[SURBL-Discuss] Weird TLD/site in Phish

List Mail User track at Plectere.com
Fri May 26 05:03:56 CEST 2006

>> -----Original Message-----
>> From: Larry Rosenman [mailto:ler at lerctr.org]
>> Sent: Thursday, May 25, 2006 9:53 AM
>> To: 'SURBL Discussion list'
>> Subject: RE: [SURBL-Discuss] Weird TLD/site in Phish
>> Chris Santerre wrote:
>> > I have no idea if this is a legit site hijacked, bad site, 
>> or a secret
>> > society of the Illuminati!
>> > 
>> > http://www.zorka-opeka.co.yu/-/
>> > 
>> > .yu  ???????  Yugoslavia?
>> yep.
>> http://www.iana.org/cctld/cctld-whois.htm
>> LER
>Thanks, I actually sent this to the wrong list :) But does anyone know how
>to read er... yugoslavian? I don't want to Blacklist without knowing more
>about the site. Could be a free hoster or something. 
>Discuss mailing list
>Discuss at lists.surbl.org

	It looks like a once legitimate site, now compromised.  No need
to read anything but English - It is a fake PayPal/eBay login page (phishing)
all in English.  The ".yu" TLD never did register a Whois server, and while
still active *should* not have much left (even less now that Serbia and
Montenegro have just voted to split).

	The hosts DNS places it in a very old /29 net-block (with all
.yu contacts), and the DNS is from loopia.se with TTLs varying from
60 seconds to 1 hour.

	Anyway, bogus phishing site - Blacklist them until it is fixed (if

	Paul Shupak
	track at plectere.com

P.S. At least it isn't another NetSol domain registered to Sava Milosevic;
There have been a lot of those in the past year.

More information about the Discuss mailing list