My primary Earthlink nameserver is "220.127.116.11". Doing a dig on the DNS entry reports back a bogus IP:
ANSWER SECTION:rn www.google-analytics.com. 282 IN CNAME www-google-analytics.l.google.com.rn www-google-analytics.l.google.com. 222600 IN A 18.104.22.168
That IP address is bogus. A dig -x on it reports:
; <<>> DiG 9.2.4 <<>> -x 22.214.171.124
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1476
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;126.96.36.199.in-addr.arpa. IN PTR
;; ANSWER SECTION:
188.8.131.52.in-addr.arpa. 80872 IN PTR nuo.cn.
Nice... "nuo.cn". I sent an email to the Earthlink abuse team and also to Google security. Hopefully it gets fixed.