Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
van_sta
New Contributor III

ip change domain name

hello, Reviewing the forti logs, I see traffic from the last 7 days from an IP whose domain is example.com, but 2 days later, reviewing the logs from the last 7 days, the same IP again, now the domain became otrodominiodiferente.com, even the Logs from previous days changed for the new domain. Why does this happen? How can I really know what web pages that person looks at?

Thanks,

4 REPLIES 4
hbac
Staff
Staff

Hi @van_sta,

 

What is the IP address are you referring to? You can try to resolve those domain names to see if the IP address is correct. 

 

Regards, 

AEK
Honored Contributor

Hi @van_sta

In some cases this can be normal behavior because many IP addresses on Internet are associated to multiple domain names.

AEK
AEK
van_sta
New Contributor III

the Ip  is: 

3.160.119.55 (download.jetbrains.com) today

3.160.119.55 (cmd.osano.com) this morning ( I'm not sure it started exactly with cmd. It was something very similar, but ends with osano.com)

3.160.119.55 (cdn.argentiniandomain.com.ar) last week the domain was a page from argentina.

With nslookup I get:

Address: 1.1.1.1

Name: server-3-160-119-55.eze50.r.cloudfront.net
Address: 3.160.119.55

smaruvala
Staff
Staff

Hi,

 

- The data of "dstname" is obtained by a reverse DNS query for the IP address of "dstip", against the DNS servers configured under 'config system dns'. 

- Check what DNS server is configured under the device configuration and you can check the PTR record for the IP address.

 

Reagrds,

Shiva

 

Labels
Top Kudoed Authors