[SURBL-Discuss] Weird TLD/site in Phish

Chris Santerre csanterre at MerchantsOverseas.com
Thu May 25 17:13:38 CEST 2006


Thanks. One of our guys says it is infact a hacked legit site. Albeit for
bricks :) So Like you said, it might be fine to list until it is taken down.
Hell it may be the only way they realise they got hacked! :) 

--Chris 

> -----Original Message-----
> From: Jeff Chan [mailto:jeffc at surbl.org]
> Sent: Thursday, May 25, 2006 11:07 AM
> To: Chris Santerre
> Cc: 'SURBL Discussion list'
> Subject: Re: [SURBL-Discuss] Weird TLD/site in Phish
> 
> 
> On Thursday, May 25, 2006, 7:09:26 AM, Chris Santerre wrote:
> > Thanks, I actually sent this to the wrong list :) But does 
> anyone know how
> > to read er... yugoslavian? I don't want to Blacklist 
> without knowing more
> > about the site. Could be a free hoster or something. 
> 
> I usually look at whois or DNS, but in this case there's nothing
> too useful:
> 
> 
>    Domain Name: ZORKA-OPEKA.CO.YU
>    Namespace: ICANN Country Code Top Level Domain - 
> http://www.icann.org
>    TLD Info: See IANA Whois - http://www.iana.org/root-whois/yu.htm
>    Registry: Registry information not yet configured
>    Registrar: Registry information not yet configured
>    Whois Server: (none)
>    Name Server[from dns, dns ip]: NS3.LOOPIA.SE 194.9.94.245
>    Name Server[from dns, dns ip]: NS4.LOOPIA.SE 194.9.95.245
> 
> [DNS Information for ZORKA-OPEKA.CO.YU]
> Trying "ZORKA-OPEKA.CO.YU"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58580
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;ZORKA-OPEKA.CO.YU.             IN      ANY
> 
> ;; ANSWER SECTION:
> ZORKA-OPEKA.CO.YU.      59      IN      NS      ns4.loopia.se.
> ZORKA-OPEKA.CO.YU.      59      IN      NS      ns3.loopia.se.
> 
> ;; AUTHORITY SECTION:
> ZORKA-OPEKA.CO.YU.      59      IN      NS      ns4.loopia.se.
> ZORKA-OPEKA.CO.YU.      59      IN      NS      ns3.loopia.se.
> 
> ;; ADDITIONAL SECTION:
> ns3.loopia.se.          3599    IN      A       194.9.94.245
> ns4.loopia.se.          3599    IN      A       194.9.95.245
> 
> Received 140 bytes from 216.151.192.1#53 in 3 ms
> 
> 
> 
> Non-authoritative answer:
> ZORKA-OPEKA.CO.YU
>         origin = ns3.loopia.se
>         mail addr = registry.loopia.se
>         serial = 1146743921
>         refresh = 10800
>         retry = 3600
>         expire = 25200
>         minimum = 86400
> 
> Authoritative answers can be found from:
> ZORKA-OPEKA.CO.YU       nameserver = ns3.loopia.se.
> ZORKA-OPEKA.CO.YU       nameserver = ns4.loopia.se.
> ns3.loopia.se   internet address = 194.9.94.245
> ns4.loopia.se   internet address = 194.9.95.245
> 
> 
> Non-authoritative answer:
> Name:   ZORKA-OPEKA.CO.YU
> Address: 195.178.52.202
> 
> 
> Looks like it has about 7 google hits, so it's probably not a
> huge loss if blacklisted, especially if it's un-blacklisted when
> the phishing site goes away.
> 
> BTW, while the Soviet Union no longer exists, the .su domain
> still does, though we thought some of the domains on it were
> dubious.
> 
> Jeff C.
> --
> Don't harm innocent bystanders.
> 


More information about the Discuss mailing list