Hacker News new | comments | show | ask | jobs | submit login

This isn't over yet - press dot linkedin.com (dont go there) is still pointing to the rogue server at

I'm trying to find other subdomains that might be still pointing there.

edit: i'm enumerating all the linkedin.com hosts using a dict. 80% of A records are returning the rogue IP 204.11

edit: 96 records still pointing at the rogue server, here is a dump I just uploaded:


What nameserver are you using?

against their primary NS ns1.linkedin.com

short TTL's on a lot of these domains

I just ran it again this time using Google name servers and still a lot of subdomains are pointing to the 214 server. confirmed it running against their NS, which means it hasn't been changed yet.

I've got my nameservice hardset through openDNS and it's resolving to, which is allocated to NASDAQ OMX according to ARIN...

The 214.-.-.- is some British Virgin Islands allocation?

I just got a message on twitter that 214.11 might be a DDoS mitigation service.. have emailed linkedin to find out what is what.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact