Thanks Guys, but I'm an idiot!
That was putty which I use from my PC to access the server, but it's very strange that it shows that I logged on from another (real) domain, and also it only started doing that at 9 this morning (from "last"command), before which it used my ip address, and there are some logons after 9 that still use my ip address.
Strange
Sorry guys
Steven