 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to nwrickert
Rock phish report Aug 24, 2007Another day with no newly registered domains showing up in rock phish submissions. That makes 3 days.
I have not included phish #16205 in this listing. While it has some similarity to rock phish, it is also different enough in style that I doubt it is the work of the same group.
Here is the Friday report:
16190 69.230.181.62 miwebcombank.session-377810067.mibank.com.rt.kg
16196 79.118.122.79 miwebcombank.session-2237631.mibank.com.md.kg
16198 69.230.181.62 miwebcombank.session-03834222.mibank.com.md.kg
16200 69.230.181.62 miwebcombank.session-275867370.mibank.com.tech.kg
16202 69.230.181.62 miwebcombank.session-721456.mibank.com.rt.kg
16203 69.230.181.62 miwebcombank.session-9455520.mibank.com.rt.kg
16204 69.230.181.62 miwebcombank.session-21683998.mibank.com.rt.kg
16206 24.137.123.184 miwebcombank.session-64385.mibank.com.tech.kg
16207 24.137.123.184 miwebcombank.session-77670.mibank.com.tech.kg
Domain registration info
Phish domain Registrar
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 25, 2007Here is the report for Saturday:
16215 79.118.122.79 miwebcombank.session-74153831.mibank.com.tech.kg
16216 79.118.122.79 miwebcombank.session-220128.mibank.com.tech.kg
16223 82.200.143.223 miwebcombank.session-7434478445.mibank.com.adoor3.xj.cn
16228 60.12.130.112 miwebcombank.session-289275.mibank.com.nuuket.cn
16232 62.43.141.71 miwebcombank.session-96170.mibank.com.techs.ec
16234 82.200.143.223 miwebcombank.session-455872211.mibank.com.polopy.cn
16235 66.27.82.253 miwebcombank.session-17524.mibank.com.md.kg
Domain registration info
Phish domain Registrar
adoor3.xj.cn www.cnnic.net.cn 8/24/2007
md.kg www.domain.kg 7/19/2007
nuuket.cn NAMESCOUT 8/25/2007
polopy.cn www.cnnic.net.cn 8/16/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
hluuel.com NAMESCOUT 8/25/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 26, 2007The rock phishers are now using NAMESCOUT as registrar for some of their new domain registrations.
Here is the Sunday report:
16238 82.30.9.238 miwebcombank.session-6212617495.mibank.com.techs.ec
16239 82.30.9.238 miwebcombank.session-20349453.mibank.com.rt.kg
16240 82.200.143.223 miwebcombank.session-142005.mibank.com.saadir.cn
16244 82.200.143.223 miwebcombank.session-862237.mibank.com.fkiie.cn
16245 24.169.34.213 miwebcombank.session-41052.mibank.com.techs.ec
16246 69.230.208.247 miwebcombank.session-43387572.mibank.com.md.kg
16253 82.200.143.223 miwebcombank.session-75227.mibank.com.adoor3.xj.cn
16256 74.78.118.52 miwebcombank.session-81849.mibank.com.md.kg
16257 74.78.118.52 miwebcombank.session-1195494.mibank.com.rt.kg
16260 219.253.140.172 miwebcombank.session-58565356.mibank.com.ruuter.cn
16263 219.253.140.172 miwebcombank.session-553617942.mibank.com.jaamen.cn
16264 71.192.111.13 miwebcombank.session-480117783.mibank.com.md.kg
16265 71.192.111.13 miwebcombank.session-29701.mibank.com.techs.ec
16266 71.192.111.13 miwebcombank.session-971023922.mibank.com.techs.ec
Domain registration info
Phish domain Registrar
adoor3.xj.cn www.cnnic.net.cn 8/24/2007
fkiie.cn www.cnnic.net.cn 8/16/2007
jaamen.cn NAMESCOUT 8/25/2007
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
ruuter.cn NAMESCOUT 8/25/2007
saadir.cn NAMESCOUT 8/25/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
hluuel.com NAMESCOUT 8/25/2007
kaalod.com NAMESCOUT 8/25/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 27, 2007I received an email response from NAMESCOUT, that they are onto this phishing problem and have shut down the domains registered through them. It is looking as if rockphish have worn out their welcome at a number of registries, and are not as readily able to register new domains.
In the meantime, the continue to use some domains from a while back that are still active. Here is the Monday report:
16268 69.230.208.247 miwebcombank.session-491528.mibank.com.md.kg
16271 79.66.86.239 miwebcombank.session-77987559.mibank.com.techs.ec
16276 82.200.140.134 miwebcombank.session-3647605951.mibank.com.adoor11.cn
16277 68.185.95.74 miwebcombank.session-927582.mibank.com.techs.ec
16278 68.185.95.74 miwebcombank.session-82451997.mibank.com.rt.kg
16279 68.185.95.74 miwebcombank.session-1399092.mibank.com.md.kg
16281 68.185.95.74 miwebcombank.session-043289420.mibank.com.tech.kg
Domain registration info
Phish domain Registrar
adoor11.cn www.cnnic.net.cn 8/24/2007
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 28, 2007Here is the Tuesday report:
16300 82.254.80.103 miwebcombank.session-1220991953.mibank.com.tech.kg
16301 NXDOMAIN miwebcombank.session-78775.mibank.com.adoor5.xj.cn
16302 82.76.6.112 miwebcombank.session-900138.mibank.com.dibop5.cn
16303 82.76.6.112 miwebcombank.session-154063474.mibank.com.lolmat3.cn
16304 82.254.80.103 miwebcombank.session-797549.mibank.com.tech.kg
16306 82.76.6.112 miwebcombank.session-09095120.mibank.com.wovob2v.cn
16307 81.79.34.58 miwebcombank.session-508728.mibank.com.techs.ec
16309 81.79.34.58 miwebcombank.session-8296798.mibank.com.techs.ec
16310 82.76.6.112 miwebcombank.session-25650.mibank.com.fkiie.cn
16311 82.76.6.112 miwebcombank.session-102998.mibank.com.dibop2.hk
16318 69.230.214.83 miwebcombank.session-644120.mibank.com.tech.kg
Domain registration info
Phish domain Registrar
adoor5.xj.cn unknown 8/25/2007? (cancelled?)
dibop2.hk HKDNR 8/27/2007
dibop5.cn www.cnnic.net.cn 8/27/2007
fkiie.cn www.cnnic.net.cn 8/16/2007
lolmat3.cn www.cnnic.net.cn 8/20/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
wovob2v.cn www.cnnic.net.cn 8/22/2007
DNS server domain Registrar
countlm.com REGISTER.COM 8/08/2007
dont-rendel.in DIRECT INFORMATION 8/16/2007 (suspended)
lolim.cn www.cnnic.net.cn 8/13/2007
loverting.com ESTDOMAINS 8/14/2007
maritanna.com ESTDOMAINS 8/14/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
1 edit | Rock phish report Aug 29, 2007Where there are multiple IPs associated with a hostname, I am listing only one. I give the number of IPs in parentheses after that IP. For example there were 10 IPs for the hostname used in phish #16359.
Rockphish is now targetting Merrill Lynch. Here is the report for Wednesday:
16350 71.192.111.13(5) nfbconnect.cashman.cgi-bin024522.sslserv73.com
16359 75.36.152.207(10) session-00683597.wcma.businesscenter.ml.ibs020.com
16360 75.36.152.207(10) session-39707553.wcma.businesscenter.ml.ibs016.com
16362 24.212.72.73(10) session-69849679.wcma.businesscenter.ml.ibs016.com
Domain registration info
Phish domain Registrar
ibs016.com REGISTER.COM 8/29/2007
ibs020.com REGISTER.COM 8/29/2007
DNS server domain Registrar
nt-wuser.com INFO AVENUE 5/30/2007
web-omg.com REGISTER.COM 6/07/2007
(edit: inserted phish #16350. I was originally unsure whether this was rockphish, but after seeing a second sample I am persuaded that it is. I also added an explanation of the "(10)" following some IP addresses above.)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 30, 2007Here is the report for Thursday:
16368 85.29.132.178 miwebcombank.session-5911085.mibank.com.zikfriv1.zj.cn
16369 85.29.132.178 miwebcombank.session-50788.mibank.com.zikfrid2.cn
16371 85.29.132.178 miwebcombank.session-643391.mibank.com.btd-on17.cn
16373 71.192.111.13(5) nfbconnect.cashman.cgi-bin024522.sslserv51.com
16374 71.192.111.13(5) nfbconnect.cashman.cgi-bin024522.sslserv53.com
16379 85.29.132.178 miwebcombank.session-253634.mibank.com.btd-on17.cn
16400 82.200.140.134 miwebcombank.session-0014435745.mibank.com.btd-on0.gx.cn
16402 24.137.123.184(10) private47286899-firstnational.online030.com
16405 24.137.123.184(10) private72717067-firstnational.online030.com
16409 24.169.34.213(10) private53860820-firstnational.online034.com
16410 82.200.140.134 miwebcombank.session-30528378.mibank.com.givord.cn
16411 82.200.140.134 miwebcombank.session-0121313.mibank.com.maritanna6.cn
16412 82.200.140.134 miwebcombank.session-3175525322.mibank.com.bibop0.cn
16413 82.200.140.134 miwebcombank.session-0695263441.mibank.com.btd-on2.gx.cn
16414 82.200.140.134 miwebcombank.session-6068127955.mibank.com.zikfriv3.zj.cn
16415 24.169.34.213(10) private81373478-firstnational.online038.com
16416 82.200.140.134 miwebcombank.session-759343.mibank.com.bibop4.cn
16422 82.200.140.134 miwebcombank.session-861667.mibank.com.loverting4.cn
16423 82.200.140.134 miwebcombank.session-949617.mibank.com.zikfrid2.cn
16425 24.169.34.213(10) private53352580-firstnational.online050.com
Domain registration info
Phish domain Registrar
bibop0.cn www.cnnic.net.cn 8/27/2007
bibop4.cn www.cnnic.net.cn 8/27/2007
btd-on0.gx.cn www.cnnic.net.cn 8/28/2007
btd-on17.cn www.cnnic.net.cn 8/28/2007
btd-on2.gx.cn www.cnnic.net.cn 8/28/2007
givord.cn www.cnnic.net.cn 8/16/2007
loverting4.cn www.cnnic.net.cn 8/29/2007
maritanna6.cn www.cnnic.net.cn 8/29/2007
online030.com REGISTER.COM 8/29/2007
online034.com REGISTER.COM 8/29/2007
online038.com REGISTER.COM 8/29/2007
online050.com REGISTER.COM 8/29/2007
sslserv51.com REGISTER.COM 8/28/2007
sslserv53.com unknown 8/29/2007? (cancelled?)
zikfrid2.cn www.cnnic.net.cn 8/29/2007
zikfriv1.zj.cn www.cnnic.net.cn 8/29/2007
zikfriv3.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
king-gw.com INFO AVENUE 5/22/2007
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
tokyosr.com INFO AVENUE 6/08/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
vvlpp.com REGISTER.COM 5/02/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Aug 31, 2007The Friday report:
16437 85.29.132.178 miwebcombank.session-70556745.mibank.com.lolmat2.cn
16439 85.29.132.178 miwebcombank.session-5245699171.mibank.com.konrjt.cn
16440 85.29.132.178 miwebcombank.session-87954554.mibank.com.lolmat2.cn
16441 85.29.132.178 miwebcombank.session-2830739041.mibank.com.zikfriv.zj.cn
16442 85.29.132.178 miwebcombank.session-6165625.mibank.com.lolmat5.cn
16455 85.29.132.178 miwebcombank.session-6837707224.mibank.com.btd-on12.cn
Domain registration info
Phish domain Registrar
btd-on12.cn www.cnnic.net.cn 8/28/2007
konrjt.cn www.cnnic.net.cn 8/16/2007
lolmat2.cn www.cnnic.net.cn 8/20/2007
lolmat5.cn www.cnnic.net.cn 8/20/2007
zikfriv.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
dont-rendel.in DIRECT INFORMATION 8/16/2007 (suspended)
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
|
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 01, 2007The Saturday report:
16456 85.29.132.178 miwebcombank.session-29940.mibank.com.loverting5.cn
16460 85.29.132.178 miwebcombank.session-11322872.mibank.com.zikfriv2.zj.cn
16463 85.29.132.178 miwebcombank.session-535221263.mibank.com.loverting3.cn
16464 85.29.132.178 miwebcombank.session-990030606.mibank.com.wovob2v.cn
16465 85.29.132.178 miwebcombank.session-1847447.mibank.com.btd-on18.cn
16466 85.29.132.178 miwebcombank.session-260680655.mibank.com.btd-on17.cn
16474 85.105.182.6 miwebcombank.session-96436205.mibank.com.btd-on3.gx.cn
16489 85.105.182.6 miwebcombank.session-2917006.mibank.com.loverting2.cn
16491 85.29.132.178 miwebcombank.session-48619341.mibank.com.maritanna4.cn
Domain registration info
Phish domain Registrar
btd-on17.cn www.cnnic.net.cn 8/28/2007
btd-on18.cn www.cnnic.net.cn 8/28/2007
btd-on3.gx.cn www.cnnic.net.cn 8/28/2007
loverting2.cn www.cnnic.net.cn 8/29/2007
loverting3.cn www.cnnic.net.cn 8/29/2007
loverting5.cn www.cnnic.net.cn 8/29/2007
maritanna4.cn www.cnnic.net.cn 8/29/2007
wovob2v.cn www.cnnic.net.cn 8/22/2007
zikfriv2.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lolim.cn www.cnnic.net.cn 8/13/2007
loverting.com ESTDOMAINS 8/14/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 02, 2007The Sunday report:
16502 85.29.132.178 miwebcombank.session-117059.mibank.com.ituner10.cn
16509 82.76.6.112 miwebcombank.session-4772683723.mibank.com.loverting4.cn
Domain registration info
Phish domain Registrar
ituner10.cn www.cnnic.net.cn 9/01/2007
loverting4.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
nm-lary2k.com ESTDOMAINS 8/31/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 03, 2007The Monday report:
16529 85.29.132.178 miwebcombank.session-70329.mibank.com.ituner6.cn
16530 85.29.132.178 miwebcombank.session-4712956.mibank.com.loeirf.cn
16531 82.208.154.137 miwebcombank.session-422287.mibank.com.btd-on13.cn
16537 82.208.154.137 miwebcombank.session-991369.mibank.com.givord.cn
16553 62.241.222.150(5) miwebcombank.session-731570.mibank.com.techs.ec
16554 85.29.132.178 miwebcombank.session-85599.mibank.com.btd-on11.cn
16555 phish_is_down miwebcombank.session-422782438.mibank.com.zikfrid2.cn
16556 85.29.132.178 miwebcombank.session-75535847.mibank.com.polopy.cn
16559 NXDOMAIN miwebcombank.session-7841627206.mibank.com.fiiler.cn
16560 62.241.222.150(5) miwebcombank.session-56659.mibank.com.rt.kg
16561 NXDOMAIN miwebcombank.session-61544.mibank.com.adoor11.cn
16563 62.241.222.150(5) miwebcombank.session-566002133.mibank.com.rt.kg
Domain registration info
Phish domain Registrar
adoor11.cn www.cnnic.net.cn 8/24/2007 (cancelled)
btd-on11.cn www.cnnic.net.cn 8/28/2007
btd-on13.cn www.cnnic.net.cn 8/28/2007
fiiler.cn unknown 8/27/2007? (cancelled?)
givord.cn www.cnnic.net.cn 8/16/2007
ituner6.cn www.cnnic.net.cn 9/01/2007
loeirf.cn www.cnnic.net.cn 8/17/2007
polopy.cn www.cnnic.net.cn 8/16/2007
rt.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
zikfrid2.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nm-lary2k.com ESTDOMAINS 8/31/2007
novob4v.cn www.cnnic.net.cn 8/22/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 04, 2007The report for Tuesday:
16634 80.180.25.135(5) miwebcombank.session-56699777.mibank.com.md.kg
16635 80.180.25.135(5) miwebcombank.session-567595991.mibank.com.tech.kg
16636 80.180.25.135(5) miwebcombank.session-4319989371.mibank.com.techs.ec
16637 80.180.25.135(5) miwebcombank.session-809002988.mibank.com.techs.ec
16638 80.180.25.135(5) miwebcombank.session-42913334.mibank.com.rt.kg
16639 80.180.25.135(5) miwebcombank.session-551200884.mibank.com.techs.ec
16724 70.117.8.180(5) moneymanagergps-id55019696.citizensbank.com.rt.kg
16725 70.117.8.180(5) moneymanagergps-id72640.citizensbank.com.md.kg
16727 70.117.8.180(5) moneymanagergps-id870494.citizensbank.com.rt.kg
16728 70.117.8.180(5) moneymanagergps-id3639606.citizensbank.com.md.kg
16729 85.29.132.178 moneymanagergps-id7664717937.citizensbank.com.btd-on3.gx.cn
16730 70.117.8.180(5) moneymanagergps-id1057375464.citizensbank.com.md.kg
16737 68.151.203.42(10) session-76942013.paylinks.cunet.org.apex36.cn
16738 85.105.182.6 moneymanagergps-id9687220.citizensbank.com.rtport.ch
16743 85.105.182.6 moneymanagergps-id3787703.citizensbank.com.heruve33.cn
16748 24.226.198.59(5) moneymanagergps-id2233268592.citizensbank.com.techs.ec
Domain registration info
Phish domain Registrar
apex36.cn www.cnnic.net.cn 9/01/2007
btd-on3.gx.cn www.cnnic.net.cn 8/28/2007
heruve33.cn NAMESCOUT 9/04/2007
md.kg www.domain.kg 7/19/2007
rt.kg www.domain.kg 7/19/2007
rtport.ch www.switch.ch 9/04/2007?
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
heruve.com NAMESCOUT 9/04/2007
hjkh.ch www.switch.ch 9/04/2007?
lolim.cn www.cnnic.net.cn 8/13/2007
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
tokyosr.com INFO AVENUE 6/08/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 05, 2007The Wednesday report:
16760 79.13.72.223(10) bancorpsouthonline.inview.40727376-login.corporate.inview42.cn
16763 68.114.62.236(10) bancorpsouthonline.inview.85854941-login.corporate.inview19.cn
16765 64.109.49.244(5) moneymanagergps-id2375317.citizensbank.com.tech.kg
16777 64.109.49.244(5) moneymanagergps-id43038.citizensbank.com.techs.ec
16778 64.109.49.244(5) moneymanagergps-id043526.citizensbank.com.techs.ec
16780 68.114.62.236(10) bancorpsouthonline.inview.60162374-login.corporate.inview42.cn
16781 64.109.49.244(5) moneymanagergps-id7853247172.citizensbank.com.md.kg
16782 64.109.49.244(5) moneymanagergps-id2069810.citizensbank.com.techs.ec
16783 68.114.62.236(10) bancorpsouthonline.inview.58020785-login.corporate.inview42.cn
16785 85.29.132.178 moneymanagergps-id36221.citizensbank.com.letvot5.cn
16786 64.109.49.244(5) moneymanagergps-id32263879.citizensbank.com.md.kg
16787 85.29.132.178 moneymanagergps-id1549685055.citizensbank.com.member45.cn
16793 24.137.71.198(5) moneymanagergps-id362045894.citizensbank.com.tech.kg
16794 24.137.71.198(5) moneymanagergps-id08912171.citizensbank.com.tech.kg
16795 82.208.154.137 moneymanagergps-id558184124.citizensbank.com.4elrob.cn
Domain registration info
Phish domain Registrar
4elrob.cn www.cnnic.net.cn 9/05/2007
inview19.cn www.cnnic.net.cn 9/01/2007
inview42.cn www.cnnic.net.cn 9/01/2007
letvot5.cn www.cnnic.net.cn 9/04/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007
lopata.ch www.switch.ch 9/05/2007?
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nt-wuser.com INFO AVENUE 5/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 06, 2007Today's submissions show some targeting of APEX ACH (use google to find what that is). I do wonder about the domains they registered - of the form apexnn.org. I had thought that ".org" registrations were restricted to organizations, and I have problems considering a criminal group as a legitimate organization :(
Here is the report for Thursday:
16809 84.3.179.118(5) moneymanagergps-id47567051.citizensbank.com.rt.kg
16810 84.3.179.118(5) moneymanagergps-id61978955.citizensbank.com.md.kg
16811 84.3.179.118(5) moneymanagergps-id454768122.citizensbank.com.tech.kg
16812 85.29.132.178 moneymanagergps-id6765010899.citizensbank.com.letvot5.cn
16817 NXDOMAIN bancorpsouthonline.inview.41891387-login.corporate.inview18.cn
16820 NXDOMAIN bancorpsouthonline.inview.64129756-login.corporate.inview17.cn
16821 84.3.179.118(5) moneymanagergps-id94952.citizensbank.com.md.kg
16822 80.144.247.78(10) session-49762337.paylinks.cunet.org.apex85.org
16826 80.144.247.78(10) session-21037049.paylinks.cunet.org.apex85.org
16828 80.144.247.78(10) session-45874805.paylinks.cunet.org.apex85.org
16829 69.55.251.250(5) moneymanagergps-id6583151.citizensbank.com.techs.ec
16830 85.29.132.178 moneymanagergps-id4660773.citizensbank.com.member45.cn
16831 69.55.251.250(5) moneymanagergps-id02895744.citizensbank.com.rt.kg
16832 69.55.251.250(5) moneymanagergps-id0435724682.citizensbank.com.tech.kg
16833 69.55.251.250(5) moneymanagergps-id12006682.citizensbank.com.techs.ec
16834 85.29.132.178 moneymanagergps-id29719.citizensbank.com.letvot0.cn
16835 82.18.68.47(10) session-64592051.paylinks.cunet.org.apex85.org
16838 80.144.251.243(10) session-95192004.paylinks.cunet.org.apex82.org
16844 62.43.141.71(5) moneymanagergps-id26958184.citizensbank.com.rt.kg
16849 82.208.154.137 moneymanagergps-id43716.citizensbank.com.fiiling4.cn
16872 69.55.251.250(10) session-11172812.paylinks.cunet.org.apex001.org
16876 24.67.46.85(5) moneymanagergps-id6299188592.citizensbank.com.md.kg
16877 82.208.154.137 moneymanagergps-id987524.citizensbank.com.grekkt.cn
16878 82.208.154.137 moneymanagergps-id3280358846.citizensbank.com.member48.cn
Domain registration info
Phish domain Registrar
apex001.org REGISTER.COM 9/06/2007
apex82.org unknown 9/05/2007? (cancelled?)
apex85.org REGISTER.COM 9/05/2007
fiiling4.cn www.cnnic.net.cn 9/04/2007
grekkt.cn www.cnnic.net.cn 9/04/2007
inview17.cn unknown 9/01/2007? (cancelled?)
inview18.cn unknown 9/01/2007? (cancelled?)
letvot0.cn www.cnnic.net.cn 9/04/2007
letvot5.cn www.cnnic.net.cn 9/04/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
member48.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nnborder.com REGISTER.COM 8/24/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 07, 2007The Friday report:
16883 82.200.140.134 moneymanagergps-id4851867.citizensbank.com.relob.cn
16888 69.218.210.116(5) moneymanagergps-id318716088.citizensbank.com.tech.kg
16889 62.101.169.70(10) session-24511232.paylinks.cunet.org.apex911.org
16891 82.200.140.134 moneymanagergps-id22347347.citizensbank.com.topdll.li
16893 76.97.11.136(10) bancorpsouthonline.inview.48386090-login.corporate.inview63.com
16894 NXDOMAIN session-57948975.paylinks.cunet.org.apex85.org
16895 69.55.251.62(10) session-93908871.paylinks.cunet.org.apex1010.org
16906 82.200.140.134 moneymanagergps-id612656.citizensbank.com.zikfriv4.zj.cn
16918 82.200.140.134 moneymanagergps-id3337851727.citizensbank.com.garrif.com
16923 74.13.160.178(5) moneymanagergps-id20372.citizensbank.com.tech.kg
16924 74.13.160.178(5) moneymanagergps-id943084.citizensbank.com.techs.ec
16925 74.13.160.178(5) moneymanagergps-id3904945707.citizensbank.com.md.kg
16926 74.13.160.178(5) moneymanagergps-id651413599.citizensbank.com.tech.kg
16927 76.97.11.136(10) bancorpsouthonline.inview.45171905-login.corporate.inview63.com
16928 82.200.140.134 moneymanagergps-id38171.citizensbank.com.sho3uld.cn
16929 74.13.160.178(5) moneymanagergps-id1125914.citizensbank.com.rt.kg
16930 74.13.160.178(5) moneymanagergps-id268592.citizensbank.com.techs.ec
16931 74.13.160.178(5) moneymanagergps-id3988758.citizensbank.com.tech.kg
16932 74.13.160.178(5) moneymanagergps-id970272619.citizensbank.com.md.kg
16934 74.13.160.178(5) moneymanagergps-id2499262213.citizensbank.com.rt.kg
16935 74.13.160.178(5) moneymanagergps-id15000535.citizensbank.com.md.kg
16938 62.43.141.71(10) bancorpsouthonline.inview.01327308-login.corporate.inview63.com
16940 82.200.140.134 moneymanagergps-id785594205.citizensbank.com.zikfriv2.zj.cn
16942 62.43.141.71(10) bancorpsouthonline.inview.16646388-login.corporate.inview38.com
Domain registration info
Phish domain Registrar
apex1010.org REGISTER.COM 9/06/2007
apex85.org REGISTER.COM 9/05/2007
apex911.org REGISTER.COM 9/05/2007
garrif.com TODAYNIC.COM 9/06/2007
inview38.com REGISTER.COM 9/06/2007
inview63.com REGISTER.COM 9/06/2007
md.kg www.domain.kg 7/19/2007
relob.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
sho3uld.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
topdll.li www.switch.ch 9/06/2007?
zikfriv2.zj.cn www.cnnic.net.cn 8/29/2007
zikfriv4.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
king-gw.com INFO AVENUE 5/22/2007 (suspended)
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nnborder.com REGISTER.COM 8/24/2007
outsrv.com REGISTER.COM 8/30/2007
vilopr.cn www.cnnic.net.cn 8/16/2007
web-omg.com REGISTER.COM 6/07/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 08, 2007Report for Saturday:
16945 24.67.46.85(10) bancorpsouthonline.inview.55508150-login.corporate.inview70.com
16946 24.67.46.85(10) bancorpsouthonline.inview.80497903-login.corporate.inview16.com
16949 80.192.158.77(10) bancorpsouthonline.inview.18301815-login.corporate.inview63.com
16950 79.66.59.137(5) moneymanagergps-id7317112879.citizensbank.com.tech.kg
16954 79.66.59.137(5) moneymanagergps-id868563989.citizensbank.com.md.kg
16955 79.66.59.137(5) moneymanagergps-id518058.citizensbank.com.tech.kg
16956 82.200.140.134 moneymanagergps-id1035913.citizensbank.com.soldofo.xz.cn
16959 79.66.59.137(5) moneymanagergps-id9545539455.citizensbank.com.tech.kg
16960 79.66.59.137(5) moneymanagergps-id1421576.citizensbank.com.md.kg
16961 80.192.158.77(10) bancorpsouthonline.inview.00347746-login.corporate.inview93.com
16969 79.66.59.137(5) moneymanagergps-id049539309.citizensbank.com.tech.kg
16970 79.66.59.137(5) moneymanagergps-id22572.citizensbank.com.techs.ec
16971 79.66.59.137(5) moneymanagergps-id0323183956.citizensbank.com.md.kg
Domain registration info
Phish domain Registrar
inview16.com REGISTER.COM 9/06/2007
inview63.com REGISTER.COM 9/06/2007
inview70.com REGISTER.COM 9/06/2007
inview93.com REGISTER.COM 9/06/2007
md.kg www.domain.kg 7/19/2007
soldofo.xz.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 09, 2007The report for Sunday:
17017 24.160.130.119(5) moneymanagergps-id8621298363.citizensbank.com.tech.kg
17019 82.200.140.134 moneymanagergps-id88615.citizensbank.com.kkfiie.hi.cn
17020 82.200.140.134 moneymanagergps-id86506.citizensbank.com.garrif.com
17022 80.143.85.176(5) moneymanagergps-id1302805905.citizensbank.com.tech.kg
17024 80.143.85.176(5) moneymanagergps-id0435447978.citizensbank.com.rt.kg
17026 80.143.85.176(5) moneymanagergps-id441756.citizensbank.com.rt.kg
17027 80.143.85.176(5) moneymanagergps-id0548116904.citizensbank.com.techs.ec
17028 82.200.140.134 onlinesession-34372.natwest.com.soldofo.gd.cn
17051 211.53.155.196 moneymanagergps-id300703155.citizensbank.com.4eflob.cn
17053 dns_temp_fail bancorpsouthonline.inview.67295997-login.corporate.inview83.com
17067 211.53.155.196 moneymanagergps-id26075358.citizensbank.com.finflar0.cn
17068 24.67.46.85(5) moneymanagergps-id27924395.citizensbank.com.rt.kg
17069 211.53.155.196 moneymanagergps-id23100936.citizensbank.com.zikfriv4.zj.cn
17070 24.67.46.85(5) moneymanagergps-id33107493.citizensbank.com.md.kg
17071 211.53.155.196 moneymanagergps-id31056.citizensbank.com.zikfriv4.zj.cn
17072 24.67.46.85(5) moneymanagergps-id192170.citizensbank.com.rt.kg
17073 24.67.46.85(5) moneymanagergps-id62791.citizensbank.com.techs.ec
17075 24.69.217.190(5) moneymanagergps-id94757.citizensbank.com.tech.kg
17076 24.69.217.190(5) moneymanagergps-id3054675473.citizensbank.com.tech.kg
17077 211.53.155.196 moneymanagergps-id8101460921.citizensbank.com.member46.cn
Domain registration info
Phish domain Registrar
4eflob.cn www.cnnic.net.cn 9/05/2007
finflar0.cn www.cnnic.net.cn 9/06/2007
garrif.com TODAYNIC.COM 9/06/2007
inview83.com REGISTER.COM 9/06/2007
kkfiie.hi.cn www.cnnic.net.cn 9/06/2007
md.kg www.domain.kg 7/19/2007
member46.cn www.cnnic.net.cn 9/05/2007
rt.kg www.domain.kg 7/19/2007
soldofo.gd.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
zikfriv4.zj.cn www.cnnic.net.cn 8/29/2007
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
maritanna.com ESTDOMAINS 8/14/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 10, 2007The Monday report:
17089 69.230.195.10(5) moneymanagergps-id98222547.citizensbank.com.tech.kg
17102 NXDOMAIN bancorpsouthonline.inview.09092350-login.corporate.inview11.com
17103 phish_is_down moneymanagergps-id744069688.citizensbank.com.pal-netx.cn
17108 NXDOMAIN moneymanagergps-id871069.citizensbank.com.4eltob.cn
17109 64.131.250.205(10) bancorpsouthonline.inview.95940796-login.corporate.inview101.com
17111 NXDOMAIN bancorpsouthonline.inview.05064362-login.corporate.inview90.com
17113 24.69.217.190(5) moneymanagergps-id380577578.citizensbank.com.tech.kg
17114 24.69.217.190(5) moneymanagergps-id8863345.citizensbank.com.rt.kg
17115 24.69.217.190(5) moneymanagergps-id405564.citizensbank.com.rt.kg
17116 24.69.217.190(5) moneymanagergps-id82328021.citizensbank.com.techs.ec
17117 24.69.217.190(5) moneymanagergps-id841476387.citizensbank.com.rt.kg
17118 NXDOMAIN bancorpsouthonline.inview.66063141-login.corporate.inview65.com
17119 24.69.217.190(5) moneymanagergps-id707896978.citizensbank.com.techs.ec
17120 60.12.130.112 moneymanagergps-id785066.citizensbank.com.slipmaster2.cn
17121 24.69.217.190(5) moneymanagergps-id578125.citizensbank.com.techs.ec
17122 24.69.217.190(5) moneymanagergps-id63343.citizensbank.com.md.kg
17123 NXDOMAIN bancorpsouthonline.inview.21546454-login.corporate.inview11.com
17124 NXDOMAIN bancorpsouthonline.inview.56728966-login.corporate.inview11.com
17129 NXDOMAIN bancorpsouthonline.inview.25248877-login.corporate.inview76.com
17130 NXDOMAIN bancorpsouthonline.inview.65802706-login.corporate.inview11.com
17134 68.252.42.13(5) moneymanagergps-id9718676.citizensbank.com.rt.kg
Domain registration info
Phish domain Registrar
4eltob.cn unknown 9/07/2007?
inview101.com REGISTER.COM 9/09/2007
inview11.com unknown 9/10/2007? (cancelled?)
inview65.com unknown 9/10/2007? (cancelled?)
inview76.com unknown 9/10/2007? (cancelled?)
inview90.com unknown 9/10/2007? (cancelled?)
md.kg www.domain.kg 7/19/2007
pal-netx.cn www.cnnic.net.cn 9/10/2007
rt.kg www.domain.kg 7/19/2007
slipmaster2.cn www.cnnic.net.cn 9/07/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
lo1-prt.com BIZCN.COM 9/05/2007
loverting.com ESTDOMAINS 8/14/2007 (cancelled)
mc-domain.com TUCOWS 6/27/2007
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 11, 2007The Tuesday report:
17144 60.12.130.112 moneymanagergps-id3986684.citizensbank.com.ch2e455.cn
17147 60.12.130.112 moneymanagergps-id9912678502.citizensbank.com.member45.cn
17148 24.226.198.59(10) bancorpsouthonline.inview.41053297-login.corporate.passmark245.com
17149 24.226.198.59(10) bancorpsouthonline.inview.96873625-login.corporate.ced93.com
17150 60.12.130.112 moneymanagergps-id4024272033.citizensbank.com.finflar6.cn
17151 60.12.130.112 moneymanagergps-id1136922.citizensbank.com.soldofo.js.cn
17152 24.226.198.59(10) bancorpsouthonline.inview.41833075-login.corporate.passmark304.com
17153 24.137.71.198 moneymanagergps-id07757909.citizensbank.com.rt.kg
17157 60.12.130.112 moneymanagergps-id64098.citizensbank.com.finflar6.cn
17176 24.67.46.85(5) moneymanagergps-id3241798542.citizensbank.com.tech.kg
17181 NXDOMAIN bancorpsouthonline.inview.89254196-login.corporate.passmark278.com
17182 85.105.182.6 moneymanagergps-id73534.citizensbank.com.5idp1109.cn
17183 62.43.141.71(10) bancorpsouthonline.inview.80743383-login.corporate.ced93.com
17184 24.67.46.85(5) moneymanagergps-id1046383668.citizensbank.com.md.kg
17185 24.67.46.85(5) moneymanagergps-id92667623.citizensbank.com.md.kg
17186 85.105.182.6 moneymanagergps-id3969626810.citizensbank.com.4idp1109.cn
17192 24.67.46.85(5) moneymanagergps-id27932.citizensbank.com.techs.ec
17193 24.67.46.85(5) moneymanagergps-id19294860.citizensbank.com.md.kg
17195 24.67.46.85(5) moneymanagergps-id621506.citizensbank.com.rt.kg
17196 85.105.182.6 moneymanagergps-id142399.citizensbank.com.soldofo.com
17199 60.12.130.112 moneymanagergps-id34591004.citizensbank.com.abr4aciv1.hi.cn
17202 NXDOMAIN bancorpsouthonline.inview.08243707-login.corporate.passmark777.com
17213 NXDOMAIN bancorpsouthonline.inview.15638960-login.corporate.passmark765.com
Domain registration info
Phish domain Registrar
4idp1109.cn www.cnnic.net.cn 9/11/2007
5idp1109.cn www.cnnic.net.cn 9/11/2007
abr4aciv1.hi.cn www.cnnic.net.cn 9/11/2007
ced93.com REGISTER.COM 9/10/2007
ch2e455.cn www.cnnic.net.cn 9/06/2007
finflar6.cn www.cnnic.net.cn 9/06/2007
md.kg www.domain.kg 7/19/2007
member45.cn www.cnnic.net.cn 9/05/2007
passmark245.com REGISTER.COM 9/10/2007 (cancelled)
passmark278.com unknown 9/10/2007? (cancelled?)
passmark304.com REGISTER.COM 9/10/2007 (cancelled)
passmark765.com unknown 9/10/2007? (cancelled?)
passmark777.com unknown 9/10/2007? (cancelled?)
rt.kg www.domain.kg 7/19/2007
soldofo.com TODAYNIC.COM 9/06/2007
soldofo.js.cn www.cnnic.net.cn 9/06/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
aruba-nx.com BIZCN.COM 9/08/2007
for-nx-rec.com REGISTERNAMES 9/10/2007
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
lolim.cn www.cnnic.net.cn 8/13/2007 (suspended)
lopata.ch www.switch.ch 9/05/2007?
mcolorbn.com INFO AVENUE 8/07/2007
outsrv.com REGISTER.COM 8/30/2007
soldofo.com TODAYNIC.COM 9/06/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| Rock phish report Sep 12, 2007The Wednesday report:
17219 NXDOMAIN bancorpsouthonline.inview.38893504-login.corporate.passmark365.com
17220 85.105.182.6 moneymanagergps-id9408949.citizensbank.com.elephunk1.gx.cn
17221 85.105.182.6 moneymanagergps-id6481130978.citizensbank.com.finflar1.cn
17222 NXDOMAIN bancorpsouthonline.inview.54935978-login.corporate.passmark88.com
17224 NXDOMAIN bancorpsouthonline.inview.77683474-login.corporate.passmark765.com
17229 NXDOMAIN bancorpsouthonline.inview.29661102-login.corporate.passmark777.com
17230 NXDOMAIN bancorpsouthonline.inview.82040781-login.corporate.passmark77.com
17238 62.43.141.71(10) moneymanagergps-id35043191.citizensbank.com.gps739.com
17240 68.54.242.171(5) moneymanagergps-id90716.citizensbank.com.md.kg
17241 68.54.242.171(5) moneymanagergps-id338082.citizensbank.com.tech.kg
17242 68.54.242.171(5) moneymanagergps-id47547378.citizensbank.com.rt.kg
17243 68.60.56.24(10) moneymanagergps-id35751953.citizensbank.com.gps234.com
17247 82.30.9.238(5) moneymanagergps-id8572642084.citizensbank.com.md.kg
17248 82.30.9.238(5) moneymanagergps-id02483.citizensbank.com.tech.kg
17251 60.12.130.112 moneymanagergps-id802180.citizensbank.com.norufild8.xj.cn
17254 24.137.71.198(10) moneymanagergps-id32682469.citizensbank.com.gps582.com
17265 60.12.130.112 moneymanagergps-id02955016.citizensbank.com.garrif.com
17272 24.137.71.198(10) moneymanagergps-id27318108.citizensbank.com.gps931.com
17284 24.137.71.198(10) moneymanagergps-id31633613.citizensbank.com.gps931.com
17297 74.13.159.227(5) moneymanagergps-id36238255.citizensbank.com.techs.ec
Domain registration info
Phish domain Registrar
elephunk1.gx.cn www.cnnic.net.cn 9/07/2007
finflar1.cn www.cnnic.net.cn 9/06/2007
garrif.com TODAYNIC.COM 9/06/2007
gps234.com REGISTER.COM 9/09/2007
gps582.com REGISTER.COM 9/09/2007
gps739.com REGISTER.COM 9/09/2007
gps931.com REGISTER.COM 9/09/2007
md.kg www.domain.kg 7/19/2007
norufild8.xj.cn www.cnnic.net.cn 9/10/2007
passmark365.com unknown 9/10/2007? (cancelled?)
passmark765.com unknown 9/10/2007? (cancelled?)
passmark777.com unknown 9/10/2007? (cancelled?)
passmark77.com unknown 9/10/2007? (cancelled?)
passmark88.com unknown 9/10/2007? (cancelled?)
rt.kg www.domain.kg 7/19/2007
tech.kg www.domain.kg 7/19/2007
techs.ec nic.ec 8/11/2007?
DNS server domain Registrar
for-nx-rec.com REGISTERNAMES 9/10/2007
lo1-prt.com BIZCN.COM 9/05/2007 (suspended)
mcolorbn.com INFO AVENUE 8/07/2007
nixt-nx.tv BIZCN.COM 9/01/2007
nnborder.com REGISTER.COM 8/24/2007
nt-wuser.com INFO AVENUE 5/30/2007
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
