So I’m having trouble connecting to the Ali Express web server this evening and decided to investigate a little. What I found surprised me… owen@odmbpro3-3 ~ % openssl s_client -connect www.aliexpress.com:443 CONNECTED(00000005) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 verify return:1 depth=0 C = CN, ST = \E6\B5\99\E6\B1\9F\E7\9C\81, L = \E6\9D\AD\E5\B7\9E\E5\B8\82, O = Alibaba Cloud Computing Ltd., CN = ae01.alicdn.com verify return:1 … certificate stuff, blah blah from Akamai, routine… SSL-Session: Protocol : TLSv1.3 Cipher : AEAD-CHACHA20-POLY1305-SHA256 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1702187128 Timeout : 7200 (sec) Verify return code: 0 (ok) --- read R BLOCK read R BLOCK GET / HTTP/1.1 Host: www.aliexpress.com HTTP/1.1 302 Moved Temporarily Content-Type: text/html Content-Length: 258 Location: http://33.3.37.57/ Access-Control-Allow-Origin: https://hz.aliexpress.com Server: Tengine/Aserver EagleEye-TraceId: 2103253917021871367418570ec8e3 Strict-Transport-Security: max-age=31536000 Timing-Allow-Origin: * Date: Sun, 10 Dec 2023 05:45:36 GMT Connection: keep-alive Set-Cookie: ali_apache_id=33.3.37.57.1702187136742.612980.2; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=65 Server-Timing: origin; dur=3 Server-Timing: ak_p; desc="1702187128314_400069768_2521981097_6837_5323_25_43_-";dur=1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>302 Found</title></head> <body bgcolor="white"> <h1>302 Found</h1> <p>The requested resource resides temporarily under a different URI.</p> <hr/>Powered by Tengine</body> </html> … OK, so far so good, though the hard coded IP redirect is a bit odd. Especially when you consider this: NetRange: 33.0.0.0 - 33.255.255.255 CIDR: 33.0.0.0/8 NetName: DISN-IP-LEGACY NetHandle: NET-33-0-0-0-1 Parent: () NetType: Direct Allocation OriginAS: Organization: DoD Network Information Center (DNIC) RegDate: 1991-01-01 Updated: 2013-09-11 Ref: https://rdap.arin.net/registry/ip/33.0.0.0 OrgName: DoD Network Information Center OrgId: DNIC Address: 3990 E. Broad Street City: Columbus StateProv: OH PostalCode: 43218 Country: US RegDate: Updated: 2011-08-17 Ref: https://rdap.arin.net/registry/entity/DNIC OrgTechHandle: REGIS10-ARIN OrgTechName: Registration OrgTechPhone: +1-844-347-2457 OrgTechEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil OrgTechRef: https://rdap.arin.net/registry/entity/REGIS10-ARIN OrgAbuseHandle: REGIS10-ARIN OrgAbuseName: Registration OrgAbusePhone: +1-844-347-2457 OrgAbuseEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil OrgAbuseRef: https://rdap.arin.net/registry/entity/REGIS10-ARIN OrgTechHandle: MIL-HSTMST-ARIN OrgTechName: Network DoD OrgTechPhone: +1-844-347-2457 OrgTechEmail: disa.columbus.ns.mbx.hostmaster-dod-nic@mail.mil OrgTechRef: https://rdap.arin.net/registry/entity/MIL-HSTMST-ARIN Which seems in line with the announcement of that address I’m seeing: owen@delong-fmt2-mx-01> show route 33.3.37.57 inet.0: 947480 destinations, 2018685 routes (947480 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 33.0.0.0/8 *[BGP/170] 1w6d 05:39:58, localpref 2000 AS path: 6939 3356 749 I, validation-state: unverified > to 64.71.131.26 via ge-2/0/0.0 [BGP/170] 1w6d 05:35:29, localpref 100, from 192.124.40.252 AS path: 36236 2914 3356 749 I, validation-state: unverified > via gr-2/3/0.70 (AS749 is also DISA/DDI) But why would AliExpress be redirecting to DDN space? Is this legitimate? Ali hoping to get away with squatting, or something else? Owen