- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ip change domain name
hello, Reviewing the forti logs, I see traffic from the last 7 days from an IP whose domain is example.com, but 2 days later, reviewing the logs from the last 7 days, the same IP again, now the domain became otrodominiodiferente.com, even the Logs from previous days changed for the new domain. Why does this happen? How can I really know what web pages that person looks at?
Thanks,
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @van_sta,
What is the IP address are you referring to? You can try to resolve those domain names to see if the IP address is correct.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @van_sta
In some cases this can be normal behavior because many IP addresses on Internet are associated to multiple domain names.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the Ip is:
3.160.119.55 (download.jetbrains.com) today
3.160.119.55 (cmd.osano.com) this morning ( I'm not sure it started exactly with cmd. It was something very similar, but ends with osano.com)
3.160.119.55 (cdn.argentiniandomain.com.ar) last week the domain was a page from argentina.
With nslookup I get:
Address: 1.1.1.1
Name: server-3-160-119-55.eze50.r.cloudfront.net
Address: 3.160.119.55
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
- The data of "dstname" is obtained by a reverse DNS query for the IP address of "dstip", against the DNS servers configured under 'config system dns'.
- Check what DNS server is configured under the device configuration and you can check the PTR record for the IP address.
Reagrds,
Shiva