RE: starwars.com subdomain hijacked?

["Gavin Pearce" <Gavin.Pearce () 3seven9 com>]

> It seems the subdomain "shop.starwars.com" is being redirected.
>
> Anybody else seeing this?

HTML served up looks official, albeit different NS servers and IP Range
from main site.
Resolves to 209.20.19.60 (shop.starwars.novator2.com.). Couldn't tell
you if that's where it's "meant" to go mind...

[root@...]# dig shop.starwars.com

; <<>> DiG <<>> shop.starwars.com
;; Got answer:

;; QUESTION SECTION:
;shop.starwars.com.             IN      A

;; ANSWER SECTION:
shop.starwars.com.      3600    IN      CNAME
shop.starwars.novator2.com.
shop.starwars.novator2.com. 600 IN      A       209.20.19.60

;; AUTHORITY SECTION:
novator2.com.           600     IN      NS      ns2.novator.com.
novator2.com.           600     IN      NS      ns3.novator.com.
novator2.com.           600     IN      NS      ns1.novator.com.

;; Query time: 406 msec
;; WHEN: Mon Nov 22 16:33:40 2010
;; MSG SIZE  rcvd: 150

[root@...]# dig starwars.com

; <<>> DiG <<>> starwars.com
;; Got answer:

;; QUESTION SECTION:
;starwars.com.                  IN      A

;; ANSWER SECTION:
starwars.com.           3600    IN      A       208.72.12.228

;; AUTHORITY SECTION:
starwars.com.           3600    IN      NS      dns.lucasfilm.com.
starwars.com.           3600    IN      NS      sbdns3.cscdns.net.

;; ADDITIONAL SECTION:
sbdns3.cscdns.net.      9515    IN      A       165.160.12.22

;; Query time: 249 msec
;; WHEN: Mon Nov 22 16:34:39 2010
;; MSG SIZE  rcvd: 121



-----Original Message-----
From: Matt Disuko [mailto:gourmetcisco () hotmail com] 
Sent: 22 November 2010 15:47
To: nanog () nanog org
Subject: starwars.com subdomain hijacked?


It seems the subdomain "shop.starwars.com" is being redirected.

Anybody else seeing this?