A large number of phishing sites targeting Japan were created in the .ci domain (ccTLD of Cote d’Ivoire). This attack lasted about a month, from about mid-May to June 14. I have identified approximately 10,000 malicious FQDNs. With the help of nic.ci and ARTCI, the Registry in Cote d’Ivoire(a.k.a. Ivory Coast), all these malicious domains were shut down. This article describes how it happened. Wha