[SURBL-Discuss] Weird TLD/site in Phish
List Mail User
track at Plectere.com
Fri May 26 05:03:56 CEST 2006
>> -----Original Message-----
>> From: Larry Rosenman [mailto:ler at lerctr.org]
>> Sent: Thursday, May 25, 2006 9:53 AM
>> To: 'SURBL Discussion list'
>> Subject: RE: [SURBL-Discuss] Weird TLD/site in Phish
>> Chris Santerre wrote:
>> > I have no idea if this is a legit site hijacked, bad site,
>> or a secret
>> > society of the Illuminati!
>> > http://www.zorka-opeka.co.yu/-/
>> > .yu ??????? Yugoslavia?
>Thanks, I actually sent this to the wrong list :) But does anyone know how
>to read er... yugoslavian? I don't want to Blacklist without knowing more
>about the site. Could be a free hoster or something.
>Discuss mailing list
>Discuss at lists.surbl.org
It looks like a once legitimate site, now compromised. No need
to read anything but English - It is a fake PayPal/eBay login page (phishing)
all in English. The ".yu" TLD never did register a Whois server, and while
still active *should* not have much left (even less now that Serbia and
Montenegro have just voted to split).
The hosts DNS places it in a very old /29 net-block (with all
.yu contacts), and the DNS is from loopia.se with TTLs varying from
60 seconds to 1 hour.
Anyway, bogus phishing site - Blacklist them until it is fixed (if
track at plectere.com
P.S. At least it isn't another NetSol domain registered to Sava Milosevic;
There have been a lot of those in the past year.
More information about the Discuss