Hi Claudio, On Tue, Dec 5, 2017 at 6:17 PM, claudio di gangi <ipcdigangi@gmail.com> wrote:
I referred to the Chrome browser display as evidence that it was in fact renewed (you are correct though, there doesn't appear to be another phishing site back up and running at the moment, with that said I didn't check the MX records to see if email was being exploited)...although there is nothing in the URS policy that prevents that from happening as far I as understand.
The Chrome browser "evidence" is not proof of anything, except that Chrome is intercepting the domain name before it attempts to resolve a site. WHOIS is better evidence. There'd be no MX records at present given the name appears to not even be in the zone file, i.e. do a "dig EXAMPLE.COM NS" but change "EXAMPLE.COM to the relevant domain name --- no nameservers at present. Also, even if the name was in the zone file, it would have adrforum.com (NAF) namesevers, i.e. from WHOIS:
Name Server: ursns1.adrforum.com Name Server: ursns2.adrforum.com
So it would presumably have the same URS Suspension webpage, had it been resolving, and presumably NAF isn't exploiting incoming emails to suspended domains. Sincerely, George Kirikos 416-588-0269 http://www.leap.com/