Content Delivery Network
This is probably part of a Content Delivery Network with a lot of political issues to consider.
If you try dig www.whitehouse.gov a
, underneath the answer section you'll see the following:
www.whitehouse.gov. 131 IN CNAME wildcard.whitehouse.gov.edgekey.net.
wildcard.whitehouse.gov.edgekey.net. 731 IN CNAME e4036.dscb.akamaiedge.net.
e4036.dscb.akamaiedge.net. 20 IN A 23.73.28.110
See the CNAME addresses? Try host -t A www.whitehouse.gov
for a better explanation:
www.whitehouse.gov is an alias for wildcard.whitehouse.gov.edgekey.net.
wildcard.whitehouse.gov.edgekey.net is an alias for e4036.dscb.akamaiedge.net.
e4036.dscb.akamaiedge.net has address 23.73.28.110
Do you notice that I'm getting a different IP address than you? Note the wildcard*edge*
portion? What is that? It's an edge server which is supposed to be closest to you.
Are you using a VPN on your Linux machine, or Windows Machine? Maybe one that's in Hong Kong, Hangzhou, or somewhere else in East Asia? Maybe your router is configured to use a VPN, or go through TOR?
The IP address you received belongs to Aliyun Computing Co. Ltd, which is part of the Alibaba Cloud/CDN suite.
But wait, how did we we get an Aliyun Cloud/CDN (Alibaba) IP address from Akamai? Aren't they competitors?
Again, are you using a VPN on your Linux machine, or Windows Machine? Maybe one that's in Hong Kong, Hangzhou, or somewhere else in East Asia? Maybe your router is configured to use a VPN, or go through TOR?
Akamai does operate in China, but...
Want to make money in China? You have to follow Beijing's rules. I think we just found something embarrassing for Akamai: in order to operate in China, they were likely forced into a partnership with them.
To do business in China, almost all foreign companies were previously required to hand over control of their intellectual property to a joint Chinese partner to be allowed to operate in the country.
Let's look at the IP you gave us: whois 139.129.57.70 | grep -i 'Ali\|Hangzhou'
:
netname: ALISOFT
descr: Aliyun Computing Co., LTD
descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou
e-mail: jiali.jl@alibaba-inc.com
address: No.391 Wen'er Road, Hangzhou City
e-mail: anti-spam@list.alibaba-inc.com
e-mail: cloud-cc-sqcloud@list.alibaba-inc.com
address: Hangzhou, Zhejiang, China
address: No.391 Wen'er Road, Hangzhou City
e-mail: guowei.pangw@alibaba-inc.com
In this case, the Akamai partner is likely Alibaba/Aliyun. This allows the Chinese government, if they so desire, to serve malicious content to visitors by way of the CDN.
Every single CDN is, in my opinion, MITM as a service.
Wireshark? You might be doing it wrong.
What if you did have a DNS hijacking/MITM issue of some sort? If you want to use Wireshark, you probably cannot do a packet capture between your router and computer unless the problem exists primarily on your Windows 10 machine. You'd simply be receiving whatever your router provides you with.
If there is no problem with your Windows 10 machine, then using Wireshark on your computer will likely not provide you any meaningful information. What if your router has been compromised?
What you could do is put a switch with port mirroring capabilities between your gateway and your router, and use the port mirror to see what's going on. Or a LAN throwing star. This way, you can see what your router is sending and receiving, and compare that to what Wireshark sees.