Novator (Canadian web-shopping company, used to be FTD's big partner) is responsible for shop.starwars.com so I think all that's happened here is Novator forgot to renew a domain.
domainsatcost.ca is rebel.com is Momentous.ca and they own yourdomainhasexpired.com. -Rich On 22 Nov 10, at 12:19 PM, Matt Disuko wrote: > > I'm surprised by the sequence of events here.. > > domain "novator2.com" is registered with DomainsAtCost.ca. > > domain "novator2.com" expires... > > gets picked up by the administrators of "yourdomainhasexpired.com" - > Rebel.com? 1550507.ca? > > ;; ANSWER SECTION: > shop.starwars.com. 1655 IN CNAME shop.starwars.novator2.com. > shop.starwars.novator2.com. 1655 IN A 74.54.152.75 > > ;; AUTHORITY SECTION: > novator2.com. 160201 IN NS dns2.yourdomainhasexpired.com. > novator2.com. 160201 IN NS dns.yourdomainhasexpired.com. > > Redir'd to a advert site, instead of a default "DomainsAtCost.ca" holding > page or...nowhere. > > Apparently quickly renewed and "given back" to the original owners. > > Who's at play here? Does DomainsAtCost have a deal with Rebel.com? Or are > they the same company? > > It all seems fishy to me. Is this normal practice? > > > >> Date: Mon, 22 Nov 2010 12:05:21 -0500 >> From: [email protected] >> To: [email protected] >> Subject: Re: starwars.com subdomain hijacked? >> >> >> On Mon, Nov 22, 2010 at 08:49:48AM -0800, Wil Schultz said: >>> Appears that it's a CNAME for shop.starwars.novator2.com. >>> >>> The expiry day is 11/22/2011, so if I were to guess I would think that the >>> domain expired, sent to an advert page, and was just renewed. >>> >>> -wil >> >> Smartest attack is to put up a page that looks exactly the same as the >> legit site, but with your own cheaper crappier knockoff starwars paraphenalia >> ('duke', 'tewey', 'princess luba') that you sell instead and make the huge >> profits. >> >> Not to give anyone any ideas that werent obvious like 15 years ago. >> >> How anyone can tell the internet is legit at a glance is beyond me. Need >> to hookup firefox's security warning to my speakers to get a modicum of >> alert that SSL is busted, to start, nevermind anything more creative. >> >> That phishers manage to fake sites that look wrong is also beyond me, what's >> so hard about 'save page as'? >> >> /kc >> -- >> Ken Chase - [email protected] - +1 416 897 6284 - Toronto CANADA >> Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 >> Front St. W. >> > -- Rich Lafferty [email protected]
