nettime's_deadman_switch on Thu, 24 Jul 2008 03:48:35 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> Karadzic's website digest [x3: Spaink, Wilson, Young]


Re: <nettime> Karadzic's website
     Karin Spaink <[email protected]>
     "Matthew Wilson" <[email protected]>
     John Young <[email protected]>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

From: Karin Spaink <[email protected]>
Subject: Re: <nettime> Karadzic's website
Date: Wed, 23 Jul 2008 13:20:32 +0200

On Jul 23, 2008, at 04:53 , t byfield wrote:

> <http://dragandabic.com/>
> [..]
>
> Archive.org has never heard of it, and Dreamhost will very likely
> dump it soon, so I've archived a copy at the URL below.

I'm not sure the site is authentic. Look at the registration date:

   Domain Name: DRAGANDABIC.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com
   Name Server: NS1.DREAMHOST.COM
   Name Server: NS2.DREAMHOST.COM
   Name Server: NS3.DREAMHOST.COM
   Status: clientTransferProhibited
   Updated Date: 22-jul-2008
   Creation Date: 22-jul-2008
   Expiration Date: 22-jul-2009

 >>> Last update of whois database: Wed, 23 Jul 2008 07:16:56 EDT <<<


- K -

[Woman embraces Christina] Christina: Ow. Ow. Ehm. Ow.
Woman: Whoops. Sorry. Am I hurting you?
Christina: Ehm, no. You're _touching_ me.
  - Grey's Antomy, s2e15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Wed, 23 Jul 2008 17:06:37 +0200
From: "Matthew Wilson" <[email protected]>
Subject: Re: <nettime> Karadzic's website

Domain Name: DRAGANDABIC.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.DREAMHOST.COM
Name Server: NS2.DREAMHOST.COM
Name Server: NS3.DREAMHOST.COM
Status: clientTransferProhibited
Updated Date: 22-jul-2008
Creation Date: 22-jul-2008
Expiration Date: 22-jul-2009

On 7/23/08, t byfield <[email protected]> wrote:
>
> <http://dragandabic.com/>
 <...>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Wed, 23 Jul 2008 19:32:48 -0400
From: John Young <[email protected]>
Subject: Re: <nettime> Karadzic's website

A writes to Cryptome 23 July 2008:

regarding the supposed dragan website, is it really a coincidence that it
expires 22.09.2009 - was it registered yesterday for 1 year?

A quick inspection of the HTTP headers show us that my request for his face:

GET http://dragandabic.com/dragan-dabic.jpg HTTP/1.1
Host: dragandabic.com
User-Agent: Mozilla/5.0
Accept: image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset:utf-8
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://paranoia.no/

Gives this response:

HTTP/1.1 200 OK
Date: Wed, 23 Jul 2008 22:20:11 GMT
Server: Apache/2.0.61 (Unix) PHP/4.4.7 mod_ssl/2.0.61 OpenSSL/0.9.7e
mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2
Last-Modified: Tue, 22 Jul 2008 13:49:36 GMT
ETag: "2c68807-3ed2-18303c00"
Accept-Ranges: bytes
Content-Length: 16082
Content-Type: image/jpeg

Last-Modified being the timestamp from the file on the server.

And that it's registered to an obvious front for what looks like a
registrar service, but whos webpages
are all full of google ads for other registrars?

Domain name: dragandabic.com

Registrant Contact:
    Whois Privacy Protection Service, Inc.
    Whois Agent

    PMB 368, 14150 NE 20th St - F1
    C/O dragandabic.com
    Bellevue, WA 98007
    US

Administrative Contact:
    Whois Privacy Protection Service, Inc.
    Whois Agent ([email protected])
    +1.4252740657
    Fax: +1.4256960234
    PMB 368, 14150 NE 20th St - F1
    C/O dragandabic.com
    Bellevue, WA 98007
    US

Technical Contact:
    Whois Privacy Protection Service, Inc.
    Whois Agent ([email protected])
    +1.4252740657
    Fax: +1.4256960234
    PMB 368, 14150 NE 20th St - F1
    C/O dragandabic.com
    Bellevue, WA 98007
    US

Status: Locked

Name Servers:
    ns1.dreamhost.com
    ns2.dreamhost.com
    ns3.dreamhost.com

Creation date:
Expiration date: 22 Jul 2009 13:25:00

..

$ host -t mx whoisprivacyprotect.com
whoisprivacyprotect.com mail is handled by 5 eforwardct.name-services.com.
whoisprivacyprotect.com mail is handled by 10 eforward3.name-services.com.

The web pages of name-services.com contains the same google ads farm as
whoisprivacyprotect.com

$ host eforwardct.name-services.com
eforwardct.name-services.com has address 216.163.188.58

$ whois 216.163.188.58

OrgName:    Commtouch Software Inc.
OrgID:      COMMTO
Address:    2029 Stierlin Court
City:       Mountain View
StateProv:  CA
PostalCode: 94303
Country:    US

NetRange:   216.163.176.0 - 216.163.191.255
CIDR:       216.163.176.0/20
NetName:    COMMTOUCH-INC
NetHandle:  NET-216-163-176-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.CTMAIL.COM
NameServer: NS2.CTMAIL.COM
Comment:
RegDate:    1999-09-01
Updated:    2002-03-25

and as a final correlation for the theory of the whole thing being put
together yesterday:

$ host -t soa dragandabic.com
dragandabic.com has SOA record ns1.dreamhost.com. hostmaster.dreamhost.com.
2008072202 16220 1800 1814400 14400

That's when dreamhost last edited the dns zone, 2008 07 22. And it was
modified twice before on that day too - hence the "02" at the end, instead of
"00" which would be the first edit of the day.


A blatant hoax and nothing else.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mail.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: [email protected]