home.social

#ngtld — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ngtld, aggregated by home.social.

  1. A pleasant surprise to see the beautiful and historical downtown of Münster, Germany being the banner picture of the registry for the #ngTLD .nrw. As someone spending a significant part of my life in that region, I could immediately pinpoint the location of the picture:

    nic.nrw and the corresponding location on Google Maps

    I highly recommend visiting that town when traveling through #germany

    #picturesfromhome

  2. Today, I stumbled upon my first find of a #domain squatting. Without going into details, who it was, I would still like to share the giveaways, how I spotted it:

    Firstly, the original domain was a .com, whereas the imposter had the same name, but on a #ngTLD which provides a fairly cheap first-year pricing model.

    Secondly, resolving the original domain name returned two A records, which is not uncommon for redundancy reasons. Both IPs were hosted in the same large #cloud provider. In contrast, the squatter had only a single A record, in a different ASN.

    Let's stay in #DNS: The NS records of the squatter also pointed to different nameservers than the victim.

    Additionally, the original website forwarded any http request to the #https endpoints and also had a nice little chat popping up, when visiting the website. The squatter website looked exactly the same, however had no forwarding to HTTPS, neither the dynamic elements of the website such as the chat.

    Another give-away was the #certificateauthority. The original website used a commercial CA, whereas the imposter used the non-profit certificate authority #LetsEncrypt. Nothing wrong with LetsEncrypt, but it is a logical choice for adversaries since it signs domain names free of charge.

    And last but not least, the #whois lookups for both domains point to different registries and different abuse contacts.

    What I try to share in this post: There are many indicators for domain squatting or #phishing sites. One has to pay attention to details, and there are multiple indicators for a malicious website. Just from the looks, the imposter was indistinguishable from the original. Yet, the details gave it away. The right people were informed, and it will be taken care of. Have a good rest of the weekend, everyone!