Is it common?
Here is the story.
I was transferring a domain name from some registrar to AWS. The configurations etc. there were untouched for years (so it was always just "page doesn't exist"). So the request went out, now "waiting for confirmation, can take up to 10 days etc.". For some cosmic reason I decide to check the URL of that domain in the browser. To my astonishment it loads and it's some crazy half-swedish half-turkish (I think) SEO bot page with some JPGed-out pics of belly-button and a working boot.
There is an email address in the footer - abada@goodprizwomen.com (maybe not abada but similar sounding). I whois my domain - all DNS lookups, Nameservers look ok. I whois goodprizwomen.com - it is registered with Alibaba domain service. I contact the support of my registrar, that I am transferring the domain from, who after some 15 minutes admits that they have no idea how that has happened or who are those goodprizwomen. My (now ex-) registrar expedites the transfer, it clears and everything looks good now.
So as I see this now - there are bots out there looking for domains with unlocked DNS, that they can take over for a couple minutes / days it takes for the transfer to clear. Ephemeral DNS pirates.
It definitely is. Just like bots scanning the web for server exploitations. If money can be made/extracted from it, you can bet that there are bots trying to exploit that.
However, domain transfers should be safe if done correctly. Sounds like that was not the case for you. Glad to know that it was resolved. Domain name takeovers can be very costly to recover from; if recoverable at all.