1. watchA
https://twitter.com/randolf/status/1465682608969375748?s=20
People did ask me if @gulli_com came back with pirated movies?? The dormant co-domain http://gully.com was hijacked by someone who must've noticed the 'empty' @Cloudflare nameserver entry and he added it to his own account, effectively 'hijacking' the domain. #cloudflare
https://twitter.com/randolf/status/1465682608969375748?s=20
I wonder if @CloudflareHelp fell victim to a social hack or it's pure luck / chance / brute force by the cloudflare customer who hijacked this dormant entry CC
2. whois
Domain Name: gully.com Registry Domain ID: 22273264_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.psi-usa.info Registrar URL: https://www.psi-usa.info Updated Date: 2021-11-29T15:10:00Z Creation Date: 2000-03-13T11:49:09Z Registrar Registration Expiration Date: 2022-03-13T10:49:09Z Registrar: PSI-USA, Inc. dba Domain Robot Name Server: ns1.fliks.net Name Server: ns2.fliks.net DNSSEC: unsigned
3. history
evan.ns.cloudflare.com
cruz.ns.cloudflare.com
Cloudflare, Inc.
2018-09-26 (3 years) 2021-11-30 (8 days) 3 years
ns2.fliks.net
ns1.fliks.net
Level 3 Parent, LLC
2018-09-15 (3 years) 2018-09-26 (3 years) 11 days$ dig -t ns gully.com @evan.ns.cloudflare.com ; <<>> DiG 9.16.1-Ubuntu <<>> -t ns gully.com @evan.ns.cloudflare.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46522 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;gully.com. IN NS ;; ANSWER SECTION: gully.com. 86400 IN NS cruz.ns.cloudflare.com. gully.com. 86400 IN NS evan.ns.cloudflare.com. ;; Query time: 4 msec ;; SERVER: 108.162.193.165#53(108.162.193.165) ;; WHEN: 水 12月 08 13:11:09 JST 2021 ;; MSG SIZE rcvd: 90