 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to nwrickert
Rock phish report Aug 21, 2007The Tuesday report:
16060 81.215.226.34 session-4312136398.bankofthewest.com.dkjjeu.cn
16061 75.36.152.207 miwebcombank.session-5208197.mibank.com.techs.ec
16063 81.215.226.34 session-660430033.bankofthewest.com.hiirov.cn
16064 81.215.226.34 webexpress.session-46269883.tdbanknorth.com.polopy.cn
16065 200.109.61.147 session-98492303.bankofthewest.com.didovx.cn
16066 200.109.61.147 webexpress.session-1189345106.tdbanknorth.com.ygin4.cn
16067 200.109.61.147 webexpress.session-407488323.tdbanknorth.com.konrjt.cn
16068 75.36.152.207 miwebcombank.session-678568.mibank.com.tech.kg
16069 75.36.152.207 miwebcombank.session-26633394.mibank.com.techs.ec
16071 75.36.152.207 miwebcombank.session-49972.mibank.com.rt.kg
16078 77.97.175.154 miwebcombank.session-583171.mibank.com.md.kg
16079 77.97.175.154 miwebcombank.session-287553.mibank.com.rt.kg
16080 77.97.175.154 miwebcombank.session-753180471.mibank.com.tech.kg
16081 77.97.175.154 miwebcombank.session-376356.mibank.com.rt.kg
16085 77.97.175.154 miwebcombank.session-5467611.mibank.com.rt.kg
16086 74.75.129.227 miwebcombank.session-7597248.mibank.com.md.kg
16094 24.67.46.85 miwebcombank.session-3387892.mibank.com.tech.kg
16095 24.67.46.85 miwebcombank.session-87475277.mibank.com.rt.kg
Domain registration info
Phish domain Registrar
didovx.cn www.cnnic.net.cn 8/15/2007
dkjjeu.cn www.cnnic.net.cn 8/15/2007
hiirov.cn www.cnnic.net.cn 8/20/2007
konrjt.cn www.cnnic.net.cn 8/16/2007
md.kg www.domain.kg 7/19/2007
polopy.cn www.cnnic.net.cn 8/16/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec ?????????
ygin4.cn www.cnnic.net.cn 8/20/2007
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
dont-rendel.com ESTDOMAINS 8.16/2007
ect-name.net ESTDOMAINS 8/15/2007 (suspended)
lolim.cn www.cnnic.net.cn 8/13/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 22, 2007The report for Wednesday:
16099 24.137.71.198 miwebcombank.session-7628219.mibank.com.techs.ec
16100 24.137.71.198 miwebcombank.session-538933845.mibank.com.md.kg
16101 24.137.71.198 miwebcombank.session-84152.mibank.com.md.kg
16112 79.13.89.116 miwebcombank.session-91525970.mibank.com.techs.ec
16114 65.189.145.110 miwebcombank.session-5367770186.mibank.com.rt.kg
16115 84.114.167.165 miwebcombank.session-232193.mibank.com.rt.kg
16117 84.114.167.165 miwebcombank.session-605625.mibank.com.techs.ec
16123 24.69.217.190 miwebcombank.session-9858624.mibank.com.tech.kg
16129 69.230.181.62 miwebcombank.session-17095.mibank.com.rt.kg
16130 69.230.181.62 miwebcombank.session-15905.mibank.com.rt.kg
16131 69.230.181.62 miwebcombank.session-3383829.mibank.com.tech.kg
16133 70.234.218.2 miwebcombank.session-829119.mibank.com.rt.kg
16134 70.234.218.2 miwebcombank.session-99048364.mibank.com.techs.ec
Domain registration info
Phish domain Registrar
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec ?????????
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 23, 2007It's odd. We have not seen any newly registered domains for the last two day's phish submissions. All submitted rockphish has used md.kg, rt.kg, tech.kg, techs.ec - domains that they registered several weeks ago.
Here is the Thursday report:
16146 76.80.222.158 miwebcombank.session-627280.mibank.com.tech.kg
16147 76.80.222.158 miwebcombank.session-7354162236.mibank.com.tech.kg
16148 76.80.222.158 miwebcombank.session-284751068.mibank.com.md.kg
16149 76.80.222.158 miwebcombank.session-35867679.mibank.com.rt.kg
16156 84.3.57.87 miwebcombank.session-87161.mibank.com.techs.ec
16160 62.43.141.71 miwebcombank.session-76619.mibank.com.tech.kg
16164 79.66.89.203 miwebcombank.session-37771.mibank.com.tech.kg
16165 79.66.89.203 miwebcombank.session-9337000.mibank.com.techs.ec
16166 79.66.89.203 miwebcombank.session-6625773623.mibank.com.rt.kg
16167 79.66.89.203 miwebcombank.session-321594.mibank.com.rt.kg
16168 79.66.89.203 miwebcombank.session-263148.mibank.com.md.kg
16169 79.66.89.203 miwebcombank.session-02117886.mibank.com.md.kg
16170 79.66.89.203 miwebcombank.session-4415505.mibank.com.techs.ec
16173 62.43.141.71 miwebcombank.session-279102427.mibank.com.md.kg
16177 24.137.71.198 miwebcombank.session-8169696.mibank.com.rt.kg
16178 24.137.71.198 miwebcombank.session-62195.mibank.com.rt.kg
16179 24.137.71.198 miwebcombank.session-3421802.mibank.com.rt.kg
Domain registration info
Phish domain Registrar
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
|
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 24, 2007Another day with no newly registered domains showing up in rock phish submissions. That makes 3 days.
I have not included phish #16205 in this listing. While it has some similarity to rock phish, it is also different enough in style that I doubt it is the work of the same group.
Here is the Friday report:
16190 69.230.181.62 miwebcombank.session-377810067.mibank.com.rt.kg
16196 79.118.122.79 miwebcombank.session-2237631.mibank.com.md.kg
16198 69.230.181.62 miwebcombank.session-03834222.mibank.com.md.kg
16200 69.230.181.62 miwebcombank.session-275867370.mibank.com.tech.kg
16202 69.230.181.62 miwebcombank.session-721456.mibank.com.rt.kg
16203 69.230.181.62 miwebcombank.session-9455520.mibank.com.rt.kg
16204 69.230.181.62 miwebcombank.session-21683998.mibank.com.rt.kg
16206 24.137.123.184 miwebcombank.session-64385.mibank.com.tech.kg
16207 24.137.123.184 miwebcombank.session-77670.mibank.com.tech.kg
Domain registration info
Phish domain Registrar
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 25, 2007Here is the report for Saturday:
16215 79.118.122.79 miwebcombank.session-74153831.mibank.com.tech.kg
16216 79.118.122.79 miwebcombank.session-220128.mibank.com.tech.kg
16223 82.200.143.223 miwebcombank.session-7434478445.mibank.com.adoor3.xj.cn
16228 60.12.130.112 miwebcombank.session-289275.mibank.com.nuuket.cn
16232 62.43.141.71 miwebcombank.session-96170.mibank.com.techs.ec
16234 82.200.143.223 miwebcombank.session-455872211.mibank.com.polopy.cn
16235 66.27.82.253 miwebcombank.session-17524.mibank.com.md.kg
Domain registration info
Phish domain Registrar
adoor3.xj.cn www.cnnic.net.cn 8/24/2007
md.kg www.domain.kg 7/19/2007
nuuket.cn NAMESCOUT 8/25/2007
polopy.cn www.cnnic.net.cn 8/16/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
hluuel.com NAMESCOUT 8/25/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 26, 2007The rock phishers are now using NAMESCOUT as registrar for some of their new domain registrations.
Here is the Sunday report:
16238 82.30.9.238 miwebcombank.session-6212617495.mibank.com.techs.ec
16239 82.30.9.238 miwebcombank.session-20349453.mibank.com.rt.kg
16240 82.200.143.223 miwebcombank.session-142005.mibank.com.saadir.cn
16244 82.200.143.223 miwebcombank.session-862237.mibank.com.fkiie.cn
16245 24.169.34.213 miwebcombank.session-41052.mibank.com.techs.ec
16246 69.230.208.247 miwebcombank.session-43387572.mibank.com.md.kg
16253 82.200.143.223 miwebcombank.session-75227.mibank.com.adoor3.xj.cn
16256 74.78.118.52 miwebcombank.session-81849.mibank.com.md.kg
16257 74.78.118.52 miwebcombank.session-1195494.mibank.com.rt.kg
16260 219.253.140.172 miwebcombank.session-58565356.mibank.com.ruuter.cn
16263 219.253.140.172 miwebcombank.session-553617942.mibank.com.jaamen.cn
16264 71.192.111.13 miwebcombank.session-480117783.mibank.com.md.kg
16265 71.192.111.13 miwebcombank.session-29701.mibank.com.techs.ec
16266 71.192.111.13 miwebcombank.session-971023922.mibank.com.techs.ec
Domain registration info
Phish domain Registrar
adoor3.xj.cn www.cnnic.net.cn 8/24/2007
fkiie.cn www.cnnic.net.cn 8/16/2007
jaamen.cn NAMESCOUT 8/25/2007
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
ruuter.cn NAMESCOUT 8/25/2007
saadir.cn NAMESCOUT 8/25/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
hluuel.com NAMESCOUT 8/25/2007
kaalod.com NAMESCOUT 8/25/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 27, 2007I received an email response from NAMESCOUT, that they are onto this phishing problem and have shut down the domains registered through them. It is looking as if rockphish have worn out their welcome at a number of registries, and are not as readily able to register new domains.
In the meantime, the continue to use some domains from a while back that are still active. Here is the Monday report:
16268 69.230.208.247 miwebcombank.session-491528.mibank.com.md.kg
16271 79.66.86.239 miwebcombank.session-77987559.mibank.com.techs.ec
16276 82.200.140.134 miwebcombank.session-3647605951.mibank.com.adoor11.cn
16277 68.185.95.74 miwebcombank.session-927582.mibank.com.techs.ec
16278 68.185.95.74 miwebcombank.session-82451997.mibank.com.rt.kg
16279 68.185.95.74 miwebcombank.session-1399092.mibank.com.md.kg
16281 68.185.95.74 miwebcombank.session-043289420.mibank.com.tech.kg
Domain registration info
Phish domain Registrar
adoor11.cn www.cnnic.net.cn 8/24/2007
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 28, 2007Here is the Tuesday report:
16300 82.254.80.103 miwebcombank.session-1220991953.mibank.com.tech.kg
16301 NXDOMAIN miwebcombank.session-78775.mibank.com.adoor5.xj.cn
16302 82.76.6.112 miwebcombank.session-900138.mibank.com.dibop5.cn
16303 82.76.6.112 miwebcombank.session-154063474.mibank.com.lolmat3.cn
16304 82.254.80.103 miwebcombank.session-797549.mibank.com.tech.kg
16306 82.76.6.112 miwebcombank.session-09095120.mibank.com.wovob2v.cn
16307 81.79.34.58 miwebcombank.session-508728.mibank.com.techs.ec
16309 81.79.34.58 miwebcombank.session-8296798.mibank.com.techs.ec
16310 82.76.6.112 miwebcombank.session-25650.mibank.com.fkiie.cn
16311 82.76.6.112 miwebcombank.session-102998.mibank.com.dibop2.hk
16318 69.230.214.83 miwebcombank.session-644120.mibank.com.tech.kg
Domain registration info
Phish domain Registrar
adoor5.xj.cn unknown 8/25/2007? (cancelled?)
dibop2.hk HKDNR 8/27/2007
dibop5.cn www.cnnic.net.cn 8/27/2007
fkiie.cn www.cnnic.net.cn 8/16/2007
lolmat3.cn www.cnnic.net.cn 8/20/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
wovob2v.cn www.cnnic.net.cn 8/22/2007
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
dont-rendel.in DIRECT INFORMATION 8/16/2007 (suspended)
lolim.cn www.cnnic.net.cn 8/13/2007
loverting.com ESTDOMAINS 8/14/2007
maritanna.com ESTDOMAINS 8/14/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
1 edit | Rock phish report Aug 29, 2007Where there are multiple IPs associated with a hostname, I am listing only one. I give the number of IPs in parentheses after that IP. For example there were 10 IPs for the hostname used in phish #16359.
Rockphish is now targetting Merrill Lynch. Here is the report for Wednesday:
16350 71.192.111.13(5) nfbconnect.cashman.cgi-bin024522.sslserv73.com
16359 75.36.152.207(10) session-00683597.wcma.businesscenter.ml.ibs020.com
16360 75.36.152.207(10) session-39707553.wcma.businesscenter.ml.ibs016.com
16362 24.212.72.73(10) session-69849679.wcma.businesscenter.ml.ibs016.com
Domain registration info
Phish domain Registrar
ibs016.com REGISTER.COM 8/29/2007
ibs020.com REGISTER.COM 8/29/2007
DNS server domain Registrar
nt-wuser.com INFO AVENUE 5/30/2007
web-omg.com REGISTER.COM 6/07/2007
(edit: inserted phish #16350. I was originally unsure whether this was rockphish, but after seeing a second sample I am persuaded that it is. I also added an explanation of the "(10)" following some IP addresses above.)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 30, 2007Here is the report for Thursday:
16368 85.29.132.178 miwebcombank.session-5911085.mibank.com.zikfriv1.zj.cn
16369 85.29.132.178 miwebcombank.session-50788.mibank.com.zikfrid2.cn
16371 85.29.132.178 miwebcombank.session-643391.mibank.com.btd-on17.cn
16373 71.192.111.13(5) nfbconnect.cashman.cgi-bin024522.sslserv51.com
16374 71.192.111.13(5) nfbconnect.cashman.cgi-bin024522.sslserv53.com
16379 85.29.132.178 miwebcombank.session-253634.mibank.com.btd-on17.cn
16400 82.200.140.134 miwebcombank.session-0014435745.mibank.com.btd-on0.gx.cn
16402 24.137.123.184(10) private47286899-firstnational.online030.com
16405 24.137.123.184(10) private72717067-firstnational.online030.com
16409 24.169.34.213(10) private53860820-firstnational.online034.com
16410 82.200.140.134 miwebcombank.session-30528378.mibank.com.givord.cn
16411 82.200.140.134 miwebcombank.session-0121313.mibank.com.maritanna6.cn
16412 82.200.140.134 miwebcombank.session-3175525322.mibank.com.bibop0.cn
16413 82.200.140.134 miwebcombank.session-0695263441.mibank.com.btd-on2.gx.cn
16414 82.200.140.134 miwebcombank.session-6068127955.mibank.com.zikfriv3.zj.cn
16415 24.169.34.213(10) private81373478-firstnational.online038.com
16416 82.200.140.134 miwebcombank.session-759343.mibank.com.bibop4.cn
16422 82.200.140.134 miwebcombank.session-861667.mibank.com.loverting4.cn
16423 82.200.140.134 miwebcombank.session-949617.mibank.com.zikfrid2.cn
16425 24.169.34.213(10) private53352580-firstnational.online050.com
Domain registration info
Phish domain Registrar
bibop0.cn www.cnnic.net.cn 8/27/2007
bibop4.cn www.cnnic.net.cn 8/27/2007
btd-on0.gx.cn www.cnnic.net.cn 8/28/2007
btd-on17.cn www.cnnic.net.cn 8/28/2007
btd-on2.gx.cn www.cnnic.net.cn 8/28/2007
givord.cn www.cnnic.net.cn 8/16/2007
loverting4.cn www.cnnic.net.cn 8/29/2007
maritanna6.cn www.cnnic.net.cn 8/29/2007
online030.com REGISTER.COM 8/29/2007
online034.com REGISTER.COM 8/29/2007
online038.com REGISTER.COM 8/29/2007
online050.com REGISTER.COM 8/29/2007
sslserv51.com REGISTER.COM 8/28/2007
sslserv53.com unknown 8/29/2007? (cancelled?)
zikfrid2.cn www.cnnic.net.cn 8/29/2007
zikfriv1.zj.cn www.cnnic.net.cn 8/29/2007
zikfriv3.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
king-gw.com INFO AVENUE 5/22/2007
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
tokyosr.com INFO AVENUE 6/08/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
vvlpp.com REGISTER.COM 5/02/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 31, 2007The Friday report:
16437 85.29.132.178 miwebcombank.session-70556745.mibank.com.lolmat2.cn
16439 85.29.132.178 miwebcombank.session-5245699171.mibank.com.konrjt.cn
16440 85.29.132.178 miwebcombank.session-87954554.mibank.com.lolmat2.cn
16441 85.29.132.178 miwebcombank.session-2830739041.mibank.com.zikfriv.zj.cn
16442 85.29.132.178 miwebcombank.session-6165625.mibank.com.lolmat5.cn
16455 85.29.132.178 miwebcombank.session-6837707224.mibank.com.btd-on12.cn
Domain registration info
Phish domain Registrar
btd-on12.cn www.cnnic.net.cn 8/28/2007
konrjt.cn www.cnnic.net.cn 8/16/2007
lolmat2.cn www.cnnic.net.cn 8/20/2007
lolmat5.cn www.cnnic.net.cn 8/20/2007
zikfriv.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
dont-rendel.in DIRECT INFORMATION 8/16/2007 (suspended)
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 01, 2007The Saturday report:
16456 85.29.132.178 miwebcombank.session-29940.mibank.com.loverting5.cn
16460 85.29.132.178 miwebcombank.session-11322872.mibank.com.zikfriv2.zj.cn
16463 85.29.132.178 miwebcombank.session-535221263.mibank.com.loverting3.cn
16464 85.29.132.178 miwebcombank.session-990030606.mibank.com.wovob2v.cn
16465 85.29.132.178 miwebcombank.session-1847447.mibank.com.btd-on18.cn
16466 85.29.132.178 miwebcombank.session-260680655.mibank.com.btd-on17.cn
16474 85.105.182.6 miwebcombank.session-96436205.mibank.com.btd-on3.gx.cn
16489 85.105.182.6 miwebcombank.session-2917006.mibank.com.loverting2.cn
16491 85.29.132.178 miwebcombank.session-48619341.mibank.com.maritanna4.cn
Domain registration info
Phish domain Registrar
btd-on17.cn www.cnnic.net.cn 8/28/2007
btd-on18.cn www.cnnic.net.cn 8/28/2007
btd-on3.gx.cn www.cnnic.net.cn 8/28/2007
loverting2.cn www.cnnic.net.cn 8/29/2007
loverting3.cn www.cnnic.net.cn 8/29/2007
loverting5.cn www.cnnic.net.cn 8/29/2007
maritanna4.cn www.cnnic.net.cn 8/29/2007
wovob2v.cn www.cnnic.net.cn 8/22/2007
zikfriv2.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lolim.cn www.cnnic.net.cn 8/13/2007
loverting.com ESTDOMAINS 8/14/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 02, 2007The Sunday report:
16502 85.29.132.178 miwebcombank.session-117059.mibank.com.ituner10.cn
16509 82.76.6.112 miwebcombank.session-4772683723.mibank.com.loverting4.cn
Domain registration info
Phish domain Registrar
ituner10.cn www.cnnic.net.cn 9/01/2007
loverting4.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
nm-lary2k.com ESTDOMAINS 8/31/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 03, 2007The Monday report:
16529 85.29.132.178 miwebcombank.session-70329.mibank.com.ituner6.cn
16530 85.29.132.178 miwebcombank.session-4712956.mibank.com.loeirf.cn
16531 82.208.154.137 miwebcombank.session-422287.mibank.com.btd-on13.cn
16537 82.208.154.137 miwebcombank.session-991369.mibank.com.givord.cn
16553 62.241.222.150(5) miwebcombank.session-731570.mibank.com.techs.ec
16554 85.29.132.178 miwebcombank.session-85599.mibank.com.btd-on11.cn
16555 phish_is_down miwebcombank.session-422782438.mibank.com.zikfrid2.cn
16556 85.29.132.178 miwebcombank.session-75535847.mibank.com.polopy.cn
16559 NXDOMAIN miwebcombank.session-7841627206.mibank.com.fiiler.cn
16560 62.241.222.150(5) miwebcombank.session-56659.mibank.com.rt.kg
16561 NXDOMAIN miwebcombank.session-61544.mibank.com.adoor11.cn
16563 62.241.222.150(5) miwebcombank.session-566002133.mibank.com.rt.kg
Domain registration info
Phish domain Registrar
adoor11.cn www.cnnic.net.cn 8/24/2007 (cancelled)
btd-on11.cn www.cnnic.net.cn 8/28/2007
btd-on13.cn www.cnnic.net.cn 8/28/2007
fiiler.cn unknown 8/27/2007? (cancelled?)
givord.cn www.cnnic.net.cn 8/16/2007
ituner6.cn www.cnnic.net.cn 9/01/2007
loeirf.cn www.cnnic.net.cn 8/17/2007
polopy.cn www.cnnic.net.cn 8/16/2007
rt.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
zikfrid2.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nm-lary2k.com ESTDOMAINS 8/31/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 04, 2007The report for Tuesday:
16634 80.180.25.135(5) miwebcombank.session-56699777.mibank.com.md.kg
16635 80.180.25.135(5) miwebcombank.session-567595991.mibank.com.tech.kg
16636 80.180.25.135(5) miwebcombank.session-4319989371.mibank.com.techs.ec
16637 80.180.25.135(5) miwebcombank.session-809002988.mibank.com.techs.ec
16638 80.180.25.135(5) miwebcombank.session-42913334.mibank.com.rt.kg
16639 80.180.25.135(5) miwebcombank.session-551200884.mibank.com.techs.ec
16724 70.117.8.180(5) moneymanagergps-id55019696.citizensbank.com.rt.kg
16725 70.117.8.180(5) moneymanagergps-id72640.citizensbank.com.md.kg
16727 70.117.8.180(5) moneymanagergps-id870494.citizensbank.com.rt.kg
16728 70.117.8.180(5) moneymanagergps-id3639606.citizensbank.com.md.kg
16729 85.29.132.178 moneymanagergps-id7664717937.citizensbank.com.btd-on3.gx.cn
16730 70.117.8.180(5) moneymanagergps-id1057375464.citizensbank.com.md.kg
16737 68.151.203.42(10) session-76942013.paylinks.cunet.org.apex36.cn
16738 85.105.182.6 moneymanagergps-id9687220.citizensbank.com.rtport.ch
16743 85.105.182.6 moneymanagergps-id3787703.citizensbank.com.heruve33.cn
16748 24.226.198.59(5) moneymanagergps-id2233268592.citizensbank.com.techs.ec
Domain registration info
Phish domain Registrar
apex36.cn www.cnnic.net.cn 9/01/2007
btd-on3.gx.cn www.cnnic.net.cn 8/28/2007
heruve33.cn NAMESCOUT 9/04/2007
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
rtport.ch www.switch.ch 9/04/2007?
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
heruve.com NAMESCOUT 9/04/2007
hjkh.ch www.switch.ch 9/04/2007?
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
tokyosr.com INFO AVENUE 6/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 05, 2007The Wednesday report:
16760 79.13.72.223(10) bancorpsouthonline.inview.40727376-login.corporate.inview42.cn
16763 68.114.62.236(10) bancorpsouthonline.inview.85854941-login.corporate.inview19.cn
16765 64.109.49.244(5) moneymanagergps-id2375317.citizensbank.com.tech.kg
16777 64.109.49.244(5) moneymanagergps-id43038.citizensbank.com.techs.ec
16778 64.109.49.244(5) moneymanagergps-id043526.citizensbank.com.techs.ec
16780 68.114.62.236(10) bancorpsouthonline.inview.60162374-login.corporate.inview42.cn
16781 64.109.49.244(5) moneymanagergps-id7853247172.citizensbank.com.md.kg
16782 64.109.49.244(5) moneymanagergps-id2069810.citizensbank.com.techs.ec
16783 68.114.62.236(10) bancorpsouthonline.inview.58020785-login.corporate.inview42.cn
16785 85.29.132.178 moneymanagergps-id36221.citizensbank.com.letvot5.cn
16786 64.109.49.244(5) moneymanagergps-id32263879.citizensbank.com.md.kg
16787 85.29.132.178 moneymanagergps-id1549685055.citizensbank.com.member45.cn
16793 24.137.71.198(5) moneymanagergps-id362045894.citizensbank.com.tech.kg
16794 24.137.71.198(5) moneymanagergps-id08912171.citizensbank.com.tech.kg
16795 82.208.154.137 moneymanagergps-id558184124.citizensbank.com.4elrob.cn
Domain registration info
Phish domain Registrar
4elrob.cn www.cnnic.net.cn 9/05/2007
inview19.cn www.cnnic.net.cn 9/01/2007
inview42.cn www.cnnic.net.cn 9/01/2007
letvot5.cn www.cnnic.net.cn 9/04/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007
lopata.ch www.switch.ch 9/05/2007?
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nt-wuser.com INFO AVENUE 5/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 06, 2007Today's submissions show some targeting of APEX ACH (use google to find what that is). I do wonder about the domains they registered - of the form apexnn.org. I had thought that ".org" registrations were restricted to organizations, and I have problems considering a criminal group as a legitimate organization :(
Here is the report for Thursday:
16809 84.3.179.118(5) moneymanagergps-id47567051.citizensbank.com.rt.kg
16810 84.3.179.118(5) moneymanagergps-id61978955.citizensbank.com.md.kg
16811 84.3.179.118(5) moneymanagergps-id454768122.citizensbank.com.tech.kg
16812 85.29.132.178 moneymanagergps-id6765010899.citizensbank.com.letvot5.cn
16817 NXDOMAIN bancorpsouthonline.inview.41891387-login.corporate.inview18.cn
16820 NXDOMAIN bancorpsouthonline.inview.64129756-login.corporate.inview17.cn
16821 84.3.179.118(5) moneymanagergps-id94952.citizensbank.com.md.kg
16822 80.144.247.78(10) session-49762337.paylinks.cunet.org.apex85.org
16826 80.144.247.78(10) session-21037049.paylinks.cunet.org.apex85.org
16828 80.144.247.78(10) session-45874805.paylinks.cunet.org.apex85.org
16829 69.55.251.250(5) moneymanagergps-id6583151.citizensbank.com.techs.ec
16830 85.29.132.178 moneymanagergps-id4660773.citizensbank.com.member45.cn
16831 69.55.251.250(5) moneymanagergps-id02895744.citizensbank.com.rt.kg
16832 69.55.251.250(5) moneymanagergps-id0435724682.citizensbank.com.tech.kg
16833 69.55.251.250(5) moneymanagergps-id12006682.citizensbank.com.techs.ec
16834 85.29.132.178 moneymanagergps-id29719.citizensbank.com.letvot0.cn
16835 82.18.68.47(10) session-64592051.paylinks.cunet.org.apex85.org
16838 80.144.251.243(10) session-95192004.paylinks.cunet.org.apex82.org
16844 62.43.141.71(5) moneymanagergps-id26958184.citizensbank.com.rt.kg
16849 82.208.154.137 moneymanagergps-id43716.citizensbank.com.fiiling4.cn
16872 69.55.251.250(10) session-11172812.paylinks.cunet.org.apex001.org
16876 24.67.46.85(5) moneymanagergps-id6299188592.citizensbank.com.md.kg
16877 82.208.154.137 moneymanagergps-id987524.citizensbank.com.grekkt.cn
16878 82.208.154.137 moneymanagergps-id3280358846.citizensbank.com.member48.cn
Domain registration info
Phish domain Registrar
apex001.org REGISTER.COM 9/06/2007
apex82.org unknown 9/05/2007? (cancelled?)
apex85.org REGISTER.COM 9/05/2007
fiiling4.cn www.cnnic.net.cn 9/04/2007
grekkt.cn www.cnnic.net.cn 9/04/2007
inview17.cn unknown 9/01/2007? (cancelled?)
inview18.cn unknown 9/01/2007? (cancelled?)
letvot0.cn www.cnnic.net.cn 9/04/2007
letvot5.cn www.cnnic.net.cn 9/04/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
member48.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nnborder.com REGISTER.COM 8/24/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 07, 2007The Friday report:
16883 82.200.140.134 moneymanagergps-id4851867.citizensbank.com.relob.cn
16888 69.218.210.116(5) moneymanagergps-id318716088.citizensbank.com.tech.kg
16889 62.101.169.70(10) session-24511232.paylinks.cunet.org.apex911.org
16891 82.200.140.134 moneymanagergps-id22347347.citizensbank.com.topdll.li
16893 76.97.11.136(10) bancorpsouthonline.inview.48386090-login.corporate.inview63.com
16894 NXDOMAIN session-57948975.paylinks.cunet.org.apex85.org
16895 69.55.251.62(10) session-93908871.paylinks.cunet.org.apex1010.org
16906 82.200.140.134 moneymanagergps-id612656.citizensbank.com.zikfriv4.zj.cn
16918 82.200.140.134 moneymanagergps-id3337851727.citizensbank.com.garrif.com
16923 74.13.160.178(5) moneymanagergps-id20372.citizensbank.com.tech.kg
16924 74.13.160.178(5) moneymanagergps-id943084.citizensbank.com.techs.ec
16925 74.13.160.178(5) moneymanagergps-id3904945707.citizensbank.com.md.kg
16926 74.13.160.178(5) moneymanagergps-id651413599.citizensbank.com.tech.kg
16927 76.97.11.136(10) bancorpsouthonline.inview.45171905-login.corporate.inview63.com
16928 82.200.140.134 moneymanagergps-id38171.citizensbank.com.sho3uld.cn
16929 74.13.160.178(5) moneymanagergps-id1125914.citizensbank.com.rt.kg
16930 74.13.160.178(5) moneymanagergps-id268592.citizensbank.com.techs.ec
16931 74.13.160.178(5) moneymanagergps-id3988758.citizensbank.com.tech.kg
16932 74.13.160.178(5) moneymanagergps-id970272619.citizensbank.com.md.kg
16934 74.13.160.178(5) moneymanagergps-id2499262213.citizensbank.com.rt.kg
16935 74.13.160.178(5) moneymanagergps-id15000535.citizensbank.com.md.kg
16938 62.43.141.71(10) bancorpsouthonline.inview.01327308-login.corporate.inview63.com
16940 82.200.140.134 moneymanagergps-id785594205.citizensbank.com.zikfriv2.zj.cn
16942 62.43.141.71(10) bancorpsouthonline.inview.16646388-login.corporate.inview38.com
Domain registration info
Phish domain Registrar
apex1010.org REGISTER.COM 9/06/2007
apex85.org REGISTER.COM 9/05/2007
apex911.org REGISTER.COM 9/05/2007
garrif.com TODAYNIC.COM 9/06/2007
inview38.com REGISTER.COM 9/06/2007
inview63.com REGISTER.COM 9/06/2007
md.kg www.domain.kg 7/19/2007
relob.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
sho3uld.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
topdll.li www.switch.ch 9/06/2007?
zikfriv2.zj.cn www.cnnic.net.cn 8/29/2007
zikfriv4.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
king-gw.com INFO AVENUE 5/22/2007 (suspended)
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nnborder.com REGISTER.COM 8/24/2007
outsrv.com REGISTER.COM 8/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 08, 2007Report for Saturday:
16945 24.67.46.85(10) bancorpsouthonline.inview.55508150-login.corporate.inview70.com
16946 24.67.46.85(10) bancorpsouthonline.inview.80497903-login.corporate.inview16.com
16949 80.192.158.77(10) bancorpsouthonline.inview.18301815-login.corporate.inview63.com
16950 79.66.59.137(5) moneymanagergps-id7317112879.citizensbank.com.tech.kg
16954 79.66.59.137(5) moneymanagergps-id868563989.citizensbank.com.md.kg
16955 79.66.59.137(5) moneymanagergps-id518058.citizensbank.com.tech.kg
16956 82.200.140.134 moneymanagergps-id1035913.citizensbank.com.soldofo.xz.cn
16959 79.66.59.137(5) moneymanagergps-id9545539455.citizensbank.com.tech.kg
16960 79.66.59.137(5) moneymanagergps-id1421576.citizensbank.com.md.kg
16961 80.192.158.77(10) bancorpsouthonline.inview.00347746-login.corporate.inview93.com
16969 79.66.59.137(5) moneymanagergps-id049539309.citizensbank.com.tech.kg
16970 79.66.59.137(5) moneymanagergps-id22572.citizensbank.com.techs.ec
16971 79.66.59.137(5) moneymanagergps-id0323183956.citizensbank.com.md.kg
Domain registration info
Phish domain Registrar
inview16.com REGISTER.COM 9/06/2007
inview63.com REGISTER.COM 9/06/2007
inview70.com REGISTER.COM 9/06/2007
inview93.com REGISTER.COM 9/06/2007
md.kg www.domain.kg 7/19/2007
soldofo.xz.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 09, 2007The report for Sunday:
17017 24.160.130.119(5) moneymanagergps-id8621298363.citizensbank.com.tech.kg
17019 82.200.140.134 moneymanagergps-id88615.citizensbank.com.kkfiie.hi.cn
17020 82.200.140.134 moneymanagergps-id86506.citizensbank.com.garrif.com
17022 80.143.85.176(5) moneymanagergps-id1302805905.citizensbank.com.tech.kg
17024 80.143.85.176(5) moneymanagergps-id0435447978.citizensbank.com.rt.kg
17026 80.143.85.176(5) moneymanagergps-id441756.citizensbank.com.rt.kg
17027 80.143.85.176(5) moneymanagergps-id0548116904.citizensbank.com.techs.ec
17028 82.200.140.134 onlinesession-34372.natwest.com.soldofo.gd.cn
17051 211.53.155.196 moneymanagergps-id300703155.citizensbank.com.4eflob.cn
17053 dns_temp_fail bancorpsouthonline.inview.67295997-login.corporate.inview83.com
17067 211.53.155.196 moneymanagergps-id26075358.citizensbank.com.finflar0.cn
17068 24.67.46.85(5) moneymanagergps-id27924395.citizensbank.com.rt.kg
17069 211.53.155.196 moneymanagergps-id23100936.citizensbank.com.zikfriv4.zj.cn
17070 24.67.46.85(5) moneymanagergps-id33107493.citizensbank.com.md.kg
17071 211.53.155.196 moneymanagergps-id31056.citizensbank.com.zikfriv4.zj.cn
17072 24.67.46.85(5) moneymanagergps-id192170.citizensbank.com.rt.kg
17073 24.67.46.85(5) moneymanagergps-id62791.citizensbank.com.techs.ec
17075 24.69.217.190(5) moneymanagergps-id94757.citizensbank.com.tech.kg
17076 24.69.217.190(5) moneymanagergps-id3054675473.citizensbank.com.tech.kg
17077 211.53.155.196 moneymanagergps-id8101460921.citizensbank.com.member46.cn
Domain registration info
Phish domain Registrar
4eflob.cn www.cnnic.net.cn 9/05/2007
finflar0.cn www.cnnic.net.cn 9/06/2007
garrif.com TODAYNIC.COM 9/06/2007
inview83.com REGISTER.COM 9/06/2007
kkfiie.hi.cn www.cnnic.net.cn 9/06/2007
md.kg www.domain.kg 7/19/2007
member46.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
soldofo.gd.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
zikfriv4.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
