もう少し厳密に言うと、

IPv4:74.217.128.160

つながらない

IPv4:66.147.242.88

のっとられ画面

という感じです。DNSがやられているのでしょうか。前者の方の更新間隔は990秒ですが、前者の方は30秒にになっています。

; <<>> DiG 9.6.0-APPLE-P2 <<>> twitter.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14639
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;twitter.com.			IN	A

;; ANSWER SECTION:
twitter.com.		990	IN	A	74.217.128.160

;; AUTHORITY SECTION:
twitter.com.		67108	IN	NS	ns2.p26.dynect.net.
twitter.com.		67108	IN	NS	ns4.p26.dynect.net.
twitter.com.		67108	IN	NS	ns1.p26.dynect.net.
twitter.com.		67108	IN	NS	ns3.p26.dynect.net.

;; ADDITIONAL SECTION:
ns1.p26.dynect.net.	66813	IN	A	208.78.70.26
ns2.p26.dynect.net.	66813	IN	A	204.13.250.26
ns3.p26.dynect.net.	66813	IN	A	208.78.71.26
ns4.p26.dynect.net.	66813	IN	A	204.13.251.26

;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Dec 18 15:46:02 2009
;; MSG SIZE  rcvd: 195

; <<>> DiG 9.3.3 <<>> twitter.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16803
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;twitter.com.			IN	A

;; ANSWER SECTION:
twitter.com.		30	IN	A	66.147.242.88

;; AUTHORITY SECTION:
twitter.com.		33034	IN	NS	ns4.p26.dynect.net.
twitter.com.		33034	IN	NS	ns1.p26.dynect.net.
twitter.com.		33034	IN	NS	ns2.p26.dynect.net.
twitter.com.		33034	IN	NS	ns3.p26.dynect.net.

;; ADDITIONAL SECTION:
ns1.p26.dynect.net.	33034	IN	A	208.78.70.26
ns2.p26.dynect.net.	33034	IN	A	204.13.250.26
ns3.p26.dynect.net.	33034	IN	A	208.78.71.26
ns4.p26.dynect.net.	33034	IN	A	204.13.251.26

;; Query time: 71 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 18 15:47:01 2009
;; MSG SIZE  rcvd: 195

Dan the Tweeter

P.S. TechCrunchにも記事が。

• Twitter Hacked, Defaced By “Iranian Cyber Army” (Developing)

P^2.S: どうやら蘇った模様

; <<>> DiG 9.6.0-APPLE-P2 <<>> twitter.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65034
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;twitter.com.			IN	A

;; ANSWER SECTION:
twitter.com.		58	IN	A	128.121.146.100
twitter.com.		58	IN	A	168.143.161.20

;; AUTHORITY SECTION:
twitter.com.		65850	IN	NS	ns2.p26.dynect.net.
twitter.com.		65850	IN	NS	ns4.p26.dynect.net.
twitter.com.		65850	IN	NS	ns3.p26.dynect.net.
twitter.com.		65850	IN	NS	ns1.p26.dynect.net.

;; ADDITIONAL SECTION:
ns1.p26.dynect.net.	65555	IN	A	208.78.70.26
ns2.p26.dynect.net.	65555	IN	A	204.13.250.26
ns3.p26.dynect.net.	65555	IN	A	208.78.71.26
ns4.p26.dynect.net.	65555	IN	A	204.13.251.26

;; Query time: 6 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Dec 18 16:07:00 2009
;; MSG SIZE  rcvd: 211

P^3.S: 以下、ギーク向け。「乗っ取りサイト」の概要

% telnet 66.147.242.88 http
Trying 66.147.242.88...
Connected to box488.bluehost.com.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: box488.bluehost.com

HTTP/1.1 200 OK
Date: Fri, 18 Dec 2009 08:04:33 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635
Accept-Ranges: bytes
Connection: close
Content-Type: text/html

Connection closed by foreign host.

% telnet 66.147.242.88 http
Trying 66.147.242.88...
Connected to box488.bluehost.com.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: twitter.com

HTTP/1.1 200 OK
Date: Fri, 18 Dec 2009 08:04:48 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635
Last-Modified: Fri, 18 Dec 2009 06:21:13 GMT
ETag: "90c06a-717-47afabf13c840"
Accept-Ranges: bytes
Content-Length: 1815
Connection: close
Content-Type: text/html

Connection closed by foreign host.

% telnet 66.147.242.88 http
Trying 66.147.242.88...
Connected to box488.bluehost.com.
Escape character is '^]'.
HEAD /statuses/user_timeline.json
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635 Server at box488.bluehost.com Port 80</address>
</body></html>
Connection closed by foreign host.

ここから推察できるのは、

• サイトは普通のレンタルサーバーで、apacheもプリインストールされたものそのまま使っている
• 本来のtwitterでBASIC認証を使っているURIまでは用意していない

ということ。もちろん裏でtcpdumpを動かすなど、これでも認証記録を取ろうと思えば取れるので100%大丈夫とは言えないけれどもその蓋然性はかなり低そうだ。