\nDate: Thu, 01 Sep 2011 09:11:00 +0200<\/em>
\nFrom: gayroobaoll <gayroobaoll@o2.pl><\/em>
\nTo: pi3@itsec.pl<\/em>
\nSubject:<\/em><\/p>\n
Chcesz, http:\/\/facebook.com\/100002779484440<\/em><\/p>\n — CUT —<\/em><\/p>\n As we can see, there is no subject, mail include link to someone’s facebook profile and has got only one Polish world (yes, this is attack for the Polish ppl). “Chcesz” means “Do you want”. Strange, dosn’t it? Mail was send from the Polish portal (o2.pl) – free mails.<\/p>\n OK \ud83d\ude09 Let’s check this profile…<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n Hm… interesting \ud83d\ude09 In the section “About” we can find Polish sentence: “Cze\u015b\u0107. Chcesz si\u0119 pozna\u0107. Co prawda tu rzadko bywam, wi\u0119cej pisz\u0119 na – www.relithibi.com\/-lenaa pisz do mnie.” which can be translated to: “Hi. I want to meet you. To be honest, I’m here very rarely, I’m more active here – www.relithibi.com\/-lenaa contact with me.” But in the section personal web page we can find different link:<\/p>\n http:\/\/agagwhili.com\/-lenaa<\/p>\n But this two different URLs go to the same site http:\/\/randkipl.com\/user.php?page=id&id=16112<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n OK. What is important here? Anything what we can press on this site forward us to the registration form \ud83d\ude09 On the left site of this page we can see smth like chat box, but it isn’t. This is static talk (maybe sniffed somewhere else) which is always the same. Whenever we visit this page we can see exactly the same talk and sentence sent from the same nicknames. This talk suggest of course sex propositions \ud83d\ude09 But what is important this site detect from which IP address we visit this page and tries to get the possible city from where our IP are and resolve the name of the city and put to the chat box \ud83d\ude09 This is nice social engineering trick \ud83d\ude09 The same situation is in the middle of the site, where is information about profile which we visit. Of course the city name is the same which page detect and the same situation is with the country \ud83d\ude09 Of course in this profile is written that this woman are looking for a men who want to have sex with her \ud83d\ude09 OK. So I thing this is good moment to check in more details the email which I received. Here is full headers:<\/p>\n — CUT —<\/em> The real IP address of someone\/something who sent this mail is: 115.132.51.92 — CUT —<\/em> whois database:<\/p>\n — CUT —<\/em> inetnum:\u00a0\u00a0\u00a0\u00a0\u00a0 115.132.0.0 – 115.135.255.255<\/em> person:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Siti Fuwaizah Mohd. Ghazali<\/em> person:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 EMRAN AHMED KAMAL<\/em> So… of course IP address is “somewhere” \ud83d\ude09 In this case Malaysia Telekom is owner. Greetings for Polish ppl in Malaysia ;p xprobe2 says this is Apple machine:<\/p>\n — CUT —<\/em> Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu<\/em><\/p>\n [+] Target is 115.132.51.92<\/em> OK. So let’s check who register randkipl.com domain:<\/p>\n — CUT —<\/em> >>> Last update of whois database: Thu, 01 Sep 2011 19:53:13 UTC <<<<\/em><\/p>\n …<\/em> The Registry database contains ONLY .COM, .NET, .EDU domains and<\/em> Domain Name: RANDKIPL.COM <\/em><\/p>\n Registrant:<\/em> Creation Date: 26-Nov-2010 \u00a0<\/em> Domain servers in listed order:<\/em> Administrative Contact:<\/em> Technical Contact:<\/em> \u00a0\u00a0\u00a0 ID#10760, PO Box 16<\/em> Billing Contact:<\/em> Status:LOCKED<\/em> Hm… All contact suggest the owner is somewhere in Australia (AU) but telephone number has prefix — CUT —<\/em> More information:<\/p>\n — CUT —<\/em>![\"\"](\"http:\/\/blog.pi3.com.pl\/wp-content\/uploads\/2011\/09\/facebook_1.png\" "\\"facebook_1\\"")
<\/a><\/p>\n<\/a>\u00a0 <\/a><\/p>\n<\/a><\/a><\/p>\n
\nOf course site tries to remember visitors (cookies) and not change so often the city name when we use different IPs.<\/p>\n
\nReturn-Path: <gayroobaoll@o2.pl><\/em>
\nX-Original-To: pi3@itsec.pl<\/em>
\nDelivered-To: pi3@itsec.pl<\/em>
\nReceived: by itsec.pl (Postfix, from userid 1004)<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 id 97D164CE13; Thu,\u00a0 1 Sep 2011 09:00:43 +0200 (CEST)<\/em>
\nX-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on itsec.pl<\/em>
\nX-Spam-Level:<\/em>
\nX-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RCVD_IN_DNSWL_NONE,SPF_PASS,TVD_SPACE_RATIO,T_TO_NO_BRKTS_FREEMAIL<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 autolearn=ham version=3.3.2<\/em>
\nReceived: from mailout1.go2.pl (mailout1.go2.pl [193.17.41.11])<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 by itsec.pl (Postfix) with ESMTP id 84CF931F96<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 for <pi3@itsec.pl>; Thu,\u00a0 1 Sep 2011 09:00:24 +0200 (CEST)<\/em>
\nReceived: from mailout1.go2.pl (unknown [10.0.0.103])<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 by mailout1.go2.pl (Postfix) with ESMTP id BEDA05D5158<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 for <pi3@itsec.pl>; Thu,\u00a0 1 Sep 2011 09:11:01 +0200 (CEST)<\/em>
\nReceived: from o2.pl (unknown [10.0.0.40])<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 by mailout1.go2.pl (Postfix) with SMTP<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 for <pi3@itsec.pl>; Thu,\u00a0 1 Sep 2011 09:11:01 +0200 (CEST)<\/em>
\nSubject:<\/em>
\nFrom: gayroobaoll <gayroobaoll@o2.pl><\/em>
\nTo: pi3@itsec.pl<\/em>
\nMime-Version: 1.0<\/em>
\nMessage-ID: <1a68707d.72ac5cea.4e5f3004.83a38@o2.pl><\/em>
\nDate: Thu, 01 Sep 2011 09:11:00 +0200<\/em>
\nX-Originator: 115.132.51.92<\/em>
\nContent-Type: text\/plain; charset=”UTF-8″<\/em>
\nContent-Transfer-Encoding: quoted-printable<\/em>
\n— CUT —<\/em><\/p>\n
\nThis IP address alive and reply for ICMP-echo message:<\/p>\n
\n# ping 115.132.51.92<\/em>
\nPING 115.132.51.92 (115.132.51.92) 56(84) bytes of data.<\/em>
\n64 bytes from 115.132.51.92: icmp_req=1 ttl=50 time=365 ms<\/em>
\n64 bytes from 115.132.51.92: icmp_req=2 ttl=50 time=363 ms<\/em>
\n64 bytes from 115.132.51.92: icmp_req=3 ttl=50 time=362 ms<\/em>
\n^C<\/em>
\n— 115.132.51.92 ping statistics —<\/em>
\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms<\/em>
\nrtt min\/avg\/max\/mdev = 362.722\/363.863\/365.174\/1.225 ms<\/em>
\n— CUT —<\/em><\/p>\n
\n# whois 115.132.51.92<\/em>
\n% [whois.apnic.net node-2]<\/em>
\n% Whois data copyright terms\u00a0\u00a0\u00a0 http:\/\/www.apnic.net\/db\/dbcopyright.html<\/em><\/p>\n
\nnetname:\u00a0\u00a0\u00a0\u00a0\u00a0 ADSLSTREAMYX<\/em>
\ndescr:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CORE IP NETWORK DEVELOPMENT,<\/em>
\ndescr:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TELEKOM MALAYSIA BERHAD<\/em>
\ncountry:\u00a0\u00a0\u00a0\u00a0\u00a0 MY<\/em>
\nadmin-c:\u00a0\u00a0\u00a0\u00a0\u00a0 SM135-AP<\/em>
\ntech-c:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 EAK2-AP<\/em>
\nstatus:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALLOCATED PORTABLE<\/em>
\nremarks:\u00a0\u00a0\u00a0\u00a0\u00a0 -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+<\/em>
\nremarks:\u00a0\u00a0\u00a0\u00a0\u00a0 This object can only be updated by APNIC hostmasters.<\/em>
\nremarks:\u00a0\u00a0\u00a0\u00a0\u00a0 To update this object, please contact APNIC<\/em>
\nremarks:\u00a0\u00a0\u00a0\u00a0\u00a0 hostmasters and include your organisation’s account<\/em>
\nremarks:\u00a0\u00a0\u00a0\u00a0\u00a0 name in the subject line.<\/em>
\nremarks:\u00a0\u00a0\u00a0\u00a0\u00a0 -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+<\/em>
\nchanged:\u00a0\u00a0\u00a0\u00a0\u00a0 hm-changed@apnic.net 20080805<\/em>
\nmnt-by:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APNIC-HM<\/em>
\nmnt-lower:\u00a0\u00a0\u00a0 MAINT-AP-STREAMYX<\/em>
\nchanged:\u00a0\u00a0\u00a0\u00a0\u00a0 hm-changed@apnic.net 20080919<\/em>
\nsource:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APNIC<\/em><\/p>\n
\nnic-hdl:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 SM135-AP<\/em>
\ne-mail:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tm_osc@tmnet.com.my<\/em>
\naddress:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Telekom Malaysia Berhad<\/em>
\naddress:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jalan Pantai Baru,\u00a0 Kuala Lumpur.<\/em>
\nphone:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 +603-83185434<\/em>
\nfax-no:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 +603-22402126<\/em>
\ncountry:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 MY<\/em>
\nchanged:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fuwaizah@tm.com.my 20090402<\/em>
\nmnt-by:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TM-NET-AP<\/em>
\nabuse-mailbox:\u00a0 abuse@tm.net.my<\/em>
\nnotify:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tmcops@tmnet.com.my<\/em>
\nsource:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APNIC<\/em><\/p>\n
\nnic-hdl:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 EAK2-AP<\/em>
\ne-mail:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ssc@tmnet.com.my<\/em>
\naddress:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Telekom Malaysia<\/em>
\naddress:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jalan Pantai Baru, Kuala Lumpur.<\/em>
\nphone:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 +6-03-83185434<\/em>
\nfax-no:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 +6-03-22402126<\/em>
\ncountry:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 MY<\/em>
\nchanged:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fuwaizah@tm.net.my 20080918<\/em>
\nmnt-by:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TM-NET-AP<\/em>
\nabuse-mailbox:\u00a0 abuse@tm.net.my<\/em>
\nsource:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 APNIC<\/em>
\n— CUT —<\/em><\/p>\n
\n# xprobe2 -v -r 115.132.51.92<\/em><\/p>\n
\n[+] Loading modules.<\/em>
\n[+] Following modules are loaded:<\/em>
\n[x] [1] ping:icmp_ping\u00a0 –\u00a0 ICMP echo discovery module<\/em>
\n[x] [2] ping:tcp_ping\u00a0 –\u00a0 TCP-based ping discovery module<\/em>
\n[x] [3] ping:udp_ping\u00a0 –\u00a0 UDP-based ping discovery module<\/em>
\n[x] [4] infogather:ttl_calc\u00a0 –\u00a0 TCP and UDP based TTL distance calculation<\/em>
\n[x] [5] infogather:portscan\u00a0 –\u00a0 TCP and UDP PortScanner<\/em>
\n[x] [6] fingerprint:icmp_echo\u00a0 –\u00a0 ICMP Echo request fingerprinting module<\/em>
\n[x] [7] fingerprint:icmp_tstamp\u00a0 –\u00a0 ICMP Timestamp request fingerprinting module<\/em>
\n[x] [8] fingerprint:icmp_amask\u00a0 –\u00a0 ICMP Address mask request fingerprinting module<\/em>
\n[x] [9] fingerprint:icmp_port_unreach\u00a0 –\u00a0 ICMP port unreachable fingerprinting module<\/em>
\n[x] [10] fingerprint:tcp_hshake\u00a0 –\u00a0 TCP Handshake fingerprinting module<\/em>
\n[x] [11] fingerprint:tcp_rst\u00a0 –\u00a0 TCP RST fingerprinting module<\/em>
\n[x] [12] fingerprint:smb\u00a0 –\u00a0 SMB fingerprinting module<\/em>
\n[x] [13] fingerprint:snmp\u00a0 –\u00a0 SNMPv2c fingerprinting module<\/em>
\n[+] 13 modules registered<\/em>
\n[+] Initializing scan engine<\/em>
\n[+] Running scan engine<\/em>
\n[-] ping:tcp_ping module: no closed\/open TCP ports known on 115.132.51.92. Module test failed<\/em>
\n[-] ping:udp_ping module: no closed\/open UDP ports known on 115.132.51.92. Module test failed<\/em>
\n[-] No distance calculation. 115.132.51.92 appears to be dead or no ports known<\/em>
\n[+] Host: 115.132.51.92 is up (Guess probability: 50%)<\/em>
\n[+] Target: 115.132.51.92 is alive. Round-Trip Time: 0.36246 sec<\/em>
\n[+] Selected safe Round-Trip Time value is: 0.72492 sec<\/em>
\n[-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)<\/em>
\n[-] fingerprint:smb need either TCP port 139 or 445 to run<\/em>
\n[-] fingerprint:snmp: need UDP port 161 open<\/em>
\n[+] Primary guess:<\/em>
\n[+] Host 115.132.51.92 Running OS: “Apple Mac OS X 10.3.7” (Guess probability: 100%)<\/em>
\n[+] Other guesses:<\/em>
\n[+] Host 115.132.51.92 Running OS: “Apple Mac OS X 10.3.8” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “Apple Mac OS X 10.3.9” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “Apple Mac OS X 10.4.0” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “Apple Mac OS X 10.4.1” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “HP JetDirect ROM F.08.08 EEPROM F.08.20” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “HP JetDirect ROM F.08.08 EEPROM F.08.05” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “HP JetDirect ROM F.08.01 EEPROM F.08.05” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “HP JetDirect ROM A.05.03 EEPROM A.05.05” (Guess probability: 100%)<\/em>
\n[+] Host 115.132.51.92 Running OS: “HP JetDirect ROM A.03.17 EEPROM A.04.09” (Guess probability: 100%)<\/em>
\n[+] Cleaning up scan engine<\/em>
\n[+] Modules deinitialized<\/em>
\n[+] Execution completed.<\/em>
\n— CUT —<\/em><\/p>\n
\n\u00a0\u00a0 Domain Name: RANDKIPL.COM<\/em>
\n\u00a0\u00a0 Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D\/B\/A PUBLICDOMAINREGISTRY.COM<\/em>
\n\u00a0\u00a0 Whois Server: whois.PublicDomainRegistry.com<\/em>
\n\u00a0\u00a0 Referral URL: http:\/\/www.PublicDomainRegistry.com<\/em>
\n\u00a0\u00a0 Name Server: NS1.REG.RU<\/em>
\n\u00a0\u00a0 Name Server: NS2.REG.RU<\/em>
\n\u00a0\u00a0 Status: clientTransferProhibited<\/em>
\n\u00a0\u00a0 Updated Date: 06-jun-2011<\/em>
\n\u00a0\u00a0 Creation Date: 26-nov-2010<\/em>
\n\u00a0\u00a0 Expiration Date: 26-nov-2011<\/em><\/p>\n
\n…<\/em><\/p>\n
\nRegistrars.<\/em>
\nRegistration Service Provided By: DOMAIN NAMES REGISTRAR REG.RU LTD.<\/em>
\nContact: +7.4955801111<\/em><\/p>\n
\n\u00a0\u00a0\u00a0 PrivacyProtect.org<\/em>
\n\u00a0\u00a0\u00a0 Domain Admin\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (contact@privacyprotect.org)<\/em>
\n\u00a0\u00a0\u00a0 ID#10760, PO Box 16<\/em>
\n\u00a0\u00a0\u00a0 Note – All Postal Mails Rejected, visit Privacyprotect.org<\/em>
\n\u00a0\u00a0\u00a0 Nobby Beach<\/em>
\n\u00a0\u00a0\u00a0 null,QLD 4218<\/em>
\n\u00a0\u00a0\u00a0 AU<\/em>
\n\u00a0\u00a0\u00a0 Tel. +45.36946676<\/em><\/p>\n
\nExpiration Date: 26-Nov-2011<\/em><\/p>\n
\n\u00a0\u00a0\u00a0 ns1.reg.ru<\/em>
\n\u00a0\u00a0\u00a0 ns2.reg.ru<\/em><\/p>\n
\n\u00a0\u00a0\u00a0 PrivacyProtect.org<\/em>
\n\u00a0\u00a0\u00a0 Domain Admin\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (contact@privacyprotect.org)<\/em>
\n\u00a0\u00a0\u00a0 ID#10760, PO Box 16<\/em>
\n\u00a0\u00a0\u00a0 Note – All Postal Mails Rejected, visit Privacyprotect.org<\/em>
\n\u00a0\u00a0\u00a0 Nobby Beach<\/em>
\n\u00a0\u00a0\u00a0 null,QLD 4218<\/em>
\n\u00a0\u00a0\u00a0 AU<\/em>
\n\u00a0\u00a0\u00a0 Tel. +45.36946676<\/em><\/p>\n
\n\u00a0\u00a0\u00a0 PrivacyProtect.org<\/em>
\n\u00a0\u00a0\u00a0 Domain Admin\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (contact@privacyprotect.org)<\/em><\/p>\n
\n\u00a0\u00a0\u00a0 Note – All Postal Mails Rejected, visit Privacyprotect.org<\/em>
\n\u00a0\u00a0\u00a0 Nobby Beach<\/em>
\n\u00a0\u00a0\u00a0 null,QLD 4218<\/em>
\n\u00a0\u00a0\u00a0 AU<\/em>
\n\u00a0\u00a0\u00a0 Tel. +45.36946676<\/em><\/p>\n
\n\u00a0\u00a0\u00a0 PrivacyProtect.org<\/em>
\n\u00a0\u00a0\u00a0 Domain Admin\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (contact@privacyprotect.org)<\/em>
\n\u00a0\u00a0\u00a0 ID#10760, PO Box 16<\/em>
\n\u00a0\u00a0\u00a0 Note – All Postal Mails Rejected, visit Privacyprotect.org<\/em>
\n\u00a0\u00a0\u00a0 Nobby Beach<\/em>
\n\u00a0\u00a0\u00a0 null,QLD 4218<\/em>
\n\u00a0\u00a0\u00a0 AU<\/em>
\n\u00a0\u00a0\u00a0 Tel. +45.36946676<\/em><\/p>\n
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Note: This Domain Name is currently Locked. In this status the domain <\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 name cannot be transferred, hijacked, or modified. The Owner of this <\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 domain name can easily change this status from their control panel. <\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 This feature is provided as a security measure against fraudulent domain name hijacking.<\/em>
\n— CUT —<\/em><\/p>\n
\nto Denmark (+45). Of course name servers are in Russia \ud83d\ude09 Interesting is also STATUS of the domain:<\/p>\n
\nStatus:LOCKED<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Note: This Domain Name is currently Locked. In this status the domain<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 name cannot be transferred, hijacked, or modified. The Owner of this<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 domain name can easily change this status from their control panel.<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 This feature is provided as a security measure against fraudulent domain name hijacking.<\/em>
\n— CUT —<\/em><\/p>\n
\n# host randkipl.com<\/em>
\nrandkipl.com has address 91.202.63.130<\/em>
\n# host -t any randkipl.com<\/em>