Cloudflare used in DNS take over

maurice7 · October 19, 2023, 7:53pm

Hi All,
I work for an MSP, we have a client whose registrar account was takeover by an unknown party. Once they established control they redirected the name servers to Cloudflare. The account is now back in the hands of our client and DNS records have been returned to the correct values. So now want to figure out, as much as possible, what activities were carried out on the Cloudflare platform behind the vail but I have no idea who to contact to get access to any logs etc. We have captured some of the DNS records that were set up but need to know if these are proxied or not, MX records were also pointed to the Cloudflare servers but where did they go after hitting them if anywhere at all?

Any help that can be provided will be sincerely appreciated.

epic.network · October 21, 2023, 2:33am

Welcome to the Cloudflare Community

For security and privacy reasons no account details are available to anyone without account access.

If they resolved to Cloudflare IPs, they were proxied. I would be surprised if they weren’t.

Depending on the dollar amount involved in the crime, you may have some success working with law enforcement, but I wouldn’t expect too much.

You will be far better off expending your efforts developing controls to prevent similar future occurrences on both this and other clients.

system · November 5, 2023, 2:33am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Changing name servers away from CloudFlare DNS & Network	5	1908	January 20, 2022
DNS hacked - ownership under Cloudflare General	4	1118	August 16, 2023
How to access DNS DNS & Network	3	886	February 16, 2023
Unauthorized DNS Takeover with Cloudflare? Getting Started dns , dash-getting-started	4	4995	March 16, 2019
DNS record located in Cloudflare's system but i don't have access DNS & Network	8	1187	July 11, 2023

Cloudflare used in DNS take over

Related topics