<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Aug 27, 2013, at 4:09 PM, Grant Ridder <<a href="mailto:shortdudey123@gmail.com">shortdudey123@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">I think someone hijacked NYTimes dns...<br><br><a href="http://www.chicagotribune.com/business/technology/chi-new-york-times-website-20130827,0,3415996.story">http://www.chicagotribune.com/business/technology/chi-new-york-times-website-20130827,0,3415996.story</a><br>
<br><br>Non-authoritative answer:<br>Name:    <a href="http://nytimes.com/">nytimes.com</a><br>Address: 141.105.64.37<br><br>~~~<br>dig any <a href="http://nytimes.com/">nytimes.com</a><br><br>; <<>> DiG 9.8.3-P1 <<>> any <a href="http://nytimes.com/">nytimes.com</a><br>
;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15335<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2<br><br>;; QUESTION SECTION:<br>;<a href="http://nytimes.com/">nytimes.com</a>.            IN    ANY<br>
<br>;; ANSWER SECTION:<br><a href="http://nytimes.com/">nytimes.com</a>.        11560    IN    A    141.105.64.37<br><a href="http://nytimes.com/">nytimes.com</a>.        5    IN    NS    <a href="http://ns1.syrianelectronicarmy.com/">ns1.syrianelectronicarmy.com</a>.<br>
<a href="http://nytimes.com/">nytimes.com</a>.        5    IN    NS    <a href="http://ns2.syrianelectronicarmy.com/">ns2.syrianelectronicarmy.com</a>.<br></div></blockquote></div><br><div><br></div><div>From OpenDNS I see:  (208.67.222.222)</div><div><br></div><div><div>;; ANSWER SECTION:</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">               </span>10699<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>A<span class="Apple-tab-span" style="white-space:pre">   </span>141.105.64.37</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>10699<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>MX<span class="Apple-tab-span" style="white-space:pre">  </span>0 <a href="http://nytimes.com">nytimes.com</a>.</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>82699<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>NS<span class="Apple-tab-span" style="white-space:pre">  </span><a href="http://ns1.syrianelectronicarmy.com">ns1.syrianelectronicarmy.com</a>.</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>82699<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>NS<span class="Apple-tab-span" style="white-space:pre">  </span><a href="http://ns2.syrianelectronicarmy.com">ns2.syrianelectronicarmy.com</a>.</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>86399<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>SOA<span class="Apple-tab-span" style="white-space:pre"> </span><a href="http://ns5.boxsecured.com">ns5.boxsecured.com</a>. <a href="http://ssuliman.hotmail.co.uk">ssuliman.hotmail.co.uk</a>. 2013082703 86400 7200 3600000 86400</div></div><div><br></div><div><br></div><div>From Google DNS (8.8.8.8) I see:    note SOA is different:</div><div><br></div><div><div>;; ANSWER SECTION:</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>10897<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>MX<span class="Apple-tab-span" style="white-space:pre">  </span>0 <a href="http://nytimes.com">nytimes.com</a>.</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>18097<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>SOA<span class="Apple-tab-span" style="white-space:pre"> </span><a href="http://ns1.syrianelectronicarmy.com">ns1.syrianelectronicarmy.com</a>. admin.sea.sy. 2013082701 86400 7200 3600000 86400</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">           </span>18097<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>NS<span class="Apple-tab-span" style="white-space:pre">  </span><a href="http://ns2.syrianelectronicarmy.com">ns2.syrianelectronicarmy.com</a>.</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>18097<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>NS<span class="Apple-tab-span" style="white-space:pre">  </span><a href="http://ns1.syrianelectronicarmy.com">ns1.syrianelectronicarmy.com</a>.</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>10897<span class="Apple-tab-span" style="white-space:pre">       </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>A<span class="Apple-tab-span" style="white-space:pre">   </span>141.105.64.37</div></div><div><br></div><div><br></div><div>From our own resolver I see:</div><div><br></div><div><div>;; ANSWER SECTION:</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">               </span>154278<span class="Apple-tab-span" style="white-space:pre">      </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>NS<span class="Apple-tab-span" style="white-space:pre">  </span><a href="http://dns.sea1.nytimes.com">dns.sea1.nytimes.com</a>.</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="Apple-tab-span" style="white-space:pre">             </span>154278<span class="Apple-tab-span" style="white-space:pre">      </span>IN<span class="Apple-tab-span" style="white-space:pre">  </span>NS<span class="Apple-tab-span" style="white-space:pre">  </span><a href="http://dns.ewr1.nytimes.com">dns.ewr1.nytimes.com</a>.</div></div><div><br></div><div><br></div><div><br></div><div>As for what <a href="http://nytimes.com">nytimes.com</a> is resolving to, from trying a few places I see:</div><div><br></div><div><span style="color: rgb(44, 48, 52); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 16px; text-align: left; background-color: rgb(255, 255, 255); ">141.105.64.37  - </span>141.105.64.0/21 AS49335  (NCONNECT), where Shorefront Media, Inc/Navitel Rusconnect is registered for 141.105.64.0/26</div><div><span style="color: rgb(44, 48, 52); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 16px; text-align: left; background-color: rgb(255, 255, 255); ">170.149.172.130 - </span>170.149.0.0/16  (New York Times)</div><div><br></div><div><br></div></body></html>