[WLUG] 'Forbidden' website
Derek DeJonghe
mittendevelopment at gmail.com
Mon Dec 4 19:05:33 EST 2017
For what it's worth I dug into this a bit. A dig to moosejaw.com gave me
this response from google:
dig -i @8.8.8.8 moosejaw.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -i @8.8.8.8 moosejaw.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64671
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;moosejaw.com. IN A
;; ANSWER SECTION:
moosejaw.com. 299 IN A 52.10.51.5
;; Query time: 49 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Dec 04 18:56:32 EST 2017
;; MSG SIZE rcvd: 57
I know from experience that 52's have been mostly bought up by amazon but a
whois proved that:
whois 52.10.51.5
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#
#
# The following results may also be obtained via:
#
https://whois.arin.net/rest/nets;q=52.10.51.5?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange: 52.0.0.0 - 52.31.255.255
CIDR: 52.0.0.0/11
NetName: AT-88-Z
NetHandle: NET-52-0-0-0-1
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 1991-12-19
Updated: 2015-03-20
Ref: https://whois.arin.net/rest/net/NET-52-0-0-0-1
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2017-01-28
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we
will be unable to identify the correct owner of the IP address at that
point in time.
Ref: https://whois.arin.net/rest/org/AT-88-Z
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: abuse at amazonaws.com
OrgAbuseRef: https://whois.arin.net/rest/poc/AEA8-ARIN
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: amzn-noc-contact at amazon.com
OrgNOCRef: https://whois.arin.net/rest/poc/AANO1-ARIN
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-4064
OrgTechEmail: amzn-noc-contact at amazon.com
OrgTechRef: https://whois.arin.net/rest/poc/ANO24-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#
Now that we know they're on amazon we can reasonably assume that they're
using Route53 for DNS and as stated above a CDN ( CloudFront ). The IP and
hostname exposed when you did the ping says there's something wrong going
on:
> ping www.moosejaw.com
> PING b2b57520ef4f01311ce112313d08f98b.yottaa.net (204.2.133.51) 56(84)
> bytes of data.
Yottaa.net doesnt load itself but yottaa.com does, they probably use .com
for marketing and .net for work. They're another CDN so it's possible that
moosejaw moved from yottaa to cloudfront recently and there's dns caching
going on somewhere, or something malicious....
On Mon, Dec 4, 2017 at 6:55 PM, Derek DeJonghe <mittendevelopment at gmail.com>
wrote:
> Check /etc/resolv.conf to figure out who you're pointed at for DNS.
>
> After that do a dig @ that the name server you are using in resolv.conf
> then try another reputable source like google 8.8.8.8, 8.8.4.4, verisign
> 64.6.64.6. Others here: https://www.macecraft.com/best-dns-servers-free-
> public-tested/#1473500116491-fa205811-14f0
>
> If you get the same result from both, I would check your local cert/ca
> store to make sure you dont have some conflict there.
>
>
> On Mon, Dec 4, 2017 at 5:05 PM, Jim Irrer <irrer at umich.edu> wrote:
>
>> I've done the 'click through' when developing my own web site with
>> self-signed certs, but with Moosejaw there is a real credit card involved.
>>
>> Could there be a DNScache or certificate cache on my machine with bad
>> data?
>>
>> Thanks,
>>
>> - Jim
>>
>> Jim Irrer irrer at umich.edu (734) 647-4409
>> University of Michigan Hospital Radiation Oncology
>> 519 W. William St. Ann Arbor, MI 48103-4943
>>
>> On Mon, Dec 4, 2017 at 4:00 PM, Edward Birdsall <birdsall_99 at comcast.net>
>> wrote:
>>
>>> Hi,
>>>
>>> Firefox you to warn you butthen after a click or so let you go to the
>>> site. I use that if Chromium says "no way man".
>>>
>>> ed
>>>
>>> On Tue, 2017-12-05 at 02:44 +0800, Drew wrote:
>>> > As I said, warnings are fine. But the ultimate decision of whether to
>>> > pull in a web page should be mine.
>>> > ______________________________________________________
>>> > washlug mailing list washlug web site
>>> > washlug at washlug.org www.washlug.org
>>> > http://linux.marcdatabase.com/mailman/listinfo/washlug
>>> --
>>> ********************************************
>>> * Edward Birdsall birdsall_99 at comcast.net
>>> * ------------------------------------------
>>> * Note: e-mail may not be checked daily
>>> ********************************************
>>> ______________________________________________________
>>> washlug mailing list washlug web site
>>> washlug at washlug.org www.washlug.org
>>> http://linux.marcdatabase.com/mailman/listinfo/washlug
>>>
>>
>>
>> ______________________________________________________
>> washlug mailing list washlug web site
>> washlug at washlug.org www.washlug.org
>> http://linux.marcdatabase.com/mailman/listinfo/washlug
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linux.marcdatabase.com/pipermail/washlug/attachments/20171204/ad6af41b/attachment-0001.html>
More information about the washlug
mailing list