republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Scam and Phishbusters > Rock phish information - continued

Search Topic:
 Uniqs:
60003		 Share Topic
Posting?
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
page: 1 · 2 · 3 · 4 ... 21 · 22 · 23
AuthorAll Replies


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish information - continued

This continues the series of reports that started in »Rock phish information

See that previous thread for general information on what is rock phish.

The main purpose of this thread is to document some of the activities of the rock phishers, particularly their practice of registering new domains for phishing, using those new domains for a few days or weaks then abandoning them (if they are not already suspended due to payment with a stolen credit card).
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-07-28 00:54:28 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Jul 27, 2007

The report for Friday:
14862 60.209.122.34     userconfirmationform-id04215.ebay.com.lkirewen.hk
14864 60.209.122.34     moneymanagergps.session-358911.citizensbank.com.zapara.ws
14865 60.209.122.34     moneymanagergps.session-0846769.citizensbank.com.mulity.st
14868 60.209.122.34     moneymanagergps.session-770365.citizensbank.com.codelog.hk

Domain registration info

   Phish domain         Registrar

codelog.hk      HKDNR                   7/27/2007
lkirewen.hk     HKDNR                   7/27/2007
mulity.st       ST Registry             7/26/2006
zapara.ws       Wild West Domains       7/26/2007


DNS server domain         Registrar

macart.hk       HKDNR                   7/24/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-07-28 00:55:55 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to nwrickert

Rock phish report Jul 28, 2007

Here is the Saturday report:
14869 NXDOMAIN          moneymanagergps.session-394615.citizensbank.com.lopert.hk
14870 60.209.122.34     moneymanagergps.session-71467.citizensbank.com.codelog.hk
14871 74.13.148.176     nfbconnect-286731245.northforkbank.com.kgs.kg
14872 60.209.122.34     moneymanagergps.session-9128524054.citizensbank.com.lkirewen.hk
14873 60.209.122.34     moneymanagergps.session-9406476586.citizensbank.com.lognote.hk
14876 24.67.46.85       nfbconnect-346069.northforkbank.com.kgs.kg
14880 60.48.96.88       nfbconnect-4398208708.northforkbank.com.stack.kg

Domain registration info

   Phish domain         Registrar

codelog.hk      HKDNR                   7/27/2007
kgs.kg          www.domain.kg           7/19/2007
lkirewen.hk     HKDNR                   7/27/2007
lognote.hk      HKDNR                   7/27/2007
lopert.hk       HKDNR                   7/27/2007 (suspended)
stack.kg        www.domain.kg           7/16/2006


DNS server domain         Registrar

jumpmo.com      REGISTER.COM            6/21/2007
macart.hk       HKDNR                   7/24/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-07-28 23:50:30 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to nwrickert

Rock phish report Jul 29, 2007

The report for Sunday:
14882 60.209.122.34     userconfirmationform-id337771720.ebay.com.air99.kz
14883 60.209.122.34     moneymanagergps.session-47557354.citizensbank.com.lognote.hk
14886 60.209.122.34     moneymanagergps.session-47534.citizensbank.com.lognote.hk
14888 60.209.122.34     moneymanagergps.session-9024172633.citizensbank.com.uyuser.hk
14890 60.209.122.34     moneymanagergps.session-65049.citizensbank.com.lomdos.hk

Domain registration info

   Phish domain         Registrar

air99.kz        KazNIC                  7/26/2007
lognote.hk      HKDNR                   7/27/2007
lomdos.hk       HKDNR                   7/27/2007
uyuser.hk       HKDNR                   7/27/2007


DNS server domain         Registrar

macart.hk       HKDNR                   7/24/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-07-29 23:51:05 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to nwrickert

Rock phish report Jul 30, 2007

Here is the report for Monday:
14909 NXDOMAIN          userconfirmationform-id15448.ebay.com.veranad.hk
14910 NXDOMAIN          moneymanagergps.session-725367859.citizensbank.com.codelog.hk

Domain registration info

   Phish domain         Registrar

codelog.hk      HKDNR                   7/27/2007 (suspended)
veranad.hk      HKDNR                   7/27/2007 (suspended)


DNS server domain         Registrar

macart.hk       HKDNR                   7/24/2007 (suspended)


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-07-30 23:47:13 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to nwrickert

Rock phish report Jul 31, 2007

The Tuesday report:
14914 200.101.34.179    moneymanagergps.session-4250607602.citizensbank.com.rockey.biz
14918 NXDOMAIN          userconfirmationform-id8631870.ebay.com.rockey.biz
14937 phish_is_down     moneymanagergps.session-060506111.citizensbank.com.proi.tk
14938 NXDOMAIN          moneymanagergps.session-216149.citizensbank.com.rockey.biz
14942 NXDOMAIN          easyweb.serverid-250368626.tdcanadatrust.com.stack.kg

Domain registration info

   Phish domain         Registrar

proi.tk         Dot TK registry         7/??/2007 (suspended)
rockey.biz      WILD WEST DOMAINS       7/30/2007 (cancelled)
stack.kg        www.domain.kg           7/16/2006 (suspended)


DNS server domain         Registrar

fusipo.com      WILD WEST DOMAINS       7/30/2007 (cancelled)


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-01 00:16:01 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to nwrickert

Rock phish report Aug 01, 2007

The Wednesday report:
14951 60.209.122.34     moneymanagergps.session-49301510.citizensbank.com.pretr.la
14958 60.209.122.34     moneymanagergps.session-30168082.citizensbank.com.top45.hk
14963 phish_is_down     userconfirmationform-id1517876.ebay.com.opisnik.com
14966 60.62.198.173     userconfirmationform-id2383097648.ebay.com.55port.st
14968 60.62.198.173     easyweb.serverid-39426715.tdcanadatrust.com.air99.kz
14970 60.62.198.173     easyweb.serverid-145124980.tdcanadatrust.com.jjeur.hk
14971 60.209.122.34     moneymanagergps.session-566452905.citizensbank.com.jjeur.hk
14972 60.209.122.34     moneymanagergps.session-067261808.citizensbank.com.dkkue.hk
14973 60.209.122.34     moneymanagergps.session-8439460.citizensbank.com.rtte.nu
14974 60.209.122.34     userconfirmationform-id14753.ebay.com.tellid.hk
14975 NXDOMAIN          userconfirmationform-id600281.ebay.com.promn.hk
14976 60.62.198.173     easyweb.serverid-03200855.tdcanadatrust.com.realpoc.hk
14979 60.209.122.34     moneymanagergps.session-7302087.citizensbank.com.lodmode.hk
14980 60.209.122.34     moneymanagergps.session-04777764.citizensbank.com.go2rotte.ws

Domain registration info

   Phish domain         Registrar

55port.st       ST Registry             8/01/2007
air99.kz        KazNIC                  7/26/2007
dkkue.hk        HKDNR                   8/01/2007
go2rotte.ws     WILD WEST DOMAINS       7/31/2007
jjeur.hk        HKDNR                   8/01/2007
lodmode.hk      HKDNR                   8/01/2007
opisnik.com     RED REGISTER            7/31/2007 (suspended?)
pretr.la        LA Names                7/31/2007 (suspended)
promn.hk        HKDNR                   7/31/2007 (suspended)
realpoc.hk      HKDNR                   8/01/2007
rtte.nu         www.nunames.nu          8/01/2007?
tellid.hk       HKDNR                   8/01/2007
top45.hk        HKDNR                   8/01/2007


DNS server domain         Registrar

014.hk          HKDNR                   8/01/2007
273.hk          HKDNR                   7/31/2007 (suspended)
air99.kz        KazNIC                  7/26/2007
bbrtool.hk      HKDNR                   8/01/2007
go2rotte.com    WILD WEST DOMAINS       7/31/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-01 23:57:12 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
1 edit

reply to nwrickert

Rock phish report Aug 02, 2007

GoDaddy is now being targetted (phish #14991 and #14997).

Here is the report for Thursday:
14985 60.209.122.34     moneymanagergps.session-86318803.citizensbank.com.joplog.hk
14991 60.42.120.5       myaccount.session-82544.godaddy.com.closeuser.hk
14995 60.42.120.5       moneymanagergps.session-5985806350.citizensbank.com.judetnd.tv
14997 60.209.122.34     myaccount.session-61083.godaddy.com.adkie.hk

Domain registration info

   Phish domain         Registrar

adkie.hk        HKDNR                   8/03/2007
closeuser.hk    HKDNR                   8/01/2007 (suspended)
joplog.hk       HKDNR                   8/02/2007 (suspended)
judetnd.tv      REGISTER.COM            8/02/2007


DNS server domain         Registrar

bbrtool.hk      HKDNR                   8/01/2007 (suspended)
gotnd.net       REGISTER.COM            8/02/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-02 23:45:38 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 03, 2007

The Friday report:
14998 60.209.122.34     moneymanagergps.session-99557.citizensbank.com.port654.ch
14999 60.209.122.34     moneymanagergps.session-5606634.citizensbank.com.port654.ch
15000 60.209.122.34     moneymanagergps.session-195947265.citizensbank.com.port654.li
15001 NXDOMAIN          moneymanagergps.session-5809862905.citizensbank.com.lfooe4nqonline.cc
15002 60.209.122.34     moneymanagergps.session-10434580.citizensbank.com.port654.ch
15003 60.209.122.34     moneymanagergps.session-883134419.citizensbank.com.port654.li
15004 NXDOMAIN          moneymanagergps.session-45624338.citizensbank.com.log77.hk
15005 NXDOMAIN          moneymanagergps.session-18401.citizensbank.com.tellid.hk
15006 NXDOMAIN          moneymanagergps.session-4866781929.citizensbank.com.tyyr43.tv
15007 60.209.122.34     moneymanagergps.session-372491.citizensbank.com.kontu.hk
15008 NXDOMAIN          easyweb.serverid-2089417.tdcanadatrust.com.lfooe4nqonline.cc
15009 NXDOMAIN          easyweb.serverid-515076.tdcanadatrust.com.tyyr43.tv
15019 60.209.122.34     userconfirmationform-id817227009.ebay.com.kontu.hk
15020 60.209.122.34     easyweb.serverid-5553239270.tdcanadatrust.com.oproof.hk
15021 60.209.122.34     moneymanagergps.session-463500049.citizensbank.com.italier.tk
15022 phish_is_down     moneymanagergps.session-83787.citizensbank.com.fd4ffg.am
15023 60.209.122.34     moneymanagergps.session-7565697.citizensbank.com.conteir.tk
15024 60.209.122.34     moneymanagergps.session-35969959.citizensbank.com.ligmrp1.cc
15025 60.209.122.34     moneymanagergps.session-7554902204.citizensbank.com.port345.hk
15027 60.209.122.34     moneymanagergps.session-138227993.citizensbank.com.ckanr4.hk
15028 60.209.122.34     moneymanagergps.session-3569092.citizensbank.com.port653.hk
15035 60.209.122.34     moneymanagergps.session-7718791070.citizensbank.com.ligmrp1.cc
15036 60.209.122.34     moneymanagergps.session-2687436.citizensbank.com.leamlocal.cc
15037 60.209.122.34     userconfirmationform-id6673605866.ebay.com.gillrt.hk
15039 60.209.122.34     moneymanagergps.session-3086995381.citizensbank.com.bookbuyer4.com
15040 60.209.122.34     easyweb.serverid-5361123123.tdcanadatrust.com.roofr.hk
15044 phish_is_down     moneymanagergps.session-09825752.citizensbank.com.roofr.hk
15045 NXDOMAIN          moneymanagergps.session-3630598822.citizensbank.com.incisive88id.com
15046 200.114.0.185     easyweb.serverid-18469299.tdcanadatrust.com.ggg77.hk
15047 NXDOMAIN          userconfirmationform-id4326788672.ebay.com.adkie.hk
15049 NXDOMAIN          moneymanagergps.session-0942507.citizensbank.com.incisive88id.com
15050 200.114.0.185     moneymanagergps.session-78233071.citizensbank.com.fff77.hk

Domain registration info

   Phish domain         Registrar

adkie.hk        HKDNR                   8/03/2007 (suspended)
bookbuyer4.com  WILD WEST DOMAINS       8/02/2007 (cancelled)
ckanr4.hk       HKDNR                   8/03/2007
conteir.tk      Dot TK Registry         8/02/2007
fd4ffg.am       Dot FM                  8/02/2007 (suspended?)
fff77.hk        HKDNR                   8/04/2007
ggg77.hk        HKDNR                   8/04/2007
gillrt.hk       HKDNR                   8/03/2007 (suspended)
incisive88id.com unknown                8/03/2007? (cancelled?)
italier.tk      Dot TK Registry         8/02/2007
kontu.hk        HKDNR                   8/02/2007
leamlocal.cc    REGISTER.COM            7/07/2007 (suspended)
lfooe4nqonline.cc unknown               8/02/2007? (cancelled)
ligmrp1.cc      REGISTER.COM            8/02/2007 (cancelled)
log77.hk        HKDNR                   8/01/2007 (suspended)
oproof.hk       HKDNR                   8/03/2007
port345.hk      HKDNR                   8/03/2007
port653.hk      HKDNR                   8/03/2007 (suspended)
port654.ch      www.switch.ch           8/01/2007?
port654.li      www.switch.ch           8/01/2007?
roofr.hk        HKDNR                   8/03/2007
tellid.hk       HKDNR                   8/01/2007
tyyr43.tv       unknown                 8/02/2007? (cancelled)


DNS server domain         Registrar

bbrtool.hk      HKDNR                   8/01/2007 (suspended)
conteir.tk      Dot TK Registry         8/02/2007
gotnd.net       REGISTER.COM            8/02/2007
italer.hk       HKDNR                   8/03/2007 (suspended)
leamlocal.cc    REGISTER.COM            7/07/2007 (suspended)
port345.hk      HKDNR                   8/03/2007
port654.ch      www.switch.ch           8/01/2007?
qwert.hk        HKDNR                   8/03/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-03 23:56:15 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
1 edit

Rock phish report Aug 04, 2007

The report for Saturday:
15056 81.215.226.34     moneymanagergps.session-9389481300.citizensbank.com.fff77.hk
15058 81.215.226.34     easyweb.serverid-1380311.tdcanadatrust.com.port654.li
15059 81.215.226.34     moneymanagergps.session-02964703.citizensbank.com.mjdeport.li
15060 dns_temp_fail     moneymanagergps.session-0487344.citizensbank.com.aeevvt.ch
15061 81.215.226.34     moneymanagergps.session-9704004069.citizensbank.com.wer3.cc
15062 81.215.226.34     moneymanagergps.session-610592.citizensbank.com.wqueen3.cc
15063 60.28.39.83       moneymanagergps.session-3886248458.citizensbank.com.dckoee.ch
15064 81.215.226.34     moneymanagergps.session-000680.citizensbank.com.lom77.hk
15066 dns_temp_fail     easyweb.serverid-85832.tdcanadatrust.com.iurvf.hk
15070 219.167.14.198    moneymanagergps.session-1047334.citizensbank.com.ggg77.hk
15071 219.167.14.198    moneymanagergps.session-81771089.citizensbank.com.elllwi.hk
15072 219.167.14.198    myaccount.session-885263.godaddy.com.pomurl.hk
15084 219.167.14.198    moneymanagergps.session-545610643.citizensbank.com.ggg77.hk
15085 219.167.14.198    moneymanagergps.session-217756080.citizensbank.com.port654.li
15086 219.167.14.198    moneymanagergps.session-8965205627.citizensbank.com.rikfrt.hk
15089 219.167.14.198    moneymanagergps.session-60116.citizensbank.com.dckoee.ch
15090 219.167.14.198    moneymanagergps.session-498414.citizensbank.com.neurnf.hk

Domain registration info

   Phish domain         Registrar

aeevvt.ch       www.switch.ch           8/04/2007?
dckoee.ch       www.switch.ch           8/04/2007?
elllwi.hk       HKDNR                   8/04/2007
fff77.hk        HKDNR                   8/04/2007
ggg77.hk        HKDNR                   8/04/2007
iurvf.hk        HKDNR                   8/23/2007
lom77.hk        HKDNR                   8/04/2007
mjdeport.li     www.switch.ch           8/04/2007?
neurnf.hk       HKDNR                   8/03/2007
pomurl.hk       HKDNR                   8/04/2007
port654.li      www.switch.ch           8/01/2007?
rikfrt.hk       HKDNR                   8/03/2007
wer3.cc         REGISTER.COM            8/03/2007
wqueen3.cc      REGISTER.COM            8/03/2007


DNS server domain         Registrar

ecper2.li       www.switch.ch           8/04/2007
lfoer.cc        unknown                 8/??/2007 (cancelled?)
poplov.ch       www.switch.ch           8/04/2007?
port654.ch      www.switch.ch           8/01/2007?
qwert.hk        HKDNR                   8/03/2007
roofr.hk        HKDNR                   8/03/2007
wer3.cc         REGISTER.COM            8/03/2007

(edit to correct a typo)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-04 23:48:12 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 05, 2007

The Sunday report:
15092 dns_temp_fail     moneymanagergps.session-890340.citizensbank.com.boliet.hk
15093 NXDOMAIN          moneymanagergps.session-4325961.citizensbank.com.urukq3.ch
15094 60.28.39.83       moneymanagergps.session-5315049869.citizensbank.com.lom77.hk
15095 NXDOMAIN          userconfirmationform-id050109.ebay.com.iriikfrt.ch
15096 60.28.39.83       moneymanagergps.session-147144682.citizensbank.com.roofr.hk
15224 60.28.39.83       moneymanagergps.session-74971757.citizensbank.com.fff77.hk
15226 60.28.39.83       moneymanagergps.session-28735993.citizensbank.com.bobtv.cc
15227 60.28.39.83       moneymanagergps.session-383151.citizensbank.com.wer3.cc
15228 NXDOMAIN          moneymanagergps.session-14225.citizensbank.com.kker44.ch
15229 60.28.39.83       moneymanagergps.session-2391841839.citizensbank.com.wer3.cc
15230 60.28.39.83       moneymanagergps.session-88554.citizensbank.com.ejfuuf.hk
15239 60.28.39.83       easyweb.serverid-08565071.tdcanadatrust.com.fkiier.hk
15240 219.253.140.168   moneymanagergps.session-9777175.citizensbank.com.loeod.hk
15241 219.253.140.168   moneymanagergps.session-803460.citizensbank.com.loeod.hk
15242 dns_temp_fail     moneymanagergps.session-6573429577.citizensbank.com.nodtv.tv
15243 219.253.140.168   moneymanagergps.session-973299.citizensbank.com.loeod.hk
15244 219.253.140.168   userconfirmationform-id3835396.ebay.com.loeod.hk

Domain registration info

   Phish domain         Registrar

bobtv.cc        REGISTER.COM            8/04/2007
boliet.hk       HKDNR                   8/03/2007
ejfuuf.hk       HKDNR                   8/03/2007
fff77.hk        HKDNR                   8/04/2007
fkiier.hk       HKDNR                   8/03/2007
iriikfrt.ch     www.switch.ch           8/04/2007? (suspended)
kker44.ch       www.switch.ch           8/04/2007? (suspended)
loeod.hk        HKDNR                   8/04/2007
lom77.hk        HKDNR                   8/04/2007
nodtv.tv        REGISTER.COM            8/04/2007
roofr.hk        HKDNR                   8/03/2007
urukq3.ch       www.switch.ch           8/04/2007? (suspended)
wer3.cc         REGISTER.COM            8/03/2007


DNS server domain         Registrar

bobtv.cc        REGISTER.COM            8/04/2007
gtuurt.hk       HKDNR                   8/04/2007
lfoer.cc        unknown                 8/??/2007 (cancelled?)
poplov.ch       www.switch.ch           8/04/2007?
port654.ch      www.switch.ch           8/01/2007? (suspended)
qwert.hk        HKDNR                   8/03/2007
roofr.hk        HKDNR                   8/03/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-06 00:07:43 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 06, 2007

Note that a "?" in the data indicates uncertainty. For example, the whois data for ".ch" does not include the creation date of the domain, so I have to guess based on first sighting.

Here is the Monday report:
15247 NXDOMAIN          moneymanagergps.session-617108910.citizensbank.com.dll77.hk
15261 219.240.198.70    userconfirmationform-id2645668.ebay.com.nodtv.tv
15262 NXDOMAIN          moneymanagergps.session-0869064439.citizensbank.com.fff77.hk
15263 NXDOMAIN          easyweb.serverid-2163174.tdcanadatrust.com.lom77.hk
15264 NXDOMAIN          moneymanagergps.session-063802393.citizensbank.com.loeod.hk
15265 NXDOMAIN          userconfirmationform-id9010942.ebay.com.lom77.hk
15266 NXDOMAIN          moneymanagergps.session-70904961.citizensbank.com.fff77.hk
15267 219.240.198.70    moneymanagergps.session-74007110.citizensbank.com.loer.cc
15269 NXDOMAIN          myaccount.session-257718.godaddy.com.neurnf.hk
15278 219.240.198.70    userconfirmationform-id84950213.ebay.com.mixtupt.hk
15279 219.240.198.70    moneymanagergps.session-0829099174.citizensbank.com.lfoer.cc
15284 219.240.198.70    moneymanagergps.session-1749315665.citizensbank.com.gioortt.ch
15285 219.240.198.70    moneymanagergps.session-9159842.citizensbank.com.lfooef.hk
15286 219.240.198.70    moneymanagergps.session-392022.citizensbank.com.diiirrg.hk
15287 219.240.198.70    myaccount.session-6778019807.godaddy.com.koorlt.ch
15288 219.240.198.70    myaccount.session-64492.godaddy.com.onesite.cc
15292 219.240.198.70    moneymanagergps.session-472861760.citizensbank.com.lfooef.hk
15293 219.240.198.70    easyweb.serverid-67535283.tdcanadatrust.com.lometal.tv
15294 219.240.198.70    moneymanagergps.session-34258157.citizensbank.com.mixbottom2.cc
15295 219.240.198.70    moneymanagergps.session-317653.citizensbank.com.mixpop.hk
15296 219.240.198.70    moneymanagergps.session-4896524185.citizensbank.com.mixtupt.hk
15297 219.240.198.70    moneymanagergps.session-4054310.citizensbank.com.link55.hk

Domain registration info

   Phish domain         Registrar

diiirrg.hk      HKDNR                   8/06/2007
dll77.hk        HKDNR                   8/04/2007 (suspended)
fff77.hk        HKDNR                   8/04/2007 (suspended)
gioortt.ch      www.switch.ch           8/06/2007?
koorlt.ch       www.switch.ch           8/06/2007?
lfoer.cc        unknown                 8/??/2007 (cancelled?)
lfooef.hk       HKDNR                   8/06/2007
link55.hk       HKDNR                   8/06/2007
loeod.hk        HKDNR                   8/04/2007 (suspended)
loer.cc         REGISTER.COM            8/04/2007
lom77.hk        HKDNR                   8/04/2007 (suspended)
lometal.tv      REGISTER.COM            8/06/2007
mixbottom2.cc   REGISTER.COM            8/06/2007
mixpop.hk       HKDNR                   8/06/2007
mixtupt.hk      HKDNR                   8/06/2007
neurnf.hk       HKDNR                   8/03/2007 (suspended)
nodtv.tv        REGISTER.COM            8/04/2007
onesite.cc      WILD WEST               8/06/2007


DNS server domain         Registrar

bobtv.cc        REGISTER.COM            8/04/2007
gtuurt.hk       HKDNR                   8/04/2007
lfoer.cc        unknown                 8/??/2007 (cancelled?)
mixtupt.hk      HKDNR                   8/06/2007
oer5.ch         www.switch.ch           8/06/2007?
onelive.cc      WILD WEST               8/06/2007
poplov.ch       www.switch.ch           8/04/2007?
port654.ch      www.switch.ch           8/01/2007? (suspended)
qwert.hk        HKDNR                   8/03/2007 (suspended)


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-07 00:12:58 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 07, 2007

I'm posting this a little late, due to dslreports downtime.

Here is the report for Tuesday:
15307 NXDOMAIN          easyweb.serverid-131200.tdcanadatrust.com.iieoee.hk
15308 NXDOMAIN          moneymanagergps.session-68794.citizensbank.com.uus12.li
15309 NXDOMAIN          moneymanagergps.session-17363.citizensbank.com.oriijf.hk
15311 NXDOMAIN          moneymanagergps.session-223468.citizensbank.com.uus12.li
15316 219.240.198.70    userconfirmationform-id4260970883.ebay.com.lometal.tv
15322 219.240.198.70    moneymanagergps.session-7167016242.citizensbank.com.hfie22.hk
15323 NXDOMAIN          moneymanagergps.session-8367943854.citizensbank.com.lometal.tv
15324 NXDOMAIN          moneymanagergps.session-077305.citizensbank.com.port112.hk
15325 219.240.198.70    moneymanagergps.session-057224259.citizensbank.com.rolltk.hk
15326 NXDOMAIN          myaccount.session-8320771.godaddy.com.loer.cc
15327 NXDOMAIN          myaccount.session-500506.godaddy.com.iieoee.hk
15331 219.240.198.70    moneymanagergps.session-898977203.citizensbank.com.jopdo.hk

Domain registration info

   Phish domain         Registrar

hfie22.hk       HKDNR                   8/07/2007
iieoee.hk       HKDNR                   8/07/2007 (suspended)
jopdo.hk        HKDNR                   8/07/2007
loer.cc         REGISTER.COM            8/04/2007 (suspended)
lometal.tv      REGISTER.COM            8/06/2007 (suspended)
oriijf.hk       HKDNR                   8/06/2007 (suspended)
port112.hk      HKDNR                   8/06/2007 (suspended)
rolltk.hk       HKDNR                   8/07/2007
uus12.li        www.switch.ch           8/06/2007? (suspended)


DNS server domain         Registrar

cms45.hk        HKDNR                   8/06/2007 (suspended)
gakllr.hk       HKDNR                   8/07/2007 (suspended)
hfie22.hk       HKDNR                   8/07/2007
milopd.hk       HKDNR                   8/07/2007
mixtupt.hk      HKDNR                   8/06/2007 (suspended)


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-08 08:05:28 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 08, 2007

Here is the Wednesday report:
15335 219.240.198.70    userconfirmationform-id842521995.ebay.com.voeler.hk
15336 219.240.198.70    moneymanagergps.session-254265.citizensbank.com.loginpass.hk
15339 219.240.198.70    moneymanagergps.session-955943.citizensbank.com.mf4jej.hk
15340 219.240.198.70    userconfirmationform-id156151156.ebay.com.hdoia.hk
15341 219.240.198.70    moneymanagergps.session-314927.citizensbank.com.jopdo.hk
15342 219.240.198.70    userconfirmationform-id2977344.ebay.com.thike.hk
15343 219.240.198.70    moneymanagergps.session-52052448.citizensbank.com.hdoia.hk
15344 219.240.198.70    moneymanagergps.session-2686746.citizensbank.com.loginpass.hk
15350 219.240.198.70    moneymanagergps.session-7012505.citizensbank.com.hfie22.hk
15352 219.240.198.70    moneymanagergps.session-175253489.citizensbank.com.supportweb1.hk
15353 219.240.198.70    myaccount.session-279650.godaddy.com.jopdo.hk
15354 219.240.198.70    moneymanagergps.session-0955426.citizensbank.com.thike.hk
15355 NXDOMAIN          userconfirmationform-id647965.ebay.com.ggg77.hk
15356 NXDOMAIN          moneymanagergps.session-0017423.citizensbank.com.nodtv.tv
15357 NXDOMAIN          moneymanagergps.session-232754739.citizensbank.com.deepid.hk
15358 NXDOMAIN          moneymanagergps.session-995814.citizensbank.com.fjjiii.hk
15359 NXDOMAIN          moneymanagergps.session-927569.citizensbank.com.line45.hk
15360 NXDOMAIN          userconfirmationform-id0374922.ebay.com.koorlt.ch
15361 NXDOMAIN          moneymanagergps.session-5979600271.citizensbank.com.colpoe.tv
15362 NXDOMAIN          moneymanagergps.session-100053.citizensbank.com.lfoer.cc
15363 NXDOMAIN          moneymanagergps.session-64536.citizensbank.com.booch.hk
15395 NXDOMAIN          userconfirmationform-id004722.ebay.com.k2-por.hk
15458 NXDOMAIN          moneymanagergps.session-6745167.citizensbank.com.supportweb1.hk
15465 NXDOMAIN          moneymanagergps.session-7311371.citizensbank.com.milopd.hk
15466 219.240.198.70    moneymanagergps.session-2914786187.citizensbank.com.goirt.hk
15467 NXDOMAIN          moneymanagergps.session-50239435.citizensbank.com.supportweb1.hk
15468 219.240.198.70    moneymanagergps.session-39419630.citizensbank.com.toppor.hk

Domain registration info

   Phish domain         Registrar

booch.hk        HKDNR                   8/07/2007 (suspended)
colpoe.tv       Verisign?               8/07/2007? (cancelled)
deepid.hk       HKDNR                   8/04/2007 (suspended)
fjjiii.hk       HKDNR                   8/06/2007 (suspended)
ggg77.hk        HKDNR                   8/04/2007 (suspended)
goirt.hk        HKDNR                   8/08/2007
hdoia.hk        HKDNR                   8/07/2007 (suspended)
hfie22.hk       HKDNR                   8/07/2007 (suspended)
jopdo.hk        HKDNR                   8/07/2007 (suspended)
k2-por.hk       HKDNR                   8/07/2007 (suspended)
koorlt.ch       www.switch.ch           8/06/2007? (suspended)
lfoer.cc        unknown                 8/??/2007 (cancelled?)
line45.hk       HKDNR                   8/06/2007 (suspended)
loginpass.hk    HKDNR                   8/08/2007 (suspended)
mf4jej.hk       HKDNR                   8/07/2007 (suspended)
milopd.hk       HKDNR                   8/07/2007 (suspended)
nodtv.tv        REGISTER.COM            8/04/2007 (cancelled)
supportweb1.hk  HKDNR                   8/08/2007 (suspended)
thike.hk        HKDNR                   8/07/2007 (suspended)
toppor.hk       HKDNR                   8/08/2007
voeler.hk       HKDNR                   8/07/2007 (suspended)


DNS server domain         Registrar

aiiuw.hk        HKDNR                   8/08/2007
hdoia.hk        HKDNR                   8/07/2007 (suspended)
milopd.hk       HKDNR                   8/07/2007 (suspended)
mixtupt.hk      HKDNR                   8/06/2007 (suspended)
port654.ch      www.switch.ch           8/01/2007? (suspended)
qwert.hk        HKDNR                   8/03/2007 (suspended)
supportweb1.hk  HKDNR                   8/08/2007 (suspended)
town312.hk      HKDNR                   8/06/2007 (suspended)


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-08 23:55:54 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 09, 2007

The report for Thursday:
15470 NXDOMAIN          moneymanagergps.session-25820863.citizensbank.com.air99.kz
15473 219.240.198.70    userconfirmationform-id76471012.ebay.com.userport.li
15474 219.240.198.70    moneymanagergps.session-0207512.citizensbank.com.web2tv.tv
15475 219.240.198.70    moneymanagergps.session-592977417.citizensbank.com.moloko.hk
15476 219.240.198.70    moneymanagergps.session-5473428.citizensbank.com.userport.li
15477 NXDOMAIN          userconfirmationform-id10059.ebay.com.booch.hk
15497 221.2.210.149     moneymanagergps.session-321396.citizensbank.com.qsops.tv
15498 221.2.210.149     moneymanagergps.session-32574504.citizensbank.com.dllluna.hk
15499 221.2.210.149     moneymanagergps.session-83447070.citizensbank.com.nextid.li
15500 221.2.210.149     moneymanagergps.session-91503.citizensbank.com.userip.li
15501 221.2.210.149     moneymanagergps.session-95912.citizensbank.com.userip.ch
15502 221.2.210.149     moneymanagergps.session-492060527.citizensbank.com.nextid.li
15503 NXDOMAIN          moneymanagergps.session-6715631.citizensbank.com.goirt.hk

Domain registration info

   Phish domain         Registrar

air99.kz        KazNIC                  7/26/2007 (suspended)
booch.hk        HKDNR                   8/07/2007 (suspended)
dllluna.hk      HKDNR                   8/08/2009
goirt.hk        HKDNR                   8/08/2007 (suspended)
moloko.hk       HKDNR                   8/08/2007 (suspended)
nextid.li       www.switch.ch           8/09/2007?
qsops.tv        WILD WEST DOMAINS       8/07/2007
userip.ch       www.switch.ch           8/09/2007?
userip.li       www.switch.ch           8/09/2007?
userport.li     www.switch.ch           8/08/2007?
web2tv.tv       REGISTER.COM            8/08/2007 (cancelled)


DNS server domain         Registrar

aiiuw.hk        HKDNR                   8/08/2007 (suspended)
fort44id.hk     HKDNR                   8/08/2009
milopd.hk       HKDNR                   8/07/2007 (suspended)
nextid.ch       www.switch.ch           8/09/2007?
pal-nat.net     ESTDOMAINS              8/06/2007
qoakpark.tv     WILD WEST DOMAINS       8/07/2007
userip.ch       www.switch.ch           8/09/2007?
userport.ch     www.switch.ch           8/08/2007?


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-10 00:23:07 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
1 edit

Rock phish report Aug 10, 2007

The Friday report:
15514 NXDOMAIN          moneymanagergps.session-2550950720.citizensbank.com.web2tv.tv
15517 221.2.210.149     moneymanagergps.session-1508551174.citizensbank.com.openport.li
15527 NXDOMAIN          moneymanagergps.session-754494.citizensbank.com.mydino.tv
15529 219.253.140.170   moneymanagergps.session-9975843452.citizensbank.com.openport.li
15530 219.253.140.170   moneymanagergps.session-189714.citizensbank.com.vjuerr.hk
15531 NXDOMAIN          moneymanagergps.session-413902720.citizensbank.com.dllluna.hk

Domain registration info

   Phish domain         Registrar

dllluna.hk      HKDNR                   8/08/2009
mydino.tv       unknown                 9.09/2007? (cancelled)
openport.li     www.switch.ch           8/09/2007?
vjuerr.hk       HKDNR                   8/10/2007
web2tv.tv       REGISTER.COM            8/08/2007 (cancelled)


DNS server domain         Registrar

openport.ch     www.switch.ch           8/09/2007?
pal-nat.net     ESTDOMAINS              8/06/2007

(edit: corrected date in subtitle)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-11 00:01:45 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 11, 2007

The Saturday report:
15543 219.253.140.170   easyweb.serverid-298989.tdcanadatrust.com.fiiif.hk
15544 219.253.140.170   moneymanagergps.session-1589910490.citizensbank.com.proott.hk
15545 219.253.140.170   moneymanagergps.session-15248.citizensbank.com.uty67.tv
15546 219.253.140.170   moneymanagergps.session-007144634.citizensbank.com.yriiowe.hk
15547 219.253.140.170   moneymanagergps.session-584487.citizensbank.com.vjuerr.hk
15548 219.253.140.170   moneymanagergps.session-40542631.citizensbank.com.userlib.ch
15549 219.253.140.170   moneymanagergps.session-4534841849.citizensbank.com.tuioeor.hk
15550 219.253.140.170   moneymanagergps.session-1229949658.citizensbank.com.fjwww.hk
15555 24.67.46.85       sessione-8831344133.rasbank.it.techs.ec
15558 219.253.140.170   moneymanagergps.session-68670.citizensbank.com.jangle3.hk
15559 219.253.140.170   moneymanagergps.session-662782126.citizensbank.com.poeir.hk
15560 219.253.140.170   moneymanagergps.session-8430412.citizensbank.com.farmville.tv

Domain registration info

   Phish domain         Regist
rar

farmville.tv    REGISTER.COM            8/10/2007
fiiif.hk        HKDNR                   8/10/2007
fjwww.hk        HKDNR                   8/10/2007
jangle3.hk      HKDNR                   8/11/2007
poeir.hk        HKDNR                   8/10/2007
proott.hk       HKDNR                   8/10/2007
techs.ec        nic.ec                  ?????????
tuioeor.hk      HKDNR                   8/10/2007
userlib.ch      www.switch.ch           8/10/2007?
uty67.tv        REGISTER.COM            8/10/2007
vjuerr.hk       HKDNR                   8/10/2007
yriiowe.hk      HKDNR                   8/10/2007


DNS server domain         Registrar

jumpmo.com      REGISTER.COM            6/21/2007
pal-nat.net     ESTDOMAINS              8/06/2007
portlab.ch      www.switch.ch           8/10/2007?
vod6-wm.net     vod6-wm.net             8/11/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-12 00:22:56 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 12, 2007

Here is the Sunday report:
15563 219.253.140.170   moneymanagergps.session-093405.citizensbank.com.gorf2e.hk
15566 68.54.24.163      sessione-7484919.rasbank.it.md.kg
15569 219.253.140.170   moneymanagergps.session-987680656.citizensbank.com.takt1.tv
15571 dns_temp_fail     moneymanagergps.session-2787133057.citizensbank.com.openport.li

Domain registration info

   Phish domain         Registrar

gorf2e.hk       HKDNR                   8/11/2007
md.kg           www.domain.kg           7/19/2007
openport.li     www.switch.ch           8/09/2007?
takt1.tv        REGISTER.COM            8/11/2007


DNS server domain         Registrar

jumpmo.com      REGISTER.COM            6/21/2007
openport.ch     www.switch.ch           8/09/2007?
pal-nat.net     ESTDOMAINS              8/06/2007
vod6-wm.net     vod6-wm.net             8/11/2007


--
AT&T dsl; Westell 2200 modem/router; Vista :( ; firefox 2.0.0.6
to forum · permalink · 2007-08-12 23:56:25 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 13, 2007

The report for Monday:
15603 219.253.140.168   moneymanagergps.session-5752307051.citizensbank.com.tuioeor.hk
15606 phish_is_down     moneymanagergps.session-68963595.citizensbank.com.uotgvr.tv
15607 219.253.140.168   moneymanagergps.session-2434456194.citizensbank.com.poloier.hk
15608 219.253.140.168   moneymanagergps.session-7656459.citizensbank.com.neolode.ch
15609 219.253.140.168   moneymanagergps.session-014600127.citizensbank.com.userip.li
15610 219.253.140.168   moneymanagergps.session-4659051200.citizensbank.com.iorit.hk
15611 219.253.140.168   moneymanagergps.session-1172346.citizensbank.com.vkoeir.hk
15612 219.253.140.168   moneymanagergps.session-971399.citizensbank.com.userlib.li
15613 219.253.140.168   moneymanagergps.session-884434166.citizensbank.com.neolode.ch
15614 219.253.140.168   moneymanagergps.session-59751252.citizensbank.com.vjuerr.hk
15615 219.253.140.168   moneymanagergps.session-61362179.citizensbank.com.uty67.tv
15616 219.253.140.168   moneymanagergps.session-94827715.citizensbank.com.vkoeir.hk
15617 dns_temp_fail     easyweb.serverid-17551456.tdcanadatrust.com.portlab.li
15618 phish_is_down     moneymanagergps.session-632908.citizensbank.com.lfoori.hk
15621 219.253.140.168   moneymanagergps.session-04392596.citizensbank.com.kviir.hk
15622 74.13.149.220     sessione-0566352.rasbank.it.techs.ec
15623 74.13.149.220     sessione-0655976143.rasbank.it.md.kg
15624 74.13.149.220     sessione-66610906.rasbank.it.tech.kg
15628 219.253.140.168   moneymanagergps.session-08254.citizensbank.com.juruf.hk
15630 219.253.140.168   moneymanagergps.session-125692400.citizensbank.com.juruf.hk
15634 NXDOMAIN          moneymanagergps.session-81285.citizensbank.com.jlid.hk
15635 NXDOMAIN          moneymanagergps.session-06721.citizensbank.com.fiiif.hk
15636 phish_is_down     moneymanagergps.session-5338954554.citizensbank.com.userport.li
15637 219.253.140.168   moneymanagergps.session-083760.citizensbank.com.modid7.ch
15638 NXDOMAIN          moneymanagergps.session-0877748500.citizensbank.com.jangle3.hk
15639 219.253.140.168   moneymanagergps.session-221215661.citizensbank.com.uyryv.hk
15640 219.253.140.168   moneymanagergps.session-282029218.citizensbank.com.uyryv.hk

Domain registration info

   Phish domain         Registrar

fiiif.hk        HKDNR                   8/10/2007 (suspended)
iorit.hk        HKDNR                   8/10/2007
jangle3.hk      HKDNR                   8/11/2007 (suspended)
jlid.hk         HKDNR                   8/10/2007 (suspended)
juruf.hk        HKDNR                   8/13/2007
kviir.hk        HKDNR                   8/13/2007
lfoori.hk       HKDNR                   8/10/2007
md.kg           www.domain.kg           7/19/2007
modid7.ch       www.switch.ch           8/13/2007?
neolode.ch      www.switch.ch           8/12/2007?
poloier.hk      HKDNR                   8/10/2007
portlab.li      www.switch.ch           8/10/2007?
tech.kg         www.domain.kg           7/19/2007
techs.ec        nic.ec                  ?????????
tuioeor.hk      HKDNR                   8/10/2007
uotgvr.tv       unknown                 8/12/2007? (cancelled?)
userip.li       www.switch.ch           8/09/2007?
userlib.li      www.switch.ch           8/10/2007?
userport.li     www.switch.ch           8/08/2007?
uty67.tv        REGISTER.COM            8/10/2007
uyryv.hk        HKDNR                   8/13/2007
vjuerr.hk       HKDNR                   8/10/2007
vkoeir.hk       HKDNR                   8/11/2007


DNS server domain         Registrar

coloe.tv        REGISTER.COM            8/13/2007
force4.li       www.switch.ch           8/12/2007?
jumpmo.com      REGISTER.COM            6/21/2007
lolim.cn        www.cnnic.net.cn        8/13/2007
oh-pilot.com    ESTDOMAINS              8/13/2007
pal-nat.net     ESTDOMAINS              8/06/2007
portlab.ch      www.switch.ch           8/10/2007?
userip.ch       www.switch.ch           8/09/2007?
userport.ch     www.switch.ch           8/08/2007? (suspended)
virtual-dot.net unknown                 8/10/2007? (cancelled?)


--
AT&T dsl; Westell 2200 modem/router; Vista :( ; firefox 2.0.0.6
to forum · permalink · 2007-08-13 23:59:31 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Aug 14, 2007

The Tuesday report:
15652 219.253.140.168   miwebcombank.session-1996183.mibank.com.co4ucr.cn
15653 NXDOMAIN          miwebcombank.session-953318704.mibank.com.glamur.hk
15654 NXDOMAIN          miwebcombank.session-68778290.mibank.com.glamur.hk
15655 219.253.140.168   miwebcombank.session-1690178233.mibank.com.co4ucr.cn
15656 69.139.157.37     webexpress.session-537603.tdbanknorth.com.tech.kg
15657 69.139.157.37     webexpress.session-0230514553.tdbanknorth.com.md.kg
15658 69.139.157.37     webexpress.session-75971.tdbanknorth.com.tech.kg
15659 NXDOMAIN          miwebcombank.session-48681.mibank.com.force4.li
15661 219.253.140.168   miwebcombank.session-96612880.mibank.com.kiirkf5.cn
15663 NXDOMAIN          moneymanagergps.session-413465.citizensbank.com.neolode.ch
15667 82.79.216.141     webexpress.session-6567072280.tdbanknorth.com.techs.ec
15668 219.253.140.168   moneymanagergps.session-0982696.citizensbank.com.po93r4.cn
15682 75.41.15.168      webexpress.session-423343.tdbanknorth.com.techs.ec
15683 69.208.78.210     webexpress.session-6187306110.tdbanknorth.com.rt.kg
15684 69.208.78.210     webexpress.session-7887028.tdbanknorth.com.rt.kg
15685 219.253.140.168   moneymanagergps.session-198884.citizensbank.com.longid.li
15693 219.253.140.168   miwebcombank.session-683884005.mibank.com.iteir.hk
15694 69.230.181.62     webexpress.session-946298.tdbanknorth.com.tech.kg
15695 219.253.140.168   miwebcombank.session-296284054.mibank.com.vopeor.cn
15697 219.253.140.168   miwebcombank.session-67778.mibank.com.hicxp.ch
15698 69.230.181.62     webexpress.session-84259.tdbanknorth.com.tech.kg
15699 219.253.140.168   session-90502175.bankofthewest.com.hicxp.li
15700 219.253.140.168   miwebcombank.session-3023798.mibank.com.gotouin.ch
15701 219.253.140.168   session-717273412.bankofthewest.com.hsdf.li

Domain registration info

   Phish domain         Registrar

co4ucr.cn       www.cnnic.net.cn        8/13/2007
force4.li       www.switch.ch           8/12/2007?
glamur.hk       HKDNR                   8/13/2007 (suspended)
gotouin.ch      www.switch.ch           8/14/2007?
hicxp.ch        www.switch.ch           8/14/2007?
hicxp.li        www.switch.ch           8/14/2007?
hsdf.li         www.switch.ch           8/14/2007?
iteir.hk        HKDNR                   8/15/2007
kiirkf5.cn      www.cnnic.net.cn        8/13/2007
longid.li       www.switch.ch           8/14/2007?
md.kg           www.domain.kg           7/19/2007
neolode.ch      www.switch.ch           8/12/2007? (suspended)
po93r4.cn       www.cnnic.net.cn        8/14/2007
rt.kg           www.domain.kg           7/19/2007
tech.kg         www.domain.kg           7/19/2007
techs.ec        nic.ec                  ?????????
vopeor.cn       www.cnnic.net.cn        8/15/2007


DNS server domain         Registrar

coloe.tv        REGISTER.COM            8/13/2007
hicxp.li        www.switch.ch           8/14/2007?
jumpmo.com      REGISTER.COM            6/21/2007
lolim.cn        www.cnnic.net.cn        8/13/2007
longid.ch       www.switch.ch           8/14/2007?


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-08-14 23:52:52 ·
Forums > Broadband Tech > Security > Scam and Phishbusters
page: 1 · 2 · 3 · 4 ... 21 · 22 · 23

Tuesday, 29-May 07:24:46 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics