On Aug 27, 2013, at 4:09 PM, Grant Ridder <shortdudey123@gmail.com> wrote:
I think someone hijacked NYTimes dns...
http://www.chicagotribune.com/business/technology/chi-new-york-times-website...
Non-authoritative answer: Name: nytimes.com Address: 141.105.64.37
~~~ dig any nytimes.com
; <<>> DiG 9.8.3-P1 <<>> any nytimes.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15335 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION: ;nytimes.com. IN ANY
;; ANSWER SECTION: nytimes.com. 11560 IN A 141.105.64.37 nytimes.com. 5 IN NS ns1.syrianelectronicarmy.com. nytimes.com. 5 IN NS ns2.syrianelectronicarmy.com.
From OpenDNS I see: (208.67.222.222) ;; ANSWER SECTION: nytimes.com. 10699 IN A 141.105.64.37 nytimes.com. 10699 IN MX 0 nytimes.com. nytimes.com. 82699 IN NS ns1.syrianelectronicarmy.com. nytimes.com. 82699 IN NS ns2.syrianelectronicarmy.com. nytimes.com. 86399 IN SOA ns5.boxsecured.com. ssuliman.hotmail.co.uk. 2013082703 86400 7200 3600000 86400 From Google DNS (8.8.8.8) I see: note SOA is different: ;; ANSWER SECTION: nytimes.com. 10897 IN MX 0 nytimes.com. nytimes.com. 18097 IN SOA ns1.syrianelectronicarmy.com. admin.sea.sy. 2013082701 86400 7200 3600000 86400 nytimes.com. 18097 IN NS ns2.syrianelectronicarmy.com. nytimes.com. 18097 IN NS ns1.syrianelectronicarmy.com. nytimes.com. 10897 IN A 141.105.64.37 From our own resolver I see: ;; ANSWER SECTION: nytimes.com. 154278 IN NS dns.sea1.nytimes.com. nytimes.com. 154278 IN NS dns.ewr1.nytimes.com. As for what nytimes.com is resolving to, from trying a few places I see: 141.105.64.37 - 141.105.64.0/21 AS49335 (NCONNECT), where Shorefront Media, Inc/Navitel Rusconnect is registered for 141.105.64.0/26 170.149.172.130 - 170.149.0.0/16 (New York Times)