Contents

  1. whois
  2. hijacked
  3. history

Balancer blames ‘social engineering attack’ on DNS provider for website hijack

https://cointelegraph.com/news/balancer-social-engineering-attack-dns-provider-frontend-hijack

https://x.com/DegenerateNews/status/1704283612466581754?s=20 

hijacked  registrar account ?

https://x.com/Balancer/status/1704281611326357567?s=20 

The balancer frontend is under an attack. 
The issue is currently under investigation. 
Please do NOT interact with the balancer UI until further notice!

午前8:49 · 2023年9月20日

The attackers were able to gain access to EuroDNS's systems and 
change the DNS records for balancer.fi to point to a malicious website.

registrar EuroDNS が騙されて、移管を許したという説もある。-- ToshinoriMaeno 2023-09-28 04:07:52

Analysis of Balancer BGP Hijacking Incident https://slowmist.medium.com/analysis-of-balancer-bgp-hijacking-incident-40adb6b285b5

1. whois

recovered -- ToshinoriMaeno 2023-09-20 10:25:57 

domain.............: balancer.fi
status.............: Registered
created............: 9.5.2007 12:14:52
expires............: 9.5.2028 12:14:52
available..........: 9.6.2028 12:14:52
modified...........: 20.9.2023 12:47:02
holder transfer....: 29.4.2021 17:05:39
RegistryLock.......: no

Nameservers

nserver............: alexia.ns.cloudflare.com [Technical check not done]
nserver............: alex.ns.cloudflare.com [Technical check not done]

$ dig -t ns balancer.fi @a.fi

balancer.fi.            21600   IN      NS      alex.ns.cloudflare.com.
balancer.fi.            21600   IN      NS      alexia.ns.cloudflare.com.

2. hijacked

https://x.com/SlowMist_Team/status/1704345380006273294?s=20 

domain.............: balancer.fi
status.............: Registered
created............: 9.5.2007 12:14:52
expires............: 9.5.2028 12:14:52
available..........: 9.6.2028 12:14:52
modified...........: 20.9.2023 01:42:48
holder transfer....: 29.4.2021 17:05:39
RegistryLock.......: no

Nameservers

nserver............: watson.ns.cloudflare.com [Technical check not done]
nserver............: maeve.ns.cloudflare.com [Technical check not done]

balancer.fi.            300     IN      A       172.67.203.244
balancer.fi.            300     IN      A       104.21.37.47

TTL 86400 

$ dig -t ns balancer.fi @alexia.ns.cloudflare.com
balancer.fi.            86400   IN      NS      alex.ns.cloudflare.com.
balancer.fi.            86400   IN      NS      alexia.ns.cloudflare.com.

balancer.fi.            300     IN      A       76.76.21.21

3. history

SecurityTrails 

76.76.21.21
        
Amazon.com, Inc.
        2023-07-06 (3 months)   2023-09-20 (today)      3 months

alexia.ns.cloudflare.com
alex.ns.cloudflare.com
        
Cloudflare, Inc.
        2021-06-16 (2 years)    2023-09-20 (today)      2 years

app.balancer.fi.        300     IN      CNAME   cname.vercel-dns.com.



balancer.fi.            300     IN      MX      1 aspmx.l.google.com.
balancer.fi.            300     IN      MX      10 alt3.aspmx.l.google.com.
balancer.fi.            300     IN      MX      10 alt4.aspmx.l.google.com.
balancer.fi.            300     IN      MX      5 alt1.aspmx.l.google.com.
balancer.fi.            300     IN      MX      5 alt2.aspmx.l.google.com.

CategoryDns CategoryWatch CategoryTemplate

MoinQ: watchNS/balancer.fi (last edited 2023-09-28 10:10:17 by ToshinoriMaeno)