When phishing was young, many phishers registered lookalike domains, along the lines of bankofamerika.com, login-chase.com, and paypal-account-verification.com.

Eventually most of the phishing gangs moved on to random domains in far-away countries and just prepended the domain to create host names along the lines of www.bankofamerica.com.444hzjr4zp2b8oacgd.org.ve, www.chase.com.host8.asia, and www.paypal.com.dll-s.eu.

But every now and then we run into new fraud sites that are using the old school tricks.