Multiple Repeated Requests every 2 minutes

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

Only check DNS lists/cache when making the request.

Actual Behaviour:

Repeated and multiple requests every 2 minutes to specific domain(s).

Debug Token:

https://tricorder.pi-hole.net/urxvpvev4n!

My desktop is making requests or at least checking the DNS for (freefilesync.org) every 2 minutes.
I do use that program on occasion but it's not running when these requests are made.
I used Microsoft Network Monitor to monitor the process making the request.
It looks like it's Windows 10 DNS calls. I've tried flushing my DNS, etc. I'm not sure why or what keeps
hammering pi-hole for this. I have it blocked currently, but something is just out of whack here.

2019-03-19 09:32:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - (0.1ms) Whitelist
2019-03-19 09:30:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - (0.2ms) Whitelist
2019-03-19 09:28:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - (0.1ms) Whitelist
2019-03-19 09:24:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - Whitelist
2019-03-19 09:22:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - Whitelist
2019-03-19 09:20:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - Whitelist
2019-03-19 09:18:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - Whitelist
2019-03-19 09:16:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - Whitelist
2019-03-19 09:14:14 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - Whitelist
2019-03-19 09:03:59 A www.freefilesync.org 192.168.1.234 Blocked (blacklist)
3

Even though the program is not running, it has installed a background process the continues to sync the files. This is common with file synchronization programs.

If you have it blocked, then the program keeps querying at an increased rate until it can phone home.

If you want to continue to use the program, then you will likely need to unblock this. If you don't want to use the program, then if you uninstall it the queries will cease.

With the returned TTL for that site of 600 seconds, this should be served from the cache in your Pi-Hole if not blocked.

4

To suppress, you could edit below file with administrator privileges on the Windows client:

C:\Windows\System32\drivers\etc\hosts

And add below at the bottom:

66.198.253.196 www.freefilesync.org

The PC wont ask Pi-hole anymore but uses the hosts file first to resolve.

5

This is not the case. There is no related process running. I am not running the real-time process for this. Task Manager and Services panel show no related processes running for freefilesync.

Microsoft Network Monitor 3.4 shows no process making this request except for a DNS call.

I did test this by uninstalling the app on another machine, but the calls keep happening. Somewhere in the DNS cache on Windows is an entry with a short TTL (my guess) or some other loop.

6

In this case, you should clear the DNS cache on the Windows machine and see if the queries to Pi-Hole stop.

ipconfig /flushdns

7

I have done that and after a reboot...the calls to freefilesync continue.

8

This rules out the DNS cache. There is still a process alive on the Windows machine making these requests.

9

That is my concern. But that claim was dismissed on their own forums. I just don't see anything related in my investigation.

10

As a test, you can boot Windows in safe mode and see if this resolves it.

11

Open a CMD prompt with admin privies and run below one to see running tasks/processes:

tasklist

And start killing suspects (after you google/duckduck them first):

taskkill /pid <PROCESS_ID>

12 
Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0          8 K
System                           4 Services                   0        156 K
Secure System                   72 Services                   0     38,444 K
Registry                       128 Services                   0     64,664 K
smss.exe                       488 Services                   0      1,132 K
csrss.exe                      672 Services                   0      5,156 K
wininit.exe                    780 Services                   0      6,480 K
csrss.exe                      788 Console                    1      5,416 K
services.exe                   856 Services                   0      9,868 K
LsaIso.exe                     872 Services                   0      2,804 K
lsass.exe                      884 Services                   0     17,280 K
winlogon.exe                  1004 Console                    1     60,024 K
svchost.exe                    352 Services                   0      3,900 K
svchost.exe                    572 Services                   0     24,216 K
fontdrvhost.exe                576 Services                   0      4,688 K
fontdrvhost.exe                656 Console                    1     11,020 K
svchost.exe                    912 Services                   0     13,076 K
svchost.exe                   1072 Services                   0      9,420 K
dwm.exe                       1164 Console                    1     61,444 K
svchost.exe                   1252 Services                   0     12,260 K
svchost.exe                   1316 Services                   0      6,820 K
svchost.exe                   1352 Services                   0      9,596 K
svchost.exe                   1368 Services                   0     11,464 K
svchost.exe                   1480 Services                   0     14,932 K
svchost.exe                   1524 Services                   0      5,924 K
svchost.exe                   1532 Services                   0     10,756 K
svchost.exe                   1560 Services                   0      5,296 K
svchost.exe                   1624 Services                   0     26,292 K
svchost.exe                   1652 Services                   0     17,888 K
svchost.exe                   1804 Services                   0      9,352 K
svchost.exe                   1872 Services                   0      9,160 K
WUDFHost.exe                  1912 Services                   0      8,136 K
atiesrxx.exe                  1948 Services                   0      5,804 K
svchost.exe                   1956 Services                   0      7,820 K
svchost.exe                   2044 Services                   0      7,860 K
svchost.exe                   2096 Services                   0     11,744 K
svchost.exe                   2176 Services                   0      8,312 K
svchost.exe                   2252 Services                   0      6,592 K
svchost.exe                   2360 Services                   0      9,680 K
svchost.exe                   2380 Services                   0      8,192 K
svchost.exe                   2540 Services                   0      8,784 K
svchost.exe                   2680 Services                   0      5,652 K
svchost.exe                   2688 Services                   0     12,624 K
svchost.exe                   2696 Services                   0      7,856 K
atieclxx.exe                  2708 Console                    1     11,844 K
svchost.exe                   2824 Services                   0      8,192 K
svchost.exe                   2848 Services                   0      7,244 K
svchost.exe                   2880 Services                   0      8,240 K
svchost.exe                   2888 Services                   0      7,992 K
svchost.exe                   2068 Services                   0     12,772 K
svchost.exe                   2956 Services                   0     14,908 K
svchost.exe                   3160 Services                   0      6,400 K
svchost.exe                   3244 Services                   0     11,820 K
svchost.exe                   3300 Services                   0     14,540 K
svchost.exe                   3340 Services                   0     36,168 K
svchost.exe                   3472 Services                   0     13,208 K
svchost.exe                   3532 Services                   0     12,188 K
spoolsv.exe                   3672 Services                   0     21,192 K
svchost.exe                   3680 Services                   0     17,580 K
svchost.exe                   3740 Services                   0     11,900 K
svchost.exe                   3800 Services                   0      6,912 K
svchost.exe                   3808 Services                   0     13,536 K
svchost.exe                   3816 Services                   0     20,520 K
BtwRSupportService.exe        3824 Services                   0      7,888 K
HauppaugeTVServer.exe         3832 Services                   0     15,160 K
WinTVExtender.exe             3840 Services                   0     13,800 K
MBAMService.exe               3848 Services                   0    181,448 K
OfficeClickToRun.exe          3920 Services                   0     57,092 K
svchost.exe                   3936 Services                   0      9,012 K
svchost.exe                   4008 Services                   0     13,064 K
svchost.exe                   4020 Services                   0      6,496 K
svchost.exe                   4052 Services                   0     20,024 K
svchost.exe                   4060 Services                   0      5,680 K
WTabletServicePro.exe         4068 Services                   0      7,640 K
WirelessKB850Notification     4076 Services                   0      5,840 K
MsMpEng.exe                   2632 Services                   0    153,140 K
SecurityHealthService.exe     2624 Services                   0     15,364 K
vmms.exe                      2976 Services                   0     23,508 K
svchost.exe                   4220 Services                   0      7,176 K
svchost.exe                   4428 Services                   0      5,400 K
dasHost.exe                   4448 Services                   0     20,436 K
Wacom_TabletUser.exe          4620 Console                    1      8,384 K
svchost.exe                   4744 Services                   0     12,508 K
WacomHost.exe                 4804 Console                    1     11,672 K
svchost.exe                   5344 Services                   0      9,240 K
WmiPrvSE.exe                  5556 Services                   0     42,668 K
svchost.exe                   5708 Services                   0      7,060 K
svchost.exe                   5752 Console                    1     21,640 K
sihost.exe                    5764 Console                    1     25,968 K
svchost.exe                   5996 Console                    1     29,624 K
taskhostw.exe                 5384 Console                    1     19,048 K
svchost.exe                   6428 Services                   0      7,496 K
svchost.exe                   6440 Services                   0      7,716 K
ctfmon.exe                    6604 Console                    1     15,676 K
svchost.exe                   6812 Services                   0      6,120 K
vmcompute.exe                 6820 Services                   0      7,196 K
explorer.exe                  7096 Console                    1    139,768 K
Wacom_Tablet.exe              1668 Console                    1     26,468 K
Wacom_TouchUser.exe           6916 Console                    1     14,592 K
svchost.exe                   6932 Services                   0     10,292 K
svchost.exe                   7200 Services                   0     17,972 K
svchost.exe                   7444 Services                   0     16,896 K
svchost.exe                   7792 Services                   0      9,408 K
CaptureGenPCI.exe             7832 Services                   0     17,704 K
svchost.exe                   8020 Services                   0      6,832 K
ShellExperienceHost.exe       7244 Console                    1     92,884 K
SearchUI.exe                  8388 Console                    1    164,924 K
RuntimeBroker.exe             8780 Console                    1     32,556 K
RuntimeBroker.exe             8856 Console                    1     34,160 K
svchost.exe                   9268 Services                   0      8,796 K
SettingSyncHost.exe           9316 Console                    1      4,000 K
NisSrv.exe                   10120 Services                   0     10,520 K
schtasks.exe                  9224 Console                    1        784 K
conhost.exe                   6336 Console                    1        824 K
Taskmgr.exe                   9824 Console                    1     47,596 K
MSASCuiL.exe                  9100 Console                    1      9,348 K
gsyncit.exe                   9968 Console                    1     74,120 K
chrome.exe                    9372 Console                    1    286,476 K
svchost.exe                   2872 Services                   0      8,560 K
SearchIndexer.exe             4944 Services                   0     54,020 K
chrome.exe                    1516 Console                    1      8,288 K
chrome.exe                    7232 Console                    1      8,784 K
WinTVTray.exe                 8792 Console                    1     29,956 K
chrome.exe                    4460 Console                    1    181,344 K
chrome.exe                    9852 Console                    1     61,076 K
chrome.exe                   10500 Console                    1     93,872 K
chrome.exe                   10516 Console                    1     47,900 K
jusched.exe                  10528 Console                    1      7,176 K
chrome.exe                   10540 Console                    1     36,416 K
chrome.exe                   10560 Console                    1     68,312 K
mbamtray.exe                 10572 Console                    1     39,744 K
chrome.exe                   10580 Console                    1     60,816 K
chrome.exe                   10604 Console                    1     52,136 K
EvernoteClipper.exe          10944 Console                    1     10,536 K
chrome.exe                   11336 Console                    1     23,960 K
chrome.exe                   11380 Console                    1     29,724 K
RadeonSettings.exe           12128 Console                    1     32,596 K
svchost.exe                   8828 Services                   0      5,968 K
AMDRSServ.exe                11812 Console                    1        304 K
amdow.exe                     6304 Console                    1      1,476 K
svchost.exe                  15392 Console                    1     11,656 K
AUEPLauncher.exe              1272 Services                   0      5,696 K
AUEPMaster.exe                3268 Services                   0     17,560 K
WmiPrvSE.exe                  7776 Services                   0     13,820 K
svchost.exe                  15740 Services                   0      9,704 K
sedsvc.exe                   13932 Services                   0     14,240 K
SgrmBroker.exe               10268 Services                   0      4,864 K
svchost.exe                  15824 Services                   0      8,896 K
AUEPUF.exe                     620 Console                    1      8,140 K
WmiPrvSE.exe                  7056 Services                   0     14,128 K
CCleaner64.exe               13220 Services                   0      1,284 K
CCleaner64.exe               13880 Services                   0      2,980 K
svchost.exe                  13588 Services                   0      8,564 K
audiodg.exe                  12744 Services                   0     11,648 K
SystemSettingsBroker.exe      7644 Console                    1     15,404 K
dllhost.exe                  15280 Console                    1     11,044 K
RuntimeBroker.exe            13272 Console                    1     25,968 K
svchost.exe                    820 Services                   0      6,636 K
svchost.exe                  15716 Services                   0     13,720 K
ApplicationFrameHost.exe     14632 Console                    1     30,488 K
SystemSettings.exe            8564 Console                    1     69,616 K
svchost.exe                   7084 Services                   0     11,868 K
chrome.exe                   14592 Console                    1    128,928 K
chrome.exe                   16080 Console                    1    116,208 K
smartscreen.exe              13240 Console                    1     21,296 K
CCleaner64.exe                2080 Console                    1     23,560 K
svchost.exe                   2196 Services                   0     21,388 K
OUTLOOK.EXE                  12248 Console                    1    259,048 K
SearchProtocolHost.exe       15560 Console                    1     11,516 K
SearchFilterHost.exe          9252 Services                   0      9,396 K
chrome.exe                    6596 Console                    1     23,164 K
backgroundTaskHost.exe        7364 Console                    1     16,608 K
cmd.exe                       7640 Console                    1      4,868 K
conhost.exe                  12612 Console                    1     16,268 K
tasklist.exe                  3780 Console                    1      7,508 K

and even with a complete uninstall from my main desktop... I still see requests

2019-03-19 22:38:03 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - (0.2ms) Whitelist
2019-03-19 22:36:03 A www.freefilesync.org 192.168.1.234 Blocked (blacklist) - (0.1ms)
13

Back to your original post on this thread - Pi-Hole is working exactly as expected. Pi-Hole is receiving requests from a connected client, and is answering those requests.

14

Ugh. .234 is my main desktop. FreeFileSync is NOT installed on this machine. I still see NO service or related process to this application running.

15

I see you are running MBAM, did you exclude the site with the MalwareBytes application?

16

OK. There is an exception for freefilesync in MBAM.

17

MBAM will query DNS for sites that are listed with it. Turn off MBAM and stop its service and see if that stops the flood of queries.

1 Like
18
1 Like
19

Perfect. Apologies. This appears resolved.

20

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.