starwars.com subdomain hijacked?
Gavin Pearce
Gavin.Pearce at 3seven9.com
Mon Nov 22 16:42:05 UTC 2010
> It seems the subdomain "shop.starwars.com" is being redirected.
>
> Anybody else seeing this?
HTML served up looks official, albeit different NS servers and IP Range
from main site.
Resolves to 209.20.19.60 (shop.starwars.novator2.com.). Couldn't tell
you if that's where it's "meant" to go mind...
[root at ...]# dig shop.starwars.com
; <<>> DiG <<>> shop.starwars.com
;; Got answer:
;; QUESTION SECTION:
;shop.starwars.com. IN A
;; ANSWER SECTION:
shop.starwars.com. 3600 IN CNAME
shop.starwars.novator2.com.
shop.starwars.novator2.com. 600 IN A 209.20.19.60
;; AUTHORITY SECTION:
novator2.com. 600 IN NS ns2.novator.com.
novator2.com. 600 IN NS ns3.novator.com.
novator2.com. 600 IN NS ns1.novator.com.
;; Query time: 406 msec
;; WHEN: Mon Nov 22 16:33:40 2010
;; MSG SIZE rcvd: 150
[root at ...]# dig starwars.com
; <<>> DiG <<>> starwars.com
;; Got answer:
;; QUESTION SECTION:
;starwars.com. IN A
;; ANSWER SECTION:
starwars.com. 3600 IN A 208.72.12.228
;; AUTHORITY SECTION:
starwars.com. 3600 IN NS dns.lucasfilm.com.
starwars.com. 3600 IN NS sbdns3.cscdns.net.
;; ADDITIONAL SECTION:
sbdns3.cscdns.net. 9515 IN A 165.160.12.22
;; Query time: 249 msec
;; WHEN: Mon Nov 22 16:34:39 2010
;; MSG SIZE rcvd: 121
-----Original Message-----
From: Matt Disuko [mailto:gourmetcisco at hotmail.com]
Sent: 22 November 2010 15:47
To: nanog at nanog.org
Subject: starwars.com subdomain hijacked?
It seems the subdomain "shop.starwars.com" is being redirected.
Anybody else seeing this?
More information about the NANOG
mailing list