nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T Midwest
| Rock phish information - continued
This continues the series of reports that started in »Rock phish information
See that previous thread for general information on what is rock phish.
The main purpose of this thread is to document some of the activities of the rock phishers, particularly their practice of registering new domains for phishing, using those new domains for a few days or weaks then abandoning them (if they are not already suspended due to payment with a stolen credit card).
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Jul 27, 2007
The report for Friday:
Domain registration info
Phish domain Registrar
codelog.hk HKDNR 7/27/2007
lkirewen.hk HKDNR 7/27/2007
mulity.st ST Registry 7/26/2006
zapara.ws Wild West Domains 7/26/2007
DNS server domain Registrar
macart.hk HKDNR 7/24/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| reply to nwrickert
Rock phish report Jul 28, 2007
Here is the Saturday report:
Domain registration info
Phish domain Registrar
codelog.hk HKDNR 7/27/2007
kgs.kg www.domain.kg 7/19/2007
lkirewen.hk HKDNR 7/27/2007
lognote.hk HKDNR 7/27/2007
lopert.hk HKDNR 7/27/2007 (suspended)
stack.kg www.domain.kg 7/16/2006
DNS server domain Registrar
jumpmo.com REGISTER.COM 6/21/2007
macart.hk HKDNR 7/24/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| reply to nwrickert
Rock phish report Jul 29, 2007
The report for Sunday:
Domain registration info
Phish domain Registrar
air99.kz KazNIC 7/26/2007
lognote.hk HKDNR 7/27/2007
lomdos.hk HKDNR 7/27/2007
uyuser.hk HKDNR 7/27/2007
DNS server domain Registrar
macart.hk HKDNR 7/24/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| reply to nwrickert
Rock phish report Jul 30, 2007
Here is the report for Monday:
Domain registration info
Phish domain Registrar
codelog.hk HKDNR 7/27/2007 (suspended)
veranad.hk HKDNR 7/27/2007 (suspended)
DNS server domain Registrar
macart.hk HKDNR 7/24/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| reply to nwrickert
Rock phish report Jul 31, 2007
The Tuesday report:
Domain registration info
Phish domain Registrar
proi.tk Dot TK registry 7/??/2007 (suspended)
rockey.biz WILD WEST DOMAINS 7/30/2007 (cancelled)
stack.kg www.domain.kg 7/16/2006 (suspended)
DNS server domain Registrar
fusipo.com WILD WEST DOMAINS 7/30/2007 (cancelled)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| reply to nwrickert
Rock phish report Aug 01, 2007
The Wednesday report:
Domain registration info
Phish domain Registrar
55port.st ST Registry 8/01/2007
air99.kz KazNIC 7/26/2007
dkkue.hk HKDNR 8/01/2007
go2rotte.ws WILD WEST DOMAINS 7/31/2007
jjeur.hk HKDNR 8/01/2007
lodmode.hk HKDNR 8/01/2007
opisnik.com RED REGISTER 7/31/2007 (suspended?)
pretr.la LA Names 7/31/2007 (suspended)
promn.hk HKDNR 7/31/2007 (suspended)
realpoc.hk HKDNR 8/01/2007
rtte.nu www.nunames.nu 8/01/2007?
tellid.hk HKDNR 8/01/2007
top45.hk HKDNR 8/01/2007
DNS server domain Registrar
014.hk HKDNR 8/01/2007
273.hk HKDNR 7/31/2007 (suspended)
air99.kz KazNIC 7/26/2007
bbrtool.hk HKDNR 8/01/2007
go2rotte.com WILD WEST DOMAINS 7/31/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
edit:
August 3rd, @12:09AM
| reply to nwrickert
Rock phish report Aug 02, 2007
GoDaddy is now being targetted (phish #14991 and #14997).
Here is the report for Thursday:
Domain registration info
Phish domain Registrar
adkie.hk HKDNR 8/03/2007
closeuser.hk HKDNR 8/01/2007 (suspended)
joplog.hk HKDNR 8/02/2007 (suspended)
judetnd.tv REGISTER.COM 8/02/2007
DNS server domain Registrar
bbrtool.hk HKDNR 8/01/2007 (suspended)
gotnd.net REGISTER.COM 8/02/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 03, 2007
The Friday report:
Domain registration info
Phish domain Registrar
adkie.hk HKDNR 8/03/2007 (suspended)
bookbuyer4.com WILD WEST DOMAINS 8/02/2007 (cancelled)
ckanr4.hk HKDNR 8/03/2007
conteir.tk Dot TK Registry 8/02/2007
fd4ffg.am Dot FM 8/02/2007 (suspended?)
fff77.hk HKDNR 8/04/2007
ggg77.hk HKDNR 8/04/2007
gillrt.hk HKDNR 8/03/2007 (suspended)
incisive88id.com unknown 8/03/2007? (cancelled?)
italier.tk Dot TK Registry 8/02/2007
kontu.hk HKDNR 8/02/2007
leamlocal.cc REGISTER.COM 7/07/2007 (suspended)
lfooe4nqonline.cc unknown 8/02/2007? (cancelled)
ligmrp1.cc REGISTER.COM 8/02/2007 (cancelled)
log77.hk HKDNR 8/01/2007 (suspended)
oproof.hk HKDNR 8/03/2007
port345.hk HKDNR 8/03/2007
port653.hk HKDNR 8/03/2007 (suspended)
port654.ch www.switch.ch 8/01/2007?
port654.li www.switch.ch 8/01/2007?
roofr.hk HKDNR 8/03/2007
tellid.hk HKDNR 8/01/2007
tyyr43.tv unknown 8/02/2007? (cancelled)
DNS server domain Registrar
bbrtool.hk HKDNR 8/01/2007 (suspended)
conteir.tk Dot TK Registry 8/02/2007
gotnd.net REGISTER.COM 8/02/2007
italer.hk HKDNR 8/03/2007 (suspended)
leamlocal.cc REGISTER.COM 7/07/2007 (suspended)
port345.hk HKDNR 8/03/2007
port654.ch www.switch.ch 8/01/2007?
qwert.hk HKDNR 8/03/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
edit:
August 7th, @12:14AM
| Rock phish report Aug 04, 2007
The report for Saturday:
Domain registration info
Phish domain Registrar
aeevvt.ch www.switch.ch 8/04/2007?
dckoee.ch www.switch.ch 8/04/2007?
elllwi.hk HKDNR 8/04/2007
fff77.hk HKDNR 8/04/2007
ggg77.hk HKDNR 8/04/2007
iurvf.hk HKDNR 8/23/2007
lom77.hk HKDNR 8/04/2007
mjdeport.li www.switch.ch 8/04/2007?
neurnf.hk HKDNR 8/03/2007
pomurl.hk HKDNR 8/04/2007
port654.li www.switch.ch 8/01/2007?
rikfrt.hk HKDNR 8/03/2007
wer3.cc REGISTER.COM 8/03/2007
wqueen3.cc REGISTER.COM 8/03/2007
DNS server domain Registrar
ecper2.li www.switch.ch 8/04/2007
lfoer.cc unknown 8/??/2007 (cancelled?)
poplov.ch www.switch.ch 8/04/2007?
port654.ch www.switch.ch 8/01/2007?
qwert.hk HKDNR 8/03/2007
roofr.hk HKDNR 8/03/2007
wer3.cc REGISTER.COM 8/03/2007
(edit to correct a typo)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 05, 2007
The Sunday report:
Domain registration info
Phish domain Registrar
bobtv.cc REGISTER.COM 8/04/2007
boliet.hk HKDNR 8/03/2007
ejfuuf.hk HKDNR 8/03/2007
fff77.hk HKDNR 8/04/2007
fkiier.hk HKDNR 8/03/2007
iriikfrt.ch www.switch.ch 8/04/2007? (suspended)
kker44.ch www.switch.ch 8/04/2007? (suspended)
loeod.hk HKDNR 8/04/2007
lom77.hk HKDNR 8/04/2007
nodtv.tv REGISTER.COM 8/04/2007
roofr.hk HKDNR 8/03/2007
urukq3.ch www.switch.ch 8/04/2007? (suspended)
wer3.cc REGISTER.COM 8/03/2007
DNS server domain Registrar
bobtv.cc REGISTER.COM 8/04/2007
gtuurt.hk HKDNR 8/04/2007
lfoer.cc unknown 8/??/2007 (cancelled?)
poplov.ch www.switch.ch 8/04/2007?
port654.ch www.switch.ch 8/01/2007? (suspended)
qwert.hk HKDNR 8/03/2007
roofr.hk HKDNR 8/03/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 06, 2007
Note that a "?" in the data indicates uncertainty. For example, the whois data for ".ch" does not include the creation date of the domain, so I have to guess based on first sighting.
Here is the Monday report:
Domain registration info
Phish domain Registrar
diiirrg.hk HKDNR 8/06/2007
dll77.hk HKDNR 8/04/2007 (suspended)
fff77.hk HKDNR 8/04/2007 (suspended)
gioortt.ch www.switch.ch 8/06/2007?
koorlt.ch www.switch.ch 8/06/2007?
lfoer.cc unknown 8/??/2007 (cancelled?)
lfooef.hk HKDNR 8/06/2007
link55.hk HKDNR 8/06/2007
loeod.hk HKDNR 8/04/2007 (suspended)
loer.cc REGISTER.COM 8/04/2007
lom77.hk HKDNR 8/04/2007 (suspended)
lometal.tv REGISTER.COM 8/06/2007
mixbottom2.cc REGISTER.COM 8/06/2007
mixpop.hk HKDNR 8/06/2007
mixtupt.hk HKDNR 8/06/2007
neurnf.hk HKDNR 8/03/2007 (suspended)
nodtv.tv REGISTER.COM 8/04/2007
onesite.cc WILD WEST 8/06/2007
DNS server domain Registrar
bobtv.cc REGISTER.COM 8/04/2007
gtuurt.hk HKDNR 8/04/2007
lfoer.cc unknown 8/??/2007 (cancelled?)
mixtupt.hk HKDNR 8/06/2007
oer5.ch www.switch.ch 8/06/2007?
onelive.cc WILD WEST 8/06/2007
poplov.ch www.switch.ch 8/04/2007?
port654.ch www.switch.ch 8/01/2007? (suspended)
qwert.hk HKDNR 8/03/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 07, 2007
I'm posting this a little late, due to dslreports downtime.
Here is the report for Tuesday:
Domain registration info
Phish domain Registrar
hfie22.hk HKDNR 8/07/2007
iieoee.hk HKDNR 8/07/2007 (suspended)
jopdo.hk HKDNR 8/07/2007
loer.cc REGISTER.COM 8/04/2007 (suspended)
lometal.tv REGISTER.COM 8/06/2007 (suspended)
oriijf.hk HKDNR 8/06/2007 (suspended)
port112.hk HKDNR 8/06/2007 (suspended)
rolltk.hk HKDNR 8/07/2007
uus12.li www.switch.ch 8/06/2007? (suspended)
DNS server domain Registrar
cms45.hk HKDNR 8/06/2007 (suspended)
gakllr.hk HKDNR 8/07/2007 (suspended)
hfie22.hk HKDNR 8/07/2007
milopd.hk HKDNR 8/07/2007
mixtupt.hk HKDNR 8/06/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 08, 2007
Here is the Wednesday report:
Domain registration info
Phish domain Registrar
booch.hk HKDNR 8/07/2007 (suspended)
colpoe.tv Verisign? 8/07/2007? (cancelled)
deepid.hk HKDNR 8/04/2007 (suspended)
fjjiii.hk HKDNR 8/06/2007 (suspended)
ggg77.hk HKDNR 8/04/2007 (suspended)
goirt.hk HKDNR 8/08/2007
hdoia.hk HKDNR 8/07/2007 (suspended)
hfie22.hk HKDNR 8/07/2007 (suspended)
jopdo.hk HKDNR 8/07/2007 (suspended)
k2-por.hk HKDNR 8/07/2007 (suspended)
koorlt.ch www.switch.ch 8/06/2007? (suspended)
lfoer.cc unknown 8/??/2007 (cancelled?)
line45.hk HKDNR 8/06/2007 (suspended)
loginpass.hk HKDNR 8/08/2007 (suspended)
mf4jej.hk HKDNR 8/07/2007 (suspended)
milopd.hk HKDNR 8/07/2007 (suspended)
nodtv.tv REGISTER.COM 8/04/2007 (cancelled)
supportweb1.hk HKDNR 8/08/2007 (suspended)
thike.hk HKDNR 8/07/2007 (suspended)
toppor.hk HKDNR 8/08/2007
voeler.hk HKDNR 8/07/2007 (suspended)
DNS server domain Registrar
aiiuw.hk HKDNR 8/08/2007
hdoia.hk HKDNR 8/07/2007 (suspended)
milopd.hk HKDNR 8/07/2007 (suspended)
mixtupt.hk HKDNR 8/06/2007 (suspended)
port654.ch www.switch.ch 8/01/2007? (suspended)
qwert.hk HKDNR 8/03/2007 (suspended)
supportweb1.hk HKDNR 8/08/2007 (suspended)
town312.hk HKDNR 8/06/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 09, 2007
The report for Thursday:
Domain registration info
Phish domain Registrar
air99.kz KazNIC 7/26/2007 (suspended)
booch.hk HKDNR 8/07/2007 (suspended)
dllluna.hk HKDNR 8/08/2009
goirt.hk HKDNR 8/08/2007 (suspended)
moloko.hk HKDNR 8/08/2007 (suspended)
nextid.li www.switch.ch 8/09/2007?
qsops.tv WILD WEST DOMAINS 8/07/2007
userip.ch www.switch.ch 8/09/2007?
userip.li www.switch.ch 8/09/2007?
userport.li www.switch.ch 8/08/2007?
web2tv.tv REGISTER.COM 8/08/2007 (cancelled)
DNS server domain Registrar
aiiuw.hk HKDNR 8/08/2007 (suspended)
fort44id.hk HKDNR 8/08/2009
milopd.hk HKDNR 8/07/2007 (suspended)
nextid.ch www.switch.ch 8/09/2007?
pal-nat.net ESTDOMAINS 8/06/2007
qoakpark.tv WILD WEST DOMAINS 8/07/2007
userip.ch www.switch.ch 8/09/2007?
userport.ch www.switch.ch 8/08/2007?
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
edit:
August 12th, @12:23AM
| Rock phish report Aug 10, 2007
The Friday report:
Domain registration info
Phish domain Registrar
dllluna.hk HKDNR 8/08/2009
mydino.tv unknown 9.09/2007? (cancelled)
openport.li www.switch.ch 8/09/2007?
vjuerr.hk HKDNR 8/10/2007
web2tv.tv REGISTER.COM 8/08/2007 (cancelled)
DNS server domain Registrar
openport.ch www.switch.ch 8/09/2007?
pal-nat.net ESTDOMAINS 8/06/2007
(edit: corrected date in subtitle)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 11, 2007
The Saturday report:
Domain registration info
Phish domain Regist
rar
farmville.tv REGISTER.COM 8/10/2007
fiiif.hk HKDNR 8/10/2007
fjwww.hk HKDNR 8/10/2007
jangle3.hk HKDNR 8/11/2007
poeir.hk HKDNR 8/10/2007
proott.hk HKDNR 8/10/2007
techs.ec nic.ec ?????????
tuioeor.hk HKDNR 8/10/2007
userlib.ch www.switch.ch 8/10/2007?
uty67.tv REGISTER.COM 8/10/2007
vjuerr.hk HKDNR 8/10/2007
yriiowe.hk HKDNR 8/10/2007
DNS server domain Registrar
jumpmo.com REGISTER.COM 6/21/2007
pal-nat.net ESTDOMAINS 8/06/2007
portlab.ch www.switch.ch 8/10/2007?
vod6-wm.net vod6-wm.net 8/11/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 12, 2007
Here is the Sunday report:
Domain registration info
Phish domain Registrar
gorf2e.hk HKDNR 8/11/2007
md.kg www.domain.kg 7/19/2007
openport.li www.switch.ch 8/09/2007?
takt1.tv REGISTER.COM 8/11/2007
DNS server domain Registrar
jumpmo.com REGISTER.COM 6/21/2007
openport.ch www.switch.ch 8/09/2007?
pal-nat.net ESTDOMAINS 8/06/2007
vod6-wm.net vod6-wm.net 8/11/2007
--
AT&T dsl; Westell 2200 modem/router; Vista :( ; firefox 2.0.0.6 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 13, 2007
The report for Monday:
Domain registration info
Phish domain Registrar
fiiif.hk HKDNR 8/10/2007 (suspended)
iorit.hk HKDNR 8/10/2007
jangle3.hk HKDNR 8/11/2007 (suspended)
jlid.hk HKDNR 8/10/2007 (suspended)
juruf.hk HKDNR 8/13/2007
kviir.hk HKDNR 8/13/2007
lfoori.hk HKDNR 8/10/2007
md.kg www.domain.kg 7/19/2007
modid7.ch www.switch.ch 8/13/2007?
neolode.ch www.switch.ch 8/12/2007?
poloier.hk HKDNR 8/10/2007
portlab.li www.switch.ch 8/10/2007?
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec ?????????
tuioeor.hk HKDNR 8/10/2007
uotgvr.tv unknown 8/12/2007? (cancelled?)
userip.li www.switch.ch 8/09/2007?
userlib.li www.switch.ch 8/10/2007?
userport.li www.switch.ch 8/08/2007?
uty67.tv REGISTER.COM 8/10/2007
uyryv.hk HKDNR 8/13/2007
vjuerr.hk HKDNR 8/10/2007
vkoeir.hk HKDNR 8/11/2007
DNS server domain Registrar
coloe.tv REGISTER.COM 8/13/2007
force4.li www.switch.ch 8/12/2007?
jumpmo.com REGISTER.COM 6/21/2007
lolim.cn www.cnnic.net.cn 8/13/2007
oh-pilot.com ESTDOMAINS 8/13/2007
pal-nat.net ESTDOMAINS 8/06/2007
portlab.ch www.switch.ch 8/10/2007?
userip.ch www.switch.ch 8/09/2007?
userport.ch www.switch.ch 8/08/2007? (suspended)
virtual-dot.net unknown 8/10/2007? (cancelled?)
--
AT&T dsl; Westell 2200 modem/router; Vista :( ; firefox 2.0.0.6 |
|
nwrickert
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T Midwest
| Rock phish report Aug 14, 2007
The Tuesday report:
Domain registration info
Phish domain Registrar
co4ucr.cn www.cnnic.net.cn 8/13/2007
force4.li www.switch.ch 8/12/2007?
glamur.hk HKDNR 8/13/2007 (suspended)
gotouin.ch www.switch.ch 8/14/2007?
hicxp.ch www.switch.ch 8/14/2007?
hicxp.li www.switch.ch 8/14/2007?
hsdf.li www.switch.ch 8/14/2007?
iteir.hk HKDNR 8/15/2007
kiirkf5.cn www.cnnic.net.cn 8/13/2007
longid.li www.switch.ch 8/14/2007?
md.kg www.domain.kg 7/19/2007
neolode.ch www.switch.ch 8/12/2007? (suspended)
po93r4.cn www.cnnic.net.cn 8/14/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec ?????????
vopeor.cn www.cnnic.net.cn 8/15/2007
DNS server domain Registrar
coloe.tv REGISTER.COM 8/13/2007
hicxp.li www.switch.ch 8/14/2007?
jumpmo.com REGISTER.COM 6/21/2007
lolim.cn www.cnnic.net.cn 8/13/2007
longid.ch www.switch.ch 8/14/2007?
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
