I've seen other threads and explanations about weird queries, showing up in the Pi-Hole dashboard.
However, these seem like actual domains - at least syntax wise. What could be causing those? It doesn't really seem like some sort of virus. Also the device runs IOS so it's rather unlikely that this is an malicious app.
The pattern of the names themselves and them occuring in packs of mostly three reminds me of the way Chrome connects to three random domains at startup. But usually, Chrome would append the local search suffix to those random names, not com.
What browser are you using on your device?
See if you can correlate those lookups to your browser starting, and maybe search the net for this in conjunction with your browser make and model.
I mainly use Firefox, sometimes Safari. I could not find anything related to those browsers that could explain those queries.
Another explanation may be some bot software trying to contact ist C&C peers by means of DGA.
In that case, you should see some of those domains resolving to an actual IP address instead of coming back with NXDOMAIN.
All requests shown on your screenshots are NXDOMAIN, so you should be reasonably sure that it's not your ISP intercepting DNS errors with a redirection page when an IP address would indeed show up somewhere, but better double-check if you find one.
All of those requests returned NXDOMAIN. Also, I'm using DNSCrypt-Proxy so my ISP intercepting shouldn't be a problem.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.