funsec mailing list archives

Re: Is XUQA.com phishing for email passwords?

From: Gregory Hicks <ghicks () cadence com>
Date: Tue, 11 Apr 2006 10:23:33 -0700 (PDT)

From: "Richard M. Smith" <rms () bsf-llc com>
To: <funsec () linuxbox org>
Date: Tue, 11 Apr 2006 13:09:40 -0400
Subject: [funsec] Is XUQA.com phishing for email passwords?


I would say "phishing" but I'm not an expert.  How can one person be in 
Williamstown and Karachi, Pakistan at the same time?  (see whois data below)

[DOMAIN whois information for XUQA.COM ]
   Domain Name: XUQA.COM
   Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org
   TLD Info: See IANA Whois - http://www.iana.org/root-whois/com.htm
   Registry: VeriSign, Inc. - http://www.verisign-grs.com
   Registrar: TUCOWS INC. - http://domainhelp.tucows.com
   Whois Server: whois.opensrs.net
   Name Server[whois+dns with ip] PDNS3.ULTRADNS.ORG 199.7.68.1
   Name Server[whois+dns with ip] PDNS4.ULTRADNS.ORG 199.7.69.1
   Name Server[whois+dns with ip] PDNS1.ULTRADNS.NET 204.74.108.1
   Name Server[whois+dns with ip] PDNS2.ULTRADNS.NET 204.74.109.1
   Name Server[whois+dns with ip] PDNS5.ULTRADNS.INFO 204.74.114.1
   Name Server[from whois+dns, dns ip]: PDNS6.ULTRADNS.CO.UK 204.74.115.1
   Updated Date: 20-Feb-2006
   Creation Date: 09-Sep-2005
   Expiration Date: 09-Sep-2006
   Status: ACTIVE
[whois.opensrs.net]
Registrant:
 Iventster
 88 Linden Street
 Williamstown, MA 01267
 US

 Domain name: XUQA.COM

 Administrative Contact:
    Hussain, Murtaza  Murtaza.M.Hussain () williams edu
    88 Linden Street
    Williamstown, MA 01267
    US
    1.413.884.1046
 Technical Contact:
    Group, Azadi  Murtaza.M.Hussain () williams edu
    404 18/A Block 6 PECHS
    Karachi, Pakistan 11111
    PK
    +92.21.4557125


 Registration Service Provider:
    Sago Networks, hostmaster () sagonet com
    813-839-7242
    http://www.sagonet.com/
    This company may be contacted for domain login/passwords,
    DNS/Nameserver changes, and general domain support questions.


 Registrar of Record: TUCOWS, INC.
 Record last updated on 20-Feb-2006.
 Record expires on 09-Sep-2006.
 Record created on 09-Sep-2005.

 Domain servers in listed order:
    PDNS1.ULTRADNS.NET   204.74.108.1
    PDNS3.ULTRADNS.ORG   
    PDNS2.ULTRADNS.NET   204.74.109.1
    PDNS6.ULTRADNS.CO.UK   
    PDNS5.ULTRADNS.INFO   
    PDNS4.ULTRADNS.ORG   


 Domain status: ACTIVE


-------------------------------------------------------------------
Gregory Hicks                        | Principal Systems Engineer
Cadence Design Systems               | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1          | Fax:      408.894.3400
San Jose, CA 95134                   | Internet: ghicks () cadence com

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Is XUQA.com phishing for email passwords? Richard M. Smith (Apr 11)
- <Possible follow-ups>
- Re: Is XUQA.com phishing for email passwords? Gregory Hicks (Apr 11)
  - Re: Is XUQA.com phishing for email passwords? Jeff Rosowski (Apr 12)
    - RE: Is XUQA.com phishing for email passwords? Stephen Villano (Apr 13)