Closed minhhungit closed 1 month ago
One of the devices in your network attempted to resolve the FQDN ssd3.iltuohosting.it
, malwarebytes identified it as malware.
The issue is not related to Technitium DNS Server in any way
No @notherealmarco The antivirus just show that message when only I install technitium. It has never show that before installing dns server, and after uninstall the dns server. So I think the dns server might has problem
Thanks for the post. However, its what @notherealmarco already said. Some client on your network queried for that domain and the AV running on your DNS server picked it up.
Now that this shows up only after installing the DNS server is because now your client's DNS requests are coming to this server running Malwarebytes. Prior to that, those DNS request probably were going to your router directly.
This all assumes that you have downloaded the DNS server from the official website and not from any 3rd party website. I you have doubts about the downloaded file, you can verify the SHA256 hash of the file with the one published on the website.
Thanks for the quick reply, guys @ShreyasZare @notherealmarco
Just to provide more information:
You can find the SHA256 hash a bit below the download link:
Is there a way I can find out which application on my PC is sending requests to the domain or if there is some log somewhere?
Is there a way I can find out which application on my PC is sending requests to the domain or if there is some log somewhere?
Yes, there are DNS query logs that you can see from the admin panel. But, you have to enable query logging from settings first and only then the queries will be logged. You can also install the Query Logs (sqlite) app and check for logs in Logs > Query Logs section on the panel.
I found it; this is the problem: https://www.mesta-automation.com/feed
I have an RSS crawler on my PC, and it tried to fetch that channel. So, it's not related to Technitium.