbank.com.dlo.st 14716 65.189.145.246 nfbconnect-031480.northforkbank.com.stack.kg 14717 81.182.0.3 nfbconnect-924904.northforkbank.com.kkl.kg 14730 24.158.75.65 nfbconnect-196634861.northforkbank.com.kkl.kg Domain registration info Phish domain Registrar dlo.st ST Registry 7/17/2007 kkl.kg www.domain.kg 7/17/2007 stack.kg www.domain.kg 7/16/2006 DNS server domain Registrar jumpmo.com REGISTER.COM 6/21/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-22 23:36:14 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 21, 2007 The report for Saturday: 14681 200.47.150.132 nfbconnect.northforkbank.com.web23nebrusf.mimosend.hk 14687 81.215.2.90 userconfirmationform-id759662183.ebay.com.morpas.st Domain registration info Phish domain Registrar mimosend.hk HKDNR 7/06/2007 morpas.st ST Registry 7/20/2007 DNS server domain Registrar mimoservice.hk HKDNR 7/06/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-21 23:44:15 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 20, 2007 Here is the report for Friday: 14644 NXDOMAIN userconfirmationform-id620675.ebay.com.cattyl.us 14645 200.101.34.179 nfbconnect-48211832.northforkbank.com.roikevr.info 14648 74.78.114.62 nfbconnect-46000043.northforkbank.com.dlo.st 14651 74.78.114.62 nfbconnect-7894529.northforkbank.com.kkl.kg 14657 70.51.93.93 nfbconnect-1259694.northforkbank.com.dlo.st 14658 70.51.93.93 nfbconnect-95068.northforkbank.com.kkl.kg Domain registration info Phish domain Registrar cattyl.us REGISTER.COM 7/19/2007 (cancelled) dlo.st ST Registry 7/17/2007 kkl.kg www.domain.kg 7/17/2007 roikevr.info REGISTER.COM 7/19/2007 (cancelled) DNS server domain Registrar baroner.com REGISTER.COM 7/19/2007 (cancelled) hkxeop.com REGISTER.COM 7/19/2007 (cancelled) jumpmo.com REGISTER.COM 6/21/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-20 23:39:35 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 19, 2007 The Thursday report: 14629 80.133.200.216 nfbconnect-4668489717.northforkbank.com.stack.kg 14632 24.158.75.65 nfbconnect-3475101.northforkbank.com.dlo.st 14634 75.21.240.11 nfbconnect-592669434.northforkbank.com.kkl.kg Domain registration info Phish domain Registrar dlo.st ST Registry 7/17/2007 kkl.kg www.domain.kg 7/17/2007 stack.kg www.domain.kg 7/16/2006 DNS server domain Registrar jumpmo.com REGISTER.COM 6/21/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-19 23:54:29 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 18, 2007 The report for Wednesday: 14576 24.67.46.85 onlinetreasurymanager-id9038673.suntrust.com.utr.hk 14579 80.98.202.120 onlinetreasurymanager-id211440470.suntrust.com.fri.hk 14596 65.189.145.246 nfbconnect-412736146.northforkbank.com.kkl.kg 14598 80.98.202.120 onlinetreasurymanager-id919860696.suntrust.com.uqq.hk 14605 84.146.155.143 onlinetreasurymanager-id6993091.suntrust.com.uqq.hk 14621 69.87.138.84 nfbconnect-828829356.northforkbank.com.dlo.st Domain registration info Phish domain Registrar dlo.st ST Registry 7/17/2007 fri.hk HKDNR 7/17/2007 kkl.kg www.domain.kg 7/17/2007 uqq.hk HKDNR 7/17/2007 utr.hk HKDNR 7/17/2007 DNS server domain Registrar jumpmo.com REGISTER.COM 6/21/2007 mainvg.com REGISTER.COM 7/11/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-18 23:58:10 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 17, 2007 The report for Tuesday: 14570 66.67.150.36 onlinetreasurymanager-id936587.suntrust.com.fri.hk 14571 69.230.220.83 nfbconnect-48489970.northforkbank.com.kkl.kg 14572 202.59.198.218 onlinetreasurymanager-id62493.suntrust.com.highpont.hk Domain registration info Phish domain Registrar fri.hk HKDNR 7/17/2007 highpont.hk HKDNR 7/13/2007 (suspended) kkl.kg www.domain.kg 7/17/2007 DNS server domain Registrar ghbdtn.hk HKDNR 7/11/2007 jumpmo.com REGISTER.COM 6/21/2007 mainvg.com REGISTER.COM 7/11/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-17 23:18:33 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 16, 2007 Here is the report for Monday: 14520 212.0.209.68 onlinetreasurymanager-id8465539.suntrust.com.standyon.com 14534 221.156.76.8 nfbconnect-41788669.northforkbank.com.neparauser.hk 14538 NXDOMAIN onlinetreasurymanager-id52530204.suntrust.com.pell.cc 14539 NXDOMAIN onlinetreasurymanager-id34602064.suntrust.com.golcowd.biz Domain registration info Phish domain Registrar golcowd.biz REGISTER.COM 7/13/2007 (cancelled) neparauser.hk HKDNR 7/13/2007 pell.cc REGISTER.COM 7/14/2007 (cancelled) standyon.com REGISTER.COM 7/13/2007 (cancelled) DNS server domain Registrar ghbdtn.hk HKDNR 7/11/2007 webgooler.net REGISTER.COM 7/14/2007 (cancelled) -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-16 23:38:39 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 15, 2007 Another large collection, due to our contributors catching up on a backlog over a longer period of time. At present the rockphishers appear to be actively targetting National City and SunTrust. They may be experimenting with Royal Bank of Scotland. They appear to have scaled back or discontinued their targetting of Regions Bank, North Fork Bank and perhaps Bank of the West. Here is the report for today (Sunday): 14472 NXDOMAIN session-093225.nationalcity.com.mode.kg 14474 phish_is_down session-0138988.nationalcity.com.roitg.at 14476 NXDOMAIN session-27420668.nationalcity.com.mode.kg 14477 NXDOMAIN session755915.towernet.capitalonebank.com.polo4ar.hk 14478 NXDOMAIN nfbconnect-835467.northforkbank.com.modd.jp 14480 NXDOMAIN interact-cid9086060320.regions.com.prontoed.tw 14482 NXDOMAIN session69608946.towernet.capitalonebank.com.hdyyer.hk 14483 NXDOMAIN interact-cid89003.regions.com.mode.kg 14488 NXDOMAIN session5208397172.towernet.capitalonebank.com.yyuejc.hk 14489 NXDOMAIN cwebank-ref0173620.countrywide.com.dkurjf.hk 14493 211.195.203.180 onlinetreasurymanager-id0402653.suntrust.com.hasto.info 14495 211.195.203.180 sessionid-970038592.rbs.co.uk.dkkdf.hk 14496 221.156.76.8 onlinetreasurymanager-id48885.suntrust.com.pashf.hk 14498 NXDOMAIN interactsession-55471.regions.com.domuser.jp 14499 phish_is_down session-03232395.nationalcity.com.sosppro.at 14500 NXDOMAIN interactsession-9410919631.regions.com.domuser.jp 14501 221.156.76.8 session-9846813892.nationalcity.com.webgooler.net 14503 211.195.203.180 session-67365.nationalcity.com.standop.info 14506 NXDOMAIN session-8277528.nationalcity.com.tekco.vu 14507 NXDOMAIN treasury-session0243751.pnc.com.domuser.jp 14509 221.156.76.8 onlinetreasurymanager-id445789.suntrust.com.iklif.hk 14511 NXDOMAIN session-94424137.nationalcity.com.kitrt.cn 14513 NXDOMAIN session-987737943.nationalcity.com.kitrt.cn 14514 221.156.76.8 session-80945573.nationalcity.com.bambata.hk Domain registration info Phish domain Registrar bambata.hk HKDNR 7/12/2007 dkkdf.hk HKDNR 7/12/2007 dkurjf.hk HKDNR 6/24/2007 (suspended) domuser.jp JPRS 6/08/2007 (suspended) hasto.info REGISTER.COM 7/13/2007 hdyyer.hk HKDNR 6/29/2007 (suspended) iklif.hk HKDNR 7/12/2007 kitrt.cn www.cnnic.net.cn 6/08/2007 (cancelled) modd.jp JPRS 7/05/2007 (suspended) mode.kg www.domain.kg 6/18/2007 (suspended) pashf.hk HKDNR 7/14/2007 polo4ar.hk HKDNR 7/06/2007 (suspended) prontoed.tw SEEDNET 4/29/2007 (suspended) roitg.at AT-DOM 7/14/2007 (suspended) sosppro.at AT-DOM 6/25/2007 (suspended) standop.info REGISTER.COM 7/13/2007 tekco.vu vuNIC 6/17/2007 (suspended) webgooler.net REGISTER.COM 7/14/2007 yyuejc.hk HKDNR 6/29/2007 (suspended) DNS server domain Registrar bambata.hk HKDNR 7/12/2007 GENBOR.HK HKDNR 5/23/2007 (suspended) grt5tg.hk HKDNR 6/24/2007 (suspended) jumpmo.com REGISTER.COM 6/21/2007 (new owner?) kigrate.jp JPRS 7/05/2007 (suspended) kigrt.jp JPRS 7/05/2007 (suspended) me4tai.com REGISTER.COM 6/24/2007 (new owner?) MODE-TH.COM REGISTER.COM 6/21/2007 notlock1.com PRIMUS 6/27/2007 (suspended) rshins.com REGISTER.COM 7/13/2007 standyon.com REGISTER.COM 7/13/2007 swoopbird.net REGISTER.COM 7/02/2007 (new owner?) taelr3.net REGISTER.COM 7/05/2007 (cancelled) webgooler.net REGISTER.COM 7/14/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-15 23:44:17 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 14, 2007 The report for Saturday: 14440 NXDOMAIN session-813047.nationalcity.com.mode.kg 14461 211.195.203.180 onlinetreasurymanager-id5536257.suntrust.com.standyon.com 14462 NXDOMAIN session-194522.nationalcity.com.mode.kg 14464 NXDOMAIN onlinetreasurymanager-id28144.suntrust.com.jtmode.jp Domain registration info Phish domain Registrar jtmode.jp JPRS 6/28/2007 (suspended) mode.kg www.domain.kg 6/18/2007 (suspended) standyon.com REGISTER.COM 7/13/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-14 23:32:02 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 13, 2007 A large collection of phish emails in today's report. They were submitted to phishtracker today, but they were received over a longer time period. Here is the Friday report: 14337 68.47.220.17 onlinetreasurymanager-id50790.suntrust.com.modd.jp 14338 59.95.206.83 session-47948781.nationalcity.com.mode.kg 14339 NXDOMAIN onlinetreasurymanager-id8792014.suntrust.com.jtmode.jp 14340 NXDOMAIN session-1389340452.nationalcity.com.mode.kg 14346 NXDOMAIN onlinetreasurymanager-id563154423.suntrust.com.jtmode.jp 14347 NXDOMAIN session-562671.nationalcity.com.mode.kg 14348 NXDOMAIN onlinetreasurymanager-id013011.suntrust.com.jtmode.jp 14349 NXDOMAIN onlinetreasurymanager-id378093961.suntrust.com.jtmode.jp 14350 NXDOMAIN session-66603872.nationalcity.com.mode.kg 14352 NXDOMAIN nfbconnect-25335642.northforkbank.com.domuser.jp 14353 NXDOMAIN cwebank-ref4043277.countrywide.com.poierut.hk 14354 NXDOMAIN cib-id-5660651.bankofthewest.com.tekco.vu 14355 NXDOMAIN interactsession-805959.regions.com.duyrmc.hk 14356 NXDOMAIN nfbconnect-999734.northforkbank.com.myklop.tc 14357 NXDOMAIN cib-id-50560589131.bankofthewest.com.tekco.vu 14358 NXDOMAIN cwebank-ref37759544.countrywide.com.portddd.hk 14359 NXDOMAIN cib-id-595027091.bankofthewest.com.tekco.vu 14360 dns_temp_fail cwebank-ref7901344820.countrywide.com.ferlive.at 14361 NXDOMAIN interactsession-355294761.regions.com.myklop.tc 14362 NXDOMAIN interactsession-07743.regions.com.dfreld.hk 14363 dns_temp_fail interactsession-46115.regions.com.ferlive.at 14364 NXDOMAIN nfbconnect-90458200.northforkbank.com.uuport.hk 14365 NXDOMAIN interactsession-32216.regions.com.rfgid.biz 14366 NXDOMAIN cib-id-0475975.bankofthewest.com.viratrr.biz 14367 NXDOMAIN cib-id-92112.bankofthewest.com.softid.hk 14368 phish_is_down nfbconnect-8963093932.northforkbank.com.trackww.info 14369 NXDOMAIN cib-id-227481249.bankofthewest.com.io4ifu.hk 14370 NXDOMAIN cib-id-096983910.bankofthewest.com.gilidup.biz 14371 dns_temp_fail nfbconnect-3614837833.northforkbank.com.ferlive.at 14372 NXDOMAIN interactsession-12419462.regions.com.recport.info 14373 NXDOMAIN nfbconnect-6192098495.northforkbank.com.domuser.jp 14374 NXDOMAIN cib-id-227481249.bankofthewest.com.io4ifu.hk 14375 NXDOMAIN cib-id-51396.bankofthewest.com.soortyseven.net 14376 phish_is_down interactsession-4929743.regions.com.portid.ph 14377 phish_is_down nfbconnect-289708.northforkbank.com.ksioes.at 14378 phish_is_down nfbconnect-395426972.northforkbank.com.portid.ph 14379 NXDOMAIN interactsession-1657775050.regions.com.soortyseven.net 14380 phish_is_down cib-id-763207.bankofthewest.com.kioes.at 14381 phish_is_down nfbconnect-35967.northforkbank.com.ksioes.at 14382 NXDOMAIN nfbconnect-854239.northforkbank.com.dotiduser.hk 14383 NXDOMAIN interactsession-665041391.regions.com.gilidfed.cc 14384 phish_is_down interactsession-0283659538.regions.com.itopid.ph 14385 NXDOMAIN cib-id-2317479.bankofthewest.com.wddzzy.cc 14386 NXDOMAIN nfbconnect-19555.northforkbank.com.toomid.hk 14387 NXDOMAIN cib-id-497212318.bankofthewest.com.yyuejc.hk 14388 mode.kg interact-cid921944.regions.com.mode.kg 14389 NXDOMAIN interactsession-57042.regions.com.sshtelk.biz 14390 phish_is_down www.volksbank.de.vr-web.portal13cridr.portid.st 14391 NXDOMAIN interact-cid45412462.regions.com.prontoed.tw 14392 NXDOMAIN interact-cid14716495.regions.com.prontoed.tw 14393 phish_is_down nfbconnect-541155.northforkbank.com.rtonp.cn 14394 mode.kg interact-cid492418.regions.com.mode.kg 14395 NXDOMAIN cib-id-69485244.bankofthewest.com.girttg.biz 14396 NXDOMAIN interact-cid162668157.regions.com.prontoed.tw 14397 phish_is_down nfbconnect-7942795.northforkbank.com.modes.st 14398 NXDOMAIN interact-cid71984.regions.com.prontoed.tw 14399 NXDOMAIN cib-id-0728648.bankofthewest.com.koluserdirect.hk 14400 NXDOMAIN cib-id-750941.bankofthewest.com.dll.hk 14401 NXDOMAIN cib-id-6796611.bankofthewest.com.prontoed.tw 14402 phish_is_down nfbconnect-05920.northforkbank.com.modes.st 14403 NXDOMAIN cib-id-9977830.bankofthewest.com.prontoed.tw 14404 NXDOMAIN nfbconnect-8812664.northforkbank.com.dllstack.cn 14405 NXDOMAIN cib-id-1070405365.bankofthewest.com.dll.hk 14406 NXDOMAIN cib-id-7768441.bankofthewest.com.dll.hk 14407 NXDOMAIN cib-id-623185.bankofthewest.com.prontoed.tw 14408 NXDOMAIN nfbconnect-0785985933.northforkbank.com.modd.jp 14409 NXDOMAIN nfbconnect-61407055.northforkbank.com.dllstack.cn 14410 NXDOMAIN session-687169.nationalcity.com.dll.hk 14411 NXDOMAIN nfbconnect-7560783605.northforkbank.com.modd.jp 14412 mode.kg session-27227280.nationalcity.com.mode.kg 14413 mode.kg session-75429794.nationalcity.com.mode.kg 14414 NXDOMAIN session-6041160.nationalcity.com.dll.hk 14415 NXDOMAIN session-34169.nationalcity.com.mode.kg 14416 NXDOMAIN session-1559090876.nationalcity.com.mode.kg 14417 NXDOMAIN session-0723767.nationalcity.com.mode.kg 14418 NXDOMAIN session-81426522.nationalcity.com.mode.kg 14419 NXDOMAIN onlinetreasurymanager-id6384018432.suntrust.com.jtmode.jp 14422 NXDOMAIN onlinetreasurymanager-id97723100.suntrust.com.jtmode.jp 14431 NXDOMAIN onlinetreasurymanager-id098790.suntrust.com.jtmode.jp Domain registration info Phish domain Registrar dfreld.hk HKDNR 6/24/2007 (suspended) dll.hk HKDNR 7/05/2007 (suspended) dllstack.cn www.cnnic.net.cn 7/01/2007 (suspended) domuser.jp JPRS 6/08/2007 (suspended) dotiduser.hk HKDNR 6/29/2007 (suspended) duyrmc.hk HKDNR 6/24/2007 (suspended) ferlive.at AT-DOM 6/25/2007 gilidfed.cc unknown 6/29/2007? (cancelled) gilidup.biz REGISTER.COM 6/27/2007 (cancelled) girttg.biz unknown 7/04/2007? (cancelled) io4ifu.hk HKDNR 6/27/2007 (suspended) itopid.ph dotPH 6/30/2007 (suspended) jtmode.jp JPRS 6/28/2007 (suspended) kioes.at AT-DOM 6/28/2007 (suspended) koluserdirect.hk HKDNR 7/02/2007 (suspended) ksioes.at AT-DOM 6/28/2007 (suspended) modd.jp JPRS 7/05/2007 (suspended) mode.kg www.domain.kg 6/18/2007 (suspended) modes.st ST Registry 7/04/2007 (suspended) myklop.tc AdamsNames 6/27/2007? (suspended) poierut.hk HKDNR 6/24/2007 (suspended) portddd.hk HKDNR 6/22/2007 (suspended) portid.ph dotPH 6/28/2007? (cancelled) portid.st ST Registry 7/02/2007? (suspended?) prontoed.tw SEEDNET 4/29/2007 (suspended) recport.info unknown 6/27/2007? (cancelled?) rfgid.biz REGISTER.COM 6/27/2007 (cancelled) rtonp.cn DOTSTER 7/01/2007 (suspended) softid.hk HKDNR 6/22/2007 (suspended) soortyseven.net unknown 6/27/2007? (cancelled?) sshtelk.biz PRIMUS 6/25/2007 (suspended) tekco.vu vuNIC 6/17/2007 (suspended) toomid.hk HKDNR 6/30/2007 (suspended) trackww.info Moniker Online 7/03/2007 (suspended) uuport.hk HKDNR 6/15/2007 (suspended) viratrr.biz unknown 6/27/2007? (cancelled) wddzzy.cc unknown 6/30/2007? (cancelled?) yyuejc.hk HKDNR 6/29/2007 (suspended) DNS server domain Registrar 2idport.com ULTRARPM 6/28/2007 brooklynbass.net REGISTER.COM 6/27/2007 GENBOR.HK HKDNR 5/23/2007 (suspended) grt5tg.hk HKDNR 6/24/2007 (suspended) jumpmo.com REGISTER.COM 6/21/2007 kiier3.hk HKDNR 6/24/2007 (suspended) me4tai.com REGISTER.COM 6/24/2007 MODE-TH.COM REGISTER.COM 6/21/2007 swoopbird.net REGISTER.COM 7/02/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-13 23:30:26 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 12, 2007 Here is the Thursday report: 14320 85.181.19.192 session-444979.nationalcity.com.mode.kg 14321 69.243.51.85 session-783463.nationalcity.com.mode.kg Domain registration info Phish domain Registrar mode.kg www.domain.kg 6/18/2007 DNS server domain Registrar MODE-TH.COM REGISTER.COM 6/21/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-12 23:49:36 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 11, 2007 The report for Wednesday: 14296 NXDOMAIN nfbconnect.northforkbank.com.web20eekwvbckwds.gswebusee.us 14301 62.43.141.71 session-90751.nationalcity.com.mode.kg 14302 NXDOMAIN session-219438.nationalcity.com.dll.hk 14310 80.132.67.210 onlinetreasurymanager-id6660413.suntrust.com.modd.jp Domain registration info Phish domain Registrar dll.hk HKDNR 7/05/2007 (suspended) gswebusee.us REGISTER.COM 7/09/2007 (suspended) modd.jp JPRS 7/05/2007 mode.kg www.domain.kg 6/18/2007 DNS server domain Registrar eduseer.com REGISTER.COM 7/09/2007 jumpmo.com REGISTER.COM 6/21/2007 MODE-TH.COM REGISTER.COM 6/21/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-11 23:53:34 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 10, 2007 The rock phish group seem to be testing SunTrust. Here is the report for Tuesday: 14270 80.98.202.120 session-779325.nationalcity.com.dll.hk 14281 24.137.123.184 session-580333785.nationalcity.com.dll.hk 14285 24.86.70.178 onlinetreasurymanager-id1570106.suntrust.com.modd.jp Domain registration info Phish domain Registrar dll.hk HKDNR 7/05/2007 modd.jp JPRS 7/05/2007 DNS server domain Registrar jumpmo.com REGISTER.COM 6/21/2007 MODE-TH.COM REGISTER.COM 6/21/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-10 23:54:27 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to nwrickert Rock phish report Jul 09, 2007 The Monday report: 14236 64.131.250.206 nfbconnect-116958.northforkbank.com.dllstack.cn 14240 58.181.164.182 nfbconnect.northforkbank.com.ref23nebrusf.leamlocal.cc 14241 82.31.110.201 cib-id-01962778.bankofthewest.com.mode.kg 14242 64.131.250.206 nfbconnect-66614.northforkbank.com.modes.st 14251 62.43.141.71 nfbconnect-53263.northforkbank.com.modd.jp 14252 62.43.141.71 cib-id-97616291.bankofthewest.com.mode.kg 14253 temp_dns_failure cib-id-1126661.bankofthewest.com.mode.kg Domain registration info Phish domain Registrar dllstack.cn www.cnnic.net.cn 7/01/2007 leamlocal.cc REGISTER.COM 7/07/2007 modd.jp JPRS 7/05/2007 mode.kg www.domain.kg 6/18/2007 modes.st ST Registry 7/04/2007 DNS server domain Registrar jumpmo.com REGISTER.COM 6/21/2007 los1ser.net REGISTER.COM 7/07/2007 MODE-TH.COM REGISTER.COM 6/21/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-09 23:42:10 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to MGD Re: Rock phish report Jul 08, 2007 They seem to be a bit selective. Presumably if a bank has strong procedures that make phishing difficult, they don't try. There were a couple of phish for Capital One bank (see the Jul 04 report). But then they stopped. I'm guessing that those didn't work out very well. Yes, they seem to keep a few domains available that they can use if others are suspended. But it's hard to be sure, because our sample is not complete enough. The firefox phish filter seems more effective against rockphish than is the IE7 filter. It seems that the firefox filter can block all urls in the domain. But probably not enough people are using these filters for them to have much effect. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-09 23:39:53 · (locked)
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL	reply to nwrickert Well as you predicted they now have a full court press running on North Fork Bank »North Fork Bank, and Bank of the West has joined the growing list. I suspect it will not be long until they really target the smaller regional institutions. Also appears that they are stashing domanins, several that first crop up two weeks or more after registration, and hitting Register.com heavy again. MGD
	to forum · permalink · · 2007-07-09 02:17:47 · (locked)


Thursday, 10-Dec 23:46:19	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF