[dns-operations] About the coincheck.com hijacking
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Jun 5 08:58:49 UTC 2020
There is something new in the hijacking of the domain name
coincheck.com
<https://www.zdnet.com/article/hackers-hijack-one-of-coinchecks-domains-for-spear-phishing-attacks/>,
the hijacker created domain names quite similar to the normal domain
names of the namservers. I believe it is the first time I see that.
(Normal NS RRset is ns-405.awsdns-50.com, ns-650.awsdns-17.net,
ns-1515.awsdns-61.org, ns-1985.awsdns-56.co.uk. Hijacker's one is
ns-650.awsdns-017.net, ns-1515.awsdns-061.org,
ns-1985.awsdns-056.co.uk. Do you spot the difference?)
More information about the dns-operations
mailing list