 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to nwrickert
Rock phish report Sep 04, 2007The report for Tuesday:
16634 80.180.25.135(5) miwebcombank.session-56699777.mibank.com.md.kg
16635 80.180.25.135(5) miwebcombank.session-567595991.mibank.com.tech.kg
16636 80.180.25.135(5) miwebcombank.session-4319989371.mibank.com.techs.ec
16637 80.180.25.135(5) miwebcombank.session-809002988.mibank.com.techs.ec
16638 80.180.25.135(5) miwebcombank.session-42913334.mibank.com.rt.kg
16639 80.180.25.135(5) miwebcombank.session-551200884.mibank.com.techs.ec
16724 70.117.8.180(5) moneymanagergps-id55019696.citizensbank.com.rt.kg
16725 70.117.8.180(5) moneymanagergps-id72640.citizensbank.com.md.kg
16727 70.117.8.180(5) moneymanagergps-id870494.citizensbank.com.rt.kg
16728 70.117.8.180(5) moneymanagergps-id3639606.citizensbank.com.md.kg
16729 85.29.132.178 moneymanagergps-id7664717937.citizensbank.com.btd-on3.gx.cn
16730 70.117.8.180(5) moneymanagergps-id1057375464.citizensbank.com.md.kg
16737 68.151.203.42(10) session-76942013.paylinks.cunet.org.apex36.cn
16738 85.105.182.6 moneymanagergps-id9687220.citizensbank.com.rtport.ch
16743 85.105.182.6 moneymanagergps-id3787703.citizensbank.com.heruve33.cn
16748 24.226.198.59(5) moneymanagergps-id2233268592.citizensbank.com.techs.ec
Domain registration info
Phish domain Registrar
apex36.cn www.cnnic.net.cn 9/01/2007
btd-on3.gx.cn www.cnnic.net.cn 8/28/2007
heruve33.cn NAMESCOUT 9/04/2007
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
rtport.ch www.switch.ch 9/04/2007?
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
heruve.com NAMESCOUT 9/04/2007
hjkh.ch www.switch.ch 9/04/2007?
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
tokyosr.com INFO AVENUE 6/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 05, 2007The Wednesday report:
16760 79.13.72.223(10) bancorpsouthonline.inview.40727376-login.corporate.inview42.cn
16763 68.114.62.236(10) bancorpsouthonline.inview.85854941-login.corporate.inview19.cn
16765 64.109.49.244(5) moneymanagergps-id2375317.citizensbank.com.tech.kg
16777 64.109.49.244(5) moneymanagergps-id43038.citizensbank.com.techs.ec
16778 64.109.49.244(5) moneymanagergps-id043526.citizensbank.com.techs.ec
16780 68.114.62.236(10) bancorpsouthonline.inview.60162374-login.corporate.inview42.cn
16781 64.109.49.244(5) moneymanagergps-id7853247172.citizensbank.com.md.kg
16782 64.109.49.244(5) moneymanagergps-id2069810.citizensbank.com.techs.ec
16783 68.114.62.236(10) bancorpsouthonline.inview.58020785-login.corporate.inview42.cn
16785 85.29.132.178 moneymanagergps-id36221.citizensbank.com.letvot5.cn
16786 64.109.49.244(5) moneymanagergps-id32263879.citizensbank.com.md.kg
16787 85.29.132.178 moneymanagergps-id1549685055.citizensbank.com.member45.cn
16793 24.137.71.198(5) moneymanagergps-id362045894.citizensbank.com.tech.kg
16794 24.137.71.198(5) moneymanagergps-id08912171.citizensbank.com.tech.kg
16795 82.208.154.137 moneymanagergps-id558184124.citizensbank.com.4elrob.cn
Domain registration info
Phish domain Registrar
4elrob.cn www.cnnic.net.cn 9/05/2007
inview19.cn www.cnnic.net.cn 9/01/2007
inview42.cn www.cnnic.net.cn 9/01/2007
letvot5.cn www.cnnic.net.cn 9/04/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007
lopata.ch www.switch.ch 9/05/2007?
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nt-wuser.com INFO AVENUE 5/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
|
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 06, 2007Today's submissions show some targeting of APEX ACH (use google to find what that is). I do wonder about the domains they registered - of the form apexnn.org. I had thought that ".org" registrations were restricted to organizations, and I have problems considering a criminal group as a legitimate organization :(
Here is the report for Thursday:
16809 84.3.179.118(5) moneymanagergps-id47567051.citizensbank.com.rt.kg
16810 84.3.179.118(5) moneymanagergps-id61978955.citizensbank.com.md.kg
16811 84.3.179.118(5) moneymanagergps-id454768122.citizensbank.com.tech.kg
16812 85.29.132.178 moneymanagergps-id6765010899.citizensbank.com.letvot5.cn
16817 NXDOMAIN bancorpsouthonline.inview.41891387-login.corporate.inview18.cn
16820 NXDOMAIN bancorpsouthonline.inview.64129756-login.corporate.inview17.cn
16821 84.3.179.118(5) moneymanagergps-id94952.citizensbank.com.md.kg
16822 80.144.247.78(10) session-49762337.paylinks.cunet.org.apex85.org
16826 80.144.247.78(10) session-21037049.paylinks.cunet.org.apex85.org
16828 80.144.247.78(10) session-45874805.paylinks.cunet.org.apex85.org
16829 69.55.251.250(5) moneymanagergps-id6583151.citizensbank.com.techs.ec
16830 85.29.132.178 moneymanagergps-id4660773.citizensbank.com.member45.cn
16831 69.55.251.250(5) moneymanagergps-id02895744.citizensbank.com.rt.kg
16832 69.55.251.250(5) moneymanagergps-id0435724682.citizensbank.com.tech.kg
16833 69.55.251.250(5) moneymanagergps-id12006682.citizensbank.com.techs.ec
16834 85.29.132.178 moneymanagergps-id29719.citizensbank.com.letvot0.cn
16835 82.18.68.47(10) session-64592051.paylinks.cunet.org.apex85.org
16838 80.144.251.243(10) session-95192004.paylinks.cunet.org.apex82.org
16844 62.43.141.71(5) moneymanagergps-id26958184.citizensbank.com.rt.kg
16849 82.208.154.137 moneymanagergps-id43716.citizensbank.com.fiiling4.cn
16872 69.55.251.250(10) session-11172812.paylinks.cunet.org.apex001.org
16876 24.67.46.85(5) moneymanagergps-id6299188592.citizensbank.com.md.kg
16877 82.208.154.137 moneymanagergps-id987524.citizensbank.com.grekkt.cn
16878 82.208.154.137 moneymanagergps-id3280358846.citizensbank.com.member48.cn
Domain registration info
Phish domain Registrar
apex001.org REGISTER.COM 9/06/2007
apex82.org unknown 9/05/2007? (cancelled?)
apex85.org REGISTER.COM 9/05/2007
fiiling4.cn www.cnnic.net.cn 9/04/2007
grekkt.cn www.cnnic.net.cn 9/04/2007
inview17.cn unknown 9/01/2007? (cancelled?)
inview18.cn unknown 9/01/2007? (cancelled?)
letvot0.cn www.cnnic.net.cn 9/04/2007
letvot5.cn www.cnnic.net.cn 9/04/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
member48.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nnborder.com REGISTER.COM 8/24/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 07, 2007The Friday report:
16883 82.200.140.134 moneymanagergps-id4851867.citizensbank.com.relob.cn
16888 69.218.210.116(5) moneymanagergps-id318716088.citizensbank.com.tech.kg
16889 62.101.169.70(10) session-24511232.paylinks.cunet.org.apex911.org
16891 82.200.140.134 moneymanagergps-id22347347.citizensbank.com.topdll.li
16893 76.97.11.136(10) bancorpsouthonline.inview.48386090-login.corporate.inview63.com
16894 NXDOMAIN session-57948975.paylinks.cunet.org.apex85.org
16895 69.55.251.62(10) session-93908871.paylinks.cunet.org.apex1010.org
16906 82.200.140.134 moneymanagergps-id612656.citizensbank.com.zikfriv4.zj.cn
16918 82.200.140.134 moneymanagergps-id3337851727.citizensbank.com.garrif.com
16923 74.13.160.178(5) moneymanagergps-id20372.citizensbank.com.tech.kg
16924 74.13.160.178(5) moneymanagergps-id943084.citizensbank.com.techs.ec
16925 74.13.160.178(5) moneymanagergps-id3904945707.citizensbank.com.md.kg
16926 74.13.160.178(5) moneymanagergps-id651413599.citizensbank.com.tech.kg
16927 76.97.11.136(10) bancorpsouthonline.inview.45171905-login.corporate.inview63.com
16928 82.200.140.134 moneymanagergps-id38171.citizensbank.com.sho3uld.cn
16929 74.13.160.178(5) moneymanagergps-id1125914.citizensbank.com.rt.kg
16930 74.13.160.178(5) moneymanagergps-id268592.citizensbank.com.techs.ec
16931 74.13.160.178(5) moneymanagergps-id3988758.citizensbank.com.tech.kg
16932 74.13.160.178(5) moneymanagergps-id970272619.citizensbank.com.md.kg
16934 74.13.160.178(5) moneymanagergps-id2499262213.citizensbank.com.rt.kg
16935 74.13.160.178(5) moneymanagergps-id15000535.citizensbank.com.md.kg
16938 62.43.141.71(10) bancorpsouthonline.inview.01327308-login.corporate.inview63.com
16940 82.200.140.134 moneymanagergps-id785594205.citizensbank.com.zikfriv2.zj.cn
16942 62.43.141.71(10) bancorpsouthonline.inview.16646388-login.corporate.inview38.com
Domain registration info
Phish domain Registrar
apex1010.org REGISTER.COM 9/06/2007
apex85.org REGISTER.COM 9/05/2007
apex911.org REGISTER.COM 9/05/2007
garrif.com TODAYNIC.COM 9/06/2007
inview38.com REGISTER.COM 9/06/2007
inview63.com REGISTER.COM 9/06/2007
md.kg www.domain.kg 7/19/2007
relob.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
sho3uld.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
topdll.li www.switch.ch 9/06/2007?
zikfriv2.zj.cn www.cnnic.net.cn 8/29/2007
zikfriv4.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
king-gw.com INFO AVENUE 5/22/2007 (suspended)
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nnborder.com REGISTER.COM 8/24/2007
outsrv.com REGISTER.COM 8/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 08, 2007Report for Saturday:
16945 24.67.46.85(10) bancorpsouthonline.inview.55508150-login.corporate.inview70.com
16946 24.67.46.85(10) bancorpsouthonline.inview.80497903-login.corporate.inview16.com
16949 80.192.158.77(10) bancorpsouthonline.inview.18301815-login.corporate.inview63.com
16950 79.66.59.137(5) moneymanagergps-id7317112879.citizensbank.com.tech.kg
16954 79.66.59.137(5) moneymanagergps-id868563989.citizensbank.com.md.kg
16955 79.66.59.137(5) moneymanagergps-id518058.citizensbank.com.tech.kg
16956 82.200.140.134 moneymanagergps-id1035913.citizensbank.com.soldofo.xz.cn
16959 79.66.59.137(5) moneymanagergps-id9545539455.citizensbank.com.tech.kg
16960 79.66.59.137(5) moneymanagergps-id1421576.citizensbank.com.md.kg
16961 80.192.158.77(10) bancorpsouthonline.inview.00347746-login.corporate.inview93.com
16969 79.66.59.137(5) moneymanagergps-id049539309.citizensbank.com.tech.kg
16970 79.66.59.137(5) moneymanagergps-id22572.citizensbank.com.techs.ec
16971 79.66.59.137(5) moneymanagergps-id0323183956.citizensbank.com.md.kg
Domain registration info
Phish domain Registrar
inview16.com REGISTER.COM 9/06/2007
inview63.com REGISTER.COM 9/06/2007
inview70.com REGISTER.COM 9/06/2007
inview93.com REGISTER.COM 9/06/2007
md.kg www.domain.kg 7/19/2007
soldofo.xz.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 09, 2007The report for Sunday:
17017 24.160.130.119(5) moneymanagergps-id8621298363.citizensbank.com.tech.kg
17019 82.200.140.134 moneymanagergps-id88615.citizensbank.com.kkfiie.hi.cn
17020 82.200.140.134 moneymanagergps-id86506.citizensbank.com.garrif.com
17022 80.143.85.176(5) moneymanagergps-id1302805905.citizensbank.com.tech.kg
17024 80.143.85.176(5) moneymanagergps-id0435447978.citizensbank.com.rt.kg
17026 80.143.85.176(5) moneymanagergps-id441756.citizensbank.com.rt.kg
17027 80.143.85.176(5) moneymanagergps-id0548116904.citizensbank.com.techs.ec
17028 82.200.140.134 onlinesession-34372.natwest.com.soldofo.gd.cn
17051 211.53.155.196 moneymanagergps-id300703155.citizensbank.com.4eflob.cn
17053 dns_temp_fail bancorpsouthonline.inview.67295997-login.corporate.inview83.com
17067 211.53.155.196 moneymanagergps-id26075358.citizensbank.com.finflar0.cn
17068 24.67.46.85(5) moneymanagergps-id27924395.citizensbank.com.rt.kg
17069 211.53.155.196 moneymanagergps-id23100936.citizensbank.com.zikfriv4.zj.cn
17070 24.67.46.85(5) moneymanagergps-id33107493.citizensbank.com.md.kg
17071 211.53.155.196 moneymanagergps-id31056.citizensbank.com.zikfriv4.zj.cn
17072 24.67.46.85(5) moneymanagergps-id192170.citizensbank.com.rt.kg
17073 24.67.46.85(5) moneymanagergps-id62791.citizensbank.com.techs.ec
17075 24.69.217.190(5) moneymanagergps-id94757.citizensbank.com.tech.kg
17076 24.69.217.190(5) moneymanagergps-id3054675473.citizensbank.com.tech.kg
17077 211.53.155.196 moneymanagergps-id8101460921.citizensbank.com.member46.cn
Domain registration info
Phish domain Registrar
4eflob.cn www.cnnic.net.cn 9/05/2007
finflar0.cn www.cnnic.net.cn 9/06/2007
garrif.com TODAYNIC.COM 9/06/2007
inview83.com REGISTER.COM 9/06/2007
kkfiie.hi.cn www.cnnic.net.cn 9/06/2007
md.kg www.domain.kg 7/19/2007
member46.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
soldofo.gd.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
zikfriv4.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 10, 2007The Monday report:
17089 69.230.195.10(5) moneymanagergps-id98222547.citizensbank.com.tech.kg
17102 NXDOMAIN bancorpsouthonline.inview.09092350-login.corporate.inview11.com
17103 phish_is_down moneymanagergps-id744069688.citizensbank.com.pal-netx.cn
17108 NXDOMAIN moneymanagergps-id871069.citizensbank.com.4eltob.cn
17109 64.131.250.205(10) bancorpsouthonline.inview.95940796-login.corporate.inview101.com
17111 NXDOMAIN bancorpsouthonline.inview.05064362-login.corporate.inview90.com
17113 24.69.217.190(5) moneymanagergps-id380577578.citizensbank.com.tech.kg
17114 24.69.217.190(5) moneymanagergps-id8863345.citizensbank.com.rt.kg
17115 24.69.217.190(5) moneymanagergps-id405564.citizensbank.com.rt.kg
17116 24.69.217.190(5) moneymanagergps-id82328021.citizensbank.com.techs.ec
17117 24.69.217.190(5) moneymanagergps-id841476387.citizensbank.com.rt.kg
17118 NXDOMAIN bancorpsouthonline.inview.66063141-login.corporate.inview65.com
17119 24.69.217.190(5) moneymanagergps-id707896978.citizensbank.com.techs.ec
17120 60.12.130.112 moneymanagergps-id785066.citizensbank.com.slipmaster2.cn
17121 24.69.217.190(5) moneymanagergps-id578125.citizensbank.com.techs.ec
17122 24.69.217.190(5) moneymanagergps-id63343.citizensbank.com.md.kg
17123 NXDOMAIN bancorpsouthonline.inview.21546454-login.corporate.inview11.com
17124 NXDOMAIN bancorpsouthonline.inview.56728966-login.corporate.inview11.com
17129 NXDOMAIN bancorpsouthonline.inview.25248877-login.corporate.inview76.com
17130 NXDOMAIN bancorpsouthonline.inview.65802706-login.corporate.inview11.com
17134 68.252.42.13(5) moneymanagergps-id9718676.citizensbank.com.rt.kg
Domain registration info
Phish domain Registrar
4eltob.cn unknown 9/07/2007?
inview101.com REGISTER.COM 9/09/2007
inview11.com unknown 9/10/2007? (cancelled?)
inview65.com unknown 9/10/2007? (cancelled?)
inview76.com unknown 9/10/2007? (cancelled?)
inview90.com unknown 9/10/2007? (cancelled?)
md.kg www.domain.kg 7/19/2007
pal-netx.cn www.cnnic.net.cn 9/10/2007
rt.kg www.domain.kg 7/19/2007
slipmaster2.cn www.cnnic.net.cn 9/07/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
loverting.com ESTDOMAINS 8/14/2007 (cancelled)
mc-domain.com TUCOWS 6/27/2007
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 11, 2007The Tuesday report:
17144 60.12.130.112 moneymanagergps-id3986684.citizensbank.com.ch2e455.cn
17147 60.12.130.112 moneymanagergps-id9912678502.citizensbank.com.member45.cn
17148 24.226.198.59(10) bancorpsouthonline.inview.41053297-login.corporate.passmark245.com
17149 24.226.198.59(10) bancorpsouthonline.inview.96873625-login.corporate.ced93.com
17150 60.12.130.112 moneymanagergps-id4024272033.citizensbank.com.finflar6.cn
17151 60.12.130.112 moneymanagergps-id1136922.citizensbank.com.soldofo.js.cn
17152 24.226.198.59(10) bancorpsouthonline.inview.41833075-login.corporate.passmark304.com
17153 24.137.71.198 moneymanagergps-id07757909.citizensbank.com.rt.kg
17157 60.12.130.112 moneymanagergps-id64098.citizensbank.com.finflar6.cn
17176 24.67.46.85(5) moneymanagergps-id3241798542.citizensbank.com.tech.kg
17181 NXDOMAIN bancorpsouthonline.inview.89254196-login.corporate.passmark278.com
17182 85.105.182.6 moneymanagergps-id73534.citizensbank.com.5idp1109.cn
17183 62.43.141.71(10) bancorpsouthonline.inview.80743383-login.corporate.ced93.com
17184 24.67.46.85(5) moneymanagergps-id1046383668.citizensbank.com.md.kg
17185 24.67.46.85(5) moneymanagergps-id92667623.citizensbank.com.md.kg
17186 85.105.182.6 moneymanagergps-id3969626810.citizensbank.com.4idp1109.cn
17192 24.67.46.85(5) moneymanagergps-id27932.citizensbank.com.techs.ec
17193 24.67.46.85(5) moneymanagergps-id19294860.citizensbank.com.md.kg
17195 24.67.46.85(5) moneymanagergps-id621506.citizensbank.com.rt.kg
17196 85.105.182.6 moneymanagergps-id142399.citizensbank.com.soldofo.com
17199 60.12.130.112 moneymanagergps-id34591004.citizensbank.com.abr4aciv1.hi.cn
17202 NXDOMAIN bancorpsouthonline.inview.08243707-login.corporate.passmark777.com
17213 NXDOMAIN bancorpsouthonline.inview.15638960-login.corporate.passmark765.com
Domain registration info
Phish domain Registrar
4idp1109.cn www.cnnic.net.cn 9/11/2007
5idp1109.cn www.cnnic.net.cn 9/11/2007
abr4aciv1.hi.cn www.cnnic.net.cn 9/11/2007
ced93.com REGISTER.COM 9/10/2007
ch2e455.cn www.cnnic.net.cn 9/06/2007
finflar6.cn www.cnnic.net.cn 9/06/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
passmark245.com REGISTER.COM 9/10/2007 (cancelled)
passmark278.com unknown 9/10/2007? (cancelled?)
passmark304.com REGISTER.COM 9/10/2007 (cancelled)
passmark765.com unknown 9/10/2007? (cancelled?)
passmark777.com unknown 9/10/2007? (cancelled?)
rt.kg www.domain.kg 7/19/2007
soldofo.com TODAYNIC.COM 9/06/2007
soldofo.js.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
aruba-nx.com BIZCN.COM 9/08/2007
for-nx-rec.com REGISTERNAMES 9/10/2007
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 12, 2007The Wednesday report:
17219 NXDOMAIN bancorpsouthonline.inview.38893504-login.corporate.passmark365.com
17220 85.105.182.6 moneymanagergps-id9408949.citizensbank.com.elephunk1.gx.cn
17221 85.105.182.6 moneymanagergps-id6481130978.citizensbank.com.finflar1.cn
17222 NXDOMAIN bancorpsouthonline.inview.54935978-login.corporate.passmark88.com
17224 NXDOMAIN bancorpsouthonline.inview.77683474-login.corporate.passmark765.com
17229 NXDOMAIN bancorpsouthonline.inview.29661102-login.corporate.passmark777.com
17230 NXDOMAIN bancorpsouthonline.inview.82040781-login.corporate.passmark77.com
17238 62.43.141.71(10) moneymanagergps-id35043191.citizensbank.com.gps739.com
17240 68.54.242.171(5) moneymanagergps-id90716.citizensbank.com.md.kg
17241 68.54.242.171(5) moneymanagergps-id338082.citizensbank.com.tech.kg
17242 68.54.242.171(5) moneymanagergps-id47547378.citizensbank.com.rt.kg
17243 68.60.56.24(10) moneymanagergps-id35751953.citizensbank.com.gps234.com
17247 82.30.9.238(5) moneymanagergps-id8572642084.citizensbank.com.md.kg
17248 82.30.9.238(5) moneymanagergps-id02483.citizensbank.com.tech.kg
17251 60.12.130.112 moneymanagergps-id802180.citizensbank.com.norufild8.xj.cn
17254 24.137.71.198(10) moneymanagergps-id32682469.citizensbank.com.gps582.com
17265 60.12.130.112 moneymanagergps-id02955016.citizensbank.com.garrif.com
17272 24.137.71.198(10) moneymanagergps-id27318108.citizensbank.com.gps931.com
17284 24.137.71.198(10) moneymanagergps-id31633613.citizensbank.com.gps931.com
17297 74.13.159.227(5) moneymanagergps-id36238255.citizensbank.com.techs.ec
Domain registration info
Phish domain Registrar
elephunk1.gx.cn www.cnnic.net.cn 9/07/2007
finflar1.cn www.cnnic.net.cn 9/06/2007
garrif.com TODAYNIC.COM 9/06/2007
gps234.com REGISTER.COM 9/09/2007
gps582.com REGISTER.COM 9/09/2007
gps739.com REGISTER.COM 9/09/2007
gps931.com REGISTER.COM 9/09/2007
md.kg www.domain.kg 7/19/2007
norufild8.xj.cn www.cnnic.net.cn 9/10/2007
passmark365.com unknown 9/10/2007? (cancelled?)
passmark765.com unknown 9/10/2007? (cancelled?)
passmark777.com unknown 9/10/2007? (cancelled?)
passmark77.com unknown 9/10/2007? (cancelled?)
passmark88.com unknown 9/10/2007? (cancelled?)
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
for-nx-rec.com REGISTERNAMES 9/10/2007
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nnborder.com REGISTER.COM 8/24/2007
nt-wuser.com INFO AVENUE 5/30/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 13, 2007Here is the report for Thursday:
17300 60.12.130.112 moneymanagergps-id34525235.citizensbank.com.po5p1209.cn
17319 74.13.159.227(10) bancorpsouthonline.inview.77810295-login.corporate.challenge709.com
17321 64.131.251.173(5) moneymanagergps-id626856504.citizensbank.com.tech.kg
17322 74.13.159.227(10) bancorpsouthonline.inview.97775598-login.corporate.challenge739.com
17331 62.43.141.71(5) moneymanagergps-id072109853.citizensbank.com.md.kg
17332 60.12.130.112 moneymanagergps-id3007178463.citizensbank.com.dj4poison.cn
17333 62.43.141.71(5) moneymanagergps-id826897573.citizensbank.com.techs.ec
17334 74.13.159.227(10) moneymanagergps-id17823492.citizensbank.com.miho98.com
17335 62.43.141.71(5) moneymanagergps-id1943365.citizensbank.com.rt.kg
17336 62.43.141.71(5) moneymanagergps-id13432216.citizensbank.com.tech.kg
17737 62.43.141.71(5) moneymanagergps-id93330102.citizensbank.com.tech.kg
17339 60.12.130.112 moneymanagergps-id0376987.citizensbank.com.g0t1109.zj.cn
17340 NXDOMAIN bancorpsouthonline.inview.04121519-login.corporate.passmark278.com
17341 NXDOMAIN bancorpsouthonline.inview.23556185-login.corporate.challenge932.com
17343 NXDOMAIN bancorpsouthonline.inview.77969731-login.corporate.filed320.com
17344 temp_dns_fail moneymanagergps-id41099154.citizensbank.com.gps428.com
17345 NXDOMAIN bancorpsouthonline.inview.83048244-login.corporate.passmark777.com
17350 60.12.130.112 moneymanagergps-id695018590.citizensbank.com.norufild6.xj.cn
17356 62.43.141.71(5) moneymanagergps-id92411.citizensbank.com.techs.ec
17357 69.55.249.54(10) moneymanagergps-id04703527.citizensbank.com.pasw21.com
17358 62.43.141.71(5) moneymanagergps-id4007701.citizensbank.com.tech.kg
17359 60.12.130.112 moneymanagergps-id147497.citizensbank.com.member45.cn
17360 69.55.249.54(10) moneymanagergps-id00933257.citizensbank.com.onln37.com
17362 24.122.237.105(5) moneymanagergps-id17609.citizensbank.com.md.kg
17364 24.137.71.198(10) moneymanagergps-id77008978.citizensbank.com.passw9.com
Domain registration info
Phish domain Registrar
challenge709.com REGISTER.COM 9/11/2007
challenge739.com REGISTER.COM 9/11/2007
challenge932.com unknown 9/11/2007? (cancelled?)
dj4poison.cn www.cnnic.net.cn 9/13/2007
filed320.com unknown 9/11/2007? (cancelled?)
g0t1109.zj.cn www.cnnic.net.cn 9/12.2007
gps428.com REGISTER.COM 9/09/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
miho98.com REGISTER.COM 9/12/2007
norufild6.xj.cn www.cnnic.net.cn 9/10/2007
onln37.com REGISTER.COM 9/12/2007
passmark278.com unknown 9/10/2007? (cancelled?)
passmark777.com unknown 9/10/2007? (cancelled?)
passw9.com REGISTER.COM 9/12/2007
pasw21.com REGISTER.COM 9/12/2007
po5p1209.cn unknown 9/11/2007? (cancelled)
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
for-nx-rec.com REGISTERNAMES 9/10/2007
lopata.ch www.switch.ch 9/05/2007? (cancelled)
loverting.com ESTDOMAINS 8/14/2007 (cancelled)
mc-domain.com TUCOWS 6/27/2007
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nnborder.com REGISTER.COM 8/24/2007
nt-wuser.com INFO AVENUE 5/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 14, 2007The Friday report:
17401 69.230.196.247(5) moneymanagergps-id7156718602.citizensbank.com.techs.ec
17402 69.230.196.247(5) moneymanagergps-id514366.citizensbank.com.rt.kg
17403 200.77.213.15 moneymanagergps-id662106477.citizensbank.com.dj2poison.cn
17404 74.13.159.227(10) moneymanagergps-id95366696.citizensbank.com.brot27.com
17407 69.230.196.247(5) moneymanagergps-id593834.citizensbank.com.tech.kg
17409 200.77.213.15 moneymanagergps-id08631736.citizensbank.com.vicont5.zj.cn
17410 74.13.159.227(10) moneymanagergps-id26957884.citizensbank.com.paym87.com
17411 74.13.159.227(10) moneymanagergps-id17551682.citizensbank.com.passw9.com
17414 69.212.246.252(5) moneymanagergps-id0891815.citizensbank.com.rt.kg
17415 69.212.246.252(5) moneymanagergps-id290984747.citizensbank.com.tech.kg
17422 79.2.231.28(10) moneymanagergps-id94350763.citizensbank.com.grin65.com
17424 69.209.74.94(5) moneymanagergps-id56897.citizensbank.com.tech.kg
17437 24.69.217.190(10) moneymanagergps-id83626309.citizensbank.com.filed12.com
Domain registration info
Phish domain Registrar
brot27.com REGISTER.COM 9/12/2007
dj2poison.cn www.cnnic.net.cn 9/13/2007
filed12.com REGISTER.COM 9/12/2007
grin65.com REGISTER.COM 9/12/2007
passw9.com REGISTER.COM 9/12/2007
paym87.com REGISTER.COM 9/12/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
vicont5.zj.cn www.cnnic.net.cn 9/13/2007
DNS server domain Registrar
carapicho.net BIZCN.COM 9/12/2007
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nnborder.com REGISTER.COM 8/24/2007
nt-wuser.com INFO AVENUE 5/30/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 15, 2007The report for Saturday:
17440 200.77.213.15 moneymanagergps-id99236287.citizensbank.com.ca1apicho.cn
17449 75.5.233.37(5) moneymanagergps-id23380033.citizensbank.com.md.kg
17450 75.5.233.37(5) moneymanagergps-id74528.citizensbank.com.md.kg
17451 NXDOMAIN moneymanagergps-id8488680.citizensbank.com.carapi2ho.cn
17452 75.5.233.37(5) moneymanagergps-id0865599.citizensbank.com.rt.kg
17453 200.77.213.15 moneymanagergps-id066969.citizensbank.com.abr5aciv1.hi.cn
17454 75.5.233.37(5) moneymanagergps-id6515914.citizensbank.com.md.kg
17455 75.5.233.37(5) moneymanagergps-id5284553.citizensbank.com.md.kg
17458 NXDOMAIN moneymanagergps-id6079635.citizensbank.com.nano1ver.cn
17459 NXDOMAIN moneymanagergps-id933948.citizensbank.com.member49.cn
17463 74.78.118.52(5) moneymanagergps-id1024187929.citizensbank.com.md.kg
17464 74.78.118.52(5) moneymanagergps-id5758673423.citizensbank.com.rt.kg
17465 74.78.118.52(5) moneymanagergps-id58676.citizensbank.com.rt.kg
17466 68.60.56.24(10) moneymanagergps-id30649055.citizensbank.com.grin65.com
17470 200.77.213.15 moneymanagergps-id701157.citizensbank.com.ce1r4tr3.cn
17495 200.77.213.15 moneymanagergps-id77355.citizensbank.com.carilo6.zj.cn
Domain registration info
Phish domain Registrar
abr5aciv1.hi.cn www.cnnic.net.cn 9/11/2007
ca1apicho.cn www.cnnic.net.cn 9/13/2007
carapi2ho.cn www.cnnic.net.cn 9/13/2007
carilo6.zj.cn www.cnnic.net.cn 9/12/2007
ce1r4tr3.cn www.cnnic.net.cn 9/15/2007
grin65.com REGISTER.COM 9/12/2007
md.kg www.domain.kg 7/19/2007
member49.cn www.cnnic.net.cn 9/05/2007
nano1ver.cn unknown 9/14/2007? (cancelled?)
rt.kg www.domain.kg 7/19/2007
DNS server domain Registrar
carapicho.net BIZCN.COM 9/12/2007
musicbbx.com REGISTER.COM 8/31/2007
nixt-nx.tv BIZCN.COM 9/01/2007 (suspended)
nt-wuser.com INFO AVENUE 5/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 16, 2007The Sunday report:
17510 68.60.56.24(10) moneymanagergps-id77075757.citizensbank.com.gpc35.com
17511 68.60.56.24(10) moneymanagergps-id39885891.citizensbank.com.onln37.com
17512 200.77.213.15 moneymanagergps-id0932815001.citizensbank.com.morefu1n1.cn
17513 200.77.213.15 moneymanagergps-id22685.citizensbank.com.palvica1q1.cn
17514 74.78.118.52(5) moneymanagergps-id4188620.citizensbank.com.rt.kg
17515 74.78.118.52(5) moneymanagergps-id46154.citizensbank.com.rt.kg
17516 200.77.213.15 moneymanagergps-id01017.citizensbank.com.palvica161.cn
17517 200.77.213.15 moneymanagergps-id092308.citizensbank.com.palvica141.cn
17518 74.78.118.52(5) moneymanagergps-id245264622.citizensbank.com.rt.kg
17519 200.77.213.15 moneymanagergps-id316878862.citizensbank.com.palvica111.cn
17520 200.77.213.15 moneymanagergps-id244909.citizensbank.com.1ixhonod.cn
17521 200.77.213.15 moneymanagergps-id649033.citizensbank.com.soldofo.xz.cn
17522 62.163.124.158(10) moneymanagergps-id21521036.citizensbank.com.mark09.com
17523 200.77.213.15 moneymanagergps-id3511018.citizensbank.com.ce1r4tr3.cn
17525 200.77.213.15 moneymanagergps-id205817235.citizensbank.com.dj-ice2.cn
17526 200.77.213.15 moneymanagergps-id66031.citizensbank.com.dj2poison.cn
17527 200.77.213.15 moneymanagergps-id2084172210.citizensbank.com.dj0poison.cn
17528 200.77.213.15 moneymanagergps-id76323.citizensbank.com.dj9poison.cn
17529 80.133.240.130(10) moneymanagergps-id65591567.citizensbank.com.brih43.com
17530 68.60.56.24(5) moneymanagergps-id4835556.citizensbank.com.rt.kg
17544 200.77.213.15 moneymanagergps-id64901429.citizensbank.com.morefu1n1.cn
17551 60.12.130.112 moneymanagergps-id77752.citizensbank.com.elephunk1.gx.cn
17552 60.12.130.112 moneymanagergps-id02200287.citizensbank.com.abr3aciv1.hi.cn
17556 60.12.130.112 moneymanagergps-id735466.citizensbank.com.ce1r4tr3.cn
Domain registration info
Phish domain Registrar
1ixhonod.cn www.cnnic.net.cn 9/14/2007
abr3aciv1.hi.cn www.cnnic.net.cn 9/11/2007
brih43.com REGISTER.COM 9/12/2007
ce1r4tr3.cn www.cnnic.net.cn 9/15/2007
dj0poison.cn www.cnnic.net.cn 9/13/2007
dj2poison.cn www.cnnic.net.cn 9/13/2007
dj9poison.cn www.cnnic.net.cn 9/13/2007
dj-ice2.cn www.cnnic.net.cn 9/07/2007
elephunk1.gx.cn www.cnnic.net.cn 9/07/2007
gpc35.com REGISTER.COM 9/12/2007
mark09.com REGISTER.COM 9/12/2007
morefu1n1.cn www.cnnic.net.cn 9/15/2007
onln37.com REGISTER.COM 9/12/2007
palvica111.cn www.cnnic.net.cn 9/15/2007
palvica141.cn www.cnnic.net.cn 9/15/2007
palvica161.cn www.cnnic.net.cn 9/15/2007
palvica1q1.cn www.cnnic.net.cn 9/15/2007
rt.kg www.domain.kg 7/19/2007
soldofo.xz.cn www.cnnic.net.cn 9/06/2007
DNS server domain Registrar
carapicho.net BIZCN.COM 9/12/2007
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
musicbbx.com REGISTER.COM 8/31/2007
nixt-nx.tv BIZCN.COM 9/01/2007 (suspended)
nnborder.com REGISTER.COM 8/24/2007
nt-wuser.com INFO AVENUE 5/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 17, 2007The rock phishers have had a bad day today. The domain "carapicho.net" was suspended by the registrar, and most of their phish depended on that domain for DNS services. I was still able to find IP addresses for the phish pages, because I happened to have the IP address of their DNS server from the previous day. But a fresh DNS lookup of most of today's rock phish domains would give a temp fail error.
The Monday report:
17577 60.12.130.112 moneymanagergps-id71501616.citizensbank.com.carilo1.zj.cn
17595 dns_temp_fail moneymanagergps-id88667103.citizensbank.com.miho98.com
17598 60.12.130.112 moneymanagergps-id162268674.citizensbank.com.r-n1x-rec.cn
17599 60.12.130.112 moneymanagergps-id174692443.citizensbank.com.dj2poison.cn
17600 60.12.130.112 moneymanagergps-id768837.citizensbank.com.mo1refun1.cn
17601 60.12.130.112 moneymanagergps-id7347010168.citizensbank.com.r-n3x-rec.cn
17602 60.12.130.112 moneymanagergps-id320415026.citizensbank.com.palvica141.cn
17604 24.122.237.105(10) moneymanagergps-id74979216.citizensbank.com.pink76.com
17605 60.12.130.112 moneymanagergps-id011993.citizensbank.com.ardobn1.cn
17606 60.12.130.112 moneymanagergps-id21844.citizensbank.com.palvica171.cn
17607 60.12.130.112 moneymanagergps-id408531848.citizensbank.com.argdon1.cn
Domain registration info
Phish domain Registrar
ardobn1.cn www.cnnic.net.cn 9/16/2007
argdon1.cn www.cnnic.net.cn 9/16/2007
carilo1.zj.cn www.cnnic.net.cn 9/12/2007
dj2poison.cn www.cnnic.net.cn 9/13/2007
miho98.com REGISTER.COM 9/12/2007
mo1refun1.cn www.cnnic.net.cn 9/15/2007
palvica141.cn www.cnnic.net.cn 9/15/2007
palvica171.cn www.cnnic.net.cn 9/15/2007
pink76.com REGISTER.COM 9/16/2007
r-n1x-rec.cn www.cnnic.net.cn 9/16/2007
r-n3x-rec.cn www.cnnic.net.cn 9/16/2007
DNS server domain Registrar
carapicho.net BIZCN.COM 9/12/2007 (suspended)
nixt-nx.tv BIZCN.COM 9/01/2007 (suspended)
nt-wuser.com INFO AVENUE 5/30/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 18, 2007The Tuesday report:
17628 24.122.237.105(10) moneymanagergps-id96798529.citizensbank.com.depz10.com
17629 60.12.130.112 moneymanagergps-id41301060.citizensbank.com.palvica111.cn
17630 60.12.130.112 moneymanagergps-id7845433523.citizensbank.com.dancrk1.xz.cn
17631 60.12.130.112 moneymanagergps-id8589019202.citizensbank.com.elephunk3.gx.cn
17632 60.12.130.112 moneymanagergps-id24138.citizensbank.com.elephunk2.gx.cn
17640 dns_temp_fail moneymanagergps-id96985392.citizensbank.com.pink76.com
17645 dns_temp_fail moneymanagergps-id08528758.citizensbank.com.whis87.com
17646 dns_temp_fail moneymanagergps-id53143238.citizensbank.com.moref1un1.cn
17647 79.22.190.38(10) moneymanagergps-id89146198.citizensbank.com.didj87.com
17648 79.22.190.38(10) moneymanagergps-id76441821.citizensbank.com.didj87.com
17649 79.22.190.38(10) moneymanagergps-id42901646.citizensbank.com.didj87.com
17650 79.22.190.38(10) moneymanagergps-id55760817.citizensbank.com.kips98.com
17668 60.12.130.112 moneymanagergps-id6883246267.citizensbank.com.day17v.cn
17669 60.12.130.112 moneymanagergps-id1838546.citizensbank.com.norde4c1.gx.cn
17671 67.38.42.44(10) moneymanagergps-id28654292.citizensbank.com.yrrsa9.com
17681 82.200.140.134 moneymanagergps-id741530.citizensbank.com.nordec31.gx.cn
Domain registration info
Phish domain Registrar
dancrk1.xz.cn www.cnnic.net.cn 9/18/2007
day17v.cn www.cnnic.net.cn 9/18/2007
depz10.com REGISTER.COM 9/16/2007
didj87.com REGISTER.COM 9/17/2007
elephunk2.gx.cn www.cnnic.net.cn 9/07/2007
elephunk3.gx.cn www.cnnic.net.cn 9/07/2007
kips98.com REGISTER.COM 9/17/2007
moref1un1.cn www.cnnic.net.cn 9/15/2007
norde4c1.gx.cn www.cnnic.net.cn 9/18/2007
nordec31.gx.cn www.cnnic.net.cn 9/18/2007
palvica111.cn www.cnnic.net.cn 9/15/2007
pink76.com REGISTER.COM 9/16/2007
whis87.com REGISTER.COM 9/16/2007
yrrsa9.com REGISTER.COM 9/17/2007
DNS server domain Registrar
aruba-nx.com BIZCN.COM 9/08/2007 (suspended)
bar-bar-com.com BIZCN.COM 9/18/2007
carapicho.net BIZCN.COM 9/12/2007 (suspended)
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
nixt-nx.tv BIZCN.COM 9/01/2007 (suspended)
nnborder.com REGISTER.COM 8/24/2007
nt-wuser.com INFO AVENUE 5/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
1 edit | Rock phish report Sep 19, 2007The Wednesday report:
17687 209.62.20.175 moneymanagergps-id61219548.citizensbank.com.dfbb55.com
17695 60.12.130.112 moneymanagergps-id3396113.citizensbank.com.tron2off1.xz.cn
17696 NXDOMAIN moneymanagergps-id263044910.citizensbank.com.nordec11.xz.cn
17697 60.12.130.112 moneymanagergps-id75356.citizensbank.com.voma1d.cn
17698 209.62.20.175 moneymanagergps-id05479601.citizensbank.com.cars98.com
17699 NXDOMAIN moneymanagergps-id6648101507.citizensbank.com.dancrk1.xz.cn
17700 dns_temp_fail moneymanagergps-id86271467.citizensbank.com.cars98.com
17701 209.62.20.175 moneymanagergps-id83312749.citizensbank.com.gffs998.com
17713 60.12.130.112 moneymanagergps-id915097982.citizensbank.com.nordec61.gz.cn
17714 60.12.130.112 moneymanagergps-id52969.citizensbank.com.tronoff1.hi.cn
17715 24.122.237.105(10) session-12345678.paylinks.cunet.org.pis95.com
17716 60.12.130.112 moneymanagergps-id748385.citizensbank.com.vira2d1.cn
17722 24.122.237.105(10) session-12345678.paylinks.cunet.org.nhd48.com
17723 60.12.130.112 moneymanagergps-id873409.citizensbank.com.v6irad1.cn
17725 24.122.237.105(10) session-12345678.paylinks.cunet.org.piv63.com
17731 60.12.130.112 moneymanagergps-id8033592.citizensbank.com.norde4c1.xz.cn
17732 24.122.237.105(10) session-11748854.paylinks.cunet.org.pwd85.com
17733 24.122.237.105(10) session-18903230.paylinks.cunet.org.bst81.com
17734 24.122.237.105(10) session-12345678.paylinks.cunet.org.psw83.com
17737 60.12.130.112 moneymanagergps-id832885.citizensbank.com.mit4ac.cn
17738 NXDOMAIN moneymanagergps-id51069526.citizensbank.com.fris34.com
17748 60.12.130.112 moneymanagergps-id05708573.citizensbank.com.carilo2.zj.cn
17754 session-13405237.paylinks.cunet.org.rex91.com
17755 60.12.130.112 moneymanagergps-id800891520.citizensbank.com.nordec31.gx.cn
17756 60.12.130.112 moneymanagergps-id96768245.citizensbank.com.durdom1.gz.cn
17757 60.12.130.112 moneymanagergps-id605459495.citizensbank.com.member48.cn
Domain registration info
Phish domain Registrar
bst81.com REGISTER.COM 9/18/2007
carilo2.zj.cn www.cnnic.net.cn 9/12/2007
cars98.com REGISTER.COM 9/17/2007
dancrk1.xz.cn www.cnnic.net.cn 9/18/2007
dfbb55.com REGISTER.COM 9/17/2007
durdom1.gz.cn www.cnnic.net.cn 9/18/2007
fris34.com REGISTER.COM 9/18/2007? (cancelled)
gffs998.com REGISTER.COM 9/17/2007
member48.cn www.cnnic.net.cn 9/05/2007
mit4ac.cn www.cnnic.net.cn 9/18/2007
nhd48.com REGISTER.COM 9/18/2007
norde4c1.xz.cn www.cnnic.net.cn 9/18/2007
nordec11.xz.cn www.cnnic.net.cn 9/18/2007
nordec31.gx.cn www.cnnic.net.cn 9/18/2007
nordec61.gz.cn www.cnnic.net.cn 9/18/2007
pis95.com REGISTER.COM 9/18/2007
piv63.com REGISTER.COM 9/18/2007
psw83.com REGISTER.COM 9/18/2007
pwd85.com REGISTER.COM 9/18/2007
rex91.com REGISTER.COM 9/18/2007
tron2off1.xz.cn www.cnnic.net.cn 9/14/2007
tronoff1.hi.cn www.cnnic.net.cn 9/14/2007
v6irad1.cn www.cnnic.net.cn 9/19/2007
vira2d1.cn www.cnnic.net.cn 9/19/2007
voma1d.cn www.cnnic.net.cn 9/18/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
nnborder.com REGISTER.COM 8/24/2007
nt-wuser.com INFO AVENUE 5/30/2007
polo456.com TODAYNIC.COM 9/17/2007
themailworld.com INFO AVENUE 8/24/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
(edit - inserted missing entry)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 20, 2007The Thursday report:
17780 phish_is_down moneymanagergps-id2632683.citizensbank.com.ard4on1.cn
17781 dns_temp_fail session-99170769.paylinks.cunet.org.nhd48.com
17782 60.12.130.112 moneymanagergps-id1064170.citizensbank.com.carilo2.zj.cn
17783 60.12.130.112 moneymanagergps-id0436012098.citizensbank.com.nordec61.gx.cn
17786 60.12.130.112 moneymanagergps-id143678.citizensbank.com.member49.cn
17807 60.12.130.112 moneymanagergps-id130178916.citizensbank.com.polo8789.tw
17815 24.122.237.105(10) securelogin-05857476.citizensbank.com.str95.com
17819 60.12.130.112 moneymanagergps-id8891670.citizensbank.com.danc2rk1.gz.cn
17821 NXDOMAIN moneymanagergps-id50299840.citizensbank.com.norde4c1.gx.cn
17822 NXDOMAIN moneymanagergps-id201862523.citizensbank.com.palvica111.cn
17823 dns_temp_fail session-58701725.paylinks.cunet.org.bst81.com
17832 24.226.197.117(10) securelogin-10845498.citizensbank.com.int72.com
17833 60.12.130.112 moneymanagergps-id3945452929.citizensbank.com.fador3.cn
17834 60.12.130.112 moneymanagergps-id14262592.citizensbank.com.member47.cn
17835 60.12.130.112 moneymanagergps-id8470533.citizensbank.com.vall3.cn
Domain registration info
Phish domain Registrar
ard4on1.cn www.cnnic.net.cn 9/16/2007
bst81.com REGISTER.COM 9/18/2007
carilo2.zj.cn www.cnnic.net.cn 9/12/2007
danc2rk1.gz.cn www.cnnic.net.cn 9/18/2007
fador3.cn www.cnnic.net.cn 9/21/2007
int72.com REGISTER.COM 9/19/2007
member47.cn www.cnnic.net.cn 9/05/2007
member49.cn www.cnnic.net.cn 9/05/2007
nhd48.com REGISTER.COM 9/18/2007
norde4c1.gx.cn www.cnnic.net.cn 9/18/2007
nordec61.gx.cn www.cnnic.net.cn 9/18/2007
palvica111.cn www.cnnic.net.cn 9/15/2007
polo8789.tw SEEDNET 9/18/2007
str95.com REGISTER.COM 9/19/2007
vall3.cn www.cnnic.net.cn 9/21/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (suspended)
carapicho.net BIZCN.COM 9/12/2007 (suspended)
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
nt-wuser.com INFO AVENUE 5/30/2007
polo456.com TODAYNIC.COM 9/17/2007
themailworld.com INFO AVENUE 8/24/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 21, 2007The Friday report:
17841 60.12.130.112 moneymanagergps-id356785919.citizensbank.com.carilo1.zj.cn
17845 76.23.254.69(10) securelogin-22416284.citizensbank.com.kst83.com
17855 dns_temp_fail session-{dig}{dig}{dig}{dig}{dig}{dig}{dig}{dig}.paylinks.cunet.org.edg58.com
17861 NXDOMAIN moneymanagergps-id98119.citizensbank.com.fj6ruut.cn
17862 76.23.254.69(10) securelogin-21778036.citizensbank.com.kdp69.com
17885 219.253.140.172 moneymanagergps-id9210632023.citizensbank.com.jovag5o1.cn
Domain registration info
Phish domain Registrar
carilo1.zj.cn www.cnnic.net.cn 9/12/2007
edg58.com REGISTER.COM 9/18/2007
fj6ruut.cn unknown 9/20/2007? (cancelled?)
jovag5o1.cn www.cnnic.net.cn 9/21/2007
kdp69.com REGISTER.COM 9/19/2007
kst83.com REGISTER.COM 9/19/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (suspended)
nt-wuser.com INFO AVENUE 5/30/2007
themailworld.com INFO AVENUE 8/24/2007
vot-tov.net BIZCN.COM 9/21/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 22, 2007The Saturday report:
17893 219.253.140.172 moneymanagergps-id842548.citizensbank.com.kkdio3.gx.cn
17894 219.253.140.172 moneymanagergps-id1074537.citizensbank.com.xiloex.cn
17895 219.253.140.172 moneymanagergps-id126151816.citizensbank.com.varian2.xz.cn
17896 219.253.140.172 moneymanagergps-id334155692.citizensbank.com.kroitkg.cn
17897 219.253.140.172 moneymanagergps-id01331.citizensbank.com.jovago31.xz.cn
17898 219.253.140.172 moneymanagergps-id134081708.citizensbank.com.lo2prt.hi.cn
17899 24.122.237.105(10) securelogin-35157879.citizensbank.com.nst32.com
17904 24.122.237.105(10) securelogin-85809293.citizensbank.com.fij62.com
17905 219.253.140.172 moneymanagergps-id7987511.citizensbank.com.tron4off1.hi.cn
17906 219.253.140.172 moneymanagergps-id295244941.citizensbank.com.vari1an.xz.cn
17907 219.253.140.172 moneymanagergps-id8489145.citizensbank.com.kiirog.cn
17908 219.253.140.172 moneymanagergps-id7323288.citizensbank.com.ckiirgf.cn
17909 219.253.140.172 moneymanagergps-id4563599827.citizensbank.com.tron3off1.hi.cn
Domain registration info
Phish domain Registrar
ckiirgf.cn www.cnnic.net.cn 9/21/2007
fij62.com REGISTER.COM 9/19/2007
jovago31.xz.cn www.cnnic.net.cn 9/21/2007
kiirog.cn www.cnnic.net.cn 9/21/2007
kkdio3.gx.cn www.cnnic.net.cn 9/21/2007
kroitkg.cn www.cnnic.net.cn 9/21/2007
lo2prt.hi.cn www.cnnic.net.cn 9/06/2007
nst32.com REGISTER.COM 9/19/2007
tron3off1.hi.cn www.cnnic.net.cn 9/14/2007
tron4off1.hi.cn www.cnnic.net.cn 9/14/2007
vari1an.xz.cn www.cnnic.net.cn 9/21/2007
varian2.xz.cn www.cnnic.net.cn 9/21/2007
xiloex.cn www.cnnic.net.cn 9/21/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (suspended)
themailworld.com INFO AVENUE 8/24/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
vot-tov.net BIZCN.COM 9/21/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 23, 2007The Sunday report:
17930 219.253.140.172 moneymanagergps-id42994.citizensbank.com.jov7ago1.cn
17931 219.253.140.172 moneymanagergps-id53297.citizensbank.com.donfort.cn
17932 219.253.140.172 moneymanagergps-id70497.citizensbank.com.varia4n.xz.cn
17933 219.253.140.172 moneymanagergps-id669890642.citizensbank.com.lopfroriif.cn
17934 219.253.140.172 moneymanagergps-id3507358.citizensbank.com.irutujg.cn
17937 200.77.213.15 moneymanagergps-id34644.citizensbank.com.virad1.cn
17939 200.77.213.15 moneymanagergps-id44132.citizensbank.com.donfrod.cn
17943 209.62.20.175 moneymanagergps-id38666400.citizensbank.com.token9.com
17945 209.62.20.175 moneymanagergps-id74993884.citizensbank.com.lops19.com
17949 209.62.20.175 moneymanagergps-id57072693.citizensbank.com.grin65.com
17952 209.62.20.175 moneymanagergps-id40818374.citizensbank.com.fids98.com
17954 NXDOMAIN bancorpsouthonline.inview.93492135-login.corporate.challenge691.com
17956 NXDOMAIN bancorpsouthonline.inview.37786896-login.corporate.passmark589.com
17961 200.77.213.15 moneymanagergps-id1312731.citizensbank.com.nig4yr.cn
17962 200.77.213.15 moneymanagergps-id0852979.citizensbank.com.kkriirm.cn
17963 200.77.213.15 moneymanagergps-id25286167.citizensbank.com.ntigyr.cn
17964 200.77.213.15 moneymanagergps-id1108152.citizensbank.com.member47.cn
Domain registration info
Phish domain Registrar
challenge691.com unknown 9/11/2007? (cancelled?)
donfort.cn www.cnnic.net.cn 9/21/2007
donfrod.cn www.cnnic.net.cn 9/21/2007
fids98.com REGISTER.COM 9/12/2007
grin65.com REGISTER.COM 9/12/2007
irutujg.cn www.cnnic.net.cn 9/21/2007
jov7ago1.cn www.cnnic.net.cn 9/21/2007
kkriirm.cn www.cnnic.net.cn 9/21/2007
lopfroriif.cn www.cnnic.net.cn 9/21/2007
lops19.com REGISTER.COM 9/16/2007
member47.cn www.cnnic.net.cn 9/05/2007
nig4yr.cn www.cnnic.net.cn 9/22/2007
ntigyr.cn www.cnnic.net.cn 9/22/2007
passmark589.com unknown 9/10/2007? (cancelled?)
token9.com REGISTER.COM 9/16/2007
varia4n.xz.cn www.cnnic.net.cn 9/21/2007
virad1.cn www.cnnic.net.cn 9/19/2007
DNS server domain Registrar
bar-bar-com.com BIZCN.COM 9/18/2007 (suspended)
BNMQ.COM RESELLERCLUB 8/03/2004 (in use by rockphish)
nt-wuser.com INFO AVENUE 5/30/2007 (suspended)
polo456.com TODAYNIC.COM 9/17/2007
vot-tov.net BIZCN.COM 9/21/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
