[132391] in North American Network Operators' Group
RE: starwars.com subdomain hijacked?
daemon@ATHENA.MIT.EDU (Gavin Pearce)
Mon Nov 22 11:44:12 2010
Date: Mon, 22 Nov 2010 16:42:05 -0000
In-Reply-To: <BLU156-w62E655AF477CA6484287ACC93D0@phx.gbl>
From: "Gavin Pearce" <Gavin.Pearce@3seven9.com>
To: "Matt Disuko" <gourmetcisco@hotmail.com>,
<nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> It seems the subdomain "shop.starwars.com" is being redirected.
>=20
> Anybody else seeing this?
HTML served up looks official, albeit different NS servers and IP Range
from main site.
Resolves to 209.20.19.60 (shop.starwars.novator2.com.). Couldn't tell
you if that's where it's "meant" to go mind...
[root@...]# dig shop.starwars.com
; <<>> DiG <<>> shop.starwars.com
;; Got answer:
;; QUESTION SECTION:
;shop.starwars.com. IN A
;; ANSWER SECTION:
shop.starwars.com. 3600 IN CNAME
shop.starwars.novator2.com.
shop.starwars.novator2.com. 600 IN A 209.20.19.60
;; AUTHORITY SECTION:
novator2.com. 600 IN NS ns2.novator.com.
novator2.com. 600 IN NS ns3.novator.com.
novator2.com. 600 IN NS ns1.novator.com.
;; Query time: 406 msec
;; WHEN: Mon Nov 22 16:33:40 2010
;; MSG SIZE rcvd: 150
[root@...]# dig starwars.com
; <<>> DiG <<>> starwars.com
;; Got answer:
;; QUESTION SECTION:
;starwars.com. IN A
;; ANSWER SECTION:
starwars.com. 3600 IN A 208.72.12.228
;; AUTHORITY SECTION:
starwars.com. 3600 IN NS dns.lucasfilm.com.
starwars.com. 3600 IN NS sbdns3.cscdns.net.
;; ADDITIONAL SECTION:
sbdns3.cscdns.net. 9515 IN A 165.160.12.22
;; Query time: 249 msec
;; WHEN: Mon Nov 22 16:34:39 2010
;; MSG SIZE rcvd: 121
-----Original Message-----
From: Matt Disuko [mailto:gourmetcisco@hotmail.com]=20
Sent: 22 November 2010 15:47
To: nanog@nanog.org
Subject: starwars.com subdomain hijacked?
It seems the subdomain "shop.starwars.com" is being redirected.
Anybody else seeing this?
=20
