Organization IP address is getting redirected to a website which does not belong to the organization.

Bhangui, Sandeep - BLS CTR Bhangui.Sandeep at bls.gov
Sat Sep 17 16:43:41 UTC 2016 

Thanks

We suspected that but network folks are not able to find any device with that IP on the BLS network.

Also it seems firewall folks claim they looked for the traffic coming in the BLS network and if the redirect is happening from a host which is 146.142.7.113 they should have seen some traffic correct and apparently we do not see any traffic.

Thanks
Sandeep


-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Lyle
Sent: Saturday, September 17, 2016 12:01 PM
To: bind-users at lists.isc.org
Subject: Re: Organization IP address is getting redirected to a website which does not belong to the organization.

On 09/17/16 10:51, Bhangui, Sandeep - BLS CTR wrote:
> Hi
>
> Not exactly sure whether this is a DNS issue but hoping someone here on this forum can provide some advice/suggestion as I am trying to figure out what is going on.
>
> Our organization BLS owns ( registered with the registrar )  the network address 146.142.xxx.xxx.
>
> But if someone  from the Internet [ outside of BLS network )  tries to go to "http://146.142.7.113"   it gets redirected to a site in UK called "us.watcheezy.com"
>
> I have checked the DNS from the BLS  side and we do not have any entry of  any kind for  the record  146.142.7.113 on our DNS.
>
> I have also done DNS lookups for watcheezy.com and those seem to be good too with respect to IP and the NS and as to what those NS are reporting.
>
> Can anyone throw some light on as to what is going on here.....does not look like a DNS issue to me but I could be wrong.
>
> Thanks
> Sandeep
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
There is a host listening on 146.142.7.113 tcp port 80. It's issuing a
302 redirect to http://www.watcheezy.com at ip address 37.187.76.95.  
That host is issuing a 301 redirect to http://us.watcheezy.com at 37.187.76.95.

Lyle Giese
LCR Computer Services, Inc.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list