The SamSpade Whois shows:

Server Used: [ whois.godaddy.com ]

futurecis.futurecis.com = [ 210.79.186.77 ]

Registrant:
Future CIS
Registered through: GoDaddy.com
Domain Name: FUTURECIS.COM
Domain servers in listed order:
PARK11.SECURESERVER.NET
PARK12.SECURESERVER.NET
For complete domain details go to:


The IP Whois shows:

Server Used: [ whois.nic.ad.jp ]

210.79.186.77 = [ 077M31.oasis.mediatti.net ]
[ JPNIC database provides information regarding IP address and ASN. Its use ]
[ is restricted to network administration purposes. For further information ]
[ use 'whois -h whois.nic.ad.jp help'. To only display English output ]
[ add '/e' at the end of command e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information:
a. [Network Number] 210.79.184.0/22
b. [Network Name] MEDIATTI-MBC
g. [Organization] Mediatti Communications Inc.
m. [Administrative Contact] LS032JP
n. [Technical Contact] LS032JP
p. [Nameserver] vs0002.shi.kvh.ne.jp
p. [Nameserver] ns2.kvh.ne.jp
[Assigned Date] 2005/01/16
[Return Date]
[Last Update] 2005/01/16 22: 20: 03(JST)
Less Specific Info.
----------
Mediatti Communications Inc.
[Allocation] 210.79.128.0/18
More Specific Info.
----------
No match!!

-----------------
Supposedly in Japan. The Domain is registered via GoDaddy.com. http://futurecis.futurecis.com/.web/ seems to be a compromised server. However, there doesn't seem to be any files beyond the login.php and two text files under the .web folder. It may be that the text files contain the ips of systems it links to. Some of those ips are in Thailand, some in India. The .web folder has this structure:

Index of /.web

Name Last modified Size Description

[DIR] Parent Directory 31-Jan-2006 21:18 -
[TXT] bune.txt 31-Jan-2006 14:38 1k
[ ] login.php 31-Jan-2006 14:39 2k
[TXT] naspa.txt 01-Feb-2006 10:51 1k

Apache/1.3.17 Server at futurecis.futurecis.com Port 80

If you click on the link, the login.php uses the IP numbers in the support txt files to forward you to another system, like:

http://202.143.xxx.xxx:81/https/www....scr/cmd=_home/
======================================================

Oh, yeah, to answer your question, YES it is a Phising expedition.