## page was copied from DnsTemplate ##master-page:HelpTemplate <> <> Balancer blames ‘social engineering attack’ on DNS provider for website hijack https://cointelegraph.com/news/balancer-social-engineering-attack-dns-provider-frontend-hijack https://x.com/DegenerateNews/status/1704283612466581754?s=20 {{{ hijacked registrar account ? }}} https://x.com/Balancer/status/1704281611326357567?s=20 {{{ The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice! 午前8:49 · 2023年9月20日 The attackers were able to gain access to EuroDNS's systems and change the DNS records for balancer.fi to point to a malicious website. }}} registrar EuroDNS が騙されて、移管を許したという説もある。-- ToshinoriMaeno <> EuroDNS からの説明は見ない。 Analysis of Balancer BGP Hijacking Incident https://slowmist.medium.com/analysis-of-balancer-bgp-hijacking-incident-40adb6b285b5 BGP がらみだったのか。 == whois == recovered -- ToshinoriMaeno <> {{{ domain.............: balancer.fi status.............: Registered created............: 9.5.2007 12:14:52 expires............: 9.5.2028 12:14:52 available..........: 9.6.2028 12:14:52 modified...........: 20.9.2023 12:47:02 holder transfer....: 29.4.2021 17:05:39 RegistryLock.......: no Nameservers nserver............: alexia.ns.cloudflare.com [Technical check not done] nserver............: alex.ns.cloudflare.com [Technical check not done] $ dig -t ns balancer.fi @a.fi balancer.fi. 21600 IN NS alex.ns.cloudflare.com. balancer.fi. 21600 IN NS alexia.ns.cloudflare.com. }}} == hijacked == https://x.com/SlowMist_Team/status/1704345380006273294?s=20 3/ The HTTPS certificate has been replaced with the attacker's certificate. {{{ domain.............: balancer.fi status.............: Registered created............: 9.5.2007 12:14:52 expires............: 9.5.2028 12:14:52 available..........: 9.6.2028 12:14:52 modified...........: 20.9.2023 01:42:48 holder transfer....: 29.4.2021 17:05:39 RegistryLock.......: no Nameservers nserver............: watson.ns.cloudflare.com [Technical check not done] nserver............: maeve.ns.cloudflare.com [Technical check not done] balancer.fi. 300 IN A 172.67.203.244 balancer.fi. 300 IN A 104.21.37.47 }}} TTL 86400 {{{ $ dig -t ns balancer.fi @alexia.ns.cloudflare.com balancer.fi. 86400 IN NS alex.ns.cloudflare.com. balancer.fi. 86400 IN NS alexia.ns.cloudflare.com. balancer.fi. 300 IN A 76.76.21.21 }}} == history == SecurityTrails {{{ 76.76.21.21 Amazon.com, Inc. 2023-07-06 (3 months) 2023-09-20 (today) 3 months alexia.ns.cloudflare.com alex.ns.cloudflare.com Cloudflare, Inc. 2021-06-16 (2 years) 2023-09-20 (today) 2 years app.balancer.fi. 300 IN CNAME cname.vercel-dns.com. balancer.fi. 300 IN MX 1 aspmx.l.google.com. balancer.fi. 300 IN MX 10 alt3.aspmx.l.google.com. balancer.fi. 300 IN MX 10 alt4.aspmx.l.google.com. balancer.fi. 300 IN MX 5 alt1.aspmx.l.google.com. balancer.fi. 300 IN MX 5 alt2.aspmx.l.google.com. }}} ---- CategoryDns CategoryWatch CategoryTemplate