<div dir="ltr">For what it's worth I dug into this a bit. A dig to <a href="http://moosejaw.com">moosejaw.com</a> gave me this response from google: <br><br><div>dig -i @<a href="http://8.8.8.8">8.8.8.8</a> <a href="http://moosejaw.com">moosejaw.com</a></div><div><br></div><div>; <<>> DiG 9.10.3-P4-Ubuntu <<>> -i @<a href="http://8.8.8.8">8.8.8.8</a> <a href="http://moosejaw.com">moosejaw.com</a></div><div>; (1 server found)</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64671</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</div><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 512</div><div>;; QUESTION SECTION:</div><div>;<a href="http://moosejaw.com">moosejaw.com</a>.<span style="white-space:pre"> </span>IN<span style="white-space:pre"> </span>A</div><div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://moosejaw.com">moosejaw.com</a>.<span style="white-space:pre"> </span>299<span style="white-space:pre"> </span>IN<span style="white-space:pre"> </span>A<span style="white-space:pre"> </span>52.10.51.5</div><div><br></div><div>;; Query time: 49 msec</div><div>;; SERVER: 8.8.8.8#53(8.8.8.8)</div><div>;; WHEN: Mon Dec 04 18:56:32 EST 2017</div><div>;; MSG SIZE rcvd: 57</div><div><br><br>I know from experience that 52's have been mostly bought up by amazon but a whois proved that: </div><div><br><br><div>whois 52.10.51.5</div><div><br></div><div>#</div><div># ARIN WHOIS data and services are subject to the Terms of Use</div><div># available at: <a href="https://www.arin.net/whois_tou.html">https://www.arin.net/whois_tou.html</a></div><div>#</div><div># If you see inaccuracies in the results, please report at</div><div># <a href="https://www.arin.net/public/whoisinaccuracy/index.xhtml">https://www.arin.net/public/whoisinaccuracy/index.xhtml</a></div><div>#</div><div><br></div><div><br></div><div>#</div><div># The following results may also be obtained via:</div><div># <a href="https://whois.arin.net/rest/nets;q=52.10.51.5?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2">https://whois.arin.net/rest/nets;q=52.10.51.5?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2</a></div><div>#</div><div><br></div><div>NetRange: 52.0.0.0 - 52.31.255.255</div><div>CIDR: <a href="http://52.0.0.0/11">52.0.0.0/11</a></div><div>NetName: AT-88-Z</div><div>NetHandle: NET-52-0-0-0-1</div><div>Parent: NET52 (NET-52-0-0-0-0)</div><div>NetType: Direct Allocation</div><div>OriginAS: </div><div>Organization: Amazon Technologies Inc. (AT-88-Z)</div><div>RegDate: 1991-12-19</div><div>Updated: 2015-03-20</div><div>Ref: <a href="https://whois.arin.net/rest/net/NET-52-0-0-0-1">https://whois.arin.net/rest/net/NET-52-0-0-0-1</a></div><div><br></div><div><br></div><div><br></div><div>OrgName: Amazon Technologies Inc.</div><div>OrgId: AT-88-Z</div><div>Address: 410 Terry Ave N.</div><div>City: Seattle</div><div>StateProv: WA</div><div>PostalCode: 98109</div><div>Country: US</div><div>RegDate: 2011-12-08</div><div>Updated: 2017-01-28</div><div>Comment: All abuse reports MUST include:</div><div>Comment: * src IP</div><div>Comment: * dest IP (your IP)</div><div>Comment: * dest port</div><div>Comment: * Accurate date/timestamp and timezone of activity</div><div>Comment: * Intensity/frequency (short log extracts)</div><div>Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.</div><div>Ref: <a href="https://whois.arin.net/rest/org/AT-88-Z">https://whois.arin.net/rest/org/AT-88-Z</a></div><div><br></div><div><br></div><div>OrgAbuseHandle: AEA8-ARIN</div><div>OrgAbuseName: Amazon EC2 Abuse</div><div>OrgAbusePhone: +1-206-266-4064 </div><div>OrgAbuseEmail: <a href="mailto:abuse@amazonaws.com">abuse@amazonaws.com</a></div><div>OrgAbuseRef: <a href="https://whois.arin.net/rest/poc/AEA8-ARIN">https://whois.arin.net/rest/poc/AEA8-ARIN</a></div><div><br></div><div>OrgNOCHandle: AANO1-ARIN</div><div>OrgNOCName: Amazon AWS Network Operations</div><div>OrgNOCPhone: +1-206-266-4064 </div><div>OrgNOCEmail: <a href="mailto:amzn-noc-contact@amazon.com">amzn-noc-contact@amazon.com</a></div><div>OrgNOCRef: <a href="https://whois.arin.net/rest/poc/AANO1-ARIN">https://whois.arin.net/rest/poc/AANO1-ARIN</a></div><div><br></div><div>OrgTechHandle: ANO24-ARIN</div><div>OrgTechName: Amazon EC2 Network Operations</div><div>OrgTechPhone: +1-206-266-4064 </div><div>OrgTechEmail: <a href="mailto:amzn-noc-contact@amazon.com">amzn-noc-contact@amazon.com</a></div><div>OrgTechRef: <a href="https://whois.arin.net/rest/poc/ANO24-ARIN">https://whois.arin.net/rest/poc/ANO24-ARIN</a></div><div><br></div><div><br></div><div>#</div><div># ARIN WHOIS data and services are subject to the Terms of Use</div><div># available at: <a href="https://www.arin.net/whois_tou.html">https://www.arin.net/whois_tou.html</a></div><div>#</div><div># If you see inaccuracies in the results, please report at</div><div># <a href="https://www.arin.net/public/whoisinaccuracy/index.xhtml">https://www.arin.net/public/whoisinaccuracy/index.xhtml</a></div><div>#</div></div><div><br><br><br>Now that we know they're on amazon we can reasonably assume that they're using Route53 for DNS and as stated above a CDN ( CloudFront ). The IP and hostname exposed when you did the ping says there's something wrong going on:<br><br><span style="font-size:12.8px">> ping </span><a href="http://www.moosejaw.com/" rel="noreferrer" target="_blank" style="font-size:12.8px">www.moosejaw.com</a><br style="font-size:12.8px"><span style="font-size:12.8px">> PING </span><a href="http://b2b57520ef4f01311ce112313d08f98b.yottaa.net/" rel="noreferrer" target="_blank" style="font-size:12.8px">b2b57520ef4f01311ce112313d08f9<wbr>8b.yottaa.net</a><span style="font-size:12.8px"> (204.2.133.51) 56(84)</span><br style="font-size:12.8px"><span style="font-size:12.8px">> bytes of data.<br></span><br></div><div><br></div><div>Yottaa.net doesnt load itself but <a href="http://yottaa.com">yottaa.com</a> does, they probably use .com for marketing and .net for work. They're another CDN so it's possible that moosejaw moved from yottaa to cloudfront recently and there's dns caching going on somewhere, or something malicious....</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 4, 2017 at 6:55 PM, Derek DeJonghe <span dir="ltr"><<a href="mailto:mittendevelopment@gmail.com" target="_blank">mittendevelopment@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Check /etc/resolv.conf to figure out who you're pointed at for DNS. <div><br></div><div>After that do a dig @ that the name server you are using in resolv.conf then try another reputable source like google 8.8.8.8, 8.8.4.4, verisign 64.6.64.6. Others here: <a href="https://www.macecraft.com/best-dns-servers-free-public-tested/#1473500116491-fa205811-14f0" target="_blank">https://www.macecraft.<wbr>com/best-dns-servers-free-<wbr>public-tested/#1473500116491-<wbr>fa205811-14f0</a><br><br>If you get the same result from both, I would check your local cert/ca store to make sure you dont have some conflict there. </div><div> </div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 4, 2017 at 5:05 PM, Jim Irrer <span dir="ltr"><<a href="mailto:irrer@umich.edu" target="_blank">irrer@umich.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>I've done the 'click through' when developing my own web site with self-signed certs, but with Moosejaw there is a real credit card involved.<br><br></div></div>Could there be a DNScache or certificate cache on my machine with bad data?<br><div class="gmail_extra"><span><br clear="all"><div><div class="m_-7754785672063462267m_2685207124077878198gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Thanks,<br><br>- Jim<br><br>Jim Irrer <a href="mailto:irrer@umich.edu" target="_blank">irrer@umich.edu</a> <a href="tel:(734)%20647-4409" value="+17346474409" target="_blank">(734) 647-4409</a><br>University of Michigan Hospital Radiation Oncology<br>519 W. William St. Ann Arbor, MI 48103-4943</div></div></div>
<br></span><div><div class="m_-7754785672063462267h5"><div class="gmail_quote">On Mon, Dec 4, 2017 at 4:00 PM, Edward Birdsall <span dir="ltr"><<a href="mailto:birdsall_99@comcast.net" target="_blank">birdsall_99@comcast.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Firefox you to warn you butthen after a click or so let you go to the<br>
site. I use that if Chromium says "no way man".<br>
<br>
ed<br>
<div class="m_-7754785672063462267m_2685207124077878198HOEnZb"><div class="m_-7754785672063462267m_2685207124077878198h5"><br>
On Tue, 2017-12-05 at 02:44 +0800, Drew wrote:<br>
> As I said, warnings are fine. But the ultimate decision of whether to<br>
> pull in a web page should be mine.<br>
> ______________________________<wbr>________________________<br>
> washlug mailing list washlug web site<br>
> <a href="mailto:washlug@washlug.org" target="_blank">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
> <a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
</div></div><span class="m_-7754785672063462267m_2685207124077878198HOEnZb"><font color="#888888">--<br>
******************************<wbr>**************<br>
* Edward Birdsall <a href="mailto:birdsall_99@comcast.net" target="_blank">birdsall_99@comcast.net</a><br>
* ------------------------------<wbr>------------<br>
* Note: e-mail may not be checked daily<br>
******************************<wbr>**************<br>
</font></span><div class="m_-7754785672063462267m_2685207124077878198HOEnZb"><div class="m_-7754785672063462267m_2685207124077878198h5">______________________________<wbr>________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org" target="_blank">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
</div></div></blockquote></div><br></div></div></div></div>
<br>______________________________<wbr>________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org" target="_blank">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>