nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 15, 2007
Here is the report for Friday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 16, 2007
A relatively quiet day for rockphish. Phish #13365 is a bit of a puzzle, in that the domain used was already suspended yesterday. So why did they bother to send a phish that could not work? I guess they started the mailing before they knew the domain was suspended, and perhaps the mailing went slowly enough that it was still pumping them out 24 hours later.
Here is the report for Saturday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
2 edits | reply to nwrickert
Rock phish report Jun 17, 2007
Here is the Sunday report:
Domain registration info
(edit subtitle line to correct date - oops, edited the wrong message)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
1 edit | reply to nwrickert
Rock phish report Jun 18, 2007
Black marks to PRIMUS TELECOMMUNICATIONS PTY LTD. I sent two phish reports for domains registered through PRIMUS. Both emails were rejected as spam. Then I sent a seperate short email with no html, asking how I should send them these reports. This separate email made it past their spam filters, but then failed on a delivery error. It looks as if PRIMUS is happy to aid and abet phishers, and has shut themselves off from being informed of the problem.
Here is the report for Monday:
Domain registration info
(edit subtitle line to correct date)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
3 edits | reply to nwrickert
Rock phish report Jun 19, 2007
Here is the Tuesday report:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 20, 2007
The report for Wednesday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 21, 2007
The report for Thursday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 22, 2007
The Friday report:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 23, 2007
The report for Saturday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 24, 2007
The Sunday report:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 25, 2007
Report for Monday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 26, 2007
Here is the report for Tuesday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 27, 2007
The Wednesday report:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
s0tet
join:2005-06-08
1 edit | Based on this info, it appears that the rockphish gangs are back to using .HK (HKDNR) after all the media hoopla around .AT (Nic.AT) domains and Spamhaus. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by s0tet  :Based on this info, it appears that the rockphish gangs are back to using .HKg HKDNR after all the media hoopla around .AT (Nic.AT) domains and Spamhaus. Ref: »www.spamhaus.org/organization/st···so?ref=7
I don't think they ever completely stopped, just a reduction. In my opinion .hk should have been blacklisted by spamhaus a long time ago. Initially they were unresponsive to dozens of emails that were sent to them regarding Rockphish domains. They are only making at best a mediocre attempt at removing them now. Phishers are quite content if they domains stay up for several days, that covers several phish runs.
MGD |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to s0tet
I agree with MGD , that they have never stopped using HKDNR. They have also been trying several other registries, but they have continued to use .HK
What has become clear, is the extent to which the domain registration system is broken. It is far too easy for a scammer to register a domain under a false or stolen identity, charge that registration to a stolen credit card, then use the new domain for fraud. And once discovered, the scammer can simply abandon that domain and register a new one to continue is fraudulent activities.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 28, 2007
The report for Thursday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
s0tet
join:2005-06-08
| quote:
In my opinion .hk should have been blacklisted by spamhaus a long time ago.
No kidding! Spamhaus did the right thing (IMHO) they block other providers for various reasons (well founded and well researched ones that that). What amazes and saddens me is so many the people out there many of whom apparently know very little about Spamhaus have jumped all over Spamhaus case in blocking the Nic.AT registry for NOT responding to pulling down fraud domains.
Here is a thread in the anti-spam Kill Spammer's forum which contains links to several the Nic.AT stories:
»thecarpcstore.com/phpbb2/viewtopic.php?t=868
Many German speakers were jumping on Spamhaus' case on the Heise story:
»www.heise.de/newsticker/meldung/91417
[sigh]
I get the impression many of these people do NOT know what phishing is or rockphish for that matter.
 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| I certainly have not been one to jump over spamhaus. They generally have good judgement.
The rockphish gang are still using AT-DOM too. I note recently registered domains "vlpalive.at", "mysalom.at" and "salom.at" showing up in phish submitted today.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to nwrickert
Rock phish report Jun 29, 2007
Here is the report for Friday:
Domain registration info
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
