Anyone knows what 173lo.com is – top entry on my BIND DNS server

Ugorji Nnanna asked:

Administer a DNS server running BIND DNS. We use dnstop to monitor queries. I have 173lo.com as top query with highest count and I’m wondering what the domain is, I can’t find really useful information on the domain. Does anyone know about it?

dnstop output:

Query Name                Count      %   cum% 
--------------------- --------- ------ ------ 
173lo.com                257283    5.2    5.2 
google.com               208042    4.2    9.5 
blackberry.com           188231    3.8   13.3 
co.uk                    183011    3.7   17.0

Thank you.

My answer:


ly.173lo.com appears to be the web site of an online game. My first suspicion is that someone is, or many people are, playing this game at work.

Obviously you should also check user workstations for unauthorized and malicious software. The game web site could be a cover for malicious activity.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.