Rock phish information - Scam and Phishbusters

Author	All Replies
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report May 27, 2007 The report for Sunday: 11854 68.185.93.172 interactsession-48158769.regions.com.usersetup.io also 81.102.215.218, 88.251.215.164, 207.161.20.245, 207.255.217.187 11855 24.83.77.18 session-07263.nationalcity.com.directories.io also 61.85.33.156, 75.57.40.185, 190.31.227.114, 216.128.226.209 11856 24.83.77.18 session-785250610.nationalcity.com.userpro.tw also 61.85.33.156, 75.57.40.185, 190.31.227.114, 216.128.226.209 11858 68.185.93.172 interactsession-270373.regions.com.usersetup.io also 81.102.215.218, 88.251.215.164, 207.161.20.245, 207.255.217.187 11859 82.6.92.218 interactsession-48883044.regions.com.yourbmx.at 11860 24.83.77.18 session-7103233.nationalcity.com.directories.io also 61.85.33.156, 75.57.40.185, 190.31.227.114, 216.128.226.209 11874 24.83.77.18 session-4416423.nationalcity.com.directories.io also 61.85.33.156, 75.57.40.185, 190.31.227.114, 216.128.226.209 11879 24.83.77.18 session-0476418.nationalcity.com.directories.io also 61.85.33.156, 75.57.40.185, 190.31.227.114, 216.128.226.209 Domain registration info Phish domain Registrar directories.io NIC.IO 5/17/2007 userpro.tw SEEDNET 5/18/2007 usersetup.io NIC.IO 5/12/2007 yourbmx.at AT-DOM 5/24/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-05-28 00:53:50 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report May 28, 2007 The report for Monday: 11902 24.83.77.18 session-9084458364.nationalcity.com.directories.io also 63.77.59.13, 69.150.85.65, 71.131.19.255, 123.194.90.49 11905 interactsession-141575.regions.com.bestplo.at 11906 24.83.77.18 session-2254546350.nationalcity.com.userpro.tw also 63.77.59.13, 69.150.85.65, 71.131.19.255, 123.194.90.49 11909 24.83.77.18 session-703653.nationalcity.com.directories.io also 63.77.59.13, 69.150.85.65, 71.131.19.255, 123.194.90.49 11918 24.83.77.18 session-02815.nationalcity.com.userpro.tw also 63.77.59.13, 69.150.85.65, 71.131.19.255, 123.194.90.49 11931 88.210.200.209 interactsession-93016.regions.com.detihol.info Domain registration info Phish domain Registrar bestplo.at AT-DOM 5/10/2007 detihol.info GKG.NET 5/28/2007 directories.io NIC.IO 5/17/2007 userpro.tw SEEDNET 5/18/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 DNSSITET.COM GKG.NET 5/28/2007 SMILE-NP.COM eNom 4/28/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-05-28 23:57:32 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report May 29, 2007 Here is the Tuesday report for this week: 11952 NXDOMAIN interactsession-3674086.regions.com.ughtthor.us 11953 67.15.35.126 interact.regions.com.portal15fzhlny.derroplot.biz 11954 85.105.139.133 interactsession-03107824.regions.com.idroom.ws 11955 69.230.197.218 session-96577.nationalcity.com.userpro.io also 70.225.167.111, 84.148.223.27, 190.55.70.16, 203.97.108.198 11956 NXDOMAIN commerceconnections-session53137833.commercebank.com.gjisorp.us 11957 69.235.18.223 interactsession-789304.regions.com.udll.tw also 70.234.253.203, 71.128.108.131, 76.9.33.247, 87.68.184.5 11958 69.230.197.218 session-24334848.nationalcity.com.directories.io also 70.225.167.111, 84.148.223.27, 190.55.70.16, 203.97.108.198 11962 69.230.197.218 session-66691665.nationalcity.com.directories.io also 70.225.167.111, 84.148.223.27, 190.55.70.16, 203.97.108.198 11964 69.230.197.218 session-0533592.nationalcity.com.directories.io also 70.225.167.111, 84.148.223.27, 190.55.70.16, 203.97.108.198 11967 69.235.18.223 interactsession-0278293637.regions.com.usersetup.io also 70.234.253.203, 71.128.108.131, 76.9.33.247, 87.68.184.5 11975 216.117.170.115 session-38106.nationalcity.com.refreshbase.io 11982 216.117.170.115 session-84574.nationalcity.com.refreshbase.io Domain registration info Phish domain Registrar derroplot.biz REGISTER.COM 5/24/2007 directories.io NIC.IO 5/17/2007 gjisorp.us unknown idroom.ws Todaynic.com Inc 5/16/2007 refreshbase.io NIC.IO 5/17/2007 udll.tw SEEDNET 5/23/2007 ughtthor.us unknown userpro.io NIC.IO 5/17/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar SERVER7.HK HKDNR 4/26/2007 SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-05-30 00:04:16 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report May 30, 2007 The report for Wednesday: 12055 69.235.15.104 interactsession-4932235.regions.com.usersetup.io also 69.237.68.31, 70.234.196.153, 87.68.64.242, 217.226.106.137 12103 69.235.15.104 interactsession-3145175658.regions.com.usersetup.io also 69.237.68.31, 70.234.196.153, 87.68.64.242, 217.226.106.137 12123 69.235.15.104 session-04823589.nationalcity.com.directories.io also 69.230.197.218, 74.114.115.65, 75.61.115.58, 190.142.13.144 Domain registration info Phish domain Registrar directories.io NIC.IO 5/17/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-05-30 23:57:16 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report May 31, 2007 A lot of activity today (Thursday): 12129 69.150.87.149 session-285265069.nationalcity.com.userpro.tw also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12154 69.150.87.149 session-37403189.nationalcity.com.userpro.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12167 NXDOMAIN interactsession-74461896.regions.com.usersetup.cn 12169 69.150.87.149 session-3802518367.nationalcity.com.userpro.tw also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12170 88.210.243.123 interactsession-766272.regions.com.stackit.io 12171 69.150.87.149 session-7099570.nationalcity.com.userpro.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12172 69.150.87.149 session-866861471.nationalcity.com.userpro.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12173 82.77.81.19 interactsession-0765766.regions.com.yourplo.at 12174 69.150.87.149 session-534437789.nationalcity.com.userpro.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12175 NXDOMAIN interactsession-3771205363.regions.com.lggoid.hk 12176 69.150.87.149 session-8059348.nationalcity.com.directories.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12177 69.150.87.149 session-206066.nationalcity.com.userpro.tw also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12178 NXDOMAIN interactsession-518515567.regions.com.fvsecure.hk 12179 69.150.87.149 session-69359039.nationalcity.com.directories.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12180 NXDOMAIN interactsession-60468784.regions.com.udaff1.hk 12181 69.150.87.149 session-796371656.nationalcity.com.directories.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12185 85.105.139.133 interactsession-126813101.regions.com.comr.at 12193 24.122.238.252 interactsession-07971.regions.com.udll.tw also 70.239.6.224, 76.167.186.154, 87.68.31.243, 217.226.81.70 12195 NXDOMAIN interactsession-00175.regions.com.usersetup.cn 12196 69.150.87.149 session-4808102.nationalcity.com.userpro.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12197 216.117.170.115 session-74406865.nationalcity.com.refreshbase.io 12198 69.150.87.149 session-563070.nationalcity.com.userpro.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12199 69.150.87.149 session-2920342783.nationalcity.com.userpro.io also 70.64.144.204, 200.82.110.170, 216.128.226.209, 217.132.12.35 12200 24.122.238.252 interactsession-99569841.regions.com.prouserbase.tw also 70.239.6.224, 76.167.186.154, 87.68.31.243, 217.226.81.70 12201 24.122.238.252 interactsession-250607.regions.com.usersetup.io also 70.239.6.224, 76.167.186.154, 87.68.31.243, 217.226.81.70 12202 24.122.238.252 interactsession-1800410639.regions.com.prouserbase.tw also 70.239.6.224, 76.167.186.154, 87.68.31.243, 217.226.81.70 Domain registration info Phish domain Registrar comr.at AT-DOM 5/25/2007 directories.io NIC.IO 5/17/2007 fvsecure.hk HKDNR 5/25/2007 lggoid.hk HKDNR 5/23/2007 prouserbase.tw SEEDNET 5/18/2007 refreshbase.io NIC.IO 5/17/2007 stackit.io NIC.IO 4/18/2006 udaff1.hk HKDNR 5/24/2007 udll.tw SEEDNET 5/23/2007 userpro.io NIC.IO 5/17/2007 userpro.tw SEEDNET 5/18/2007 usersetup.cn www.cnnic.net.cn 5/13/2007 usersetup.io NIC.IO 5/12/2007 yourplo.at AT-DOM 5/10/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 SERVER7.HK HKDNR 4/26/2007 SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-05-31 23:57:02 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 01, 2007 Here is the report for Friday: 12258 68.252.254.198 session-47804607.nationalcity.com.userpro.io also 69.218.222.218, 75.49.2.172, 190.55.70.16, 213.85.179.29 12342 68.252.254.198 session-16073781.nationalcity.com.userpro.io also 69.218.222.218, 75.49.2.172, 190.55.70.16, 213.85.179.29 12347 68.252.254.198 session-216401.nationalcity.com.directories.io also 69.218.222.218, 75.49.2.172, 190.55.70.16, 213.85.179.29 Domain registration info Phish domain Registrar directories.io NIC.IO 5/17/2007 userpro.io NIC.IO 5/17/2007 DNS server domain Registrar SMILE-NP.COM eNom 4/28/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-06-01 23:49:24 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 02, 2007 The report for Saturday: 12366 24.122.238.252 interactsession-98207.regions.com.usersetup.io also 69.234.222.104, 74.67.180.133, 74.113.145.63, 220.105.60.66 12367 24.122.238.252 interactsession-811817241.regions.com.udll.tw also 69.234.222.104, 74.67.180.133, 74.113.145.63, 220.105.60.66 12380 24.122.238.252 interactsession-9232467.regions.com.udll.tw also 69.234.222.104, 74.67.180.133, 74.113.145.63, 220.105.60.66 Domain registration info Phish domain Registrar udll.tw SEEDNET 5/23/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-06-03 00:04:02 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 03, 2007 Here is the report for Sunday: 12382 24.1.0.164 interactsession-49663.regions.com.usersetup.io also 70.225.166.131, 70.239.25.104, 70.242.194.246, 202.31.140.197 12384 62.43.140.33 session-299489913.nationalcity.com.userpro.io also 80.133.211.100, 87.198.97.43, 88.70.95.39, 217.226.105.20 12385 24.1.0.164 interactsession-93219.regions.com.usersetup.io also 70.225.166.131, 70.239.25.104, 70.242.194.246, 202.31.140.197 12388 62.43.140.33 session-2871380011.nationalcity.com.unit7.tw also 80.133.211.100, 87.198.97.43, 88.70.95.39, 217.226.105.20 12390 62.43.140.33 session-8475307.nationalcity.com.userpro.io also 80.133.211.100, 87.198.97.43, 88.70.95.39, 217.226.105.20 12392 temp failure interactsession-80085544.regions.com.prouserbase.tw 12394 62.43.140.33 session-349718.nationalcity.com.directories.io also 80.133.211.100, 87.198.97.43, 88.70.95.39, 217.226.105.20 12396 24.1.0.164 interactsession-01017.regions.com.usersetup.io also 70.225.166.131, 70.239.25.104, 70.242.194.246, 202.31.140.197 12409 24.1.0.164 interactsession-77330.regions.com.usersetup.io also 70.225.166.131, 70.239.25.104, 70.242.194.246, 202.31.140.197 12414 24.1.0.164 interactsession-1310383201.regions.com.udll.tw also 70.225.166.131, 70.239.25.104, 70.242.194.246, 202.31.140.197 Domain registration info Phish domain Registrar directories.io NIC.IO 5/17/2007 prouserbase.tw SEEDNET 5/18/2007 (suspended?) udll.tw SEEDNET 5/23/2007 unit7.tw SEEDNET 5/31/2007 userpro.io NIC.IO 5/17/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-06-03 23:27:37 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 04, 2007 The Monday report: 12452 62.43.140.33 session-536409.nationalcity.com.userpro.tw also 71.58.117.3, 83.184.25.101, 88.70.56.164, 217.226.116.131 12457 64.131.229.215 interactsession-695299411.regions.com.usersetup.io also 75.24.33.94, 124.104.23.185, 142.167.218.22, 201.252.12.2 12458 62.43.140.33 session-0245717756.nationalcity.com.userpro.tw also 71.58.117.3, 83.184.25.101, 88.70.56.164, 217.226.116.131 12460 64.131.229.215 interactsession-3354972756.regions.com.usersetup.io also 75.24.33.94, 124.104.23.185, 142.167.218.22, 201.252.12.2 12462 62.43.140.33 session-7584279301.nationalcity.com.userpro.tw also 71.58.117.3, 83.184.25.101, 88.70.56.164, 217.226.116.131 12472 62.43.140.33 session-3311063.nationalcity.com.userpro.io also 71.58.117.3, 83.184.25.101, 88.70.56.164, 217.226.116.131 12479 NXDOMAIN interactsession-659785.regions.com.discuseder.biz Domain registration info Phish domain Registrar discuseder.biz unknown userpro.io NIC.IO 5/17/2007 userpro.tw SEEDNET 5/18/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-06-04 23:29:22 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 05, 2007 Report for Tuesday: 12489 64.131.229.215 interactsession-95877802.regions.com.udll.tw also 65.93.183.105, 69.243.51.85, 142.167.198.88, 201.253.134.35 12497 85.137.10.129 treasury-905392803.wamu.com.rtmode.tw 12498 62.43.140.33 session-97700530.nationalcity.com.unit7.tw also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12499 62.43.140.33 session-1192973.nationalcity.com.unit7.tw also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12500 64.131.229.215 interactsession-341190858.regions.com.usersetup.io also 65.93.183.105, 69.243.51.85, 142.167.198.88, 201.253.134.35 12503 62.43.140.33 session-8675099.nationalcity.com.userpro.tw also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12502 64.131.229.215 interactsession-102559.regions.com.usersetup.io also 65.93.183.105, 69.243.51.85, 142.167.198.88, 201.253.134.35 12504 64.131.229.215 interactsession-514840.regions.com.udll.tw also 65.93.183.105, 69.243.51.85, 142.167.198.88, 201.253.134.35 12505 62.43.140.33 session-823108708.nationalcity.com.userpro.io also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12506 64.131.229.215 interactsession-81652.regions.com.udll.tw also 65.93.183.105, 69.243.51.85, 142.167.198.88, 201.253.134.35 12507 phish_is_dead session-7275881386.nationalcity.com.directories.io 12508 62.43.140.33 session-12008160.nationalcity.com.userpro.io also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12509 64.131.229.215 interactsession-64942.regions.com.udll.tw also 65.93.183.105, 69.243.51.85, 142.167.198.88, 201.253.134.35 12512 62.43.140.33 session-305946553.nationalcity.com.userpro.tw also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12513 62.43.140.33 session-429258.nationalcity.com.unit7.tw also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12529 69.91.96.241 interact.regions.com.www15avbv.mcmaccoy.info 12530 69.91.96.241 interact.regions.com.ref20yziekhjd.hgsrr3.net 12531 62.43.140.33 session-847948643.nationalcity.com.unit7.tw also 80.133.243.81, 84.176.107.114, 87.198.97.43, 88.70.229.235 12532 64.131.229.215 interactsession-67311.regions.com.udll.tw also 65.93.183.105, 69.243.51.85, 142.167.198.88, 201.253.134.35 12534 203.253.74.97 session-43186.nationalcity.com.metroplo.at Domain registration info Phish domain Registrar directories.io NIC.IO 5/17/2007 (domain cancelled) hgsrr3.net REGISTER.COM 6/05/2007 mcmaccoy.info REGISTER.COM 6/05/2007 metroplo.at AT-DOM 5/10/2007 rtmode.tw SEEDNET 6/01/2007 udll.tw SEEDNET 5/23/2007 unit7.tw SEEDNET 5/31/2007 userpro.io NIC.IO 5/17/2007 userpro.tw SEEDNET 5/18/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-06-05 23:31:35 · (locked)

nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse 3 edits	reply to nwrickert Rock phish report Jun 06, 2007 It's good to see that REGISTER.COM has promptly cancelled some phish domains. And SEEDNET has likewise suspended some Taiwan domains. Here is the report for Wednesday: 12546 69.91.96.241 treasury.wamu.com.ibswamu.ssid21szkpdsn.mcmaccoy.info 12548 dns tempfail session-1078788.nationalcity.com.userpro.tw 12549 12.40.135.120 interactsession-5608471.regions.com.usersetup.io also 67.68.1.71, 68.74.148.74, 81.182.100.118, 89.102.143.147 12550 69.91.96.241 treasury.wamu.com.ibswamu.sess20eekwvbckwds.hurikamar.us 12552 12.40.135.120 interactsession-31561.regions.com.usersetup.io also 67.68.1.71, 68.74.148.74, 81.182.100.118, 89.102.143.147 12572 dns tempfail interactsession-8827353.regions.com.precore.tw 12573 58.72.132.137 session-49847.nationalcity.com.comrhome.at 12576 24.226.149.64 session-09727719.nationalcity.com.mtpro.tw also 69.243.51.85, 83.10.206.33, 85.237.16.201, 217.132.158.180 12578 dns tempfail session-69957.nationalcity.com.unit7.tw 12590 69.91.96.241 treasury.wamu.com.ibswamu.portal17kcyndrfc.mcmaccoy.info 12598 58.72.132.137 treasury-6896133149.wamu.com.wowrty.hk 12606 NXDOMAIN treasury.wamu.com.ibswamu.sess22rszkpdsn.hurikamar.us 12607 NXDOMAIN treasury.wamu.com.ibswamu.id29ndydbdnszkcy.mcraincoy.net 12608 69.91.96.241 treasury.wamu.com.ibswamu.www20yziekhjd.fjurkf.hk Domain registration info Phish domain Registrar comrhome.at AT-DOM 5/25/2007 fjurkf.hk HKDNR 6/06/2007 hurikamar.us REGISTER.COM 6/05/2007 (cancelled) mcmaccoy.info REGISTER.COM 6/05/2007 (cancelled) mcraincoy.net unknown mtpro.tw SEEDNET 6/05/2007 precore.tw SEEDNET 6/03/2007 (suspended?) unit7.tw SEEDNET 5/31/2007 (suspended?) userpro.tw SEEDNET 5/18/2007 (suspended?) usersetup.io NIC.IO 5/12/2007 wowrty.hk HKDNR 6/06/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 HIFOPER.COM REGISTER.COM 6/05/2007 (cancelled) SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-06-06 22:47:55 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 07, 2007 The report for Thursday: 12629 67.149.119.189 interactsession-78402873.regions.com.usersetup.io also 69.223.161.119, 74.13.154.73, 212.139.79.46, 212.183.46.141 12640 69.237.151.18 session-0460568476.nationalcity.com.mtpro.tw also 70.242.144.86, 80.99.28.144, 125.173.225.154, 203.67.164.43 12664 67.149.119.189 interactsession-1362027620.regions.com.usersetup.io also 69.223.161.119, 74.13.154.73, 212.139.79.46, 212.183.46.141 12665 85.137.10.129 session-35765227.nationalcity.com.hiareshi.tw 12667 69.235.11.180 interactsession-18563.regions.com.usersetup.io also 70.251.225.64, 83.184.25.102, 86.151.97.114, 88.70.68.95 12679 85.137.10.129 session-027494403.nationalcity.com.collertern.cn 12681 89.228.221.164 treasury-1958676372.wamu.com.onergis.tw 12687 85.137.10.129 session-34112.nationalcity.com.collertern.cn 12688 203.253.74.97 ebanking-services-id3386595.usbank.com.fullport.tw 12689 67.68.1.71 interactsession-04679.regions.com.prdir.tw also 69.243.51.85, 70.242.144.86, 75.61.118.147, 121.159.104.141 Domain registration info Phish domain Registrar collertern.cn REGISTER.COM 6/07/2007 fullport.tw SEEDNET 6/05/2007 hiareshi.tw SEEDNET 6/06/2007 mtpro.tw SEEDNET 6/05/2007 onergis.tw SEEDNET 6/07/2007 prdir.tw SEEDNET 6/05/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar ARCANSONER.COM REGISTER.COM 6/06/2007 SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-07 23:47:17 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse 1 edit	reply to nwrickert Rock phish report Jun 08, 2007 Some of the phish hostnames have multiple IP addresses. I am now only listing one of those IP addresses. This gives an easier to read listing. Here is the report for Friday: 12694 69.91.96.241 treasury.wamu.com.ibswamu.ssid20eekwvbckwds.blockerey.tw 12695 phish_down treasury.wamu.com.ibswamu.web.bestwow.at 12697 60.46.160.173 session-994827.nationalcity.com.mtpro.tw 12721 phish_down treasury-886190542.wamu.com.newwow.at 12722 84.95.127.56 interactsession-252729.regions.com.usersetup.io 12723 84.95.127.56 interactsession-99084.regions.com.usersetup.io 12724 24.86.130.9 session-88567408.nationalcity.com.sigooren.tw 12725 24.86.130.9 ebanking-services-id33538.usbank.com.gisooner.tw 12727 phish_down interactsession-9914653710.regions.com.udll.tw 12728 60.46.160.173 session-8653092103.nationalcity.com.userpro.io 12729 84.95.127.56 interactsession-052005858.regions.com.prdir.tw 12730 84.95.127.56 interactsession-7987928.regions.com.usersetup.io 12731 84.95.127.56 interactsession-89257.regions.com.usersetup.io 12732 69.91.96.241 treasury.wamu.com.ibswamu.ssid18ewhcsl.blockerey.tw 12733 84.95.127.56 interactsession-81671.regions.com.prdir.tw 12736 67.68.1.71 session-638746.nationalcity.com.kitrt.cn 12739 65.42.243.153 interactsession-503936159.regions.com.usersetup.io 12740 phish_down session-68916.nationalcity.com.userpro.io 12741 phish_down ebanking-services-id433950.usbank.com.stackit.io 12742 24.226.149.64 session-79246270.nationalcity.com.kitrt.cn 12744 24.86.130.9 ebanking-services-id832849198.usbank.com.onergis.tw 12747 24.226.198.4 session-962343087.nationalcity.com.kitrt.cn 12748 69.230.201.208 interactsession-85977.regions.com.prdir.tw Domain registration info Phish domain Registrar bestwow.at AT-DOM 6/07/2007 (suspended) blockerey.tw SEEDNET 6/07/2007 gisooner.tw SEEDNET 6/07/2007 kitrt.cn www.cnnic.net.cn 6/08/2007 mtpro.tw SEEDNET 6/05/2007 newwow.at AT-DOM 6/07/2007 (suspended) onergis.tw SEEDNET 6/07/2007 prdir.tw SEEDNET 6/05/2007 sigooren.tw SEEDNET 6/07/2007 stackit.io NIC.IO 4/18/2006 (suspended) udll.tw SEEDNET 5/23/2007 (suspended?) userpro.io NIC.IO 5/17/2007 (suspended) usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 (edit: fix date on subtitle line) -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-08 23:55:39 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 09, 2007 Again, some of the phish hostnames have multiple IP addresses (typically trojanized machines from several continents). I am only listing one IP address per hostname. Here is the report for Saturday: 12769 65.42.243.153 interactsession-3769568582.regions.com.usersetup.io 12770 65.42.243.153 interactsession-99370.regions.com.mttu.jp 12771 65.42.243.153 interactsession-189765.regions.com.techt.la 12772 68.185.245.207 ebanking-services-id4319604.usbank.com.lovty.hk 12774 68.185.245.207 ebanking-services-id3952823135.usbank.com.nuuri.hk 12775 69.243.51.85 session-571838.nationalcity.com.mtpro.tw 12779 68.74.148.74 interactsession-05673192.regions.com.mttu.jp 12780 69.91.96.241 treasury.wamu.com.ibswamu.id17jfbz.ritualert.tw 12783 67.68.1.71 interactsession-131024649.regions.com.prdir.tw Domain registration info Phish domain Registrar lovty.hk HKDNR 6/08/2007 mtpro.tw SEEDNET 6/05/2007 mttu.jp JPRS 6/08/2007 nuuri.hk HKDNR 6/09/2007 prdir.tw SEEDNET 6/05/2007 ritualert.tw SEEDNET 6/07/2007 techt.la LA Names Corporation 6/08/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-09 22:55:43 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 10, 2007 Where a hostname has multiple IPs, only one IP is shown. Here is the Sunday report: 12784 74.138.34.236 interactsession-4106923.regions.com.mttu.jp 12790 75.185.36.144 ebanking-services-id5507986.usbank.com.hfyr3.hk 12795 72.236.188.20 treasury-session6217958.pnc.com.hiareshis.tw 12796 72.236.188.20 ebanking-services-id1716933.usbank.com.reportid.tw 12797 68.74.148.74 interactsession-981339.regions.com.usersetup.io Domain registration info Phish domain Registrar hfyr3.hk HKDNR 6/09/2007 hiareshis.tw SEEDNET 6/06/2007 mttu.jp JPRS 6/08/2007 reportid.tw SEEDNET 6/09/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-10 23:36:38 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 11, 2007 Here is the Monday report: 12844 69.91.96.241 ebanking-services-id3973569423.usbank.com.hiareshis.tw 12845 69.243.51.85 interactsession-631962.regions.com.usersetup.io 12846 69.243.51.85 interactsession-459168.regions.com.usersetup.io 12847 24.192.37.0 session-43708753.nationalcity.com.protn.as 12848 86.101.41.136 ebanking-services-id94070.usbank.com.blaet.hk 12849 24.192.37.0 session-76676.nationalcity.com.kitrt.cn 12850 69.243.51.85 interactsession-3848265992.regions.com.mttu.jp 12851 69.243.51.85 interactsession-18444.regions.com.prdir.tw 12852 69.91.96.241 ebanking-services-id8722972911.usbank.com.loginid.tw 12853 24.192.37.0 session-95702820.nationalcity.com.dllet.bz 12854 69.91.96.241 ebanking-services-id747987.usbank.com.server55.tw 12959 temp_dns_fail session-4674347.nationalcity.com.dllet.bz Domain registration info Phish domain Registrar blaet.hk HKDNR 6/08/2007 dllet.bz BelizeNIC 6/08/2007 hiareshis.tw SEEDNET 6/06/2007 kitrt.cn www.cnnic.net.cn 6/08/2007 loginid.tw SEEDNET 6/08/2007 mttu.jp JPRS 6/08/2007 prdir.tw SEEDNET 6/05/2007 protn.as ASNIC 6/08/2007 server55.tw SEEDNET 6/05/2007 usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 SMILE-NP.COM eNom 4/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-11 23:52:32 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 12, 2007 Here is the report for Tuesday: 12964 64.131.229.215 session-95262610.nationalcity.com.mtpro.tw 12968 64.131.229.215 session-578838382.nationalcity.com.dllet.bz 12972 69.91.96.241 treasury-session5873220653.pnc.com.orensigo.tw 12974 64.131.229.215 session-4476520809.nationalcity.com.dllet.bz 12977 64.131.229.215 session-4476520809.nationalcity.com.dllet.bz 12979 68.185.245.207 ebanking-services-id09652767.usbank.com.mykisry.at 12980 68.185.245.207 treasury-59587.wamu.com.ply.at 12981 68.185.245.207 ebanking-services-id930488.usbank.com.to4cby.hk Domain registration info Phish domain Registrar dllet.bz BelizeNIC 6/08/2007 mtpro.tw SEEDNET 6/05/2007 mykisry.at AT-DOM 6/11/2007 orensigo.tw SEEDNET 6/07/2007 ply.at AT-DOM 6/11/2007 to4cby.hk HKDNR 6/11/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 SMILE-NP.COM eNom 4/28/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-12 23:51:21 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 13, 2007 Here is the report for Wednesday: 12991 85.105.139.133 interact.regions.com.ref17kcyndrfc.lowester.tw 13005 65.42.243.153 session-15973.nationalcity.com.protn.as 13007 65.42.243.153 session-28408919.nationalcity.com.dllet.bz 13055 65.42.243.153 session-9714904833.nationalcity.com.protn.as 13056 71.58.117.3 interactsession-84096228.regions.com.prdir.tw 13058 71.58.117.3 interactsession-794129729.regions.com.putadem.as 13072 71.133.7.165 session-5767552392.nationalcity.com.kitrt.cn 13073 24.98.230.79 treasury-7886611.wamu.com.kiry.at 13074 24.122.151.145 session-974638.nationalcity.com.dllet.bz Domain registration info Phish domain Registrar dllet.bz BelizeNIC 6/08/2007 kiry.at AT-DOM 6/11/2007 kitrt.cn www.cnnic.net.cn 6/08/2007 lowester.tw SEEDNET 6/07/2007 prdir.tw SEEDNET 6/05/2007 protn.as ASNIC 6/08/2007 putadem.as ASNIC 6/11/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 SMILE-NP.COM eNom 3/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-13 23:40:21 · (locked)
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to nwrickert Rock phish report Jun 14, 2007 Some of the phish domains listed below have several IP addresses. I am listing only one. IP addresses change, as the phishers replace one trojanized machine with another to do their dirty work. Where I list "phish_is_down", a current DNS lookup does not yield an IP address with a phish page. (Different registries do this in different ways). However, you might get different results if your DNS server is using previously cached information about these domains. Here is the report for Thursday: 13078 24.215.99.135 interactsession-34885180.regions.com.prdir.tw 13100 phish_is_down ebanking-services-id56198255.usbank.com.gisooner.tw 13101 phish_is_down ebanking-services-id72431905.usbank.com.gisooner.tw 13102 NXDOMAIN treasury-5716763.wamu.com.to4cby.hk 13103 24.98.230.79 treasury-57321.wamu.com.ply4u.at 13104 24.98.230.79 ebanking-services-id71305517.usbank.com.ply.at 13105 84.108.101.10 interact.regions.com.ref13cridr.erroloer.biz 13106 66.66.80.194 interactsession-08214771.regions.com.prdir.tw 13107 24.137.71.198 session-4154201104.nationalcity.com.protn.as 13108 66.66.80.194 interactsession-7580972.regions.com.prdir.tw 13109 66.66.80.194 interactsession-81477950.regions.com.prdir.tw 13110 84.108.101.10 www.volksbank.de.vr-web.sid13cridr.kisry.at 13111 phish_is_down treasury-4090148818.wamu.com.newinf.at 13112 24.137.71.198 session-013989.nationalcity.com.dllet.bz 13113 NXDOMAIN session-68889178.nationalcity.com.mtpro.tw 13115 24.137.71.198 session-80005827.nationalcity.com.protn.as 13117 66.66.80.194 interactsession-05388.regions.com.usersetup.io 13118 82.233.59.250 treasury-session8508246.pnc.com.fulltrack.tw 13193 24.137.71.198 session-72156086.nationalcity.com.protn.as 13196 68.74.148.74 session-104254169.nationalcity.com.kitrt.cn Domain registration info Phish domain Registrar dllet.bz BelizeNIC 6/08/2007 erroloer.biz REGISTER.COM 6/08/2007 fulltrack.tw SEEDNET 6/09/2007 gisooner.tw SEEDNET 6/07/2007 (suspended?) kisry.at AT-DOM 6/11/2007 kitrt.cn www.cnnic.net.cn 6/08/2007 mtpro.tw SEEDNET 6/05/2007 (suspended ?) mykisry.at AT-DOM 6/11/2007 newinf.at AT-DOM 6/13/2007 (suspended) ply4u.at AT-DOM 6/11/2007 ply.at AT-DOM 6/11/2007 prdir.tw SEEDNET 6/05/2007 protn.as ASNIC 6/08/2007 to4cby.hk HKDNR 6/11/2007 (suspended) usersetup.io NIC.IO 5/12/2007 DNS server domain Registrar 1MAY-DAY.CN www.cnnic.net.cn 5/04/2007 AHULLED.COM REGISTER.COM 6/08/2007 SMILE-NP.COM eNom 3/28/2007 VIDEO-RTV.COM INFO AVENUE 3/29/2007 -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-06-14 23:42:16 · (locked)

Broadband Tech > Security > Scam and Phishbusters > Rock phish information

Rock phish report May 27, 2007

Rock phish report May 28, 2007

Rock phish report May 29, 2007

Rock phish report May 30, 2007

Rock phish report May 31, 2007

Rock phish report Jun 01, 2007

Rock phish report Jun 02, 2007

Rock phish report Jun 03, 2007

Rock phish report Jun 04, 2007

Rock phish report Jun 05, 2007

Rock phish report Jun 06, 2007

Rock phish report Jun 07, 2007

Rock phish report Jun 08, 2007

Rock phish report Jun 09, 2007

Rock phish report Jun 10, 2007

Rock phish report Jun 11, 2007

Rock phish report Jun 12, 2007

Rock phish report Jun 13, 2007

Rock phish report Jun 14, 2007