Someone seems to be redirecting to my site

Brandon Bertelsen asked:

I’m playing around with a new startup concept. I’ve built a node application and popped up a limited access version of it on the www. I’ve noticed recently that someone else seems have copied it, or perhaps redirected to it with their own domain.

I’m not really sure what I can do about it, or with what purpose they are doing it.

My domain: http://mycalories.ca

Their domain: http://xmit.io

I looked them up and it seems like it’s a legitimate domain associated with a company in the US:

Domain : xmit.io
Status : Live
Expiry : 2016-02-27

NS 1 : dns1.p04.nsone.net
NS 2 : dns2.p04.nsone.net
NS 3 : dns3.p04.nsone.net
NS 4 : dns4.p04.nsone.net

Owner : Jeffrey Arnold
Owner : PhotoShelter, Inc.
Owner : 33 Union Square West FL2
Owner : New York
Owner : NY
Owner : US

Why would someone overlay their domain like this?

My answer:


xmit.io is the former user of your IP address.

Here is the simple proof:

By looking at the DNS SOA record it is often possible to tell when the most recent change was made to a domain’s DNS records. The SOA record for xmit.io is currently

xmit.io has SOA record dns1.p04.nsone.net. hostmaster.nsone.net. 1402347696 43200 7200 1209600 3600

Notice the third field, the serial number 1402347696. It is easy to recognize this as a UNIX timestamp, and converting it we get Mon, 09 Jun 2014 21:01:36 GMT. Thus, we can be confident that the last time a change was made to this domain’s DNS was approximately a year ago.

But your domain was only registered last March. And the serial of your SOA record uses the other common format of encoding a date:

mycalories.ca has SOA record ns1.linode.com. brandon.bertelsen.ca. 2015051190 14400 14400 1209600 86400

Indicating that the last change to your DNS records took place on May 11. Presumably this is around the time that you obtained the VPS from Linode.


This being the case, I wouldn’t bother contacting the company. They are probably out of business and the domain’s DNS is only still up because it was paid in advance, or as part of the domain registration.

My usual recommendation is to set up a virtual host on your web server to feed traffic for that site a 404 page, or redirect it to goatse, or whatever. I wouldn’t redirect it to your site, though, just in case someone is still watching that domain, so that they will have no cause to complain about their own error.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.