I have set up a simple Windows 2012 webserver and developed a ASP.NET/MVC website that basically handles any requests to the default website and writes a message to a log database if the domain is unknown by my server. (Known domains are handled by a different site on this server.) This is useful for me when i register a new website, as it will generate a default landing page after the DNS data is set and has become active. It also helps to see if people misspell a subdomain of one of my sites. And I would expect that I would only see domains that I have registered myself.
This has been running for a few days now...
However, at this moment two domains seem to have been connected to my server that I don't own. Or even know. (kkqxjc.loan and quwan18.com) And I suspect more unknown domains will seem to be connected to my site for whatever reason. Question is: Why do I get these unknown sites to connect to my server?
Could it be a flaw in the DNS system? Or is someone actively trying to hack my server by fooling the web server software in some way? Does anyone else have similar situations? Are they just phishing for access to the default site on the server?
Note: while the site is new, I have been using the server and IP address for over 8 years already. It's just recently that I decided to build a specific site as a catch-all for all incoming internet traffic.
Since posting this question I've noticed two more domains that seem to go to my server. (gencybercamps.org and 360xdw.net) Each domain is queried just once and don't seem to go to my server anymore. Each unknown domain is visited just once but the same visitors have been accessing a few other domains that I do operate from this server. This seems to suggest to me that this is a hacking attempt where they try to gain access to the default virtual server on various systems.
None of that.
A fairly innocuous situation: your ip-address was in the past used by somebody else. They discontinued their business/website and the ip-address was returned to your provider who then at some later time issued it to you. The old users never removed/updated their DNS records and those still point to your ip-address.
A slightly less innocuous scenario: those domain owners intentionally configured their domain to point to your ip-address to use their domain name and your content to manipulate search engine rankings. (Identical content served from many different domain names apparently reduces the SEO ranking of all of those domains. Or the opposite, generate SEO ranking from your content for their domain and once that is gained, move the domain to a new site (and start serving malware).)
The typical solution is to create a name based virtual hosts for all domain/site names that you actively use and create a default virtual host that handles all unknown domain names and direct access to your ip-address. Serve a blank page there, or generate an error code.