I had a .gov visit my site today, but the Reverse DNS is from Taiwan. Were they hacked?
Domain: mail2.arlingtontx.gov IP Address: 97.65.254.121 Reverse DNS: 121.254.65.97.in-addr.arpa
UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
lammert
11:46 pm on Jan 9, 2015 (gmt 0)
Where did you see that the reverse DNS is from Taiwan? According to the whois info it is twtelecom.net. TW Telecom is a subsidiary of Level3 communications which is one of World's largest telecommunication and internet service providers with headquarters in the US.
EastTexas
11:53 pm on Jan 9, 2015 (gmt 0)
ip-tracker.org
lammert
12:00 am on Jan 10, 2015 (gmt 0)
This is my result:
Continent: North America (NA) Country: United States (US) Capital: Washington State: Texas City Location: Arlington
[edit] Ahh, I now understand, you did a whois lookup of 121.254.65.97 but that is not correct because the in-addr.arpa addresses are in reverse order. I.e. 121.254.65.97.in-addr.arpa represents 97.65.254.121, not 121.254.65.97. I was confused by the "TW telecom" company name which I thought you interpreted as a Taiwan Telecom company :)
[edited by: lammert at 12:05 am (utc) on Jan 10, 2015]
You posted when I was editing my previous post. in-addr.arpa addresses are not IP numbers, but have the same basic syntax as domain names. The most significant part of the in-addr.arpa name space is at the right, just as with domain names. Read it as:
arpa (Address and Routing Parameter Area) in-addr (IPv4 addresses) 97 (most significant eight bits of IP address) 65 (..) 254 (..) 121 (least significant eight bits of IP address)
EastTexas
1:11 am on Jan 10, 2015 (gmt 0)
I see now - the # is reversed... Reverse DNS: 121.254.65.97.in-addr.arpa
