Anyone know what this domain might be from?

Comments

3 comments

  • Avatar
    rotblitz

    It is DNS queries out of your network.  Nobody needs to be present to cause your network to raise DNS lookups.  Switched-on hardware with networking software is sufficient.

    Could be that it's left-over malware, but the sub domain does not exist or delegation is not orderly configured.  A lookup returns SERVFAIL.

    dig +trace j.e5.sk

    ; <<>> DiG 9.3.2 <<>> +trace j.e5.sk
    ;; global options:  printcmd
    .                       514879  IN      NS      l.root-servers.net.
    .                       514879  IN      NS      m.root-servers.net.
    .                       514879  IN      NS      j.root-servers.net.
    .                       514879  IN      NS      g.root-servers.net.
    .                       514879  IN      NS      c.root-servers.net.
    .                       514879  IN      NS      h.root-servers.net.
    .                       514879  IN      NS      i.root-servers.net.
    .                       514879  IN      NS      k.root-servers.net.
    .                       514879  IN      NS      f.root-servers.net.
    .                       514879  IN      NS      d.root-servers.net.
    .                       514879  IN      NS      e.root-servers.net.
    .                       514879  IN      NS      a.root-servers.net.
    .                       514879  IN      NS      b.root-servers.net.
    ;; Received 228 bytes from 192.168.2.1#53(192.168.2.1) in 0 ms

    sk.                     172800  IN      NS      a.tld.sk.
    sk.                     172800  IN      NS      c.tld.sk.
    sk.                     172800  IN      NS      ns.eunet.sk.
    sk.                     172800  IN      NS      ns.sk-nic.sk.
    sk.                     172800  IN      NS      ns1.sk-nic.sk.
    sk.                     172800  IN      NS      ns3.sk-nic.sk.
    sk.                     172800  IN      NS      sns-pb.isc.org.
    ;; Received 368 bytes from 199.7.83.42#53(l.root-servers.net) in 46 ms

    e5.sk.                  86400   IN      NS      h5-f5lb01-lsnr02-s.eset.com.
    e5.sk.                  86400   IN      NS      89.202.157.228.rev.eset.com.
    e5.sk.                  86400   IN      NS      h3-f5lb01-lsnr01-s.eset.com.
    ;; Received 132 bytes from 194.0.45.1#53(a.tld.sk) in 62 ms

    j.e5.sk.                86400   IN      NS      dnsj.e5.sk.
    ;; Received 76 bytes from 38.90.226.54#53(h5-f5lb01-lsnr02-s.eset.com) in 203 ms

    ;; Received 25 bytes from 91.228.167.87#53(dnsj.e5.sk) in 46 ms

  • Avatar
    david

    But the presense of this could mean a computer might have some form of nasty running on it? Or can it be safely ignored?

  • Avatar
    jedisct1

    These are totally legitimate queries from ESET if you enabled parental control/web control.

Please sign in to leave a comment.