I was asked by a friend if I could sniff out all of the IP addresses that the redir3105.com domain was redirecting to, and after spending over 30 mins trying to do it manually, decided to ask a few fellow researchers if they were aware of a way of doing it automatically - sadly they weren't.
I decided therefor, to throw something together myself to see if I could get the results I required, and the results were interesting.
I told the program to send 1000 requests to redir3105.com (spaced out of course), and had it list all of the IP's that it redirected to, including of course, the URL's themselves - out of the 1000 requests, there were only 296 unique IP addresses. Something I was not expecting.
The entire list is below for your blacklisting and/or researching pleasure.
And the list of IP's themselves;
I've not yet ran the list through hpObserver to get the PTR's for the IP's, but will do that later (absolutely knackered at the moment, and busy processing over 2000 other phishing domains).
hpObserver results (includes PTR) for the IP's;