It is all over the news today that Twitter was defaced yesterday. Lots of speculation regarding what happened, but that’s the alert I received yesterday from Sucuri Network Monitor:
Sucuri nbim: twitter.com DNS modified
Modifications:
3a4
< twitter.com has address 128.121.146.100
< twitter.com has address 168.143.162.52
> twitter.com has address 66.147.242.88
—
This alert was generated by the Sucuri Network Integrity Monitor. Log in to your dashboard at http://sucuri.net.
So we can see that it was indeed a DNS redirection attack and that probably their servers weren’t attacked directly.
If you are curious were they are hosting their DNS, here it is:
Domain Name: TWITTER.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS1.P26.DYNECT.NET
Name Server: NS2.P26.DYNECT.NET
Name Server: NS3.P26.DYNECT.NET
Name Server: NS4.P26.DYNECT.NET
Status: clientTransferProhibited
Updated Date: 27-may-2009
Creation Date: 21-jan-2000
Expiration Date: 21-jan-2018
If you tried to access their services last night, we recommend changing your password ASAP. If you want to monitor your own domain names for this kind of issue (for free), visit http://sucuri.net
John Castro
Ashley Sand
Luke Leal![More on Dnsden[.]biz Swipers and Radix Obfuscation](https://blog.sucuri.net/wp-content/uploads/2019/03/03192019-uncommon-radixes-uses-in-malware-obfuscation-update_blog-390x183.jpg)
Denis Sinegubko
Douglas Santos
Allison Bondi
Ben Martin
Cesar Anjos