[gnso-rpm-wg] [Ext] RE: Action Items from 30 November Working Group Call

George Kirikos icann at leap.com
Tue Dec 5 23:30:22 UTC 2017


Hi Claudio,

On Tue, Dec 5, 2017 at 6:17 PM, claudio di gangi <ipcdigangi at gmail.com> wrote:
> I referred to the Chrome browser display as evidence that it was in fact
> renewed (you are correct though, there doesn't appear to be another phishing
> site back up and running at the moment, with that said I didn't check the MX
> records to see if email was being exploited)...although there is nothing in
> the URS policy that prevents that from happening as far I as understand.

The Chrome browser "evidence" is not proof of anything, except that
Chrome is intercepting the domain name before it attempts to  resolve
a site. WHOIS is better evidence. There'd be no MX records at present
given the name appears to not even be in the zone file, i.e. do a "dig
EXAMPLE.COM NS" but change "EXAMPLE.COM to the relevant domain name
--- no nameservers at present. Also, even if the name was in the zone
file, it would have adrforum.com (NAF) namesevers, i.e. from WHOIS:

>> Name Server: ursns1.adrforum.com
>> Name Server: ursns2.adrforum.com

So it would presumably have the same URS Suspension webpage, had it
been resolving, and presumably NAF isn't exploiting incoming emails to
suspended domains.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/


More information about the gnso-rpm-wg mailing list