[132395] in North American Network Operators' Group
RE: starwars.com subdomain hijacked?
daemon@ATHENA.MIT.EDU (Matt Disuko)
Mon Nov 22 12:05:21 2010
From: Matt Disuko <gourmetcisco@hotmail.com>
To: <wschultz@bsdboy.com>
Date: Mon, 22 Nov 2010 12:05:17 -0500
In-Reply-To: <97FC67AA-AAC7-4D42-B14B-5212A3B4B622@bsdboy.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yep=2C that's it. My nameserver is caching the old advert site that was se=
rving up when the domain expired:
=3B=3B ANSWER SECTION:
shop.starwars.com. 1652 IN CNAME shop.starwars.novator2.com.
shop.starwars.novator2.com. 1652 IN A 74.54.152.75
=3B=3B AUTHORITY SECTION:
novator2.com. 160198 IN NS dns.yourdomainhasexpired.co=
m.
novator2.com. 160198 IN NS dns2.yourdomainhasexpired.c=
om.
bloody hell.
-matt
> Subject: Re: starwars.com subdomain hijacked?
> From: wschultz@bsdboy.com
> Date: Mon=2C 22 Nov 2010 08:49:48 -0800
> CC: nanog@nanog.org
> To: gourmetcisco@hotmail.com
>=20
> Appears that it's a CNAME for shop.starwars.novator2.com.=20
>=20
> The expiry day is 11/22/2011=2C so if I were to guess I would think that =
the domain expired=2C sent to an advert page=2C and was just renewed.
>=20
> -wil
>=20
>=20
> On Nov 22=2C 2010=2C at 7:46 AM=2C Matt Disuko wrote:
>=20
> >=20
> > It seems the subdomain "shop.starwars.com" is being redirected.
> >=20
> > Anybody else seeing this?
> >=20
> >=20
> >=20
> > =20
>=20
=
