![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
PSA: Twitter.com is currently compromised. Don't go there. See NOTE.
Trying to figure out why my traceroute to Twitter looks like this:
(This error message is why I originally started trying to track this down.) twttr.com is injecting itself into my Internet path to twitter.com. That means that somebody's name service (the one that determines which set of websites to use to get to [yoursitename].com has been compromised. Googling is giving me no love. Now I'm trying to figure out if there are any viruses on my husband's WinXP (!!!) laptop, which is my problem, or if somebody downstream on the DNS chain is compromised, which means I just sit around and wait.
Hi-ho, it's always Thursday somewhere in the world.
Edit: Not my problem. tracert.com says the same damn thing. http://tracert.com/traceroute?t=twitter.com
NOTE: Twitter.com is currently compromised. Don't go there until tracert.com shows the final link in the chain as twitter.com, not twttr.com.
Trying to figure out why my traceroute to Twitter looks like this:
Look carefully at step 9. Note that it's going through twttr.com. That site -- don't go there in your browser -- is a malware site. When it claims to go to www2.twitter.com, it's lying. That causes this Chrome error:
Tracing route to twitter.com [199.59.149.198]
over a maximum of 30 hops:
1 2 ms 1 ms <1 ms 10.0.0.1
2 8 ms 10 ms 10 ms 50.152.134.1
3 9 ms 12 ms 11 ms te-0-7-0-14-sur03.sanmateo.ca.sfba.comcast.net [162.151.30.153]
4 12 ms 11 ms 11 ms te-0-1-0-4-ar01.sfsutro.ca.sfba.comcast.net [69.139.199.66]
5 13 ms 11 ms 15 ms he-1-8-0-0-cr01.sanjose.ca.ibone.comcast.net [68.86.91.229]
6 11 ms 14 ms 11 ms 50.242.148.34
7 12 ms 12 ms 11 ms ae-2-70.edge2.SanJose3.Level3.net [4.69.152.81]
8 11 ms 13 ms 11 ms 4.53.210.50
9 33 ms 39 ms 28 ms ae53.smf1-er2.twttr.com [199.16.159.41]
10 24 ms 23 ms 26 ms www2.twitter.com [199.59.149.198]
Trace complete.
Cannot connect to the real twitter.com
Something is currently interfering with your secure connection to twitter.com.
...
twitter.com normally uses encryption (SSL) to protect your information. When Chrome tried to connect to twitter.com this time, twitter.com returned unusual and incorrect credentials. Either an attacker is trying to pretend to be twitter.com, or a Wi-Fi sign-in screen has interrupted the connection.
twitter.com normally uses encryption (SSL) to protect your information. When Chrome tried to connect to twitter.com this time, twitter.com returned unusual and incorrect credentials. Either an attacker is trying to pretend to be twitter.com, or a Wi-Fi sign-in screen has interrupted the connection.
(This error message is why I originally started trying to track this down.) twttr.com is injecting itself into my Internet path to twitter.com. That means that somebody's name service (the one that determines which set of websites to use to get to [yoursitename].com has been compromised. Googling is giving me no love. Now I'm trying to figure out if there are any viruses on my husband's WinXP (!!!) laptop, which is my problem, or if somebody downstream on the DNS chain is compromised, which means I just sit around and wait.
Hi-ho, it's always Thursday somewhere in the world.
Edit: Not my problem. tracert.com says the same damn thing. http://tracert.com/traceroute?t=twitter.com
1?: [LOCALHOST] pmtu 1500 1: router1-nac.linode.com 0.523ms 1: router1-nac.linode.com 0.449ms 2: 207.99.53.41 0.595ms 3: vlan801.tbr1.mmu.nac.net 0.355ms 4: 0.e1-1.tbr1.tl9.nac.net 1.412ms 5: 0.e2-1.pr2.tl9.nac.net 1.413ms 6: Twitter 1.652ms 7: xe-1-0-0.iad1-cr2.twttr.com 21.784ms asymm 6
NOTE: Twitter.com is currently compromised. Don't go there until tracert.com shows the final link in the chain as twitter.com, not twttr.com.
