[SURBL-Discuss] Weird TLD/site in Phish

Jeff Chan jeffc at surbl.org
Thu May 25 17:06:57 CEST 2006


On Thursday, May 25, 2006, 7:09:26 AM, Chris Santerre wrote:
> Thanks, I actually sent this to the wrong list :) But does anyone know how
> to read er... yugoslavian? I don't want to Blacklist without knowing more
> about the site. Could be a free hoster or something. 

I usually look at whois or DNS, but in this case there's nothing
too useful:


   Domain Name: ZORKA-OPEKA.CO.YU
   Namespace: ICANN Country Code Top Level Domain - http://www.icann.org
   TLD Info: See IANA Whois - http://www.iana.org/root-whois/yu.htm
   Registry: Registry information not yet configured
   Registrar: Registry information not yet configured
   Whois Server: (none)
   Name Server[from dns, dns ip]: NS3.LOOPIA.SE 194.9.94.245
   Name Server[from dns, dns ip]: NS4.LOOPIA.SE 194.9.95.245

[DNS Information for ZORKA-OPEKA.CO.YU]
Trying "ZORKA-OPEKA.CO.YU"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58580
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ZORKA-OPEKA.CO.YU.             IN      ANY

;; ANSWER SECTION:
ZORKA-OPEKA.CO.YU.      59      IN      NS      ns4.loopia.se.
ZORKA-OPEKA.CO.YU.      59      IN      NS      ns3.loopia.se.

;; AUTHORITY SECTION:
ZORKA-OPEKA.CO.YU.      59      IN      NS      ns4.loopia.se.
ZORKA-OPEKA.CO.YU.      59      IN      NS      ns3.loopia.se.

;; ADDITIONAL SECTION:
ns3.loopia.se.          3599    IN      A       194.9.94.245
ns4.loopia.se.          3599    IN      A       194.9.95.245

Received 140 bytes from 216.151.192.1#53 in 3 ms



Non-authoritative answer:
ZORKA-OPEKA.CO.YU
        origin = ns3.loopia.se
        mail addr = registry.loopia.se
        serial = 1146743921
        refresh = 10800
        retry = 3600
        expire = 25200
        minimum = 86400

Authoritative answers can be found from:
ZORKA-OPEKA.CO.YU       nameserver = ns3.loopia.se.
ZORKA-OPEKA.CO.YU       nameserver = ns4.loopia.se.
ns3.loopia.se   internet address = 194.9.94.245
ns4.loopia.se   internet address = 194.9.95.245


Non-authoritative answer:
Name:   ZORKA-OPEKA.CO.YU
Address: 195.178.52.202


Looks like it has about 7 google hits, so it's probably not a
huge loss if blacklisted, especially if it's un-blacklisted when
the phishing site goes away.

BTW, while the Soviet Union no longer exists, the .su domain
still does, though we thought some of the domains on it were
dubious.

Jeff C.
--
Don't harm innocent bystanders.



More information about the Discuss mailing list