 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to nwrickert
Rock phish report Nov 18, 2007There were no rock phish submitted yesterday.
Here is the Sunday report:
20275 60.209.122.34 ww1.citizensbankmoneymanagergps.com.poolid94583925.caafreeeman.com
20279 60.209.122.34 myonlineaccounts5.abbey.co.uk.refid83617.njexnz3.xz.cn
Domain registration info
Phish domain Registrar
caafreeeman.com DSTR ACQUISITION VII 11/13/2007
njexnz3.xz.cn www.cnnic.net.cn 11/15/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (cancelled)
dlo-old.com TODAYNIC.COM 11/14/2007
nsters.com TODAYNIC.COM 9/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
|
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 19, 2007The Monday report:
20308 74.13.153.198(10) alltimetreasury.pacificcapitalbank.tekportfolio.servlet.tbuicontroller.tpuiaction.logon83400968.vsrcf.com
Domain registration info
Phish domain Registrar
vsrcf.com REGISTER.COM 11/19/2007
DNS server domain Registrar
bulletproart.com INFO AVENUE 10/02/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
 pleekmoTriptoe Through The TulipsPremium
join:2001-09-14
Manchester, CT
 ·AT&T DSL Service
| reply to nwrickert
Re: Rock phish information - continued I notice a precipitous drop in Rock phishing after November 1st. I wonder if they're up to something or if something has happened recently to hurt their operation or if they're just being low-lain creatures for a while to reduce their radar signature.
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front. |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Certainly noticed here. But it's not just the rock phishing. All phishing seems to be down.
My best guess is that banks have changed procedures to make phishing more difficult. The use of phishing filters in bother IE7 and firefox possibly also are having effects.
Last week, I did notice a huge increase in phishing email attempts on my mail servers. For several days, around 10% of SMTP connections were for citizensbank or youtube sender addresses, so likely from the rock group. However, the rock phish I received was down, and most of those smtp connections were to bogus recipient addresses. I'm guessing that they were trying different mailing lists from those they usually use, and that's perhaps a hint that their regular mailing lists are not bringing in as many hits as they used to get.
If phishing gets harder, I expect these cybercriminals will find other kinds of internet fraud to pursue.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
 KalfordSeems To Be An Rtfm Problem.Premium,MVM
join:2001-03-20
Ontario
kudos:1 | . . . or perhaps they were just on holidays 
mine just jumped back up a bit today.
Note: I still haven't come across any of the youtube phishes. must be on a different mailing list.
--
Through My Eyes |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| They did a long run of BB&T phishes some time earlier. Earlier still, they did a long run of volksbank phishes. Apparently they did a few volksbank phishes over the weekend (listed at phishtank). I'm guessing that they won't keep up this BB&T run for long.
The recent pattern seems to be of trying some phish targets that they had attacked before, but no more sustained runs. I could be mistaken, but I am taking this as at least hinting that their methods aren't as effective as they once were.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| reply to nwrickert
Rock phish report Nov 20, 2007I have changed the note on domain "bar-bar-com.com" (in the DNS server domain section) from "cancelled" to "glued", to indicate that although the domain is cancelled, it is still usable for DNS servers because the glue records were never removed from the top level domain servers.
Here is the Tuesday report.
20327 60.209.122.34 myonlineaccounts7.abbey.co.uk.referrer4269.njexnz2.xz.cn
20355 212.199.95.108 business-eb.bbt.com.nx5oe.es
20356 NXDOMAIN business-eb.bbt.com.fjj453.xz.cn
20357 NXDOMAIN business-eb.bbt.com.reon3.xz.cn
20358 212.199.95.108 business-eb.bbt.com.dicint2.com.es
20359 212.199.95.108 business-eb.bbt.com.dicint7.com.es
20360 212.199.95.108 business-eb.bbt.com.mio23.mobi
20361 212.199.95.108 business-eb.bbt.com.nx5oe.es
20362 212.199.95.108 business-eb.bbt.com.ldowwe.com.es
20370 212.199.95.108 business-eb.bbt.com.mio26.mobi
Domain registration info
Phish domain Registrar
dicint2.com.es www.nic.es 11/17/2007
dicint7.com.es www.nic.es 11/17/2007
fjj453.xz.cn unknown 11/19/2007? (cancelled?)
ldowwe.com.es www.nic.es 11/15/2007
mio23.mobi TODAYNIC.COM 11/20/2007
mio26.mobi TODAYNIC.COM 11/20/2007
njexnz2.xz.cn www.cnnic.net.cn 11/15/2007
nx5oe.es www.nic.es 11/13/2007
reon3.xz.cn unknown 11/19/2007? (cancelled?)
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
dlo-old.com TODAYNIC.COM 11/14/2007
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007
nsters.com TODAYNIC.COM 9/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 21, 2007The Wednesday report:
20375 212.199.95.108 business-eb.bbt.com.mio26.xz.cn
20376 phish_is_down business-eb.bbt.com.m3ruwt.es
20377 212.199.95.108 business-eb.bbt.com.mio25.mobi
20378 212.199.95.108 business-eb.bbt.com.nikogonet.ah.cn
20389 212.199.95.108 business-eb.bbt.com.solod3.mobi
Domain registration info
Phish domain Registrar
m3ruwt.es www.nic.es 11/17/2007 (suspended)
mio25.mobi TODAYNIC.COM 11/20/2007
mio26.xz.cn www.cnnic.net.cn 11/20/2007
nikogonet.ah.cn www.cnnic.net.cn 11/20/2007
solod3.mobi TODAYNIC.COM 11/21/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007
nsters.com TODAYNIC.COM 9/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 22, 2007The Thursday report:
20419 citizensbankmoneymanagergps.com.rkfdf5.hk
Domain registration info
Phish domain Registrar
rkfdf5.hk HKDNR 11/22/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 24, 2007There were no rock phish submissions on Friday.
Here is the Saturday report:
20456 212.199.95.108 citizensbankmoneymanagergps.com.serveruu.hk
20458 212.199.95.108 citizensbankmoneymanagergps.com.ntu3ot2.xz.cn
20459 212.199.95.108 citizensbankmoneymanagergps.com.yrmat1.xz.cn
20460 212.199.95.108 citizensbankmoneymanagergps.com.mta0o5.xz.cn
20461 212.199.95.108 citizensbankmoneymanagergps.com.odq1ot.xz.cn
20462 212.199.95.108 citizensbankmoneymanagergps.com.odq2ot.xz.cn
20464 212.199.95.108 citizensbankmoneymanagergps.com.ntu3ot5.xz.cn
20465 212.199.95.108 citizensbankmoneymanagergps.com.yrmat3.xz.cn
20467 NXDOMAIN citizensbankmoneymanagergps.com.rkfdf2.hk
20468 NXDOMAIN citizensbankmoneymanagergps.com.topsecure4.hk
20469 NXDOMAIN citizensbankmoneymanagergps.com.rkfdf4.hk
20470 212.199.95.108 citizensbankmoneymanagergps.com.ntu3ot3.xz.cn
20471 NXDOMAIN citizensbankmoneymanagergps.com.rkfdf1.hk
20472 NXDOMAIN citizensbankmoneymanagergps.com.tresecure.hk
20473 212.199.95.108 citizensbankmoneymanagergps.com.eserver656.ph
20474 NXDOMAIN citizensbankmoneymanagergps.com.nextlist4.name
20475 NXDOMAIN citizensbankmoneymanagergps.com.nikogonet.cn
20476 NXDOMAIN citizensbankmoneymanagergps.com.nikogonet.cn
20477 NXDOMAIN business-eb.bbt.com.solod4.xz.cn
20478 NXDOMAIN business-eb.bbt.com.mio23.xz.cn
20479 NXDOMAIN business-eb.bbt.com.nikogonet.com
20480 NXDOMAIN business-eb.bbt.com.mio23.xz.cn
20481 NXDOMAIN business-eb.bbt.com.mio26.xz.cn
20482 NXDOMAIN business-eb.bbt.com.mio21.mobi
Domain registration info
Phish domain Registrar
eserver656.ph dotPH 11/22/2007?
mio21.mobi unknown 11/20/2007? (cancelled?)
mio23.xz.cn unknown 11/20/2007? (cancelled?)
mio26.xz.cn www.cnnic.net.cn 11/20/2007 (cancelled)
mta0o5.xz.cn www.cnnic.net.cn 11/23/2007
nextlist4.name unknown 11/20/2007? (cancelled?)
nikogonet.cn unknown 11/20/2007? (cancelled)
nikogonet.com unknown 11/20/2007? (cancelled)
ntu3ot2.xz.cn www.cnnic.net.cn 11/22/2007
ntu3ot3.xz.cn www.cnnic.net.cn 11/22/2007
ntu3ot5.xz.cn www.cnnic.net.cn 11/22/2007
odq1ot.xz.cn www.cnnic.net.cn 11/23/2007
odq2ot.xz.cn www.cnnic.net.cn 11/23/2007
rkfdf1.hk HKDNR 11/22/2007 (suspended)
rkfdf2.hk HKDNR 11/22/2007 (suspended)
rkfdf4.hk HKDNR 11/22/2007 (suspended)
serveruu.hk HKDNR 11/24/2007
solod4.xz.cn unknown 11/21/2007? (cancelled?)
topsecure4.hk HKDNR 11/22/2007 (suspended)
tresecure.hk HKDNR 11/22/2007 (suspended)
yrmat1.xz.cn www.cnnic.net.cn 11/22/2007
yrmat3.xz.cn www.cnnic.net.cn 11/22/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007
nsters.com TODAYNIC.COM 9/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 25, 2007The Sunday report:
20519 219.253.140.170 citizensbankmoneymanagergps.com.odq2ot.xz.cn
20520 219.253.140.170 citizensbankmoneymanagergps.com.odq1ot.xz.cn
20521 219.253.140.170 citizensbankmoneymanagergps.com.gserver.sx.cn
20522 219.253.140.170 citizensbankmoneymanagergps.com.dll44.ph
20523 219.253.140.170 citizensbankmoneymanagergps.com.mta0o1.xz.cn
20524 219.253.140.170 citizensbankmoneymanagergps.com.gserver.bj.cn
20525 219.253.140.170 citizensbankmoneymanagergps.com.pole45.hk
20526 219.253.140.170 citizensbankmoneymanagergps.com.gserver.nm.cn
20527 219.253.140.170 citizensbankmoneymanagergps.com.idll44.ph
20528 219.253.140.170 citizensbankmoneymanagergps.com.odq3ot.xz.cn
Domain registration info
Phish domain Registrar
dll44.ph dotPH 11/24/2007
gserver.bj.cn www.cnnic.net.cn 11/24/2007
gserver.nm.cn www.cnnic.net.cn 11/24/2007
gserver.sx.cn www.cnnic.net.cn 11/24/2007
idll44.ph dotPH 11/24/2007
mta0o1.xz.cn www.cnnic.net.cn 11/23/2007
odq1ot.xz.cn www.cnnic.net.cn 11/23/2007
odq2ot.xz.cn www.cnnic.net.cn 11/23/2007
odq3ot.xz.cn www.cnnic.net.cn 11/23/2007
pole45.hk HKDNR 11/24/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007
nsters.com TODAYNIC.COM 9/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 26, 2007The Monday report:
20549 phish_is_down citizensbankmoneymanagergps.com.server656.ph
20550 219.253.140.170 citizensbankmoneymanagergps.com.odq3ot.xz.cn
20551 219.253.140.170 citizensbankmoneymanagergps.com.odq4ot.xz.cn
20552 219.253.140.170 citizensbankmoneymanagergps.com.odq1ot.xz.cn
20553 219.253.140.170 citizensbankmoneymanagergps.com.mta0o2.xz.cn
20554 219.253.140.170 citizensbankmoneymanagergps.com.mta0o2.xz.cn
20555 219.253.140.170 citizensbankmoneymanagergps.com.mta0o4.xz.cn
20556 phish_is_down citizensbankmoneymanagergps.com.server656.ph
20557 219.253.140.170 citizensbankmoneymanagergps.com.mta0o3.xz.cn
20559 219.253.140.170 citizensbankmoneymanagergps.com.gserver.sh.cn
20577 212.199.95.108 citizensbankmoneymanagergps.com.aeu1op.xj.cn
20578 212.199.95.108 citizensbankmoneymanagergps.com.gserver.sd.cn
20579 212.199.95.108 citizensbankmoneymanagergps.com.mta0o5.xz.cn
Domain registration info
Phish domain Registrar
aeu1op.xj.cn www.cnnic.net.cn 11/26/2007
gserver.sd.cn www.cnnic.net.cn 11/24/2007
gserver.sh.cn www.cnnic.net.cn 11/24/2007
mta0o2.xz.cn www.cnnic.net.cn 11/23/2007
mta0o3.xz.cn www.cnnic.net.cn 11/23/2007
mta0o4.xz.cn www.cnnic.net.cn 11/23/2007
mta0o5.xz.cn www.cnnic.net.cn 11/23/2007
odq1ot.xz.cn www.cnnic.net.cn 11/23/2007
odq3ot.xz.cn www.cnnic.net.cn 11/23/2007
odq4ot.xz.cn www.cnnic.net.cn 11/23/2007
server656.ph unknown 11/24/2007? (cancelled?)
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007
nsters.com TODAYNIC.COM 9/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 27, 2007The Tuesday report:
20593 NXDOMAIN citizensbankmoneymanagergps.com.mta0o1.xz.cn
20595 NXDOMAIN citizensbankmoneymanagergps.com.aeui7p.xj.cn
20596 NXDOMAIN citizensbankmoneymanagergps.com.moee3.mobi
20617 phish_is_down business.banking.allbank.ebank-service.com.com.nubi.signin607591583.aspx.f3ds.com
20619 phish_is_down business.banking.allbank.ebank-service.com.com.nubi.signin444736264.aspx.vex2w.com
20621 phish_is_down business.banking.allbank.ebank-service.com.nubi.signin182660234.aspx.vex2w.com
20625 phish_is_down alltimetreasury.pacificcapitalbank.tekportfolio.servlet.tbuicontroller.tpuiaction.logon35733098.m5gg.com
20627 212.199.95.108 citibusinessonline.da-us.citibank.com.need3.xz.cn
20628 212.199.95.108 citibusinessonline.da-us.citibank.com.tiwnd3.jx.cn
20629 212.199.95.108 citibusinessonline.da-us.citibank.com.tiwnd3.jx.cn
20630 212.199.95.108 itreasury-interact.regions.com.mtq1m3.xz.cn
Domain registration info
Phish domain Registrar
aeui7p.xj.cn unknown 11/26/2007? (cancelled?)
f3ds.com REGISTER.COM 11/06/2007 (parked)
m5gg.com unknown 11/06/2007? (cancelled?)
moee3.mobi unknown 11/24/2007? (cancelled?)
mta0o1.xz.cn www.cnnic.net.cn 11/23/2007 (cancelled)
mtq1m3.xz.cn unknown 11/26/2007?
need3.xz.cn unknown 11/26/2007? (cancelled?)
tiwnd3.jx.cn unknown 11/26/2007?
vex2w.com REGISTER.COM 11/06/2007 (parked)
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 28, 2007The Wednesday report:
20637 212.199.95.108 itreasury-interact.regions.com.fkkiier.mobi
20638 212.199.95.108 itreasury-interact.regions.com.lopoii.mobi
20639 NXDOMAIN itreasury-interact.regions.com.tiwnd2.jx.cn
Domain registration info
Phish domain Registrar
fkkiier.mobi TODAYNIC.COM 11/28/2007
lopoii.mobi TODAYNIC.COM 11/28/2007
tiwnd2.jx.cn unknown 11/26/2007? (cancelled?)
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
nod-for-pc.com TODAYNIC.COM 11/13/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 29, 2007The Thursday report:
20682 81.1.255.134 itreasury-interact.regions.com.glamu44.cn
20684 81.1.255.134 www.workopolis.com.electionid.zj.cn
20685 NXDOMAIN www.workopolis.com.vmmiiie.mobi
20686 NXDOMAIN itreasury-interact.regions.com.closeid.hk
20687 NXDOMAIN itreasury-interact.regions.com.lpekop.xz.cn
20688 NXDOMAIN www.workopolis.com.electionid.fj.cn
20689 NXDOMAIN itreasury-interact.regions.com.gkkke4.xz.cn
20690 NXDOMAIN itreasury-interact.regions.com.electionid.fj.cn
20691 NXDOMAIN itreasury-interact.regions.com.electionid.ah.cn
20692 NXDOMAIN itreasury-interact.regions.com.odc1od.xz.cn
20693 NXDOMAIN itreasury-interact.regions.com.cekure1.mobi
20694 NXDOMAIN itreasury-interact.regions.com.fkkiier.mobi
20695 NXDOMAIN itreasury-interact.regions.com.cekure4.mobi
20696 81.1.255.134 itreasury-interact.regions.com.edll44.ph
Domain registration info
Phish domain Registrar
cekure1.mobi unknown 11/28/2007? (cancelled?)
cekure4.mobi unknown 11/28/2007? (cancelled?)
closeid.hk HKDNR 11/28/2007 (suspended)
edll44.ph dotPH 11/24/2007 (suspended)
electionid.ah.cn unknown 11/28/2007? (cancelled?)
electionid.fj.cn unknown 11/28/2007? (cancelled?)
electionid.zj.cn unknown 11/28/2007? (cancelled?)
fkkiier.mobi TODAYNIC.COM 11/28/2007 (cancelled)
gkkke4.xz.cn unknown 11/28/2007? (cancelled?)
glamu44.cn www.cnnic.net.cn 11/30/2007
lpekop.xz.cn unknown 11/28/2007? (cancelled?)
odc1od.xz.cn unknown 11/28/2007? (cancelled?)
vmmiiie.mobi unknown 11/28/2007? (cancelled?)
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
nod-for-pc.com TODAYNIC.COM 11/13/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Nov 30, 2007The Friday report:
20713 81.10.22.174 itreasury-interact.regions.com.u643.gx.cn
20714 NXDOMAIN itreasury-interact.regions.com.myglamu11.mobi
20715 81.10.22.174 www.natwest.com.full99.org.ph
20716 81.10.22.174 itreasury-interact.regions.com.hgrw9.zj.cn
20717 NXDOMAIN itreasury-interact.regions.com.glamu11.tj.cn
20718 81.10.22.174 itreasury-interact.regions.com.full99.com.ph
20730 81.3.139.250 itreasury-interact.regions.com.dithk3.hk
Domain registration info
Phish domain Registrar
dithk3.hk HKDNR 11/30/2007
full99.com.ph dotPH 11/28/2007
full99.org.ph dotPH 11/28/2007
glamu11.tj.cn unknown 11/30/2007? (cancelled?)
hgrw9.zj.cn www.cnnic.net.cn 11/30/2007
myglamu11.mobi unknown 11/29/2007? (cancelled?)
u643.gx.cn www.cnnic.net.cn 11/30/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
nod-for-pc.com TODAYNIC.COM 11/13/2007 (suspended)
vsetam.com TODAYNIC.COM 11/19/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Dec 01, 2007The Saturday report:
20739 81.3.139.250 www.workopolis.com.hkdin4.hk
20740 NXDOMAIN itreasury-interact.regions.com.hgrw99.zj.cn
20741 NXDOMAIN www.workopolis.com.u643.hb.cn
20742 81.3.139.250 itreasury-interact.regions.com.eyomain.com.ph
20744 NXDOMAIN itreasury-interact.regions.com.hgrw99.sx.cn
20745 NXDOMAIN itreasury-interact.regions.com.u643.sd.cn
20746 NXDOMAIN itreasury-interact.regions.com.hgrw99.nm.cn
20747 NXDOMAIN itreasury-interact.regions.com.hgrw99.ha.cn
20748 81.3.139.250 itreasury-interact.regions.com.hkd1r.hk
20749 NXDOMAIN www.workopolis.com.backwill.sh.cn
20750 81.3.139.250 www.workopolis.com.full99.org.ph
20752 NXDOMAIN www.workopolis.com.iyomain.ph
20753 NXDOMAIN www.workopolis.com.u643.gx.cn
20754 81.3.139.250 www.workopolis.com.hkdin4.hk
20755 NXDOMAIN www.workopolis.com.hgrw99.ln.cn
Domain registration info
Phish domain Registrar
backwill.sh.cn unknown 11/30/2007? (cancelled?)
eyomain.com.ph dotPH 11/30/2007
full99.org.ph dotPH 11/28/2007 (suspended)
hgrw99.ha.cn unknown 11/30/2007? (cancelled?)
hgrw99.ln.cn unknown 11/30/2007? (cancelled?)
hgrw99.nm.cn unknown 11/30/2007? (cancelled?)
hgrw99.sx.cn unknown 11/30/2007? (cancelled?)
hgrw99.zj.cn unknown 11/30/2007? (cancelled?)
hkd1r.hk HKDNR 11/30/2007
hkdin4.hk HKDNR 11/30/2007
iyomain.ph dotPH 11/30/2007 (suspended)
u643.gx.cn www.cnnic.net.cn 11/30/2007 (cancelled)
u643.hb.cn unknown 11/30/2007? (cancelled?)
u643.sd.cn unknown 11/30/2007? (cancelled?)
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
nod-for-pc.com TODAYNIC.COM 11/13/2007 (suspended)
vsetam.com TODAYNIC.COM 11/19/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Dec 04, 2007There were no rock phish submissions on Sunday or Monday.
Here is the Tuesday report:
20835 81.3.139.250 itreasury-interact.regions.com.ivibir2.ph
20836 81.3.139.250 itreasury-interact.regions.com.yart5.ph
20837 81.3.139.250 www.workopolis.com.port65.org.ph
20838 NXDOMAIN itreasury-interact.regions.com.teleport1.sc.cn
20839 81.3.139.250 www.workopolis.com.yart5.ph
20840 81.3.139.250 www.workopolis.com.iyomain.ph
20841 NXDOMAIN itreasury-interact.regions.com.oxnard655.cn
20842 81.3.139.250 citibusinessonline.da-us.citibank.com.port65.com.ph
20843 81.3.139.250 citibusinessonline.da-us.citibank.com.eyomain.com.ph
20844 81.3.139.250 www.workopolis.com.vibir2.com.ph
20845 81.3.139.250 citibusinessonline.da-us.citibank.com.diueo2.xz.cn
20846 81.3.139.250 citibusinessonline.da-us.citibank.com.port65.net.ph
20847 81.3.139.250 citibusinessonline.da-us.citibank.com.lbueo3.xz.cn
20848 81.3.139.250 citibusinessonline.da-us.citibank.com.diueo2.cn
20849 81.3.139.250 citibusinessonline.da-us.citibank.com.kfuue4.xz.cn
20850 NXDOMAIN itreasury-interact.regions.com.omain.hk
20851 phish_is_down itreasury-interact.regions.com.full99.ph
20852 NXDOMAIN www.workopolis.com.hkd4r.hk
20853 NXDOMAIN www.workopolis.com.dithk2.hk
20854 NXDOMAIN itreasury-interact.regions.com.dithky.hk
Domain registration info
Phish domain Registrar
dithk2.hk HKDNR 11/30/2007 (suspended)
dithky.hk HKDNR 11/30/2007 (suspended)
diueo2.cn www.cnnic.net.cn 12/04/2007
diueo2.xz.cn www.cnnic.net.cn 12/04/2007
eyomain.com.ph dotPH 11/30/2007
full99.ph dotPH 11/28/2007 (cancelled)
hkd4r.hk HKDNR 11/30/2007 (suspended)
ivibir2.ph dotPH 12/02/2007
iyomain.ph dotPH 11/30/2007 (suspended)
kfuue4.xz.cn www.cnnic.net.cn 12/04/2007
lbueo3.xz.cn www.cnnic.net.cn 12/04/2007
omain.hk HKDNR 11/30/2007 (suspended)
oxnard655.cn unknown 11/30/2007? (cancelled?)
port65.com.ph dotPH 12/03/2007
port65.net.ph dotPH 12/03/2007
port65.org.ph dotPH 12/03/2007
teleport1.sc.cn unknown 11/30/2007? (cancelled?)
vibir2.com.ph dotPH 12/02/2007
yart5.ph dotPH 11/30/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
nod-for-pc.com TODAYNIC.COM 11/13/2007 (suspended)
vsetam.com TODAYNIC.COM 11/19/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Dec 05, 2007The Wednesday report:
20891 NXDOMAIN citibusinessonline.da-us.citibank.com.kfuue4.xz.cn
20892 NXDOMAIN www.53.com.dithk3.hk
20893 NXDOMAIN citibusinessonline.da-us.citibank.com.fjuu1rf.zj.cn
20894 NXDOMAIN citibusinessonline.da-us.citibank.com.fjuu6rf.mobi
20895 NXDOMAIN www.53.com.hkdin4.hk
20896 NXDOMAIN citibusinessonline.da-us.citibank.com.limnf34.xz.cn
20897 NXDOMAIN citibusinessonline.da-us.citibank.com.fjuu1rf.cn
20898 NXDOMAIN citibusinessonline.da-us.citibank.com.fjuu6rf.cn
20899 phish_is_down citibusinessonline.da-us.citibank.com.yart5.ph
20900 phish_is_down citibusinessonline.da-us.citibank.com.eyomain.com.ph
20901 phish_is_down commercial.53.com.yart5.ph
20902 phish_is_down commercial.53.com.yart5.ph
20904 NXDOMAIN commercial.53.com.wdomaweb.ph
20906 NXDOMAIN citibusinessonline.da-us.citibank.com.wdomaweb.ph
Domain registration info
Phish domain Registrar
dithk3.hk HKDNR 11/30/2007 (suspended)
eyomain.com.ph dotPH 11/30/2007 (suspended)
fjuu1rf.cn unknown 12/03/2007? (cancelled?)
fjuu1rf.zj.cn unknown 12/03/2007? (cancelled?)
fjuu6rf.cn unknown 12/03/2007? (cancelled?)
fjuu6rf.mobi unknown 12/03/2007? (cancelled?)
hkdin4.hk HKDNR 11/30/2007 (suspended)
kfuue4.xz.cn www.cnnic.net.cn 12/04/2007 (cancelled)
limnf34.xz.cn unknown 12/03/2007? (cancelled?)
wdomaweb.ph dotPH 12/05/2007 (suspended)
yart5.ph dotPH 11/30/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Dec 06, 2007The Thursday report:
20923 219.253.140.170 citibusinessonline.da-us.citibank.com.wdo8ma.hk
20925 219.253.140.170 citibusinessonline.da-us.citibank.com.wdoma.hk
20926 219.253.140.170 citibusinessonline.da-us.citibank.com.yart2.hk
20927 219.253.140.170 sparkasse.de.wd1oma.hk
20928 219.253.140.170 citibusinessonline.da-us.citibank.com.iwdoma.com.ph
20929 219.253.140.170 citibusinessonline.da-us.citibank.com.wdoma.hk
20930 219.253.140.170 citibusinessonline.da-us.citibank.com.temp3.com.ph
20931 219.253.140.170 commercial.53.com.yart8.hk
20932 219.253.140.170 citibusinessonline.da-us.citibank.com.wdoma.ph
20933 219.253.140.170 commercial.53.com.wdoma.hk
20934 219.253.140.170 commercial.53.com.wdo8ma.hk
20935 219.253.140.170 citibusinessonline.da-us.citibank.com.temp3.org.ph
20936 219.253.140.170 citibusinessonline.da-us.citibank.com.omaintoweb.ph
20937 NXDOMAIN business-internet-banking.hsbc.com.webjoin12.cn
Domain registration info
Phish domain Registrar
iwdoma.com.ph dotPH 12/05/2007
omaintoweb.ph dotPH 12/05/2007
temp3.com.ph dotPH 12/05/2007
temp3.org.ph dotPH 12/05/2007
wd1oma.hk HKDNR 12/05/2007
wdo8ma.hk HKDNR 12/05/2007
wdoma.hk HKDNR 12/05/2007
wdoma.ph dotPH 12/05/2007
webjoin12.cn unknown 12/03/2007? (cancelled?)
yart2.hk HKDNR 12/05/2007
yart8.hk HKDNR 12/05/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (glued)
njexnz1.com TODAYNIC.COM 11/15/2007
vsetam.com TODAYNIC.COM 11/19/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
