Suspicious DNS query coming from TV [closed]
While diagnosing a different issue, I noticed TCP DNS over port 53 traffic to this IP address coming from my TV. I captured traffic from my pflog interface where all traffic goes when it fails to match any other rule. I filtered traffic coming from the TV itself based on IP address.
The IP address I found via tcpdump -i pflog -nnn 'host <HOST_IP>' was: 110.100.101.49
I will not share the tcpdump since that contains private information unless I can easily remove sensitive information. The DNS query was for: ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org
Is this the 'correct' whois information:
whois 110.100.101.49
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.apnic.net
inetnum: 110.0.0.0 - 110.255.255.255
organisation: APNIC
status: ALLOCATED
whois: whois.apnic.net
changed: 2008-11
source: IANA
# whois.apnic.net
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '110.100.0.0 - 110.100.255.255'
% Abuse contact for '110.100.0.0 - 110.100.255.255' is 'ipas@cnnic.cn'
inetnum: 110.100.0.0 - 110.100.255.255
netname: CTTNET
descr: China Mobile Communications Group Co., Ltd.
descr: Mobile Communications Network Operator in China
descr: Internet Service Provider in China
country: CN
admin-c: CT74-AP
tech-c: CT74-AP
abuse-c: AC1601-AP
status: ALLOCATED NON-PORTABLE
mnt-by: MAINT-CN-CRTC
mnt-irt: IRT-CNNIC-CN
last-modified: 2023-09-18T02:27:04Z
source: APNIC
irt: IRT-CNNIC-CN
address: Beijing, China
e-mail: ipas@cnnic.cn
abuse-mailbox: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
auth: # Filtered
remarks: Please note that CNNIC is not an ISP and is not
remarks: empowered to investigate complaints of network abuse.
remarks: Please contact the tech-c or admin-c of the network.
mnt-by: MAINT-CNNIC-AP
last-modified: 2021-06-16T01:39:57Z
source: APNIC
role: ABUSE CNNICCN
country: ZZ
address: Beijing, China
phone: +000000000
e-mail: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
nic-hdl: AC1601-AP
remarks: Generated from irt object IRT-CNNIC-CN
abuse-mailbox: ipas@cnnic.cn
mnt-by: APNIC-ABUSE
last-modified: 2024-07-30T11:55:46Z
source: APNIC
role: chinamobile tech
address: 29, Jinrong Ave.,Xicheng district
address: Beijing
country: CN
phone: +86 5268 6688
fax-no: +86 5261 6187
e-mail: hostmaster@chinamobile.com
admin-c: HL1318-AP
tech-c: HL1318-AP
nic-hdl: ct74-AP
notify: hostmaster@chinamobile.com
mnt-by: MAINT-cn-cmcc
abuse-mailbox: abuse@chinamobile.com
last-modified: 2016-11-29T09:37:27Z
source: APNIC
% This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4)
That is not a common or publicly known DNS server such as Google 8.8.8.8, 8.8.4.4, 1.1.1.1, 9.9.9.9, etc. Is this cause for concern or should I not block traffic to this server?
