nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
3 edits | reply to nwrickert
Rock phish report Feb 21, 2007
Rock phish submitted so far today:
8547 221.136.70.13 www.53.com.bankingportal.id117936582302.mifcc.cc
8548 221.136.70.13 www.53.com.bankingportal.id9560751310258.mifinco.cc
8549 221.136.70.13 www.53.com.bankingportal.id563012563.alktet.biz
8552 221.136.70.13 www.53.com.bankingportal.id9838049107.tlsuygb.biz
8554 221.136.70.13 www.53.com.bankingportal.id070477844.mifm.cc
8559 NXDOMAIN www.53.com.bankingportal.id47925019656.jsergt.info
8565 211.192.25.70 www.53.com.bankingportal.id24689132998107.f3jopert.info
8566 81.214.110.144 www.53.com.bankingportal.id5566120571.moremi3or.biz
8567 NXDOMAIN www.53.com.bankingportal.id92623044212.bestnat.info
8568 NXDOMAIN www.53.com.bankingportal.id053928549.yournat.com
8569 81.214.110.144 www.53.com.bankingportal.id19023934.mifcc.cc
8575 81.214.110.144 www.53.com.bankingportal.id6122331.gsight.tv
Registrars hall of shame
Registrars hall of shame
Phish domain Registrar
alktet.biz REGISTER.COM 2/20/2007
bestnat.info unknown
f3jopert.info Name IT Corporation 2/08/2007
gsight.tv REGISTER.COM 2/20/2007
jsergt.info unknown
mifinco.cc REGISTER.COM 2/19/2007
mifcc.cc REGISTER.COM 2/19/2007 (cancelled ?)
mifm.cc REGISTER.COM 2/19/2007
moremi3or.biz ADVANCED INTERNET TECHNOLOGIES 2/01/2007
tlsuygb.biz REGISTER.COM 2/20/2007
yournat.com NAME IT CORPORATION 2/20/2007
DNS server domain Registrar
AIT-NS.COM NAME IT CORPORATION 2/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
2 edits | reply to nwrickert
Rock phish report Feb 22, 2007
Here are today's rock phish submissions:
8581 81.214.110.144 www.53.com.bankingportal.id3128171363.moremi3or.biz
8594 221.136.70.13 www.53.com.portal.busid51637.jmicf.info
8595 204.13.160.28 www.53.com.bankingportal.id48502190826.tirotie.info
8596 204.13.160.28 www.53.com.bankingportal.id5369569760.tirotie.info
8598 211.192.25.70 www.53.com.bankingportal.id508147944.nmmi.info
8599 211.192.25.70 www.53.com.bankingportal.id581638586305.jmicf.info
8601 NXDOMAIN www.53.com.bankingportal.id238889820966.
Registrars hall of shame
Phish domain Registrar
jmicf.info NAME IT CORPORATION 2/01/2007
moremi3or.biz ADVANCED INTERNET TECHNOLOGIES 2/01/2007
nmmi.info NAME IT CORPORATION 2/01/2007
tirotie.info REGISTER.COM 2/14/2007
DNS server domain Registrar
AIT-NS.COM NAME IT CORPORATION 2/08/2007
FATLOP-MS.INFO REGISTER.COM 2/20/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
3 edits | reply to nwrickert
Rock phish report Feb 23, 2007
Here is the summary info on rock phish submitted today
8611 81.214.110.144 www.53.com.portal.busid548898595.freeuli.info
8613 221.136.70.13 www.53.com.portal.busid32167.jolope.info
8615 221.136.70.13 www.53.com.bankingportal.id0080929.ntiaser.us
8618 81.214.110.144 www.53.com.bankingportal.id4283961438376.jmicf.info
8619 221.136.70.13 www.53.com.bankingportal.id31064023105.otieder.info
8622 temp failure www.53.com.bankingportal.id881329097915.diumme.tv
8625 NXDOMAIN www.53.com.portal.busid39955.otieder.info
8631 temp failure militarybankonline.bankofamerica.id7365721.onlineserviceweb.com
8639 211.3.150.92 www.53.com.bankingportal.id70370117067591.hotuli.info
8642 211.3.150.92 www.53.com.bankingportal.id9168333596.nmmi.info
8643 211.3.150.92 www.53.com.bankingportal.id2231030.onlineuli.info
8644 NXDOMAIN www.53.com.bankingportal.id3824842.ayoler.biz
8645 211.3.150.92 www.53.com.bankingportal.id61172807080.hotuli.info
8648 211.3.150.92 www.53.com.bankingportal.id6101768305.moremi3or.biz
Registrars hall of shame
Phish domain Registrar
ayoler.biz unknown
diumme.tv REGISTER.COM 2/22/2007
freeuli.info NAME IT CORPORATION 2/22/2007
hotuli.info NAME IT CORPORATION 2/22/2007
jmicf.info NAME IT CORPORATION 2/01/2007
jolope.info unknown
moremi3or.biz ADVANCED INTERNET TECHNOLOGIES 2/01/2007
nmmi.info NAME IT CORPORATION 2/01/2007
ntiaser.us unknown
onlineserviceweb.com REGISTER.COM 2/22/2007
onlineuli.info NAME IT CORPORATION 2/22/2007
otieder.info unknown
DNS server domain Registrar
FATLOP-MS.INFO REGISTER.COM 2/20/2007
LEZZ-ME.BIZ unknown
VIRTUALULI.INFO NAME IT CORPORATION 2/22/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
1 edit | reply to nwrickert
Rock phish report Feb 24, 2007
Today's rock phish submission info:
8653 211.170.89.168 www.53.com.portal.busid171891.nmmi.info
8656 NXDOMAIN www.53.com.portal.busid74441.blokter.us
8658 211.170.89.168 www.53.com.bankingportal.id684209401.0cid.info
8661 NXDOMAIN www.53.com.bankingportal.id392361007.
8662 NXDOMAIN www.53.com.bankingportal.id2229495271.
8671 218.38.140.198 www.53.com.bankingportal.id07101092634.gecid.info
8672 218.38.140.198 www.53.com.bankingportal.id731563762.jmicf.info
Registrars hall of shame
Phish domain Registrar
0cid.info NAME IT CORPORATION 2/23/2007
blokter.us unknown
gecid.info NAME IT CORPORATION 2/23/2007
jmicf.info NAME IT CORPORATION 2/01/2007
nmmi.info NAME IT CORPORATION 2/01/2007
DNS server domain Registrar
FATLOP-MS.INFO REGISTER.COM 2/20/2007
IN-CID.INFO NAME IT CORPORATION 2/23/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
1 edit | reply to nwrickert
Rock phish report Feb 25, 2007
Here is info on today's submissions:
8685 219.251.166.157 www.53.com.bankingportal.id83142625.moremi3or.biz
8686 219.251.166.157 www.53.com.bankingportal.id686361592.gecid.info
8687 219.251.166.157 www.53.com.bankingportal.id58354449736754.lgcid.info
8712 219.251.166.157 www.53.com.portal.busid28524.theluk.biz
8713 219.251.166.157 www.53.com.portal.busid8769256.luk2u.biz
8714 219.251.166.157 www.53.com.bankingportal.id1625909.lgcid.info
8715 219.251.166.157 www.53.com.portal.busid22169.moremi3or.biz
8716 219.251.166.157 www.53.com.bankingportal.id93495862204766.lgcid.info
8717 219.251.166.157 www.53.com.bankingportal.id846172756477.clodetw.info
8719 NXDOMAIN www.53.com.portal.busid29887.
Registrars hall of shame
Phish domain Registrar
clodetw.info REGISTER.COM 2/24/2007
gecid.info NAME IT CORPORATION 2/23/2007
lgcid.info NAME IT CORPORATION 2/23/2007
luk2u.biz WILD WEST DOMAINS 2/24/2007
moremi3or.biz ADVANCED INTERNET TECHNOLOGIES 2/01/2007
theluk.biz WILD WEST DOMAINS 2/24/2007
DNS server domain Registrar
BESTGIO.INFO NAME IT CORPORATION 2/24/2007
IN-CID.INFO NAME IT CORPORATION 2/23/2007
GLOT-PO.COM REGISTER.COM 2/24/2007
JUSTFIF.INFO NAME IT CORPORATION 2/24/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by nwrickert  :......... Registrars hall of shame........................ Thanks once again for compiling and publishing this Rockphish info.
NAME IT CORPORATION and ADVANCED INTERNET TECHNOLOGIES are one and the same, and it appears that they are now the Rockphisher's registrar du jour.
I just sent them a DSLR notification email with a list of 20 domains and 7 dns names culled from the last 5 days of your reports. The notice was sent to the address of record for them at ICANN, icanncompliance[at]aitcom.net and also to abuse and support[at]aitdomains.com.
I will follow up with a telephone call Monday.
MGD |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| They looked to me as if two branches of the same company. Their web pages don't have an obvious place for reporting abuse problems.
Thanks for sending the notification. I did send one myself last week (using the web page for contacting the owner of Advanced Internet Tech.) I haven't had time to do that in the last couple of days.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| It appears that the registrar has moved on some of the older rockphish domains.
A password reset on the domains generates varying responses.
Older ones trigger that a reset notice is being sent to
legal[at]ait.com indicating some level of revocation.
Others produce notices going to: subs@ait.com (domain cloaking), demon3@online.ua, afon@online.ua, which are rockphisher email accounts.
MGD |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
1 edit | reply to nwrickert
Rock phish report Feb 26, 2007
Info on submissions for 26th.
8720 221.156.106.42 www.53.com.portal.busid723906817.xacid.info
8722 81.214.110.144 www.53.com.bankingportal.id7962151289493.ixace.biz
8727 81.214.110.144 www.53.com.portal.busid835946415.theluk.biz
8733 NXDOMAIN www.53.com.portal.busid997009.pvcid.info
8739 211.192.25.70 www.53.com.bankingportal.id77441724033.jmicf.info
8748 NXDOMAIN www.53.com.bankingportal.id81140890756096.medgi.info
8750 211.192.25.70 www.53.com.bankingportal.id1034792067.nmmi.info
Registrars hall of shame
Phish domain Registrar
ixace.biz ADVANCED INTERNET TECHNOLOGIES 2/24/2007 (cancelled?)
jmicf.info NAME IT CORPORATION 2/01/2007
medgi.info unknown
nmmi.info NAME IT CORPORATION 2/01/2007
pvcid.info unknown
theluk.biz WILD WEST DOMAINS 2/24/2007 (cancelled?)
xacid.info NAME IT CORPORATION 2/23/2007 (cancelled?)
DNS server domain Registrar
FATLOP-MS.INFO REGISTER.COM 2/20/2007
IN-CID.INFO NAME IT CORPORATION 2/23/2007 (cancelled?)
NIX2YOU.BIZ ADVANCED INTERNET TECHNOLOGIES 2/24/2007 (cancelled?)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to MGD
Re: Rock phish report Feb 25, 2007
It appears that the registrar has moved on some of the older rockphish domains. That's probably why today is a light day for rockphish submissions. Thanks for your efforts. CastleCops has probably been working on these too.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
2 edits | reply to nwrickert
Rock phish report Feb 27, 2007
Submissions for 27th (so far)
8752 220.118.86.57 online.bbandt.com.onlineservlet_id348598.ksertt.us
8753 211.192.25.70 www.53.com.banking.session0699821829.jmicf.info
8754 220.118.86.57 online.bbt.com.onlineservlet_id8409633.myglotpo.cc
8759 dns temp fail online.bbt.com.onlineservlet_id44223118.jmicf.info
8764 220.118.86.56 online.bbt.com.onlineservlet_id60690.riquep.biz
8765 220.118.86.56 online.bbandt.com.onlineservlet_id001015830.yekole.us
8767 200.247.140.58 online.bbandt.com.onlineservlet_id7783979982.rufpwj.info
Registrars hall of shame
Phish domain Registrar
jmicf.info NAME IT CORPORATION 2/01/2007
ksertt.us REGISTER.COM 2/24/2007 (cancelled ?)
myglotpo.cc REGISTER.COM 2/24/2007 (cancelled ?)
riquep.biz REGISTER.COM 2/27/2007
rufpwj.info REGISTER.COM 2/27/2007
yekole.us REGISTER.COM 2/27/2007
DNS server domain Registrar
FATLOP-MS.INFO REGISTER.COM 2/20/2007
GLOT-PO.COM REGISTER.COM 2/24/2007 (cancelled ?)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| It appears that AIT has now faced the problem head on:
Both the NMMI.INFO and JMICF.INFO show revocation updates today 02/27 of:
Domain ID:D16345334-LRMS
Domain Name:JMICF.INFO
Created On:01-Feb-2007 22:00:28 UTC
Last Updated On:27-Feb-2007 17:00:42 UTC
Expiration Date:01-Feb-2008 22:00:28 UTC
Sponsoring Registrar:The Name IT Corporation dba NameServices.net (R182-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:C2644983-LRMS
Registrant Name:AIT Inc . AIT Inc
Registrant Organization:Advanced Internet Technologies, Inc
Registrant Street1:421 Maiden Lane
Registrant Street2:
Registrant Street3:
Registrant City:Fayetteville
Registrant State/Province:NC
Registrant Postal Code:28301
Registrant Country:US
Registrant Phone:+1.9108775492881
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:legal@ait.com
A DSLR notification was sent to register.com at the ICANN listed address of legal[at]register.com, plus the abuse address, notifying them of the current domains on your list.
Expect the rockphisher to head back to hard to reach foreign registrars, and refocus on end of week spam runs so they have the weekend to run.
MGD |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
3 edits | reply to nwrickert
Rock phish report Feb 28, 2007
Here are today's rock phish submissions:
8770 NXDOMAIN www.53.com.banking.session9022507.ngopr.us
8771 NXDOMAIN online.bbandt.com.onlineservlet_id4500969.ngopr.us
8772 81.214.110.144 online.bbt.com.onlineservlet_id8988585.superlzl.biz
8775 NXDOMAIN online.bbandt.com.onlineservlet_id473551.myglotpo.cc
8781 219.251.166.157 online.bbandt.com.onlineservlet_id6725357.superlzl.biz
8784 NXDOMAIN www.53.com.banking.session668654581.ueryofn.us
8786 NXDOMAIN online.bbt.com.onlineservlet_id24563.
8792 NXDOMAIN online.bbandt.com.onlineservlet_id23006050.lzlow.biz
8793 NXDOMAIN online.bbandt.com.onlineservlet_id0884058177.lzlow.biz
8794 NXDOMAIN online.bbandt.com.onlineservlet_id3877653.ngopr.us
8795 NXDOMAIN online.bbandt.com.onlineservlet_id51674.ngopr.us
8796 NXDOMAIN online.bbt.com.onlineservlet_id18867.yekole.us
Domain registration info
Phish domain Registrar
lzlow.biz unknown
myglotpo.cc REGISTER.COM 2/24/2007 (cancelled ?)
ngopr.us unknown
superlzl.biz ADVANCED INTERNET TECHNOLOGIES 2/28/2007 (cancelled ?)
ueryofn.us unknown
yekole.us REGISTER.COM 2/27/2007 (cancelled ?)
DNS server domain Registrar
ONLINELZL.BIZ ADVANCED INTERNET TECHNOLOGIES 2/28/2007 (cancelled ?)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | reply to MGD
Re: Rock phish report Feb 27, 2007
This morning (28th), I sent AIT a DSLR notification on "superlzl.biz" and its associated DNS server domain "ONLINELZL.BIZ". Both seem to have been taken down.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
1 edit | reply to nwrickert
Rock phish report Mar 01, 2007
Info on today's rock phish submissions:
8810 219.251.166.157 online.bbt.com.onlineservlet_id381406044.gawie.info
8829 NXDOMAIN online.bbt.com.onlineservlet_id33810.opfly.info
8830 NXDOMAIN online.bbt.com.onlineservlet_id4835066.bestdotorg.com
8831 NXDOMAIN online.bbt.com.onlineservlet_id733354167.opfly.info
8834 85.130.89.181 online.bbt.com.onlineservlet_id30562824.agvej.com
8837 81.214.110.144 www.53.com.banking.session658134.agvej.com
Domain registration info
Phish domain Registrar
agvej.com REGISTER.COM 3/01/2007
bestdotorg.com unknown
gawie.info unknown
opfly.info unknown
DNS server domain Registrar
JTLEE-EJ.NET REGISTER.COM 3/01/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
1 edit | reply to nwrickert
Rock phish report Mar 02, 2007
Rock phish info from today's submissions:
8846 NXDOMAIN online.bbt.com.onlineservlet_id161865.agvej.com
8847 NXDOMAIN online.bbt.com.onlineservlet_id506459.fermetalltd.info
8848 85.130.89.181 online.bbt.com.onlineservlet_id81131.ferprojet.info
8852 85.130.89.181 www.53.com.bankingportal.id5571192249.fw4ervirt.info
8853 NXDOMAIN online.bbt.com.onlineservlet_id699966.yourdotjobs.com
8856 85.130.89.181 online.bbandt.com.onlineservlet_id7423816082.agvjtleeej.net
8862 NXDOMAIN online.bbandt.com.onlineservlet_id1447667079.maslis.com
8863 NXDOMAIN online.bbt.com.onlineservlet_id230647.fervirtuel.info
8865 NXDOMAIN www.53.com.banking.session7169110168.fw4ervirt.info
Domain registration info
Phish domain Registrar
agvej.com REGISTER.COM 3/01/2007 (cancelled ?)
agvjtleeej.net REGISTER.COM 3/01/2007 (cancelled ?)
fermetalltd.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
ferprojet.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
fervirtuel.info unknown
fw4ervirt.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
maslis.com unknown
yourdotjobs.com unknown
DNS server domain Registrar
FERNIEFLYFISHING.INFO NAME IT CORPORATION 3/01/2007 (cancelled ?)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
3 edits | reply to nwrickert
Rock phish report Mar 03, 2007
Info on today's rock phish submissions.
8876 NXDOMAIN online.bbt.com.onlineservlet_id762354748.fermonde.info
8877 NXDOMAIN online.bbt.com.onlineservlet_id054861989.ferprojet.info
8878 NXDOMAIN online.bbt.com.onlineservlet_id86124.fermonde.info
8879 NXDOMAIN www.53.com.banking.session24147868.lisguia.com
8881 218.38.58.157 online.bbt.com.onlineservlet_id26539208.userdtt.hk
8885 NXDOMAIN online.bbt.com.onlineservlet_id28898281.lisguia.com
8886 NXDOMAIN online.bbt.com.onlineservlet_id898504.fermetalltd.info
8888 NXDOMAIN www.53.com.banking.session12519702.lisguia.com
8893 NXDOMAIN online.bbt.com.onlineservlet_id809051.lisguia.com
8894 NXDOMAIN online.bbt.com.onlineservlet_id4182966402.lisguia.com
8895 NXDOMAIN online.bbandt.com.onlineservlet_id310487719.maslis.com
8896 NXDOMAIN online.bbt.com.onlineservlet_id84800.fervirtuel.info
8897 NXDOMAIN online.bbt.com.onlineservlet_id3663427.lisguia.com
8898 NXDOMAIN online.bbt.com.onlineservlet_id57928.fermonde.info
8899 NXDOMAIN online.bbt.com.onlineservlet_id415268431.ferprojet.info
Domain registration info
Phish domain Registrar
fermetalltd.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
fermonde.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
ferprojet.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
fervirtuel.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
lisguia.com NAME IT CORPORATION 3/01/2007 (cancelled ?)
maslis.com NAME IT CORPORATION 3/01/2007 (cancelled ?)
userdtt.hk HKDNR 3/02/2007
DNS server domain Registrar
JTLEE-EJ.NET REGISTER.COM 3/01/2007 (cancelled ?)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
1 edit | reply to nwrickert
Rock phish report Mar 04, 2007
The rock phish group might be having a bad weekend. Yesterday's submissions were busts, and today isn't looking too bright either. Some of the registrars appear to have started paying more attention to the way they were being scammed by the rock phish group, so it seems that the domains they intended to use this weekend have mostly been taken down.
Here are today's submissions so far:
8909 NXDOMAIN online.bbt.com.onlineservlet_id946650936.lissitio.com
8925 219.251.166.157 online.bbt.com.onlineservlet_id3326683848.fkirx.us.com
Domain registration info
Phish domain Registrar
fkirx.us.com CENTRALNIC.NET 3/03/2007
lissitio.com NAME IT CORPORATION 3/01/2007 (cancelled ?)
DNS server domain Registrar
CLUBINTELLIS.COM NAME IT CORPORATION 3/01/2007 (cancelled ?)
LINCH-WU.NET REGISTER.COM 3/04/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
3 edits | reply to nwrickert
Rock phish report Mar 05, 2007
Today's submissions:
8934 219.251.166.157 online.bbt.com.onlineservlet_id621692.skredr.co.nz
8935 219.251.166.157 online.bbt.com.onlineservlet_id061034.dlkie.vg
8940 NXDOMAIN online.bbt.com.onlineservlet_id409066.justsop.info
8951 219.251.166.157 online.bbt.com.onlineservlet_id097320812.hktech.hk
8954 NXDOMAIN online.bbt.com.onlineservlet_id052485.fw1881.net
Domain registration info
Phish domain Registrar
dlkie.vg (via REGISTER.COM) date not available
fw1881.net REGISTER.COM 3/03/2007 (cancelled ?)
hktech.hk HKDNR 3/05/2007
justsop.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
skredr.co.nz REGISTER.COM 3/03/2007 (cancelled ?)
DNS server domain Registrar
CARROLLIGI.NET REGISTER.COM 3/02/2007 (cancelled ?)
DUSHD-NU.INFO NAME IT CORPORATION 3/05/2007 (cancelled ?)
JUSTNYU.INFO NAME IT CORPORATION 3/02/2007 (cancelled ?)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to nwrickert
Re: Rock phish report Mar 03, 2007
said by nwrickert :Info on today's rock phish submissions. ....................... Domain registration infoPhish domain Registrar
fermetalltd.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
fermonde.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
ferprojet.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
fervirtuel.info NAME IT CORPORATION 3/01/2007 (cancelled ?)
lisguia.com NAME IT CORPORATION 3/01/2007 (cancelled ?)
maslis.com NAME IT CORPORATION 3/01/2007 (cancelled ?)
userdtt.hk HKDNR 3/02/2007
DNS server domain Registrar
JTLEE-EJ.NET REGISTER.COM 3/01/2007 (cancelled ?) Looks real good !!
Nailing the domain reg. of the Rockphisher which is the soft belly of this beast, is turning out to be the most effective method of nullifying the roving botnet advantage. However, the domains must be revoked promptly for it to be effective.
I know there are several groups including Castlecops who are focusing on that attack vector. |
|
