I'm surprised by the sequence of events here.. domain "novator2.com" is registered with DomainsAtCost.ca.
domain "novator2.com" expires... gets picked up by the administrators of "yourdomainhasexpired.com" - Rebel.com? 1550507.ca? ;; ANSWER SECTION: shop.starwars.com. 1655 IN CNAME shop.starwars.novator2.com. shop.starwars.novator2.com. 1655 IN A 74.54.152.75 ;; AUTHORITY SECTION: novator2.com. 160201 IN NS dns2.yourdomainhasexpired.com. novator2.com. 160201 IN NS dns.yourdomainhasexpired.com. Redir'd to a advert site, instead of a default "DomainsAtCost.ca" holding page or...nowhere. Apparently quickly renewed and "given back" to the original owners. Who's at play here? Does DomainsAtCost have a deal with Rebel.com? Or are they the same company? It all seems fishy to me. Is this normal practice? > Date: Mon, 22 Nov 2010 12:05:21 -0500 > From: k...@sizone.org > To: nanog@nanog.org > Subject: Re: starwars.com subdomain hijacked? > > > On Mon, Nov 22, 2010 at 08:49:48AM -0800, Wil Schultz said: > >Appears that it's a CNAME for shop.starwars.novator2.com. > > > >The expiry day is 11/22/2011, so if I were to guess I would think that the > domain expired, sent to an advert page, and was just renewed. > > > >-wil > > Smartest attack is to put up a page that looks exactly the same as the > legit site, but with your own cheaper crappier knockoff starwars paraphenalia > ('duke', 'tewey', 'princess luba') that you sell instead and make the huge > profits. > > Not to give anyone any ideas that werent obvious like 15 years ago. > > How anyone can tell the internet is legit at a glance is beyond me. Need > to hookup firefox's security warning to my speakers to get a modicum of > alert that SSL is busted, to start, nevermind anything more creative. > > That phishers manage to fake sites that look wrong is also beyond me, what's > so hard about 'save page as'? > > /kc > -- > Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA > Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 > Front St. W. >