OT (or maybe not) - what happened to lxer.com?
Shlomo Solomon
shlomo.solomon at gmail.com
Sat Feb 19 23:10:25 IST 2022
This is REALLY WIERD. I tried earlier from my phone and another
computer and got the same "parking" site. But before trying what Shay
and Shimi suggested, I tried again on my computer and the site is back
to normal. WTF??
I wish I had taken a screen capture earlier to "prove" that I was not
dreaming. :-)
On Sat, 19 Feb 2022 21:27:10 +0200
Shay Gover <govershay at gmail.com> wrote:
> Did you try from another device on you network?
>
> On Sat, Feb 19, 2022 at 9:18 PM shimi <linux-il at shimi.net> wrote:
>
> >
> >
> > On Sat, Feb 19, 2022 at 7:04 PM Shlomo Solomon
> > <shlomo.solomon at gmail.com> wrote:
> >
> >> Yehuda Deutsch - if you mean whois, I also get a normal response:
> >> Domain Name: LXER.COM
> >> Registry Domain ID: 109446700_DOMAIN_COM-VRSN
> >> Registrar WHOIS Server: whois.enom.com
> >> Registrar URL: http://www.enomdomains.com
> >> Updated Date: 2022-01-06T10:42:51Z
> >> Creation Date: 2004-01-06T22:15:59Z
> >> Registry Expiry Date: 2023-01-06T22:15:59Z
> >> Registrar: eNom, LLC
> >>
> >>
> >>
> >> But the site is not there. As Geoff Shang wrote, the site looks
> >> like a landing site of some kind.
> >>
> >>
> > I didn't know the site, but it doesn't look like a parking page for
> > upselling an expired domain.
> >
> > Let's try to be more constructive in debugging this. First - are you
> > getting to the site as published by the site's owner.
> >
> > First, you learn from WHOIS (and also from 'dig @a.gtld-servers.net
> > ns lxer.com') that the nameservers for this site are: ns1.wmkt.net
> > [66.232.124.26] ns2.wmkt.net [66.232.124.28] ns3.wmkt.net
> > [66.232.124.30]
> >
> > Then you follow by 'dig @ns1.wmkt.net lxer.com'. You should be
> > getting:
> >
> > $ dig @ns1.wmkt.net lxer.com
> >
> > ; <<>> DiG 9.16.25 <<>> @ns1.wmkt.net lxer.com
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1540
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
> > ;; WARNING: recursion requested but not available
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;lxer.com. IN A
> >
> > ;; ANSWER SECTION:
> >
> > *lxer.com <http://lxer.com>. 3600 IN A
> > 66.232.124.26 *
> > ;; AUTHORITY SECTION:
> > lxer.com. 3600 IN NS ns3.wmkt.net.
> > lxer.com. 3600 IN NS ns1.wmkt.net.
> > lxer.com. 3600 IN NS ns2.wmkt.net.
> >
> > ;; ADDITIONAL SECTION:
> > ns1.wmkt.net. 86400 IN A 66.232.124.26
> > ns2.wmkt.net. 86400 IN A 66.232.124.28
> > ns3.wmkt.net. 86400 IN A 66.232.124.30
> >
> > ;; Query time: 183 msec
> > ;; SERVER: 66.232.124.26#53(66.232.124.26)
> > ;; WHEN: Sat Feb 19 21:13:12 IST 2022
> > ;; MSG SIZE rcvd: 163
> >
> > Now, run just 'dig lxer.com' - do you get the same IP? If not,
> > something/someone is messing with your DNS. In that case make sure
> > that the SERVER line indeed has the correct IP address I mentioned
> > above (that I got from the glue records provided for wmkt.net by
> > a.gtld-servers.net)
> >
> > If you do get the same IP, someone can still be messing with your
> > traffic, because that site is HTTP and not HTTPS, so really no one
> > can guarantee you're in fact talking with 66.232.124.26...
> >
> > HTH,
> >
> > -- Shimi
> > _______________________________________________
> > Linux-il mailing list
> > Linux-il at cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
--
Shlomo Solomon
http://the-solomons.net
Claws Mail 3.17.5 - KDE Plasma 5.18.5 - Kubuntu 20.04
More information about the Linux-il
mailing list