[artinfo] Fwd:Re:Karadzic's website

± b2 at c3.hu
Thu Jul 24 13:40:37 CEST 2008


>Date: Wed, 23 Jul 2008 19:32:48 -0400
>From: John Young <jya at pipeline.com>
>Subject: Re: <nettime> Karadzic's website
>
>A writes to Cryptome 23 July 2008:
>
>regarding the supposed dragan website, is it really a coincidence that it
>expires 22.09.2009 - was it registered yesterday for 1 year?
>
>A quick inspection of the HTTP headers show us that my request for his face:
>
>GET http://dragandabic.com/dragan-dabic.jpg HTTP/1.1
>Host: dragandabic.com
>User-Agent: Mozilla/5.0
>Accept: image/png,*/*;q=0.5
>Accept-Language: en-us,en;q=0.5
>Accept-Charset:utf-8
>Keep-Alive: 300
>Proxy-Connection: keep-alive
>Referer: http://paranoia.no/
>
>Gives this response:
>
>HTTP/1.1 200 OK
>Date: Wed, 23 Jul 2008 22:20:11 GMT
>Server: Apache/2.0.61 (Unix) PHP/4.4.7 mod_ssl/2.0.61 OpenSSL/0.9.7e
>mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2
>Last-Modified: Tue, 22 Jul 2008 13:49:36 GMT
>ETag: "2c68807-3ed2-18303c00"
>Accept-Ranges: bytes
>Content-Length: 16082
>Content-Type: image/jpeg
>
>Last-Modified being the timestamp from the file on the server.
>
>And that it's registered to an obvious front for what looks like a
>registrar service, but whos webpages
>are all full of google ads for other registrars?
>
>Domain name: dragandabic.com
>
>Registrant Contact:
>    Whois Privacy Protection Service, Inc.
>    Whois Agent
>
>    PMB 368, 14150 NE 20th St - F1
>    C/O dragandabic.com
>    Bellevue, WA 98007
>    US
>
>Administrative Contact:
>    Whois Privacy Protection Service, Inc.
>    Whois Agent (mkhsbymxd at whoisprivacyprotect.com)
>    +1.4252740657
>    Fax: +1.4256960234
>    PMB 368, 14150 NE 20th St - F1
>    C/O dragandabic.com
>    Bellevue, WA 98007
>    US
>
>Technical Contact:
>    Whois Privacy Protection Service, Inc.
>    Whois Agent (mkhsbymxd at whoisprivacyprotect.com)
>    +1.4252740657
>    Fax: +1.4256960234
>    PMB 368, 14150 NE 20th St - F1
>    C/O dragandabic.com
>    Bellevue, WA 98007
>    US
>
>Status: Locked
>
>Name Servers:
>    ns1.dreamhost.com
>    ns2.dreamhost.com
>    ns3.dreamhost.com
>
>Creation date:
>Expiration date: 22 Jul 2009 13:25:00
>
>..
>
>$ host -t mx whoisprivacyprotect.com
>whoisprivacyprotect.com mail is handled by 5 eforwardct.name-services.com.
>whoisprivacyprotect.com mail is handled by 10 eforward3.name-services.com.
>
>The web pages of name-services.com contains the same google ads farm as
>whoisprivacyprotect.com
>
>$ host eforwardct.name-services.com
>eforwardct.name-services.com has address 216.163.188.58
>
>$ whois 216.163.188.58
>
>OrgName:    Commtouch Software Inc.
>OrgID:      COMMTO
>Address:    2029 Stierlin Court
>City:       Mountain View
>StateProv:  CA
>PostalCode: 94303
>Country:    US
>
>NetRange:   216.163.176.0 - 216.163.191.255
>CIDR:       216.163.176.0/20
>NetName:    COMMTOUCH-INC
>NetHandle:  NET-216-163-176-0-1
>Parent:     NET-216-0-0-0-0
>NetType:    Direct Assignment
>NameServer: NS1.CTMAIL.COM
>NameServer: NS2.CTMAIL.COM
>Comment:
>RegDate:    1999-09-01
>Updated:    2002-03-25
>
>and as a final correlation for the theory of the whole thing being put
>together yesterday:
>
>$ host -t soa dragandabic.com
>dragandabic.com has SOA record ns1.dreamhost.com. hostmaster.dreamhost.com.
>2008072202 16220 1800 1814400 14400
>
>That's when dreamhost last edited the dns zone, 2008 07 22. And it was
>modified twice before on that day too - hence the "02" at the end, instead of
>"00" which would be the first edit of the day.
>
>
>A blatant hoax and nothing else.
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



More information about the Artinfo mailing list