Holger over at MDL gave us a heads up about a Twitter phishing (I've dubbed it Twishing - because it sounded good) campaign hosted in China (where else). This particular one is located at (screenshot to the left);secure-login.twitter.verifiylogin.com/twitter/
IP: 124.94.101.13
Domain Name : verifiylogin.com
PunnyCode : verifiylogin.com
Registrant:
Organization : zhang xiaohu
Name : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Administrative Contact:
Name : zhang xiaohu
Organization : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Phone Number : 86-0734-3211451
Fax : 86-0734-3211451
Email : zhangxiaohu_0098@126.com
Technical Contact:
Name : zhang xiaohu
Organization : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Phone Number : 86-0734-3211451
Fax : 86-0734-3211451
Email : zhangxiaohu_0098@126.com
Billing Contact:
Name : zhang xiaohu
Organization : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Phone Number : 86-0734-3211451
Fax : 86-0734-3211451
Email : zhangxiaohu_0098@126.com
WhoIs server: whois.paycenter.com.cn
PunnyCode : verifiylogin.com
Registrant:
Organization : zhang xiaohu
Name : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Administrative Contact:
Name : zhang xiaohu
Organization : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Phone Number : 86-0734-3211451
Fax : 86-0734-3211451
Email : zhangxiaohu_0098@126.com
Technical Contact:
Name : zhang xiaohu
Organization : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Phone Number : 86-0734-3211451
Fax : 86-0734-3211451
Email : zhangxiaohu_0098@126.com
Billing Contact:
Name : zhang xiaohu
Organization : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500
Phone Number : 86-0734-3211451
Fax : 86-0734-3211451
Email : zhangxiaohu_0098@126.com
WhoIs server: whois.paycenter.com.cn
Ref: http://hosts-file.net/?s=verifiylogin.com
These folks are also responsible for phishing scams targeting other social network sites such as MySpace (also valid without the sub-domain runaround);
vids.myspace.com.index.cfm.fuseaction.vids.individual.videoid-34118937searchidf1cdcded042465aba36-8189d15507af.verifiylogin.com
Which can also be found at:
Host: rnyspece.com
IP: 124.94.101.13
and
Host: *.39042084.com
IP: 122.141.85.2
Domain Name : rnyspece.com
PunnyCode : rnyspece.com
Registrant:
Organization : lixing
Name : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Administrative Contact:
Name : lixing
Organization : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Phone Number : 86-021-63936657
Fax : 86-021-63936657
Email : lixing688@gmail.com
Technical Contact:
Name : lixing
Organization : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Phone Number : 86-021-63936657
Fax : 86-021-63936657
Email : lixing688@gmail.com
Billing Contact:
Name : lixing
Organization : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Phone Number : 86-021-63936657
Fax : 86-021-63936657
Email : lixing688@gmail.com
WhoIs server: whois.paycenter.com.cn
PunnyCode : rnyspece.com
Registrant:
Organization : lixing
Name : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Administrative Contact:
Name : lixing
Organization : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Phone Number : 86-021-63936657
Fax : 86-021-63936657
Email : lixing688@gmail.com
Technical Contact:
Name : lixing
Organization : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Phone Number : 86-021-63936657
Fax : 86-021-63936657
Email : lixing688@gmail.com
Billing Contact:
Name : lixing
Organization : lixing
Address : Shanghaihuashan street 2018
City : shixiaqu
Province/State : shanghaishi
Country : china
Postal Code : 200085
Phone Number : 86-021-63936657
Fax : 86-021-63936657
Email : lixing688@gmail.com
WhoIs server: whois.paycenter.com.cn
DomainName : 39042084.com
RSP: China Springboard Inc.
URL: http://www.namerich.cn
Name Server......................NS1.333NNN333.COM
Name Server......................NS2.333NNN333.COM
Status...........................ok
Creation Date ..................2009-07-19
Expiration Date .................2010-07-19
Last Update Date ...............2009-07-19
Registrant ID ...................V-X-59425-16306
Registrant Name .................SONG BOLIANG
Registrant Organization .........SONG BOLIANG
Registrant Address ..............HUANZHUGUANGCHANG31
Registrant City..................QD
Registrant Province/State .......SD
Registrant Country Code .........CN
Registrant Postal Code ..........226016
Registrant Phone Number .........+86.053281241156
Registrant Fax ..................+86.053281241156
Registrant Email ................janeob@126.com
Administrative ID ...............V-X-59425-16306
Administrative Name .............SONG BOLIANG
Administrative Organization .....SONG BOLIANG
Administrative Address ..........HUANZHUGUANGCHANG31
Administrative City..............QD
Administrative Province/State ...SD
Administrative Country Code .....CN
Administrative Postal Code ......226016
Administrative Phone Number .....+86.053281241156
Administrative Fax ..............+86.053281241156
Administrative Email ............janeob@126.com
Billing ID ......................V-X-59425-16306
Billing Name ....................SONG BOLIANG
Billing Organization ............SONG BOLIANG
Billing Address .................HUANZHUGUANGCHANG31
Billing City.....................QD
Billing Province/State ..........SD
Billing Country Code ............CN
Billing Postal Code .............226016
Billing Phone Number ............+86.053281241156
Billing Fax .....................+86.053281241156
Billing Email ...................janeob@126.com
Technical ID ....................V-X-59425-16306
Technical Name ..................SONG BOLIANG
Technical Organization...........SONG BOLIANG
Technical Address ...............HUANZHUGUANGCHANG31
Technical City...................QD
Technical Province/State.........SD
Technical Country Code ..........CN
Technical Postal Code ...........226016
Technical Phone Number ..........+86.053281241156
Technical Fax ...................+86.053281241156
Technical Email .................janeob@126.com
; Please register your domains at
; http://www.namerich.cn
WhoIs server: whois.namerich.cn
RSP: China Springboard Inc.
URL: http://www.namerich.cn
Name Server......................NS1.333NNN333.COM
Name Server......................NS2.333NNN333.COM
Status...........................ok
Creation Date ..................2009-07-19
Expiration Date .................2010-07-19
Last Update Date ...............2009-07-19
Registrant ID ...................V-X-59425-16306
Registrant Name .................SONG BOLIANG
Registrant Organization .........SONG BOLIANG
Registrant Address ..............HUANZHUGUANGCHANG31
Registrant City..................QD
Registrant Province/State .......SD
Registrant Country Code .........CN
Registrant Postal Code ..........226016
Registrant Phone Number .........+86.053281241156
Registrant Fax ..................+86.053281241156
Registrant Email ................janeob@126.com
Administrative ID ...............V-X-59425-16306
Administrative Name .............SONG BOLIANG
Administrative Organization .....SONG BOLIANG
Administrative Address ..........HUANZHUGUANGCHANG31
Administrative City..............QD
Administrative Province/State ...SD
Administrative Country Code .....CN
Administrative Postal Code ......226016
Administrative Phone Number .....+86.053281241156
Administrative Fax ..............+86.053281241156
Administrative Email ............janeob@126.com
Billing ID ......................V-X-59425-16306
Billing Name ....................SONG BOLIANG
Billing Organization ............SONG BOLIANG
Billing Address .................HUANZHUGUANGCHANG31
Billing City.....................QD
Billing Province/State ..........SD
Billing Country Code ............CN
Billing Postal Code .............226016
Billing Phone Number ............+86.053281241156
Billing Fax .....................+86.053281241156
Billing Email ...................janeob@126.com
Technical ID ....................V-X-59425-16306
Technical Name ..................SONG BOLIANG
Technical Organization...........SONG BOLIANG
Technical Address ...............HUANZHUGUANGCHANG31
Technical City...................QD
Technical Province/State.........SD
Technical Country Code ..........CN
Technical Postal Code ...........226016
Technical Phone Number ..........+86.053281241156
Technical Fax ...................+86.053281241156
Technical Email .................janeob@126.com
; Please register your domains at
; http://www.namerich.cn
WhoIs server: whois.namerich.cn
Posts
3 comments:
Oh God! One of my friend was hacked. It also tweets their exploit to other people.
Thanks to the info.As frequent visitor of your site I have a suggestion. That is even though most contents are very useful, it is bit hard to follow. And also the font size.
There's more than meets the eye and this person has been at it since 2005 using various domains as different vehicles for the sole purpose of Identity Theft. I posted a nice dig on the Web of Trust forum
I've decided to include it for the folks who subscribe to hpHosts Blog:
-------------
PHISHing through an assortment of methods from MysteryFCM's Twishing to fraudulent websites.offering fake employment opportunities to fake PC error fixes (backdoor Trojans no doubt).
cheapdrugneeded.com - whois
Created: 2008-11-06
Expires: 2009-11-06
Updated: 2009-05-24
IP Address: 61.155.5.48 - One other site is hosted on this server (cheapdragsneeded.com)
Registration Service Provided By: NameCheap.com
cheapdragsneeded.com - whois
Created: 2008-11-06
Expires: 2009-11-06
Updated: 2008-11-06
IP Address: 61.155.5.48 - One other site is hosted on this server (cheapdrugneeded.com)
"cybert" owns about 1 other domains
A simple Google search reveals regupdate.net mentioned at lists.sans.org and at lists.virus.org
Which leads us to regupdate.net, hosted on a shared server.
For example, let's take this fake employment opportunity site: jameson-recruitment.com
Evidence that this domain is a fraud / scam may be found at bobbear.co.uk and here at scamfraudalert.wordpress.com
jameson-recruitment.com is hosted on IP: 124.94.101.13 - robtex
Base IPs: 61.155.5.47 and 61.155.5.48
LISTED IN BLACKLIST!
dnsbl.sorbs.net
dul.dnsbl.sorbs.net
no-more-funn.moensted.dk
Without further ado here are the IP's and domain names of this PHISHer:
61.155.5.47
61.155.5.48
cheapdragsneeded.com
cheapdrugneeded.com
mail.cheapdragsneeded.com
mail.cheapdrugneeded.com
ns1.cheapdrugneeded.com
ns2.cheapdrugneeded.com
ns3.cheapdrugneeded.com
124.94.101.13
email-letterhead.net
jameson-recruitment.com
klick-tipp.org
top-hit.org
rnyspece.com
verifiylogin.com
mail.email-letterhead.net
mail.klick-tipp.org
mail.rnyspece.com
mail.top-hit.org
regupdate.net
Post a Comment