Thank you. I found the event in de IIS log. I did not see it yesterday, but did check it again based on your input. I found the ip number (which I would like to see in the DNN eventlog since not everybody who uses DNN has a dedicated server to look into the IIS logs themselves).
I found next IP and a trace: 86.189.49.42 on 213.121.251.21
Seems a British Telecom user with a fixed line.
tracert 213.121.251.21
Tracing route to 213.121.251.21 over a maximum of 30 hops
...
10 3 ms 3 ms 3 ms te1-3.ccr01.ams05.atlas.cogentco.com [149.6.128.
197]
11 4 ms 3 ms 3 ms te0-3-0-6.ccr21.ams03.atlas.cogentco.com [130.11
7.1.81]
12 10 ms 10 ms 10 ms te0-2-0-1.ccr21.fra03.atlas.cogentco.com [130.11
7.48.166]
13 11 ms 10 ms 10 ms bt.fra03.atlas.cogentco.com [130.117.15.114]
14 11 ms 10 ms 10 ms t2c1-ge13-0-0.de-fra.eu.bt.net [166.49.172.11]
15 21 ms 21 ms 21 ms t2c1-p10-0.uk-glo.eu.bt.net [166.49.195.77]
16 21 ms 21 ms 21 ms t2c1-p9-2.uk-eal.eu.bt.net [166.49.195.202]
17 21 ms 21 ms 21 ms 166-49-168-18.eu.bt.net [166.49.168.18]
18 22 ms 22 ms 21 ms core1-te0-10-0-0.ealing.ukcore.bt.net [62.6.200.
109]
19 26 ms 26 ms 26 ms core1-pos9-0.manchester.ukcore.bt.net [62.6.204.
194]
20 26 ms 27 ms 26 ms vhsaccess1-pos7-0.manchester.fixed.bt.net [62.6.
196.198]
21 29 ms 29 ms 30 ms ftip003178515.vhsaccess1.manchester.fixed-nte.bt
.net [86.189.49.42]
22 33 ms 33 ms 33 ms 213.121.251.21
Trace complete.
I had settings in the host settings doing some regex/ url rewrite. However, after upgrading to DNN 5.6.x those settings are lost.
Added the ip to the custom rewrite rules with a Regex to permanently redirect to
www.google.com
(213\.5\.*)|(213\.121\.*)
Now the question is how to report abuse at BT?
J