Thanks. One of our guys says it is infact a hacked legit site. Albeit for bricks :) So Like you said, it might be fine to list until it is taken down. Hell it may be the only way they realise they got hacked! :)
--Chris
-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Thursday, May 25, 2006 11:07 AM To: Chris Santerre Cc: 'SURBL Discussion list' Subject: Re: [SURBL-Discuss] Weird TLD/site in Phish
On Thursday, May 25, 2006, 7:09:26 AM, Chris Santerre wrote:
Thanks, I actually sent this to the wrong list :) But does
anyone know how
to read er... yugoslavian? I don't want to Blacklist
without knowing more
about the site. Could be a free hoster or something.
I usually look at whois or DNS, but in this case there's nothing too useful:
Domain Name: ZORKA-OPEKA.CO.YU Namespace: ICANN Country Code Top Level Domain - http://www.icann.org TLD Info: See IANA Whois - http://www.iana.org/root-whois/yu.htm Registry: Registry information not yet configured Registrar: Registry information not yet configured Whois Server: (none) Name Server[from dns, dns ip]: NS3.LOOPIA.SE 194.9.94.245 Name Server[from dns, dns ip]: NS4.LOOPIA.SE 194.9.95.245
[DNS Information for ZORKA-OPEKA.CO.YU] Trying "ZORKA-OPEKA.CO.YU" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58580 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;ZORKA-OPEKA.CO.YU. IN ANY
;; ANSWER SECTION: ZORKA-OPEKA.CO.YU. 59 IN NS ns4.loopia.se. ZORKA-OPEKA.CO.YU. 59 IN NS ns3.loopia.se.
;; AUTHORITY SECTION: ZORKA-OPEKA.CO.YU. 59 IN NS ns4.loopia.se. ZORKA-OPEKA.CO.YU. 59 IN NS ns3.loopia.se.
;; ADDITIONAL SECTION: ns3.loopia.se. 3599 IN A 194.9.94.245 ns4.loopia.se. 3599 IN A 194.9.95.245
Received 140 bytes from 216.151.192.1#53 in 3 ms
Non-authoritative answer: ZORKA-OPEKA.CO.YU origin = ns3.loopia.se mail addr = registry.loopia.se serial = 1146743921 refresh = 10800 retry = 3600 expire = 25200 minimum = 86400
Authoritative answers can be found from: ZORKA-OPEKA.CO.YU nameserver = ns3.loopia.se. ZORKA-OPEKA.CO.YU nameserver = ns4.loopia.se. ns3.loopia.se internet address = 194.9.94.245 ns4.loopia.se internet address = 194.9.95.245
Non-authoritative answer: Name: ZORKA-OPEKA.CO.YU Address: 195.178.52.202
Looks like it has about 7 google hits, so it's probably not a huge loss if blacklisted, especially if it's un-blacklisted when the phishing site goes away.
BTW, while the Soviet Union no longer exists, the .su domain still does, though we thought some of the domains on it were dubious.
Jeff C.
Don't harm innocent bystanders.