True hijacks cybersquatted domain back

Don Sambandaraksa
11 Sep 2013

Controversy has erupted in Thai social media regarding two domains, and which appear to have been squatted on and currently redirect to rival Dtac instead.

Neither of the domains actually belong to TrueMove H 3G, which is officially on and

When accessing from any ISP except True, it redirects to, or rather an iframe that points to hosted out of a server in Singapore. When accessed from True or TrueMove, the ISP uses a DNS hijack to redirect users back to most of the time.

The three-way handshake takes just 80ms from a True ADSL port, suggesting that the DNS hijacking takes place within Thailand.

The other half the time it uses a 302 redirect to which is an announcement page that the website has been blocked by Thailand’s ICT Ministry..

This DNS analysis suggests that True first tries a DNS hijack and if it slips through, which is occasionally does, then uses its transparent proxy to block access to

Meanwhile, users from all other ISPs all get directed to the Singapore server that hosts an iframe with inside.

Dtac PR denied any knowledge of this and said it was not a guerilla marketing gimmick on its


The DNS records for were registered to someone by the name of Zuopan

with a Chinese address and an email address, though all of this could have easily been faked. The registration is dated March 2011. Emails to the address went unanswered.

Related content

No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.