What is this suspicious recurring DNS lookup to gooo…ooooogle.com in my DNS logs?
I just switched my whole home network (about 100 devices, many IoT) to NextDNS.io. Upon checking the logs I noticed some requests recurring every few minutes to:
www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com
I did find some info here: https://www.reddit.com/r/pihole/comments/hi1s69/is/ which is linked to Samsung devices. I didn't link it to a specific device yet but I have one Samsung Galaxy S24 in my network. Nevertheless, very suspicious. Any ideas about this specific domain?
Some info I found:
Registrar WHOIS Server: whois.godaddy.com
ns1.parklogic.com
ns2.parklogic.com
FAIL: While quering domain's records, some of your name servers didn't responded. Name servers which didn't responded:
udp4:50.28.104.44
udp4:50.28.32.153
udp4:69.39.238.37
udp4:185.67.45.232
udp4:45.79.197.241
udp4:216.38.8.121
udp4:50.28.102.86
udp4:50.28.32.155
udp4:69.16.230.48
udp4:69.39.238.36
udp4:185.67.45.231
udp4:216.38.8.120
udp6:2607:fad0:3706:3::
udp6:2001:1850:1:5:102:e600::
udp6:2001:1850:1:5:103:1400::
VirusTotal community score -41: https://www.virustotal.com/gui/url/61bde25a865616e7694d3c5a9de4e8713576bb0448ad8a705a73cb91f5b40eea/community
Unshortened (after redirects): http://ww12.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com/?usid=26&utid=9670332509
Downloaded HTTP response body from that unshortened URL here: https://pastebin.com/xZYM5c1Q
Does anyone have any more information of what this could be linked to and if it should be considered malicious? I blocked it for now.
