google.ps hacked

Looks like google.ps got its dns hacked.

Update below
Update 2- Looks like its a .ps registry hack rather!(based on HN)
Update 3 - Alls well again

[anshup@aero ~]$ host google.ps
google.ps has address 41.77.118.2
google.ps mail is handled by 0 google.ps.

[anshup@aero ~]$ host 41.77.118.2
2.118.77.41.in-addr.arpa domain name pointer abubakr.genious.net.

[anshup@aero ~]$ sudo nmap 41.77.118.2

Starting Nmap 6.40 ( http://nmap.org ) at 2013-08-26 23:33 IST
Nmap scan report for abubakr.genious.net (41.77.118.2)
Host is up (0.21s latency).
Not shown: 981 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp closed ssh
25/tcp open smtp
26/tcp open rsftp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
389/tcp closed ldap
443/tcp open https
465/tcp open smtps
554/tcp open rtsp
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
2000/tcp closed cisco-sccp
3306/tcp open mysql
7070/tcp open realserver

[anshup@aero ~]$ dig NS google.ps

; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> NS google.ps
;; global options: +cmd
;; Got answer:
;; ->>HEADER< ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.ps. IN NS

;; ANSWER SECTION:
google.ps. 21590 IN NS omar.genious.net.
google.ps. 21590 IN NS hamza.genious.net.

;; Query time: 2 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Mon Aug 26 23:48:13 IST 2013
;; MSG SIZE rcvd: 77

[anshup@aero ~]$ dig @8.8.8.8 google.ps

; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> @8.8.8.8 google.ps
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER< ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.ps. IN A

;; ANSWER SECTION:
google.ps. 7367 IN A 41.77.118.2

;; Query time: 14 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Aug 26 23:50:56 IST 2013
;; MSG SIZE rcvd: 54

UPDATE:

Looks like www.google.ps is fine whereas google.ps is hacked.

[anshup@aero ~]$ host www.google.ps
www.google.ps has address 74.125.236.55
www.google.ps has address 74.125.236.63
www.google.ps has address 74.125.236.56
www.google.ps has IPv6 address 2404:6800:4007:800::1018

[anshup@aero ~]$ host google.ps
google.ps has address 41.77.118.2
google.ps mail is handled by 0 google.ps.

Also, the site hosting the hacked google site seems to belong to this guy:

https://twitter.com/ElZakaria
https://www.facebook.com/preemptif

Update 2
Based on Hacker News, looks like its a .ps registry hack rather.
https://news.ycombinator.com/item?id=6278976
Looks like similar to the .ro (romanian) registry hack late last year.

Update 3

At around 0530 Hrs IST (0000 UTC), aug 27th, the DNS at genious.net seems to have been re-populated with proper gooogle ips.

;; ANSWER SECTION:
google.ps. 7349 IN NS omar.genious.net.
google.ps. 7349 IN NS hamza.genious.net.

;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 27 05:20:01 BDT 2013
;; MSG SIZE rcvd: 88

;; ANSWER SECTION:
google.ps. 299 IN A 74.125.236.50
google.ps. 299 IN A 74.125.236.49
google.ps. 299 IN A 74.125.236.52
google.ps. 299 IN A 74.125.236.48
google.ps. 299 IN A 74.125.236.51

;; Query time: 86 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 27 05:20:01 BDT 2013
;; MSG SIZE rcvd: 118

This because the TTL for the genious.net DNS was quite high preventing the google SOA from propagating.

At around 0722 IST, the SOA TTL expired from google's own 8.8.8.8 DNS.

;; ANSWER SECTION:
google.ps. 149 IN NS omar.genious.net.
google.ps. 149 IN NS hamza.genious.net.

;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 27 07:20:01 BDT 2013
;; MSG SIZE rcvd: 88

;; ANSWER SECTION:
google.ps. 299 IN A 74.125.236.52
google.ps. 299 IN A 74.125.236.49
google.ps. 299 IN A 74.125.236.51
google.ps. 299 IN A 74.125.236.48
google.ps. 299 IN A 74.125.236.50

;; Query time: 93 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 27 07:20:01 BDT 2013
;; MSG SIZE rcvd: 118
;; ANSWER SECTION:
google.ps. 21599 IN NS ns2.google.com.
google.ps. 21599 IN NS ns3.google.com.
google.ps. 21599 IN NS ns1.google.com.
google.ps. 21599 IN NS ns4.google.com.

;; Query time: 114 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 27 07:30:01 BDT 2013
;; MSG SIZE rcvd: 120

Screenshot from 2013-08-26 23:49:27

Written on August 26, 2013