every day this domain is visited (20 Requests since 9:00 am)

Comments

3 comments

  • Avatar
    rotblitz

    How can you know if this domain has ever been visited without logging your web traffic?

    If it appears in your domain stats, then this indicates that the domain has been looked up in the Domain Name System (DNS) to possibly obtain its IP addresses, like this:

    nslookup api.654d4aa9653cd22888a6b24ef6c279a765582656.com.
    Server:  local
    Address:  10.165.161.13

    Non-authoritative answer:
    Name:    api.654d4aa9653cd22888a6b24ef6c279a765582656.com
    Addresses:  2400:cb00:2048:1::681b:88aa
              2400:cb00:2048:1::681b:89aa
              104.27.136.170
              104.27.137.170

    Does this indicate that it has ever been visited?  Not that I knew...

    This kind of domain is categorized as "Command and Control" in Umbrella.  This could indicate malware activity.  It might be a good idea to block DNS lookups for it.

    Also, what we know else is that this domain is DNS-hosted by CloudFlare:

    nslookup -type=ns 654d4aa9653cd22888a6b24ef6c279a765582656.com.
    Server:  local
    Address:  10.165.161.13

    Non-authoritative answer:
    654d4aa9653cd22888a6b24ef6c279a765582656.com    nameserver = jasmine.ns.cloudflare.com
    654d4aa9653cd22888a6b24ef6c279a765582656.com    nameserver = kevin.ns.cloudflare.com

    jasmine.ns.cloudflare.com       internet address = 173.245.58.170
    jasmine.ns.cloudflare.com       AAAA IPv6 address = 2400:cb00:2049:1::adf5:3aaa
    kevin.ns.cloudflare.com internet address = 173.245.59.191
    kevin.ns.cloudflare.com AAAA IPv6 address = 2400:cb00:2049:1::adf5:3bbf

    You want to get a MAC address?  MAC address of what and for what purpose?  The one of the device making this DNS lookups?  You had to run a network sniffer to find out.  MAC addresses cannot be seen on the internet and by cloud services like OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    totoisnot (Edited )

    Thank you,

    There is a lot of devices in my home network.
    OpenDNS is on 2 pc for kids, but I see this domain (and only this) when these pc are off…

    1/ There is another device with opendns (I don't remember set another DNS)
    2/ or there is something wrong with time/gmt…

    0
    Comment actions Permalink
  • Avatar
    rotblitz
    1. Correct, this is possible.
    2. Check it here: https://dashboard.opendns.com/myaccount/timezone
    0
    Comment actions Permalink

Please sign in to leave a comment.