-----Original Message----- From: Larry Rosenman [mailto:ler@lerctr.org] Sent: Thursday, May 25, 2006 9:53 AM To: 'SURBL Discussion list' Subject: RE: [SURBL-Discuss] Weird TLD/site in Phish
Chris Santerre wrote:
I have no idea if this is a legit site hijacked, bad site,
or a secret
society of the Illuminati!
http://www.zorka-opeka.co.yu/-/
.yu ??????? Yugoslavia?
yep.
http://www.iana.org/cctld/cctld-whois.htm
LER
Thanks, I actually sent this to the wrong list :) But does anyone know how to read er... yugoslavian? I don't want to Blacklist without knowing more about the site. Could be a free hoster or something.
--Chris _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
It looks like a once legitimate site, now compromised. No need to read anything but English - It is a fake PayPal/eBay login page (phishing) all in English. The ".yu" TLD never did register a Whois server, and while still active *should* not have much left (even less now that Serbia and Montenegro have just voted to split).
The hosts DNS places it in a very old /29 net-block (with all .yu contacts), and the DNS is from loopia.se with TTLs varying from 60 seconds to 1 hour.
Anyway, bogus phishing site - Blacklist them until it is fixed (if ever).
Paul Shupak track@plectere.com
P.S. At least it isn't another NetSol domain registered to Sava Milosevic; There have been a lot of those in the past year.