0

Administer a DNS server running BIND DNS. We use dnstop to monitor queries. I have 173lo.com as top query with highest count and I'm wondering what the domain is, I can't find really useful information on the domain. Does anyone know about it?

dnstop output:

Query Name                Count      %   cum% 
--------------------- --------- ------ ------ 
173lo.com                257283    5.2    5.2 
google.com               208042    4.2    9.5 
blackberry.com           188231    3.8   13.3 
co.uk                    183011    3.7   17.0

Thank you.

Mathias R. Jessen
  • 25,161
  • 4
  • 63
  • 95
Ugorji Nnanna
  • 43
  • 1
  • 5
  • I'm not getting any DNS resolution on 173lo.com, and whois says the domain isn't taken? – DarkMoon Jul 30 '14 at 09:17
  • Ugorji, can you ping it and let us know what IP you get? – Spencer5051 Jul 30 '14 at 09:36
  • DarkMoon true, no resolution @Spencer5051 Thanks, it does not resolve here, another reason why I'm surprised, but still it is the top result from dnstop:
    Query Name Count % cum% --------------------- --------- ------ ------ 173lo.com 257283 5.2 5.2 google.com 208042 4.2 9.5 blackberry.com 188231 3.8 13.3 co.uk 183011 3.7 17.0     – Ugorji Nnanna Jul 30 '14 at 09:46
  • 2
    @DarkMoon This domain was registered on July 5th, 2014, to a private registrant. You are probably using a bad whois tool, if you can't see the registration. – Michael Hampton Jul 30 '14 at 17:47
  • @MichaelHampton I've looked a bit further and found the 5 July registration info. Thanks for the info; I was under the impression whois is whois is whois; I'll have to do some more research on that now... – DarkMoon Jul 30 '14 at 21:39

1 Answers1

1

ly.173lo.com appears to be the web site of an online game. My first suspicion is that someone is, or many people are, playing this game at work.

Obviously you should also check user workstations for unauthorized and malicious software. The game web site could be a cover for malicious activity.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972