1. perl.com
Contents
| /perl.com /ラブライブ |
Network Solution (Registrar) から、CN に移管されたとのこと。
- その手口が問題です。domain stolen
- a hijacking of Christiansen's account seems a possibility.
https://portswigger.net/daily-swig/domain-for-popular-programming-website-perl-com-stolen-in-hack
事件はここからか: 2020-09-28
https://twitter.com/DInvesting/status/1354778895749419013?s=20
1.1. domain 防衛
1.2. 復活
The state of Perl.com https://www.reddit.com/r/perl/comments/l8x21u/the_state_of_perlcom/
https://www.reddit.com/r/perl/comments/lbjlwv/looks_like_perlcom_is_back/
Domain Name: PERL.COM Registry Domain ID: 432086_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.rrpproxy.net Registrar URL: http://www.key-systems.net Updated Date: 2021-02-02T22:26:47Z Creation Date: 1994-08-16T04:00:00Z Registry Expiry Date: 2031-01-26T15:26:42Z Registrar: Key-Systems GmbH Registrar IANA ID: 269 Registrar Abuse Contact Email: abuse@key-systems.net Registrar Abuse Contact Phone: +49.68949396850 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.EU.BITNAMES.COM Name Server: NS1.US.BITNAMES.COM Name Server: NS2.EU.BITNAMES.COM Name Server: NS2.US.BITNAMES.COM Name Server: NS3.US.BITNAMES.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2021-02-03T09:27:12Z <<<
perl.com. 600 IN A 151.101.194.132 perl.com. 600 IN A 151.101.2.132 perl.com. 600 IN A 151.101.66.132 perl.com. 600 IN A 151.101.130.132 perl.com. 3600 IN MX 0 mail.indra.com.
https://news.ycombinator.com/item?id=25940240
bhartzer 4 days ago [–] Let’s call it what it is. It’s not a domain taken over by squatters. The domain was stolen. I’ve seen other domains get stolen recently, it seems to be about the same time. Patterns dot com Piracy dot com Perl dot com All stolen at around the same time.
- ドメインは盗まれた。taken overではない。
Domain Theft: https://domaingang.com/domain-crime/perl-com-a-1994-domain-has-been-stolen-by-busy-chinese-thief/
The domain Perl.com was moved away from Network Solutions, indicating a streamlined theft process that makes use of social engineering and the supply of fraudulent documents.
Source: https://domaingang.com/domain-crime/perl-com-a-1994-domain-has-been-stolen-by-busy-chinese-thief/
1.3. 経緯
twitter 上の情報から。
https://gigazine.net/news/20210201-perl-domain-stolen/
- 20年9月28日に何者かによって盗まれ
https://twitter.com/Berryhillj/status/1354795235537268739?s=20
- Here's your problem.... Starting point 9/2020.
https://twitter.com/Berryhillj/status/1354795616346525698?s=20
- Step 2 - move to CN on Christmas Day, keeping the nameservers the same..
https://twitter.com/Berryhillj/status/1354796345303977988?s=20
- Step 3 - move the domain name to another registrar, Key-Systems, or it was possibly sold to a buyer ostensibly in Moldova
https://twitter.com/Berryhillj/status/1354796447435206661?s=20
https://twitter.com/Berryhillj/status/1354795235537268739?s=20
John Berryhill @Berryhillj · 1月28日 Here's your problem.... Starting point 9/2020...
1.4. whois history
NSは最近変更された。
ns2.namefind.com
ns1.namefind.com
GoDaddy
2021-01-28 (4 days ago) 2021-02-01 (15 hours ago) 4 days
ns3.us.bitnames.com
ns2.us.bitnames.com
ns2.eu.bitnames.com
ns1.us.bitnames.com
ns1.eu.bitnames.com
Packet Host, Inc. DigitalOcean, LLC
2010-07-22 (10 years ago) 2021-01-28 (4 days ago) 10 years
perl.com. 3600 IN A 35.186.238.101
It wasn't until the last transfer that the IP addresses assigned to the domain were changed from 151.101.2.132 to the Google Cloud IP address 35.186.238[.]101.The IP address that perl.com is now hosted has a long history of being used in older malware campaigns and more recent ones.
mail.indra.com
Earthnet, Inc.
2017-05-26 (3 years ago) 2021-01-28 (4 days ago) 3 years
mail.perl.com
Google LLC
2008-09-01 (12 years ago) 2013-02-12 (7 years ago) 4 year
1.4.1. mail.perl.com
35.186.238.101
Google LLC
2021-01-27 (5 days ago) 2021-02-01 (15 hours ago) 5 days
204.144.142.1
‐ 2017-07-16 (3 years ago) 2021-01-27 (5 days ago) 3 years
199.45.135.9
‐ 2008-09-01 (12 years ago) 2017-07-16 (3 years ago) 8 years
1.4.2. 01 Feb.
Updated Date Raw: 2021-01-27 12:43:15 UTC Updated Date ISO8601: Wed, 27 Jan 2021 12:43:15 GMT Registrar name: Key-Systems GmbH WHOIS server: whois.rrpproxy.net
Parsed domain name: perl.com Created Date Raw: 1994-08-16 04:00:00 UTC Created Date ISO8601: Tue, 16 Aug 1994 04:00:00 GMT Expires Date Raw: 2031-01-26 15:26:42 UTC Expires Date ISO8601: Sun, 26 Jan 2031 15:26:42 GMT Updated Date Raw: 2021-01-27 12:43:15 UTC Updated Date ISO8601: Wed, 27 Jan 2021 12:43:15 GMT Registrar name: Key-Systems GmbH WHOIS server: whois.rrpproxy.net