site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Scam and Phishbusters > Rock phish information - continued

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
page: 1 · 2 · 3 · 4 ... 17 · 18 · 19
AuthorAll Replies


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to nwrickert

Rock phish report Oct 12, 2007

The Friday report:
18914 63.245.155.222(10) securelogin-77367175.moneymanagergps.com.sis32.com
18921 70.234.210.156(10) securelogin-53676253.moneymanagergps.com.ars34.com
18923 24.226.197.117(10) securelogin-81841773.moneymanagergps.com.ars34.com
18924 221.12.43.189     rbsdigital-id003763000.rbs.co.uk.baccet3.hk
18925 209.62.20.175     securelogin-15094602.moneymanagergps.com.amn49.com
18926 dns_temp_fail     securelogin-40061945.moneymanagergps.com.rpb58.com

Domain registration info

   Phish domain         Registrar

amn49.com       REGISTER.COM            10/02/2007
ars34.com       REGISTER.COM            10/07/2007
baccet3.hk      HKDNR                   10/11/2007
rpb58.com       REGISTER.COM            10/02/2007
sis32.com       REGISTER.COM            10/07/2007


DNS server domain         Registrar

abc-tgc.com     REGISTER.COM            9/11/2007
bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)
BNMQ.COM        RESELLERCLUB            8/03/2004 (in use by rockphish)
realtextonline.com INFO AVENUE          9/12/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-12 23:51:59 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 15, 2007

There are no reports for Saturday or Sunday (Oct 13,14), because there were no rockphish submitted to phishtracker.

I'll also comment on "bar-bar-com.com". That domain was registered by rockphish for DNS use. The domain was suspended on Sept 20 (NS records removed from DNS servers), and cancelled a few days later ("whois" data removed). However, they failed to remove the glue records (the A records for t1.bar-bar-com and t2.bar-bar-com, so the top level domain servers for ".COM" are still giving out IP addresses for those two hostnames. This is allowing rockphish to continue to use those as DNS servers. They have registered domains as recently as Oct 12 that use those two DNS servers.

Here is the Monday report:
18987 219.253.140.172   onlinesession-540651.natwest.com.g4iiirrr.xz.cn
19001 71.192.111.168(10) securelogin-25524476.moneymanagergps.com.mns42.com
19002 NXDOMAIN          hiring-id6964486.monster.com.naic3er.xz.cn
19003 NXDOMAIN          hiring-id1257307821.monster.com.chival1.xz.cn
19004 NXDOMAIN          hiring-id776462695.monster.com.chival4.xz.cn
19005 219.253.140.172   hiring-id69112192.monster.com.go1oliv.xz.cn
19006 219.253.140.172   hiring-id919143352.monster.com.deeper2.gx.cn
19007 68.55.185.103(10) securelogin-51674482.moneymanagergps.com.mns42.com
19015 24.7.36.14(10)    securelogin-09841061.moneymanagergps.com.jus83.com
19016 24.7.36.14(10)    securelogin-53896845.moneymanagergps.com.fks18.com
19017 219.253.140.172   www.citizensbankmoneymanagergps.com.site327.deeper3.gx.cn

Domain registration info

   Phish domain         Registrar

chival1.xz.cn   unknown                 10/14/2007?
chival4.xz.cn   unknown                 10/14/2007?
deeper2.gx.cn   www.cnnic.net.cn        10/12/2007
deeper3.gx.cn   www.cnnic.net.cn        10/12/2007
fks18.com       REGISTER.COM            10/14/2007
g4iiirrr.xz.cn  www.cnnic.net.cn        10/12/2007
go1oliv.xz.cn   www.cnnic.net.cn        10/12/2007
jus83.com       REGISTER.COM            10/14/2007
mns42.com       REGISTER.COM            10/14/2007
naic3er.xz.cn   unknown                 10/14/2007?


DNS server domain         Registrar

abc-tgc.com     REGISTER.COM            9/11/2007
bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-15 23:52:45 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 16, 2007

The report for Tuesday:
19039 dns_temp_fail     securelogin-57033285.moneymanagergps.com.bfg65.com
19040 dns_temp_fail     securelogin-60844338.moneymanagergps.com.bib49.com
19041 dns_temp_fail     securelogin-65581548.moneymanagergps.com.bib49.com
19043 dns_temp_fail     securelogin-14577949.moneymanagergps.com.tkb54.com
19048 dns_temp_fail     securelogin-45277814.moneymanagergps.com.bfg65.com
19050 NXDOMAIN          hiring-id5678057380.monster.com.tomder2.xz.cn
19051 dns_temp_fail     securelogin-06522666.moneymanagergps.com.bib49.com
19052 dns_temp_fail     securelogin-03273562.moneymanagergps.com.fks18.com
19060 79.212.197.135(10) e-access65383780.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.xtr48.biz
19066 24.147.48.162(10) e-access59346371.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.trf54.biz
19067 24.147.48.162(10) e-access07345258.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.xtr48.biz
19070 24.147.48.162(10) e-access32667923.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.ams76.us
19080 24.7.36.14(10)    e-access07448147.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.bts48.info
19081 NXDOMAIN          hiring-id976865311.monster.com.a382415.xz.cn
19082 211.60.129.140    hiring-id48878524.monster.com.deeper3.gx.cn

Domain registration info

   Phish domain         Registrar

a382415.xz.cn   www.cnnic.net.cn        10/11/2007
ams76.us        REGISTER.COM            10/15/2007
bfg65.com       REGISTER.COM            10/14/2007
bib49.com       REGISTER.COM            10/14/2007
bts48.info      REGISTER.COM            10/15/2007
deeper3.gx.cn   www.cnnic.net.cn        10/12/2007
fks18.com       REGISTER.COM            10/14/2007
tkb54.com       REGISTER.COM            10/14/2007
tomder2.xz.cn   unknown                 10/14/2007? (cancelled?)
trf54.biz       REGISTER.COM            10/15/2007
xtr48.biz       REGISTER.COM            10/15/2007


DNS server domain         Registrar

abc-tgc.com     REGISTER.COM            9/11/2007
bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)
dinovod.com     TODAYNIC.COM            10/16/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-17 00:12:33 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 17, 2007

The Merril Lynch phish below each have 3 distinct phish URLs. Hence each is listed 3 times.

Here is the Wednesday report:
19083 24.7.36.14(10)    e-access54033417.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.rtm64.info
19103 121.247.93.148    e-access49673960.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.fgt79.biz
19104 64.131.251.173    e-access04312350.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.ams76.us
19105 82.53.90.126      e-access49088767.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.uip32.info
19106 64.131.251.173    e-access79477928.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.mnr37.us
19110 211.60.129.140    hiring-id7146560180.monster.com.portland5.xz.cn
19116 67.166.209.253(10) wcma.businesscenter.bcprivate.asp68662234.wcmaloginea.aspx.tms72.info
19116 67.166.209.253(10) wcma.businesscenter.bcprivate.asp62124676.wcmaloginea.aspx.ind76.info
19116 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp02851988.wcmaloginea.aspx.fds32.net
19117 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp50876787.wcmaloginea.aspx.fds32.net
19117 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp40859746.wcmaloginea.aspx.knr57.biz
19117 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp18561442.wcmaloginea.aspx.mdq28.biz
19144 67.166.209.253(10) wcma.businesscenter.bcprivate.asp30395914.wcmaloginea.aspx.ucx43.us
19144 67.166.209.253(10) wcma.businesscenter.bcprivate.asp17048739.wcmaloginea.aspx.ucx43.us
19144 67.166.209.253(10) wcma.businesscenter.bcprivate.asp15474189.wcmaloginea.aspx.ucx43.us
19145 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp53567270.wcmaloginea.aspx.tms72.info
19145 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp69683557.wcmaloginea.aspx.ntr55.biz
19145 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp32809992.wcmaloginea.aspx.rfc92.info
19146 phish_is_down     wcma.businesscenter.bcprivate.asp53811061.wcmaloginea.aspx.rsf39.us
19146 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp95258794.wcmaloginea.aspx.gwy87.net
19146 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp81865619.wcmaloginea.aspx.knr57.biz
19147 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp77923633.wcmaloginea.aspx.ntr55.biz
19147 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp40485483.wcmaloginea.aspx.nbt68.us
19147 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp08549393.wcmaloginea.aspx.nbt68.us
19148 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp65897775.wcmaloginea.aspx.knr57.biz
19148 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp59158011.wcmaloginea.aspx.ind76.info
19148 58.39.68.70(10)   wcma.businesscenter.bcprivate.asp81110168.wcmaloginea.aspx.tms72.info
19149 85.105.182.6      hiring-id954472813.monster.com.noiptool.cn
19150 85.105.182.6      hiring-id19126492.monster.com.reer34.xz.cn
19151 85.105.182.6      hiring-id50042894.monster.com.girafa.hk
19152 85.105.182.6      hiring-id75393726.monster.com.111shtorm.cn

Domain registration info

   Phish domain         Registrar

111shtorm.cn    www.cnnic.net.cn        10/11/2007
ams76.us        REGISTER.COM            10/15/2007
fds32.net       REGISTER.COM            10/16/2007 (suspended)
fgt79.biz       REGISTER.COM            10/15/2007
girafa.hk       HKDNR                   10/16/2007
gwy87.net       REGISTER.COM            10/16/2007 (suspended)
ind76.info      REGISTER.COM            10/16/2007 (suspended)
knr57.biz       REGISTER.COM            10/16/2007 (suspended)
mdq28.biz       REGISTER.COM            10/16/2007 (suspended)
mnr37.us        REGISTER.COM            10/15/2007
nbt68.us        REGISTER.COM            10/16/2007 (suspended)
noiptool.cn     www.cnnic.net.cn        10/11/2007
ntr55.biz       REGISTER.COM            10/16/2007 (suspended)
portland5.xz.cn unknown                 10/15/2007? (cancelled)
reer34.xz.cn    unknown                 10/15/2007? (cancelled)
rfc92.info      REGISTER.COM            10/16/2007 (suspended)
rsf39.us        REGISTER.COM            10/16/2007 (suspended)
rtm64.info      REGISTER.COM            10/15/2007
tms72.info      REGISTER.COM            10/16/2007 (suspended)
ucx43.us        REGISTER.COM            10/16/2007
uip32.info      REGISTER.COM            10/15/2007


DNS server domain         Registrar

2ndzero.com     INFO AVENUE             10/06/2007
abc-tgc.com     REGISTER.COM            9/11/2007
bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)
bestlightyear.com REGISTER.COM          10/11/2007
dinovod.com     TODAYNIC.COM            10/16/2007
polo456.com     TODAYNIC.COM            9/17/2007
realtextonline.com INFO AVENUE          9/12/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-18 00:04:01 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 18, 2007

Again, there are 3 lines for each Merrill Lynch phish, due to 3 urls in the phish email. The registrar has suspended or cancelled the domains used for all Merrill Lynch phish.

Here is the report for Thursday:
19156 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp40496449.wcmaloginea.aspx.ucx43.us
19156 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp90452945.wcmaloginea.aspx.ucx43.us
19156 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp90860921.wcmaloginea.aspx.ucx43.us
19160 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp19200766.wcmaloginea.aspx.ucx43.us
19160 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp02133381.wcmaloginea.aspx.ucx43.us
19160 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp86684504.wcmaloginea.aspx.ucx43.us
19164 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp90444524.wcmaloginea.aspx.ojs73.com
19164 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp71993139.wcmaloginea.aspx.ojs73.com
19164 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp95310048.wcmaloginea.aspx.brd58.com
19165 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp03417610.wcmaloginea.aspx.gnw49.com
19165 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp47352096.wcmaloginea.aspx.dse43.com
19165 68.85.133.53(10)  wcma.businesscenter.bcprivate.asp82506613.wcmaloginea.aspx.gnw49.com
19168 24.7.36.14(10)    wcma.businesscenter.bcprivate.asp56057309.wcmaloginea.aspx.trc43.net
19168 24.7.36.14(10)    wcma.businesscenter.bcprivate.asp60357243.wcmaloginea.aspx.trc43.net
19168 24.7.36.14(10)    wcma.businesscenter.bcprivate.asp91918864.wcmaloginea.aspx.lkh21.net
19170 24.7.36.14(10)    wcma.businesscenter.bcprivate.asp47646814.wcmaloginea.aspx.dse43.com
19170 24.7.36.14(10)    wcma.businesscenter.bcprivate.asp06142062.wcmaloginea.aspx.dse43.com
19170 24.7.36.14(10)    wcma.businesscenter.bcprivate.asp25829160.wcmaloginea.aspx.dse43.com
19175 81.181.175.39(10) wcma.businesscenter.bcprivate.asp69447226.wcmaloginea.aspx.gvs86.net
19175 81.181.175.39(10) wcma.businesscenter.bcprivate.asp23998546.wcmaloginea.aspx.qsr93.net
19175 81.181.175.39(10) wcma.businesscenter.bcprivate.asp83028608.wcmaloginea.aspx.gvs86.net
19190 NXDOMAIN          wcma.businesscenter.bcprivate.asp97243412.wcmaloginea.aspx.ucx43.us
19190 NXDOMAIN          wcma.businesscenter.bcprivate.asp84197879.wcmaloginea.aspx.ucx43.us
19190 NXDOMAIN          wcma.businesscenter.bcprivate.asp93590149.wcmaloginea.aspx.ucx43.us
19191 NXDOMAIN          wcma.businesscenter.bcprivate.asp56727378.wcmaloginea.aspx.dse43.com
19191 NXDOMAIN          wcma.businesscenter.bcprivate.asp50394519.wcmaloginea.aspx.dse43.com
19191 79.112.29.32(10)  wcma.businesscenter.bcprivate.asp95499647.wcmaloginea.aspx.gnw49.com
19192 85.105.182.6      hiring-id285268037.monster.com.orocin3.gx.cn
19193 dns_temp_fail     wcma.businesscenter.bcprivate.asp82618557.wcmaloginea.aspx.45gsd.com
19193 dns_temp_fail     wcma.businesscenter.bcprivate.asp57581352.wcmaloginea.aspx.45gsd.com
19193 dns_temp_fail     wcma.businesscenter.bcprivate.asp89601745.wcmaloginea.aspx.try42.com
19196 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp83216809.wcmaloginea.aspx.urd68.biz
19196 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp71285567.wcmaloginea.aspx.jda53.biz
19196 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp15432351.wcmaloginea.aspx.urd68.biz
19198 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp81267939.wcmaloginea.aspx.yfw79.biz
19198 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp49747275.wcmaloginea.aspx.jvq56.biz
19198 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp56242990.wcmaloginea.aspx.yfw79.biz
19199 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp02450253.wcmaloginea.aspx.trc43.net
19199 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp95897893.wcmaloginea.aspx.trc43.net
19199 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp72661895.wcmaloginea.aspx.lkh21.net
19200 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp09183779.wcmaloginea.aspx.gnw49.com
19200 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp65007058.wcmaloginea.aspx.gnw49.com
19200 79.178.21.85(10)  wcma.businesscenter.bcprivate.asp20191240.wcmaloginea.aspx.gnw49.com
19201 dns_temp_fail     wcma.businesscenter.bcprivate.asp08479329.wcmaloginea.aspx.ucx43.us
19201 dns_temp_fail     wcma.businesscenter.bcprivate.asp58819237.wcmaloginea.aspx.ucx43.us
19201 dns_temp_fail     wcma.businesscenter.bcprivate.asp80077091.wcmaloginea.aspx.ucx43.us

Domain registration info

   Phish domain         Registrar

45gsd.com       REGISTER.COM            10/18/2007 (suspended)
brd58.com       REGISTER.COM            10/17/2007 (cancelled)
dse43.com       REGISTER.COM            10/17/2007 (cancelled)
gnw49.com       REGISTER.COM            10/17/2007 (cancelled)
gvs86.net       unknown                 10/17/2007? (cancelled?)
jda53.biz       REGISTER.COM            10/17/2007 (suspended)
jvq56.biz       unknown                 10/17/2007? (cancelled?)
lkh21.net       REGISTER.COM            10/17/2007 (cancelled)
ojs73.com       REGISTER.COM            10/17/2007 (cancelled)
orocin3.gx.cn   www.cnnic.net.cn        10/17/2007
qsr93.net       unknown                 10/17/2007? (cancelled?)
trc43.net       REGISTER.COM            10/17/2007 (cancelled)
try42.com       REGISTER.COM            10/18/2007 (suspended)
ucx43.us        REGISTER.COM            10/16/2007 (cancelled)
urd68.biz       REGISTER.COM            10/17/2007 (suspended)
yfw79.biz       unknown                 10/17/2007? (cancelled?)


DNS server domain         Registrar

bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)
bestlightyear.com REGISTER.COM          10/11/2007
ebigstep.com    INFO AVENUE             9/27/2007
goldbigstar.com INFO AVENUE             10/06/2007
lo1-prt.com     BIZCN.COM               9/05/2007 (cancelled)
mbhold.com      REGISTER.COM            10/04/2007 (suspended)


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-19 00:02:23 ·

MGD
Premium,MVM
join:2002-07-31
kudos:9

Wow !!
They have taken a definite liking to REGISTER.COM as of late.

MGD

to forum · permalink · 2007-10-19 19:33:11 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

As best I can tell, there have been different teams at work here. I see plenty of evidence that they are part of the same larger group, though I cannot definitively prove that. The team that is interested in ACH access and Merrill Lynch has a preference for REGISTER.COM and Domain Discreet. The team that does the more routine phishes tends to try different registrars until they wear out their welcome. At present the ACH team is the one preparing the phishes, and the other team seems to be taking a break (or plotting something).

I'm guessing that somebody from Merrill Lynch got on the phone to REGISTER.COM. I have never before seen then take down sites this quickly.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5

to forum · permalink · 2007-10-19 19:45:55 ·


UncleScooter
Bubbles, I like Bubbles
Premium
join:2002-04-15
Tallahassee, FL

"I'm guessing that somebody from Merrill Lynch got on the phone to REGISTER.COM. I have never before seen then take down sites this quickly."

Now THAT is one conversation I would've loved to listen in on!
--
I know you think you understand what you thought I said, but what I'm not sure about is that what you heard isn't exactly what I meant.

to forum · permalink · 2007-10-19 19:54:15 ·

MGD
Premium,MVM
join:2002-07-31
kudos:9

reply to nwrickert

said by nwrickert:

....The team that is interested in ACH access and Merrill Lynch has a preference for REGISTER.COM and Domain Discreet. The team that does the more routine phishes tends to try different registrars until they wear out their welcome. .....
Very interesting, ... plus register could almost write a script to filter out rockphish domains at enrollment time, creatures of habit. I cannot see that a lot of legit domains get registered 3 letter 2 digits or vice versa, a la "lkh21". I did notice that the ach crew are going for volume in an attempt to override the lack of domain stamina.

MGD
to forum · permalink · 2007-10-19 21:36:20 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

reply to nwrickert

Rock phish report Oct 19, 2007

The Friday report:
19214 NXDOMAIN          wcma.businesscenter.bcprivate.asp65638272.wcmaloginea.aspx.lkh21.net
19214 NXDOMAIN          wcma.businesscenter.bcprivate.asp69771795.wcmaloginea.aspx.lkh21.net
19214 NXDOMAIN          wcma.businesscenter.bcprivate.asp88642153.wcmaloginea.aspx.trc43.net
19215 NXDOMAIN          wcma.businesscenter.bcprivate.asp74202269.wcmaloginea.aspx.rty73.com
19215 NXDOMAIN          wcma.businesscenter.bcprivate.asp93913154.wcmaloginea.aspx.56ub.com
19215 NXDOMAIN          wcma.businesscenter.bcprivate.asp38257002.wcmaloginea.aspx.rty73.com
19216 NXDOMAIN          wcma.businesscenter.bcprivate.asp35760165.wcmaloginea.aspx.yzc93.com
19216 NXDOMAIN          wcma.businesscenter.bcprivate.asp76086634.wcmaloginea.aspx.bsr54.com
19216 NXDOMAIN          wcma.businesscenter.bcprivate.asp74877118.wcmaloginea.aspx.yzc93.com
19217 NXDOMAIN          wcma.businesscenter.bcprivate.asp56941779.wcmaloginea.aspx.fds32.net
19217 NXDOMAIN          wcma.businesscenter.bcprivate.asp49881988.wcmaloginea.aspx.ind76.info
19217 NXDOMAIN          wcma.businesscenter.bcprivate.asp45089690.wcmaloginea.aspx.rsf39.us
19218 209.85.51.238     wcma.businesscenter.bcprivate.asp91310461.wcmaloginea.aspx.bnt43.net
19218 NXDOMAIN          wcma.businesscenter.bcprivate.asp34449899.wcmaloginea.aspx.gfa53.info
19218 NXDOMAIN          wcma.businesscenter.bcprivate.asp56073629.wcmaloginea.aspx.gwy87.net
19219 NXDOMAIN          wcma.businesscenter.bcprivate.asp30958731.wcmaloginea.aspx.yfw79.biz
19219 NXDOMAIN          wcma.businesscenter.bcprivate.asp33627406.wcmaloginea.aspx.yfw79.biz
19219 NXDOMAIN          wcma.businesscenter.bcprivate.asp72602590.wcmaloginea.aspx.yfw79.biz
19220 dns_temp_fail     wcma.businesscenter.bcprivate.asp81251426.wcmaloginea.aspx.uj99.com
19220 NXDOMAIN          wcma.businesscenter.bcprivate.asp55090847.wcmaloginea.aspx.xsw432.org
19220 dns_temp_fail     wcma.businesscenter.bcprivate.asp66706690.wcmaloginea.aspx.bgt55.com
19221 NXDOMAIN          wcma.businesscenter.bcprivate.asp74248908.wcmaloginea.aspx.nd7.biz
19221 NXDOMAIN          wcma.businesscenter.bcprivate.asp52323022.wcmaloginea.aspx.vbp6.net
19221 NXDOMAIN          wcma.businesscenter.bcprivate.asp84823485.wcmaloginea.aspx.nd7.biz
19222 NXDOMAIN          securelogin-79397538.moneymanagergps.com.bfg65.com
19223 dns_temp_fail     e-access92890160.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.dft38.us
19224 NXDOMAIN          e-access15471264.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.skt32.com
19225 dns_temp_fail     e-access25729284.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.uip32.info
19226 NXDOMAIN          e-access76836132.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.fgt79.biz
19227 dns_temp_fail     securelogin-04988390.moneymanagergps.com.jus83.com
19228 dns_temp_fail     securelogin-33382068.moneymanagergps.com.hds76.com
19230 NXDOMAIN          wcma.businesscenter.bcprivate.asp49984519.wcmaloginea.aspx.vfd12.com
19230 dns_temp_fail     wcma.businesscenter.bcprivate.asp95331148.wcmaloginea.aspx.7hj5.com
19230 dns_temp_fail     wcma.businesscenter.bcprivate.asp13443823.wcmaloginea.aspx.7hj5.com
19231 NXDOMAIN          wcma.businesscenter.bcprivate.asp97524783.wcmaloginea.aspx.dvz8.net
19231 NXDOMAIN          wcma.businesscenter.bcprivate.asp36835929.wcmaloginea.aspx.hnw21.net
19231 NXDOMAIN          wcma.businesscenter.bcprivate.asp42349270.wcmaloginea.aspx.mni43.com
19249 78.96.29.20(10)   wcma.businesscenter.bcprivate.asp25082254.wcmaloginea.aspx.ljs83.com
19249 78.96.29.20(10)   wcma.businesscenter.bcprivate.asp57895560.wcmaloginea.aspx.fsp68.com
19249 78.96.29.20(10)   wcma.businesscenter.bcprivate.asp42611204.wcmaloginea.aspx.fsp68.com
19254 79.178.254.190(10) wcma.businesscenter.bcprivate.asp02776420.wcmaloginea.aspx.ll32.com
19254 NXDOMAIN          wcma.businesscenter.bcprivate.asp51259149.wcmaloginea.aspx.ll322.com
19254 NXDOMAIN          wcma.businesscenter.bcprivate.asp56203485.wcmaloginea.aspx.ll789.com
19255 NXDOMAIN          wcma.businesscenter.bcprivate.asp91721162.wcmaloginea.aspx.lp9.info
19255 NXDOMAIN          wcma.businesscenter.bcprivate.asp14416697.wcmaloginea.aspx.ke4.info
19255 NXDOMAIN          wcma.businesscenter.bcprivate.asp16068590.wcmaloginea.aspx.ke4.info
19257 NXDOMAIN          hiring-id56080375.monster.com.hrenov4.gz.cn
19258 NXDOMAIN          wcma.businesscenter.bcprivate.asp57240314.wcmaloginea.aspx.uiuyt6.com
19258 NXDOMAIN          wcma.businesscenter.bcprivate.asp05757664.wcmaloginea.aspx.uiuyt6.com
19258 NXDOMAIN          wcma.businesscenter.bcprivate.asp02448610.wcmaloginea.aspx.uiuyt6.com
19259 NXDOMAIN          hiring-id59592.monster.com.mailop5.xz.cn
19260 NXDOMAIN          hiring-id005437368.monster.com.g5oo5liv.xz.cn
19265 dns_temp_fail     e-access23459193.compassbank.com.ibscompass.cmserver.welcome.default.verify.cfm.trf54.biz
19266 dns_temp_fail     securelogin-57598628.moneymanagergps.com.fks18.com
19268 phish_is_down     wcma.businesscenter.bcprivate.asp31142919.wcmaloginea.aspx.dse43.com
19268 phish_is_down     wcma.businesscenter.bcprivate.asp70968119.wcmaloginea.aspx.dse43.com
19268 phish_is_down     wcma.businesscenter.bcprivate.asp15396532.wcmaloginea.aspx.dse43.com

Domain registration info

   Phish domain         Registrar

56ub.com        REGISTER.COM            10/18/2007 (suspended)
7hj5.com        REGISTER.COM            10/18/2007 (suspended)
bfg65.com       REGISTER.COM            10/14/2007
bgt55.com       REGISTER.COM            10/18/2007 (suspended)
bnt43.net       ULTRARPM                10/18/2007
bsr54.com       unknown                 10/16/2007? (cancelled?)
dft38.us        REGISTER.COM            10/15/2007
dse43.com       REGISTER.COM            10/17/2007 (cancelled)
dvz8.net        unknown                 10/18/2007? (cancelled?)
fds32.net       REGISTER.COM            10/16/2007 (suspended)
fgt79.biz       REGISTER.COM            10/15/2007
fks18.com       REGISTER.COM            10/14/2007
fsp68.com       REGISTER.COM            10/19/2007
g5oo5liv.xz.cn  unknown                 10/18/2007? (cancelled?)
gfa53.info      unknown                 10/16/2007? (cancelled?)
gwy87.net       REGISTER.COM            10/16/2007 (suspended)
hds76.com       REGISTER.COM            10/14/2007
hnw21.net       unknown                 10/18/2007? (cancelled?)
hrenov4.gz.cn   unknown                 10/18/2007? (cancelled?)
ind76.info      REGISTER.COM            10/16/2007 (suspended)
jus83.com       REGISTER.COM            10/14/2007
ke4.info        unknown                 10/18/2007? (cancelled?)
ljs83.com       REGISTER.COM            10/19/2007
lkh21.net       REGISTER.COM            10/17/2007 (cancelled)
ll322.com       REGISTER.COM            10/19/2007 (suspended)
ll32.com        REGISTER.COM            10/19/2007
ll789.com       REGISTER.COM            10/19/2007 (suspended)
lp9.info        unknown                 10/18/2007? (cancelled?)
mailop5.xz.cn   unknown                 10/18/2007? (cancelled?)
mni43.com       unknown                 10/18/2007? (cancelled?)
nd7.biz         unknown                 10/18/2007? (cancelled?)
rsf39.us        REGISTER.COM            10/16/2007 (suspended)
rty73.com       REGISTER.COM            10/18/2007 (suspended)
skt32.com       REGISTER.COM            10/15/2007 (suspended)
trc43.net       REGISTER.COM            10/17/2007 (cancelled)
trf54.biz       REGISTER.COM            10/15/2007
uip32.info      REGISTER.COM            10/15/2007
uiuyt6.com      unknown                 10/18/2007? (cancelled?)
uj99.com        REGISTER.COM            10/18/2007 (suspended)
vbp6.net        unknown                 10/18/2007? (cancelled?)
vfd12.com       unknown                 10/18/2007? (cancelled?)
xsw432.org      unknown                 10/18/2007? (cancelled?)
yfw79.biz       unknown                 10/17/2007? (cancelled?)
yzc93.com       unknown                 10/16/2007? (cancelled?)


DNS server domain         Registrar

2ndzero.com     INFO AVENUE             10/06/2007
abc-tgc.com     REGISTER.COM            9/11/2007 (suspended)
bestlightyear.com REGISTER.COM          10/11/2007 (suspended)
plugininput.com INFO AVENUE             10/02/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-20 00:03:19 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 20, 2007

The Saturday report:
19275 NXDOMAIN          wcma.businesscenter.bcprivate.asp63226423.wcmaloginea.aspx.ljs83.com
19275 NXDOMAIN          wcma.businesscenter.bcprivate.asp86372720.wcmaloginea.aspx.ll882.com
19275 NXDOMAIN          wcma.businesscenter.bcprivate.asp51588672.wcmaloginea.aspx.ll789.com
19276 NXDOMAIN          wcma.businesscenter.bcprivate.asp66137406.wcmaloginea.aspx.vnp91.com
19276 NXDOMAIN          wcma.businesscenter.bcprivate.asp98332883.wcmaloginea.aspx.skq54.com
19276 NXDOMAIN          wcma.businesscenter.bcprivate.asp64174883.wcmaloginea.aspx.hds54.com
19285 221.12.43.189     hiring-id93941382.monster.com.kcfiiwere.es
19286 221.12.43.189     hiring-id3648331442.monster.com.esbeyon1d.gz.cn
19288 221.12.43.189     hiring-id7076176106.monster.com.kiier1.li
19289 221.12.43.189     hiring-id835259115.monster.com.koowershop.at
19290 221.12.43.189     hiring-id621957.monster.com.ko5el6.hk
19291 NXDOMAIN          wcma.businesscenter.bcprivate.asp83941908.wcmaloginea.aspx.ll32.com
19291 NXDOMAIN          wcma.businesscenter.bcprivate.asp70669026.wcmaloginea.aspx.ll32.com
19291 NXDOMAIN          wcma.businesscenter.bcprivate.asp41591555.wcmaloginea.aspx.ll32.com

Domain registration info

   Phish domain         Registrar

esbeyon1d.gz.cn www.cnnic.net.cn        10/11/2007
hds54.com       REGISTER.COM            10/19/2007 (suspended)
kcfiiwere.es    www.nic.es              10/19/2007?
kiier1.li       www.switch.ch           10/19/2007?
ko5el6.hk       HKDNR                   10/20/2007
koowershop.at   AT-DOM                  10/20/2007? (suspended)
ljs83.com       REGISTER.COM            10/19/2007 (suspended)
ll32.com        REGISTER.COM            10/19/2007 (suspended)
ll789.com       REGISTER.COM            10/19/2007 (suspended)
ll882.com       REGISTER.COM            10/19/2007 (suspended)
skq54.com       REGISTER.COM            10/19/2007 (suspended)
vnp91.com       REGISTER.COM            10/19/2007 (suspended)


DNS server domain         Registrar

bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)
vilopr.cn       www.cnnic.net.cn        8/16/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-20 23:52:19 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
1 edit

Rock phish report Oct 22, 2007

There were no rock phish submitted yesterday (Sunday).

Here is the report for Monday:
19319 79.113.80.78(10)  wcma.businesscenter.bcprivate.asp96162728.wcmaloginea.aspx.ocs2.com
19319 79.113.80.78(10)  wcma.businesscenter.bcprivate.asp92723311.wcmaloginea.aspx.ocs2.com
19319 79.113.80.78(10)  wcma.businesscenter.bcprivate.asp67183848.wcmaloginea.aspx.bbsq1.com
19321 79.113.80.78(10)  wcma.businesscenter.bcprivate.asp08997928.wcmaloginea.aspx.dvu8.com
19321 79.113.80.78(10)  wcma.businesscenter.bcprivate.asp17088423.wcmaloginea.aspx.dvu8.com
19321 79.113.80.78(10)  wcma.businesscenter.bcprivate.asp90912488.wcmaloginea.aspx.dvu8.com
19322 NXDOMAIN          wcma.businesscenter.bcprivate.asp79436580.wcmaloginea.aspx.c1j1.com
19322 NXDOMAIN          wcma.businesscenter.bcprivate.asp36498144.wcmaloginea.aspx.3l24.com
19322 NXDOMAIN          wcma.businesscenter.bcprivate.asp85724920.wcmaloginea.aspx.3l24.com
19325 NXDOMAIN          wcma.businesscenter.bcprivate.asp01250590.wcmaloginea.aspx.c1j1.com
19325 NXDOMAIN          wcma.businesscenter.bcprivate.asp82531809.wcmaloginea.aspx.3l24.com
19325 NXDOMAIN          wcma.businesscenter.bcprivate.asp29011317.wcmaloginea.aspx.3l24.com
19331 NXDOMAIN          wcma.businesscenter.bcprivate.asp33829591.wcmaloginea.aspx.enn1.com
19331 NXDOMAIN          wcma.businesscenter.bcprivate.asp08367569.wcmaloginea.aspx.mol11.com
19331 NXDOMAIN          wcma.businesscenter.bcprivate.asp62333855.wcmaloginea.aspx.mol11.com
19332 79.113.46.37(10)  wcma.businesscenter.bcprivate.asp44049753.wcmaloginea.aspx.vfr331.com
19332 79.113.46.37(10)  wcma.businesscenter.bcprivate.asp35765070.wcmaloginea.aspx.vfr331.com
19332 NXDOMAIN          wcma.businesscenter.bcprivate.asp45414394.wcmaloginea.aspx.87ud.com
19334 NXDOMAIN          hiring-id191684.monster.com.kiier1.ch
19335 NXDOMAIN          wcma.businesscenter.bcprivate.asp05037261.wcmaloginea.aspx.3l24.com
19335 NXDOMAIN          wcma.businesscenter.bcprivate.asp81936321.wcmaloginea.aspx.3l24.com
19335 NXDOMAIN          wcma.businesscenter.bcprivate.asp65753533.wcmaloginea.aspx.c1j1.com
19336 NXDOMAIN          wcma.businesscenter.bcprivate.asp99588860.wcmaloginea.aspx.mol11.com
19336 NXDOMAIN          wcma.businesscenter.bcprivate.asp62796565.wcmaloginea.aspx.enn1.com
19336 NXDOMAIN          wcma.businesscenter.bcprivate.asp36099670.wcmaloginea.aspx.enn1.com
19337 NXDOMAIN          wcma.businesscenter.bcprivate.asp82367874.wcmaloginea.aspx.bbsq1.com
19337 NXDOMAIN          wcma.businesscenter.bcprivate.asp29190574.wcmaloginea.aspx.bbsq1.com
19337 NXDOMAIN          wcma.businesscenter.bcprivate.asp06915539.wcmaloginea.aspx.bbsq1.com
19338 NXDOMAIN          wcma.businesscenter.bcprivate.asp89076344.wcmaloginea.aspx.c1j1.com
19338 NXDOMAIN          wcma.businesscenter.bcprivate.asp90843953.wcmaloginea.aspx.3l24.com
19338 NXDOMAIN          wcma.businesscenter.bcprivate.asp47397786.wcmaloginea.aspx.3l24.com
19339 NXDOMAIN          wcma.businesscenter.bcprivate.asp57726813.wcmaloginea.aspx.dres61.com
19339 NXDOMAIN          wcma.businesscenter.bcprivate.asp80727722.wcmaloginea.aspx.ter34.com
19339 NXDOMAIN          wcma.businesscenter.bcprivate.asp50066458.wcmaloginea.aspx.ter34.com
19340 NXDOMAIN          wcma.businesscenter.bcprivate.asp85756140.wcmaloginea.aspx.dres61.com
19340 NXDOMAIN          wcma.businesscenter.bcprivate.asp30281181.wcmaloginea.aspx.dres61.com
19340 NXDOMAIN          wcma.businesscenter.bcprivate.asp72539443.wcmaloginea.aspx.dres61.com
19341 NXDOMAIN          wcma.businesscenter.bcprivate.asp04179987.wcmaloginea.aspx.vfr331.com
19341 NXDOMAIN          wcma.businesscenter.bcprivate.asp00099091.wcmaloginea.aspx.87ud.com
19341 NXDOMAIN          wcma.businesscenter.bcprivate.asp42744218.wcmaloginea.aspx.vfr331.com
19342 NXDOMAIN          wcma.businesscenter.bcprivate.asp77545532.wcmaloginea.aspx.vfr331.com
19342 NXDOMAIN          wcma.businesscenter.bcprivate.asp64323840.wcmaloginea.aspx.vfr331.com
19342 NXDOMAIN          wcma.businesscenter.bcprivate.asp79438433.wcmaloginea.aspx.vfr331.com
19343 NXDOMAIN          wcma.businesscenter.bcprivate.asp81097926.wcmaloginea.aspx.345tg.com
19343 NXDOMAIN          wcma.businesscenter.bcprivate.asp27246303.wcmaloginea.aspx.65rad.com
19343 NXDOMAIN          wcma.businesscenter.bcprivate.asp13760220.wcmaloginea.aspx.65rad.com
19349 NXDOMAIN          wcma.businesscenter.bcprivate.asp31845140.wcmaloginea.aspx.ter34.com
19349 NXDOMAIN          wcma.businesscenter.bcprivate.asp17217252.wcmaloginea.aspx.7iuhf.com
19349 NXDOMAIN          wcma.businesscenter.bcprivate.asp05091487.wcmaloginea.aspx.vfr331.com
19352 NXDOMAIN          wcma.businesscenter.bcprivate.asp78666988.wcmaloginea.aspx.vfr331.com
19352 NXDOMAIN          wcma.businesscenter.bcprivate.asp27331975.wcmaloginea.aspx.vfr331.com
19352 NXDOMAIN          wcma.businesscenter.bcprivate.asp21895736.wcmaloginea.aspx.ter34.com
19355 NXDOMAIN          wcma.businesscenter.bcprivate.asp80440829.wcmaloginea.aspx.vfr331.com
19355 NXDOMAIN          wcma.businesscenter.bcprivate.asp21633410.wcmaloginea.aspx.65rad.com
19355 NXDOMAIN          wcma.businesscenter.bcprivate.asp12415378.wcmaloginea.aspx.345tg.com
19356 NXDOMAIN          wcma.businesscenter.bcprivate.asp82535190.wcmaloginea.aspx.ter34.com
19356 NXDOMAIN          wcma.businesscenter.bcprivate.asp61235476.wcmaloginea.aspx.7iuhf.com
19356 NXDOMAIN          wcma.businesscenter.bcprivate.asp28186433.wcmaloginea.aspx.7iuhf.com
19357 NXDOMAIN          wcma.businesscenter.bcprivate.asp30988404.wcmaloginea.aspx.ter34.com
19357 NXDOMAIN          wcma.businesscenter.bcprivate.asp92769387.wcmaloginea.aspx.dres61.com
19357 NXDOMAIN          wcma.businesscenter.bcprivate.asp68011858.wcmaloginea.aspx.ter34.com

Domain registration info

   Phish domain         Registrar

345tg.com       REGISTER.COM            10/21/2007 (suspended)
3l24.com        REGISTER.COM            10/21/2007 (suspended)
65rad.com       REGISTER.COM            10/21/2007 (suspended)
7iuhf.com       REGISTER.COM            10/21/2007 (suspended)
87ud.com        REGISTER.COM            10/21/2007? (cancelled?)
bbsq1.com       REGISTER.COM            10/21/2007 (suspended)
c1j1.com        REGISTER.COM            10/21/2007 (suspended)
dres61.com      REGISTER.COM            10/21/2007 (suspended)
dvu8.com        REGISTER.COM            10/21/2007 (suspended)
enn1.com        REGISTER.COM            10/21/2007 (suspended)
kiier1.ch       www.switch.ch           10/19/2007? (suspended)
mol11.com       REGISTER.COM            10/21/2007 (suspended)
ocs2.com        REGISTER.COM            10/21/2007 (suspended)
ter34.com       REGISTER.COM            10/21/2007 (suspended)
vfr331.com      REGISTER.COM            10/21/2007 (suspended)


DNS server domain         Registrar

ebigstep.com    INFO AVENUE             9/27/2007
goldbigstar.com INFO AVENUE             10/06/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
to forum · permalink · 2007-10-22 23:55:12 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 23, 2007

The Tuesday report:
19370 79.178.50.93(10)  www.bxs.inview.session80438.certificate-logon2007.serial16885581-0009.sd323.com
19371 82.78.174.157(10) www.bxs.inview.session62444.certificate-logon2007.serial74577596-0006.ia244.net
19374 79.113.38.145(10) www.bxs.inview.session72983.certificate-logon2007.serial58623957-0001.ia244.net
19375 79.113.38.145(10) www.bxs.inview.session47999.certificate-logon2007.serial13424181-0007.ss69.us
19376 62.231.92.64(10)  www.bxs.inview.session73209.certificate-logon2007.serial14680419-0003.sd690.com
19377 62.231.92.64(10)  www.bxs.inview.session13536.certificate-logon2007.serial67001884-0004.ll780.com
19383 62.231.92.64(10)  www.bxs.inview.session20171.certificate-logon2007.serial08877253-0009.ll3311.com
19388 82.79.220.86(10)  www.bxs.inview.session55341.certificate-logon2007.serial44573923-0000.vc232.com
19398 77.81.24.92(10)   www.bxs.inview.session70460.certificate-logon2007.serial21494658-0005.ll2213.com
19400 77.81.24.92(10)   www.bxs.inview.session51181.certificate-logon2007.serial79733944-0007.fc986.us

Domain registration info

   Phish domain         Registrar

fc986.us        AMERICAN DOMAIN         10/22/2007
ia244.net       DOTALLIANCE             10/22/2007
ll2213.com      DOTALLIANCE             10/22/2007
ll3311.com      DOTALLIANCE             10/22/2007
ll780.com       DOTALLIANCE             10/22/2007
sd323.com       DOTALLIANCE             10/22/2007
sd690.com       DOTALLIANCE             10/22/2007
ss69.us         AMERICAN DOMAIN         10/22/2007
vc232.com       DOTALLIANCE             10/22/2007


DNS server domain         Registrar

ebigstep.com    INFO AVENUE             9/27/2007
goldbigstar.com INFO AVENUE             10/06/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-10-23 23:56:22 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 24, 2007

The Wednesday report:
19411 NXDOMAIN          www.bxs.inview.session33375.certificate-logon2007.serial42787625-0004.vc232.com
19412 NXDOMAIN          www.bxs.inview.session14220.certificate-logon2007.serial49951122-0008.fc986.us
19414 62.231.93.30(10)  paylinks.cunet.org.session-35782336.online.login.fde56.com
19415 dns_temp_fail     www.bxs.inview.session09121.certificate-logon2007.serial30704286-0009.dre43.com
19416 NXDOMAIN          www.bxs.inview.session20450.certificate-logon2007.serial08607559-0002.ll2213.com
19419 62.231.93.30(10)  paylinks.cunet.org.session-01579458.online.login.rjt27.com
19420 dns_temp_fail     www.bxs.inview.session73631.certificate-logon2007.serial62483158-0003.jdt53.com
19445 62.31.82.10(10)   paylinks.cunet.org.session-45615344.online.login.rmx54.com

Domain registration info

   Phish domain         Registrar

dre43.com       REGISTER.COM            10/21/2007
fc986.us        AMERICAN DOMAIN         10/22/2007 (cancelled)
fde56.com       REGISTER.COM            10/21/2007
jdt53.com       REGISTER.COM            10/21/2007
ll2213.com      DOTALLIANCE             10/22/2007
rjt27.com       REGISTER.COM            10/21/2007
rmx54.com       REGISTER.COM            10/21/2007
vc232.com       DOTALLIANCE             10/22/2007 (cancelled)


DNS server domain         Registrar

ebigstep.com    INFO AVENUE             9/27/2007
goldbigstar.com INFO AVENUE             10/06/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-10-24 23:50:47 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 25, 2007

The Thursday report:
19454 dns_temp_fail     paylinks.cunet.org.session-19484730.online.login.kmq72.com
19455 dns_temp_fail     paylinks.cunet.org.session-37109786.online.login.rjt27.com
19456 77.81.178.210(10) paylinks.cunet.org.session-27127480.online.login.rmx54.com
19459 77.81.178.210(10) paylinks.cunet.org.session-46612789.online.login.knq63.com
19460 dns_temp_fail     www.bxs.inview.session42514.certificate-logon2007.serial59097808-0008.ups38.com
19461 dns_temp_fail     paylinks.cunet.org.session-52785638.online.login.mhe78.com
19472 77.81.178.210(10) paylinks.cunet.org.session-06935981.online.login.hfd92.com
19476 77.81.178.210(10) paylinks.cunet.org.session-70672077.online.login.trs83.com
19477 79.113.17.171(10) paylinks.cunet.org.session-03301509.online.login.jkw69.com
19484 79.113.17.171(10) paylinks.cunet.org.session-62595172.online.login.x64s2.com
19485 77.81.178.210(10) paylinks.cunet.org.session-91315119.online.login.hfd92.com
19486 77.81.178.210(10) paylinks.cunet.org.session-06996619.online.login.x64s2.com
19493 dns_temp_fail     paylinks.cunet.org.session-30587029.online.login.f0ge3.com
19494 dns_temp_fail     paylinks.cunet.org.session-65216533.online.login.f0ge3.com

Domain registration info

   Phish domain         Registrar

f0ge3.com       REGISTER.COM            10/25/2007
hfd92.com       REGISTER.COM            10/24/2007
jkw69.com       REGISTER.COM            10/24/2007
kmq72.com       REGISTER.COM            10/21/2007
knq63.com       REGISTER.COM            10/21/2007
mhe78.com       REGISTER.COM            10/21/2007
rjt27.com       REGISTER.COM            10/21/2007
rmx54.com       REGISTER.COM            10/21/2007
trs83.com       REGISTER.COM            10/24/2007
ups38.com       REGISTER.COM            10/21/2007
x64s2.com       REGISTER.COM            10/25/2007


DNS server domain         Registrar

ebigstep.com    INFO AVENUE             9/27/2007
goldbigstar.com INFO AVENUE             10/06/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-10-25 23:59:37 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 26, 2007

The Friday report:
19497 79.113.32.146(10) paylinks.cunet.org.session-87440991.online.login.oqs57.com
19498 77.81.178.210(10) paylinks.cunet.org.session-36945057.online.login.f0ge3.com
19499 77.81.178.210(10) paylinks.cunet.org.session-35735529.online.login.f0ge3.com
19506 77.81.178.210(10) paylinks.cunet.org.session-48568170.online.login.f0ge3.com
19513 79.113.3.67(10)   paylinks.cunet.org.session-90628632.online.login.f0ge3.com
19515 77.81.178.210(10) paylinks.cunet.org.session-66766302.online.login.f0ge3.com
19516 77.81.178.210(10) paylinks.cunet.org.session-15686101.online.login.f0ge3.com
19525 79.113.32.146(10) paylinks.cunet.org.session-30095688.online.login.f0ge3.com
19537 NXDOMAIN          paylinks.cunet.org.session-82869681.online.login.nm2w.com
19538 NXDOMAIN          paylinks.cunet.org.session-21135992.online.login.f0ge3.com
19539 64.131.251.173    paylinks.cunet.org.session-25677162.online.login.h53ds.com
19541 NXDOMAIN          paylinks.cunet.org.session-64972147.online.login.de22s.com
19544 phish_is_down     paylinks.cunet.org.session-14459486.online.login.knq63.com
19545 NXDOMAIN          paylinks.cunet.org.session-13473275.online.login.pmj55.com
19546 phish_is_down     securelogin-01553964.moneymanagergps.com.dfv92.com
19547 phish_is_down     securelogin-41906773.moneymanagergps.com.ref39.com
19548 phish_is_down     securelogin-03788828.moneymanagergps.com.dfv92.com
19549 NXDOMAIN          www.bxs.inview.session65924.certificate-logon2007.serial80346112-0009.fdg31.com
19550 NXDOMAIN          www.bxs.inview.session73352.certificate-logon2007.serial38985879-0005.jdt53.com
19551 NXDOMAIN          www.bxs.inview.session11734.certificate-logon2007.serial70378871-0003.fc986.us
19552 NXDOMAIN          www.bxs.inview.session64720.certificate-logon2007.serial92649081-0003.we698.com
19553 phish_is_down     www.bxs.inview.session95671.certificate-logon2007.serial27905238-0002.fd3452.com
19554 NXDOMAIN          www.bxs.inview.session20901.certificate-logon2007.serial15396855-0007.sd690.com
19556 phish_is_down     www.bxs.inview.session80522.certificate-logon2007.serial48263574-0001.fs680.net
19557 phish_is_down     www.bxs.inview.session85868.certificate-logon2007.serial73755573-0005.ll534.com
19558 NXDOMAIN          www.bxs.inview.session10777.certificate-logon2007.serial60483395-0006.sd323.com
19559 NXDOMAIN          www.bxs.inview.session27641.certificate-logon2007.serial94083528-0007.sd323.com
19560 phish_is_down     www.bxs.inview.session20684.certificate-logon2007.serial38714949-0002.ll3311.com
19561 phish_is_down     www.bxs.inview.session35880.certificate-logon2007.serial39185014-0004.ll691.com

Domain registration info

   Phish domain         Registrar

de22s.com       unknown                 10/24/2007? (cancelled?)
dfv92.com       REGISTER.COM            10/21/2007
f0ge3.com       REGISTER.COM            10/25/2007 (suspended)
fc986.us        AMERICAN DOMAIN         10/22/2007 (cancelled)
fd3452.com      unknown                 10/22/2007? (parked)
fdg31.com       unknown                 10/31/2007? (cancelled?)
fs680.net       unknown                 10/22/2007? (parked)
h53ds.com       REGISTER.COM            10/25/2007
jdt53.com       REGISTER.COM            10/21/2007
knq63.com       REGISTER.COM            10/21/2007
ll3311.com      DOTALLIANCE             10/22/2007 (parked)
ll534.com       unknown                 10/22/2007? (parked)
ll691.com       unknown                 10/22/2007? (parked)
nm2w.com        REGISTER.COM            10/25/2007 (suspended)
oqs57.com       REGISTER.COM            10/24/2007 (cancelled)
pmj55.com       unknown                 10/23/2007? (cancelled?)
ref39.com       REGISTER.COM            10/21/2007
sd323.com       DOTALLIANCE             10/22/2007 (parked)
sd690.com       DOTALLIANCE             10/22/2007 (cancelled)
we698.com       unknown                 10/24/2007? (cancelled?)


DNS server domain         Registrar

ebigstep.com    INFO AVENUE             9/27/2007
goldbigstar.com INFO AVENUE             10/06/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-10-27 01:10:01 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 29, 2007

No rock phish were submitted Saturday or Sunday.

Today we received a few. Phish #19609 is not listed below, because it is malformed and has no suspicious urls. However, its form strongly suggests that it is the work of the rock phishers. It targets equifax.

Here is the report for Monday:
19646 79.112.26.190(10) securelogin-04118918.moneymanagergps.com.cvv11.com
19647 79.112.26.190(10) securelogin-04975698.moneymanagergps.com.f4sd.com
19648 79.112.26.190(10) securelogin-45798229.moneymanagergps.com.dii1i.com
19651 62.219.120.105(10) securelogin-57722079.moneymanagergps.com.fer21.com

Domain registration info

   Phish domain         Registrar

cvv11.com       REGISTER.COM            10/29/2007
dii1i.com       REGISTER.COM            10/29/2007
f4sd.com        REGISTER.COM            10/29/2007
fer21.com       REGISTER.COM            10/29/2007


DNS server domain         Registrar

ebigstep.com    INFO AVENUE             9/27/2007
goldbigstar.com INFO AVENUE             10/06/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-10-30 00:00:16 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 30, 2007

Here is the Tuesday report:
19665 77.81.5.21(10)    securelogin-60611081.moneymanagergps.com.f4sd.com
19665 77.81.5.21(10)    securelogin-33322438.moneymanagergps.com.luiy23.com
19667 77.81.5.21(10)    securelogin-86858197.moneymanagergps.com.fdy4r.com
19668 77.81.5.21(10)    securelogin-44113596.moneymanagergps.com.hj3d.com
19671 77.81.5.21(10)    securelogin-54485379.moneymanagergps.com.cvv11.com
19673 77.81.5.21(10)    securelogin-39659650.moneymanagergps.com.hj3d.com
19675 77.81.5.21(10)    securelogin-62826163.moneymanagergps.com.s32ed.com
19678 202.134.177.24    www.eport.equifax.com.kfiu223.li
19680 79.113.76.225(10) securelogin-21604221.moneymanagergps.com.dsf3s.com
19681 79.113.76.225(10) securelogin-69629151.moneymanagergps.com.fdy4r.com
19682 79.113.76.225(10) securelogin-72104526.moneymanagergps.com.f4sd.com
19683 79.113.76.225(10) securelogin-77058033.moneymanagergps.com.fdy4r.com
19684 79.113.76.225(10) securelogin-54510436.moneymanagergps.com.s32ed.com
19685 79.113.76.225(10) securelogin-93200857.moneymanagergps.com.fer21.com
19686 79.113.76.225(10) securelogin-03901000.moneymanagergps.com.fj6r4.com
19687 212.199.95.108    www.eport.equifax.com.moner.com.es
19688 79.113.76.225(10) securelogin-41216800.moneymanagergps.com.dii1i.com
19693 79.113.198.187(10) securelogin-71109922.moneymanagergps.com.luiy23.com
19692 79.113.198.187(10) securelogin-58194710.moneymanagergps.com.cvv11.com
19694 79.113.198.187(10) securelogin-86816422.moneymanagergps.com.s94y.com
19701 79.66.80.38(10)   securelogin-92830689.moneymanagergps.com.fj6r4.com
19703 24.122.184.107(10) securelogin-89410497.moneymanagergps.com.fer21.com
19704 24.122.184.107(10) securelogin-99243693.moneymanagergps.com.fj6r4.com

Domain registration info

   Phish domain         Registrar

cvv11.com       REGISTER.COM            10/29/2007
dii1i.com       REGISTER.COM            10/29/2007
dsf3s.com       REGISTER.COM            10/29/2007
f4sd.com        REGISTER.COM            10/29/2007
fdy4r.com       REGISTER.COM            10/29/2007
fer21.com       REGISTER.COM            10/29/2007
fj6r4.com       REGISTER.COM            10/29/2007
hj3d.com        REGISTER.COM            10/29/2007
kfiu223.li      www.switch.ch           10/29/2007?
luiy23.com      REGISTER.COM            10/29/2007
moner.com.es    www.nic.es              10/22/2007
s32ed.com       REGISTER.COM            10/29/2007
s94y.com        REGISTER.COM            10/29/2007


DNS server domain         Registrar

2ndzero.com     INFO AVENUE             10/06/2007 (suspended)
bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)
ebigstep.com    INFO AVENUE             9/27/2007 (suspended)
goldbigstar.com INFO AVENUE             10/06/2007 (suspended)
greatlarge.com  REGISTER.COM            10/19/2007
polo456.com     TODAYNIC.COM            9/17/2007
road756.com     REGISTER.COM            10/30/2007
vilopr.cn       www.cnnic.net.cn        8/16/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-10-30 23:50:44 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Oct 31, 2007

The Wednesday report:
19709 79.177.171.62(10) securelogin-31089035.moneymanagergps.com.fj6r4.com
19712 79.80.222.88(10)  securelogin-14833892.moneymanagergps.com.fdy4r.com
19718 dns_temp_fail     securelogin-62347448.moneymanagergps.com.dsf3s.com
19738 dns_temp_fail     securelogin-06507674.moneymanagergps.com.dii1i.com
19739 78.96.9.248(10)   securelogin-07206796.moneymanagergps.com.v3ds.com

Domain registration info

   Phish domain         Registrar

dii1i.com       REGISTER.COM            10/29/2007
dsf3s.com       REGISTER.COM            10/29/2007
fdy4r.com       REGISTER.COM            10/29/2007
fj6r4.com       REGISTER.COM            10/29/2007
v3ds.com        REGISTER.COM            10/31/2007


DNS server domain         Registrar

greatlarge.com  REGISTER.COM            10/19/2007
road756.com     REGISTER.COM            10/30/2007
skyworldinc.com INFO AVENUE             10/30/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-10-31 23:55:54 ·


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

Rock phish report Nov 01, 2007

The Thursday report:
19749 79.112.35.82(10)  securelogin-43372729.moneymanagergps.com.ki7s.com
19753 79.113.171.151(10) securelogin-54601969.moneymanagergps.com.eq5t.com
19761 dns_temp_fail     securelogin-06334051.moneymanagergps.com.ere3s.com
19762 dns_temp_fail     securelogin-24249992.moneymanagergps.com.xcvr3.com
19767 212.199.95.108    www.eport.equifax.com.ru4ue.ch
19768 dns_temp_fail     securelogin-60850779.moneymanagergps.com.p3dx.com
19769 dns_temp_fail     securelogin-40570849.moneymanagergps.com.ere3s.com
19770 NXDOMAIN          www.eport.equifax.com.6587.li
19771 dns_temp_fail     securelogin-09217787.moneymanagergps.com.xcvr3.com
19772 NXDOMAIN          www.eport.equifax.com.3467843.ch
19773 NXDOMAIN          www.eport.equifax.com.3467843.ch
19774 NXDOMAIN          www.eport.equifax.com.54567.li
19775 NXDOMAIN          securelogin-79799623.moneymanagergps.com.cvv11.com
19776 phish_is_down     securelogin-40194885.moneymanagergps.com.fdy4r.com
19777 NXDOMAIN          securelogin-99154531.moneymanagergps.com.hj3d.com
19778 phish_is_down     securelogin-92886106.moneymanagergps.com.fer21.com
19779 NXDOMAIN          securelogin-09574972.moneymanagergps.com.s32ed.com
19780 NXDOMAIN          securelogin-61851639.moneymanagergps.com.f4sd.com
19781 NXDOMAIN          rbsdigital-id00523.rbs.co.uk.77654.ch
19782 phish_is_down     www.eport.equifax.com.kdiwrw2.com.es
19783 phish_is_down     www.eport.equifax.com.ghsso.com.es
19784 phish_is_down     www.eport.equifax.com.kdiwrw2.com.es
19785 212.199.95.108    www.eport.equifax.com.fmj4jer.li
19786 NXDOMAIN          www.eport.equifax.com.con5ner.hk

Domain registration info

   Phish domain         Registrar

3467843.ch      www.switch.ch           10/31/2007? (suspended?)
54567.li        www.switch.ch           10/31/2007? (suspended?)
6587.li         www.switch.ch           10/29/2007? (suspended?)
77654.ch        www.switch.ch           10/29/2007? (suspended?)
con5ner.hk      HKDNR                   10/31/2007 (suspended)
cvv11.com       REGISTER.COM            10/29/2007 (cancelled)
eq5t.com        REGISTER.COM            10/31/2007
ere3s.com       REGISTER.COM            10/31/2007
f4sd.com        REGISTER.COM            10/29/2007 (cancelled)
fdy4r.com       REGISTER.COM            10/29/2007 (parked)
fer21.com       REGISTER.COM            10/29/2007 (parked)
fmj4jer.li      www.switch.ch           10/31/2007?
ghsso.com.es    www.nic.es              10/26/2007 (suspended)
hj3d.com        REGISTER.COM            10/29/2007 (cancelled)
kdiwrw2.com.es  www.nic.es              10/29/2007 (suspended)
ki7s.com        REGISTER.COM            10/31/2007
p3dx.com        REGISTER.COM            10/31/2007
ru4ue.ch        www.switch.ch           10/31/2007?
s32ed.com       REGISTER.COM            10/29/2007 (cancelled)
xcvr3.com       REGISTER.COM            10/31/2007


DNS server domain         Registrar

bar-bar-com.com BIZCN.COM               9/18/2007 (cancelled)
greatlarge.com  REGISTER.COM            10/19/2007
outcomevoting.com INFO AVENUE           10/31/2007
polo456.com     TODAYNIC.COM            9/17/2007
skyworldinc.com INFO AVENUE             10/30/2007
vilopr.cn       www.cnnic.net.cn        8/16/2007


--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8
to forum · permalink · 2007-11-02 00:02:23 ·
Forums > Broadband Tech > Security > Scam and Phishbusters
page: 1 · 2 · 3 · 4 ... 17 · 18 · 19

Tuesday, 29-May 04:49:41 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics