It seems like a US provider XLHost.com/ee.net/AS10297 hijacked AWS Route53 prefixes few hours ago, provided their own DNS resolvers on these ranges and redirected visitors of MyEtherWallet.com to a Russian-based man-in-the-middle proxy, stealing customers’ wallets and funds.
That’s just gross.
https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f
https://twitter.com/barton_paul/status/988788348272734217
https://twitter.com/GossiTheDog/status/988873775285460992