What is 67.63.55.3?

On my Mac, if I ping a single-word domain, I see:

PING asdfsad (67.63.55.3): 56 data bytes
64 bytes from 67.63.55.3: icmp_seq=0 ttl=241 time=93.308 ms
64 bytes from 67.63.55.3: icmp_seq=1 ttl=241 time=96.837 ms

etc.

This happens, as far as I can tell, for any single word.

I would expect it to return Unknown Host or some similar error. So why this IP?

Things I have determined:

A whois lookup tells me that it is related to Blucora... I've never heard of them before.

Traceroute returns:

Traceroute has started…

traceroute to hjhgfjh (67.63.55.3), 64 hops max, 72 byte packets

 1  10.0.1.1 (10.0.1.1)  1.114 ms  0.770 ms  0.729 ms
 2  10.240.184.81 (10.240.184.81)  8.935 ms  9.032 ms  10.116 ms
 3  433be0e1.cst.lightpath.net (67.59.241.225)  15.735 ms  11.319 ms  10.576 ms
 4  rtr1-ge1-3.mhe.whplny.cv.net (67.83.230.1)  14.493 ms  11.433 ms  15.134 ms
 5  r1-ge6-1.cst.nrwlct.cv.net (65.19.121.161)  16.598 ms  18.305 ms
    65.19.121.37 (65.19.121.37)  14.023 ms
 6  64.15.3.241 (64.15.3.241)  16.570 ms
    64.15.3.230 (64.15.3.230)  17.813 ms
    64.15.3.218 (64.15.3.218)  14.089 ms
 7  64.15.0.102 (64.15.0.102)  37.643 ms  37.702 ms  34.019 ms
 8  chi2-pr1-ae5-115.us.twtelecom.net (66.192.252.97)  35.458 ms  35.082 ms  34.808 ms
 9  sea1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.250.14)  98.257 ms  94.150 ms  116.695 ms
10  66-193-100-94.static.twtelecom.net (66.193.100.94)  94.599 ms  92.712 ms  94.271 ms
11  tuk01ef01-reth4.0.inspinc.ad (67.63.56.61)  95.860 ms  96.067 ms  96.450 ms
12  67.63.55.3 (67.63.55.3)  93.160 ms  92.671 ms  98.431 ms

So this establishes that it is an ISP thing, not an issue with my router/computer, right? Though isn't odd that my request is handled seemingly without an error, routed through my ISP (Optimum), though to Cablevision and tw Telecomm?

Then there is that last domain, inspinc.ad, which also tracks back to Blucora... visiting inspinc.ad doesn't work, and I can't ping it, but inspinc.com as well as inspinc.eu return Status: OK with no other information.

In my googling I was unable to find any answers, but I did find numerous results of people having this IP show up with invalid pings.

baum

Posted 2014-06-10T03:23:08.633

Reputation: 255

May I ask the downvoter for his/her objections? – baum – 2014-06-10T03:34:46.037

1Downvoter probably thinks you're jumping to conclusions without covering the basics. You probably get the same result for any nonexistent domain, not just single word. – NReilingh – 2014-06-10T04:03:14.903

Fair enough, however I did determine that things like "dragaste.esrgwe" just say unknown host. – baum – 2014-06-10T10:16:49.907

Answers

The issue here is that your DNS server is returning that address for gibberish domain requests.

If you run nslookup asdfsad in Terminal you'll see what DNS server is being queried.

When you access that IP in a web browser, you get back a not found page from Optimum online. My guess is that Optimum is your ISP, and they have configured your DNS servers to return a customized page to your browser when you access a domain that doesn't exist, rather than just let the browser fail.

You can experiment with defining your own DNS servers to override this behavior. People will commonly use OpenDNS services if they don't like or trust their ISPs, and OpenDNS will also catch common misspellings and redirect you to the right place (this also makes your browser safer if a misspelled domain is taken over by a phisher). Google also provides an easy-to-remember public DNS.

OpenDNS:

208.67.222.222
208.67.220.220

Google Public DNS:

8.8.8.8
8.8.4.4

NReilingh

Posted 2014-06-10T03:23:08.633

Reputation: 5 539

Ah, I hadn't seen you mentioned Optimum in your answer when I wrote this. – NReilingh – 2014-06-10T04:01:41.300

Yes, it does appear that the ISP is highjacking the DNS to show a 'domain not found' page. https://gwhois.org/response/?q=67.63.55.3

– iglvzx – 2014-06-10T04:43:11.230

Ok, I had seen that page before but not thought much of it (as I often see that page for unknown hosts). Thanks. – baum – 2014-06-10T10:18:57.017

Well, it turns out Optimum isn't as bad* as I thought. When navigating to one of these non-existent domains in my browser, I am shown the hijacked Optimum DNS Assistance page... with an option to opt-out of the service!

So opt out I did, and now all of my invalid DNS lookups return NXDOMAIN, as they should.

Granted, this only applies to Optimum customers, but it does serve as a reminder to look for a simpler solution first...

I'm going to leave NReilingh's answer as the accepted answer because that applies for everyone, not just Optimum customers.

*they're still pretty bad.

baum

Posted 2014-06-10T03:23:08.633

Reputation: 255