<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div></div><div>Yup. </div><div><br></div><div>There’s nothing like a little passively gathered evidence...</div><div>c/o Farsight’s passive DNS service.</div><div><br></div><div><div>;; bailiwick: <a href="http://datawire.net">datawire.net</a>.</div><div>;; count: 4</div><div>;; first seen: 2018-07-10 23:44:11 -0000</div><div>;; last seen: 2018-07-13 00:55:39 -0000</div><div><a href="http://vxn.datawire.net">vxn.datawire.net</a>. IN A 45.227.252.17</div></div><div><br></div><div><div>;; bailiwick: <a href="http://datawire.net">datawire.net</a>.</div><div>;; count: 5</div><div>;; first seen: 2018-07-10 23:44:12 -0000</div><div>;; last seen: 2018-07-13 00:57:51 -0000</div><div><a href="http://vxn1.datawire.net">vxn1.datawire.net</a>. IN A 45.227.252.17</div><div><br></div><div><div>;; bailiwick: <a href="http://datawire.net">datawire.net</a>.</div><div>;; count: 2</div><div>;; first seen: 2018-07-10 23:44:12 -0000</div><div>;; last seen: 2018-07-10 23:44:12 -0000</div><div><a href="http://vxn2.datawire.net">vxn2.datawire.net</a>. IN A 45.227.252.17</div></div><div><br></div><div><div>;; bailiwick: <a href="http://datawire.net">datawire.net</a>.</div><div>;; count: 6</div><div>;; first seen: 2018-07-10 23:44:13 -0000</div><div>;; last seen: 2018-07-13 00:56:07 -0000</div><div><a href="http://vxn3.datawire.net">vxn3.datawire.net</a>. IN A 45.227.252.17</div></div><div><br></div><div><div>;; bailiwick: <a href="http://datawire.net">datawire.net</a>.</div><div>;; count: 9</div><div>;; first seen: 2018-07-10 23:44:14 -0000</div><div>;; last seen: 2018-07-13 00:49:06 -0000</div><div><a href="http://vxn4.datawire.net">vxn4.datawire.net</a>. IN A 45.227.252.17</div></div><div><br></div><div><div><a href="http://prod.ssl53.com">prod.ssl53.com</a>. IN A 45.227.252.17</div><div><a href="http://vxn.datawire.net">vxn.datawire.net</a>. IN A 45.227.252.17</div><div><a href="http://vxn1.datawire.net">vxn1.datawire.net</a>. IN A 45.227.252.17</div><div><a href="http://vxn2.datawire.net">vxn2.datawire.net</a>. IN A 45.227.252.17</div><div><a href="http://vxn3.datawire.net">vxn3.datawire.net</a>. IN A 45.227.252.17</div><div><a href="http://vxn4.datawire.net">vxn4.datawire.net</a>. IN A 45.227.252.17</div><div>;;; Returned 6 RRs in 0.02 seconds.</div><div>;;; DNSDB</div></div><div><br></div><div>Data wire is <span style="background-color: rgba(255, 255, 255, 0);">First Data, however, t</span>hat outlier above.... </div><div><br></div><div><div>;; bailiwick: <a href="http://ssl53.com">ssl53.com</a>.</div><div>;; count: 17</div><div>;; first seen: 2018-07-13 00:48:09 -0000</div><div>;; last seen: 2018-07-13 01:00:26 -0000</div><div><a href="http://prod.ssl53.com">prod.ssl53.com</a>. IN A 45.227.252.17</div></div><div><br></div><div>= <span style="background-color: rgba(255, 255, 255, 0);">Vantiv, LLC, isn’t that Worldpay?</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">Hmmm. </span></div><div><br></div>On 5 Aug 2018, at 11:56, <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>> <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="Generator" content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
p.imprintuniqueid, li.imprintuniqueid, div.imprintuniqueid
{mso-style-name:imprintuniqueid;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--><div class="WordSection1"><p class="MsoNormal">Looks like Datawire did sweep it under the rug – here’s a Dyn blog written by Doug Madory about how the IP address space for Datawire’s nameservers were hijacked for a short time:<o:p></o:p></p><p class="MsoNormal"><a href="https://dyn.com/blog/bgp-dns-hijacks-target-payment-systems/">https://dyn.com/blog/bgp-dns-hijacks-target-payment-systems/</a><o:p></o:p></p><p class="MsoNormal">The July 10 incident would be Tuesday afternoon/early evening in the U.S.<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">Now its’ very clear why the payment processors wanted ISPs to flush Datawire’s host entries.<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">Frank <o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b>From:</b> Outages-discussion <<a href="mailto:outages-discussion-bounces@outages.org">outages-discussion-bounces@outages.org</a>> <b>On Behalf Of </b>Frank Bulk<br><b>Sent:</b> Tuesday, July 17, 2018 3:41 PM<br><b>To:</b> <a href="mailto:outages-discussion@outages.org">outages-discussion@outages.org</a><br><b>Subject:</b> Re: [Outages-discussion] [outages] Problem with credit card machine processing? "Datawire"<o:p></o:p></p></div></div><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">I had assumed that the VPS provider was their DR solution. =)<o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal">Frank <o:p></o:p></p><p class="MsoNormal"><o:p> </o:p></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b>From:</b> Randy McAnally <<a href="mailto:rsm@fast-serv.com">rsm@fast-serv.com</a>> <br><b>Sent:</b> Tuesday, July 17, 2018 3:07 PM<br><b>To:</b> Frank Bulk <<a href="mailto:frnkblk@iname.com">frnkblk@iname.com</a>><br><b>Cc:</b> <a href="mailto:outages-discussion@outages.org">outages-discussion@outages.org</a><br><b>Subject:</b> Re: [outages] Problem with credit card machine processing? "Datawire"<o:p></o:p></p></div></div><p class="MsoNormal"><o:p> </o:p></p><p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">45.227.252.17 + high TTL + ukraine VPS provider<o:p></o:p></span></p><p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">did first data just sweep this under the rug?<o:p></o:p></span></p><p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p><p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">On 07/16/2018 12:52 pm, Frank Bulk via Outages wrote:<o:p></o:p></span></p><blockquote style="border:none;border-left:solid #1010FF 1.5pt;padding:0in 0in 0in 5.0pt;margin-left:0in;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt"><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Just received this afternoon:<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">==================<o:p></o:p></span></p><p><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Support Team,</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">You have several business customers being affected by an ongoing issue. In order to resolve this, First Data is requesting that you clear the cache on all DNS servers being used to support them. We propagated a correction over 16 hours ago and know that Google DNS and others are translating correctly. Would you please help us assist your customers?</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">The correct resolutions are:<br><a href="http://vxn.datawire.net/">vxn.datawire.net</a> 216.220.36.75<br><a href="http://vxn1.datawire.net/">vxn1.datawire.net</a> 205.167.140.10<br><a href="http://vxn2.datawire.net/">vxn2.datawire.net</a> 64.243.142.36<br><a href="http://vxn3.datawire.net/">vxn3.datawire.net</a> 206.112.91.167<br><a href="http://vxn4.datawire.net/">vxn4.datawire.net</a> 63.240.199.76</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">If you are resolving it as anything starting with 45.x.x.x, it is incorrect. Please feel free to compare to the Google DNS resolution for confirmation.</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#333333">Please either reply all or call First Data's Network Operations at 888-377-8726 Option 3.</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#004165"><snip></span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D"><br>First Data, <em><span style="font-family:"Verdana",sans-serif">240 North Roosevelt Av</span></em></span><em><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span></em><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><em><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D">Chandler, Arizona 85226</span></em><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D"><br><br></span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">==================<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">That kind of confirms that the TTL for the 45.x.x.x record(s) were a bit too long – if they had been short, like they are now at 300 seconds, the issue would mostly have cleared up.<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><strong><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">From:</span></strong><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> Outages <<a href="mailto:outages-bounces@outages.org">outages-bounces@outages.org</a>> <strong><span style="font-family:"Verdana",sans-serif">On Behalf Of </span></strong>frnkblk--- via Outages<br><strong><span style="font-family:"Verdana",sans-serif">Sent:</span></strong> Friday, July 13, 2018 9:56 PM<br><strong><span style="font-family:"Verdana",sans-serif">To:</span></strong> 'Luke Guillory' <<a href="mailto:lguillory@reservetele.com">lguillory@reservetele.com</a>>; <a href="mailto:jayson@peakinter.net">jayson@peakinter.net</a>; <a href="mailto:outages@outages.org">outages@outages.org</a><br><strong><span style="font-family:"Verdana",sans-serif">Subject:</span></strong> Re: [outages] Problem with credit card machine processing? "Datawire"<o:p></o:p></span></p></div></div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Yes, we learned of issues late Wednesday morning after receiving reports from two and then three business customers. Indications suggest the issue started Tuesday evening. One local Dairy Queen and another 20 minutes away couldn't accept credit cards on Wednesday.<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">The request to preform DNS flushes of <a href="http://vxn.datawire.net">vxn.datawire.net</a> came to us Thursday afternoon from two of three customers who (eventually) called their credit card partners/processors. So we flushed our (ISP) caches and then encouraged those customers to power cycle their router and then their credit card machines, but that wasn't 100% successful for them, either. At that point we directed them back to their credit card partners/processors. It was interesting to see DNS resolution for <a href="http://vxn.datawire.net">vxn.datawire.net</a> pointing to a mixture of 216.220.36.75 (<a href="http://vxn.datawire.net">vxn.datawire.net</a>) and 45.227.252.17 (<a href="http://hosting-by.net4web.org">hosting-by.net4web.org</a>). Maybe it's normal that they have multiple, but on Wednesday it was just 216.220.36.75. The TTL for 45.227.252.17 was much longer (over 430,000) than 216.220.36.75 (about 300 seconds) and had a bad SSL certificate for <a href="https://vxn.datawire.net">https://vxn.datawire.net</a>. I suspect they moved some operations to another data center, but made a mistake with TTL.<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">All told we probably heard from six or seven different businesses.<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">More here:<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/ExecPro/status/1016860164983611392">https://twitter.com/ExecPro/status/1016860164983611392</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://status.cayan.com/issues/5b45477e8dc35afae9000fe6">https://status.cayan.com/issues/5b45477e8dc35afae9000fe6</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://status.cayan.com/issues/5b4546508dc35a5975000fdc">https://status.cayan.com/issues/5b4546508dc35a5975000fdc</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://status.cayan.com/issues/5b479ad48dc35ad03a0030e7">https://status.cayan.com/issues/5b479ad48dc35ad03a0030e7</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://status.cayan.com/issues/5b478b918dc35aff310030c9">https://status.cayan.com/issues/5b478b918dc35aff310030c9</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/TriphenTech/status/1016852856408690693">https://twitter.com/TriphenTech/status/1016852856408690693</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/C_Forrest/status/1017819893704593410">https://twitter.com/C_Forrest/status/1017819893704593410</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/Vicinity_7/status/1017800989347401728">https://twitter.com/Vicinity_7/status/1017800989347401728</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/pokehbar/status/1017796090052128769">https://twitter.com/pokehbar/status/1017796090052128769</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/glyngh/status/1017790958610493440">https://twitter.com/glyngh/status/1017790958610493440</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/tallbaby21/status/1017121159526133760">https://twitter.com/tallbaby21/status/1017121159526133760</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://twitter.com/devin_ledude/status/1017451556000522241">https://twitter.com/devin_ledude/status/1017451556000522241</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><a href="https://status.cayan.com/issues/5b478ba38dc35a3da80030d9">https://status.cayan.com/issues/5b478ba38dc35a3da80030d9</a><o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Frank <o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"># whob 216.220.36.75<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">IP: 216.220.36.75<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Origin-AS: 12188<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Prefix: 216.220.32.0/20<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">AS-Path: 18106 6939 12188<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">AS-Org-Name: Q9 Networks Inc.<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Org-Name: Q9 Networks Inc.<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Net-Name: Q9-NET1<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Cache-Date: 1531374425<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Latitude: 43.508330<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Longitude: -79.883333<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">City: Milton<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Region: Ontario<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Country: Canada<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Country-Code: CA<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"># whob 45.227.252.17<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">IP: 45.227.252.17<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Origin-AS: 58271<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Prefix: 45.227.252.0/24<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">AS-Path: 34224 12389 44125 201765 48882 58271<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">AS-Org-Name: VSERVER-AS<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Org-Name: This network range is not fully allocated to APNIC.<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Net-Name: IANA-NETBLOCK-45<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Cache-Date: 1531374425<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Latitude: 0.000000<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Longitude: 0.000000<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">City: NULL<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Region: NULL<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Country: NULL<o:p></o:p></span></p><p class="MsoPlainText"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Country-Code: NULL<o:p></o:p></span></p><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><strong><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">From:</span></strong><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> Outages <<a href="mailto:outages-bounces@outages.org">outages-bounces@outages.org</a>> <strong><span style="font-family:"Verdana",sans-serif">On Behalf Of </span></strong>Luke Guillory via Outages<br><strong><span style="font-family:"Verdana",sans-serif">Sent:</span></strong> Friday, July 13, 2018 9:18 PM<br><strong><span style="font-family:"Verdana",sans-serif">To:</span></strong> <a href="mailto:jayson@peakinter.net">jayson@peakinter.net</a>; <a href="mailto:outages@outages.org">outages@outages.org</a><br><strong><span style="font-family:"Verdana",sans-serif">Subject:</span></strong> Re: [outages] Problem with credit card machine processing? "Datawire"<o:p></o:p></span></p></div></div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><p class="imprintuniqueid"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">We had a customer call saying they needed is to clear dns cache because they couldn't process CCs.<o:p></o:p></span></p><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">One of my guys read about the large outage so when it came in we knew it wasn't anything to do with us. <o:p></o:p></span></p><div id="AppleMailSignature"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><em><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Sent from my iPhone</span></em><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><br>On Jul 13, 2018, at 9:04 PM, Jayson Baker via Outages <<a href="mailto:outages@outages.org">outages@outages.org</a>> wrote:<o:p></o:p></span></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222">Our folks have spent the better part of a day chasing an issue with a customer that had issues processing cards from their physical in-store terminal. That turned into 2, 3, and a handful more. </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222"> </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222">We finally got info that all of these impacted terminals connect to a company "Datawire" who went down last night at 1800 and came back up at 0800 this morning (unknown TZ). They continued to point to us as the issue until just a short while ago when some person at this Datawire admitted a large portion of the country may still be down. </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222"> </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222">Anyone else seeing anything like this? Perhaps it could save you chasing your tail as well.</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222"> </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222">Perhaps better for a discussions-list conversation, but... seriously... a credit card processing firm that has an outage like this? Hmm... </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><div><div><div><div><div><div><div><div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222"> </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div></div></div></div></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222"> </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222">Jayson</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222">Peak Internet</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p></div></div></div></div></div></div></div></div></div></blockquote></div><p class="imprintuniqueid"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse"><tbody><tr><td width="240" valign="top" style="width:2.5in;border:none;border-top:solid #CECECE 1.0pt;padding:7.5pt 0in 0in 0in"><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0"><tbody><tr><td style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif;color:#33358B">Luke</span><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#A0A0A0"> </span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif;color:#33358B">Guillory</span><o:p></o:p></p></td></tr><tr><td style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#EE5526">Vice President – Technology and Innovation</span><o:p></o:p></p></td></tr></tbody></table><p class="imprintuniqueid"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#A0A0A0"> </span><o:p></o:p></p></td><td valign="top" style="border-top:solid #CECECE 1.0pt;border-left:solid #CECECE 1.0pt;border-bottom:none;border-right:none;padding:7.5pt 0in 7.5pt 7.5pt"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt"><a href="http://www.rtconline.com"><span style="text-decoration:none"><img border="0" width="150" height="36" style="width:1.5625in;height:.375in" id="_x0000_i1025" src="cid:./?_task=mail&_id=4913030355b4e4b6a4fcd2&_action=display-attachment&_file=rcmfile11531857770050409300"></span></a></span><o:p></o:p></p></td></tr><tr><td style="border:none;border-bottom:solid #CECECE 1.0pt;padding:0in 0in 0in 0in"><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0"><tbody><tr><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B">Tel:</span><o:p></o:p></p></td><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B">985.536.1212</span><o:p></o:p></p></td></tr><tr><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B">Fax:</span><o:p></o:p></p></td><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B">985.536.0300</span><o:p></o:p></p></td></tr><tr><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B">Email:</span><o:p></o:p></p></td><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B"><a href="mailto:lguillory@reservetele.com">lguillory@reservetele.com</a></span><o:p></o:p></p></td></tr><tr><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B">Web:</span><o:p></o:p></p></td><td valign="top" style="padding:0in 0in 0in 0in"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B"><a href="http://www.rtconline.com">www.rtconline.com</a></span><o:p></o:p></p></td></tr></tbody></table></td><td valign="top" style="border-top:none;border-left:solid #CECECE 1.0pt;border-bottom:solid #CECECE 1.0pt;border-right:none;padding:0in 0in 7.5pt 7.5pt"><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#5C5B5B">Reserve Telecommunications <br>100 RTC Dr<br>Reserve, LA 70084</span><o:p></o:p></p></td></tr></tbody></table><p class="imprintuniqueid"><span style="font-size:7.0pt;font-family:"Verdana",sans-serif"> </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p class="imprintuniqueid"><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#FF6600"> </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><p class="imprintuniqueid" style="margin-bottom:12.0pt"><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#FF6600"><br></span><strong><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#CFCFCF;background:white">Disclaimer:</span></strong><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#CFCFCF;background:white"><br>The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material which should not disseminate, distribute or be copied. Please notify Luke Guillory</span><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#CFCFCF"> immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. <span style="background:white">Luke Guillory</span> therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p><div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">_______________________________________________<br>Outages mailing list<br><a href="mailto:Outages@outages.org">Outages@outages.org</a><br><a href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a><o:p></o:p></span></p></div></blockquote></div></div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">_______________________________________________<br>Outages mailing list<br><a href="mailto:Outages@outages.org">Outages@outages.org</a><br><a href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a><o:p></o:p></span></p></div></blockquote></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Outages-discussion mailing list</span><br><span><a href="mailto:Outages-discussion@outages.org">Outages-discussion@outages.org</a></span><br><span><a href="https://puck.nether.net/mailman/listinfo/outages-discussion">https://puck.nether.net/mailman/listinfo/outages-discussion</a></span><br></div></blockquote></body></html>