There is something new in the hijacking of the domain name coincheck.com <https://www.zdnet.com/article/hackers-hijack-one-of-coinchecks-domains-for-spear-phishing-attacks/>, the hijacker created domain names quite similar to the normal domain names of the namservers. I believe it is the first time I see that.
(Normal NS RRset is ns-405.awsdns-50.com, ns-650.awsdns-17.net, ns-1515.awsdns-61.org, ns-1985.awsdns-56.co.uk. Hijacker's one is ns-650.awsdns-017.net, ns-1515.awsdns-061.org, ns-1985.awsdns-056.co.uk. Do you spot the difference?) _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations