Suspicious DNS Queries
Posted: Sat Feb 13, 2021 12:24 am
Starting this week every time I launch qBittorrent my network IDS picks up a suspicious DNS query for a .tk .top or .pw domain.
Strangely, the DNS requests are sent to my internal server even when the host is connected to VPN.
A pre-boot malware scan did not detect anything malicious.
The issue persists after upgrading to the latest version of qBittorrent.
Are these the expected hashes for v4.3.3:
C:\Program Files (x86)\qBittorrent>fciv -md5 qbittorrent.exe
650e716e09b86e8300dddd0d55baae96 qbittorrent.exe
C:\Program Files (x86)\qBittorrent>fciv -md5 qbittorrent.pdb
f5aa356d0874f9e8691b37533143cd46 qbittorrent.pdb
Strangely, the DNS requests are sent to my internal server even when the host is connected to VPN.
A pre-boot malware scan did not detect anything malicious.
The issue persists after upgrading to the latest version of qBittorrent.
Are these the expected hashes for v4.3.3:
C:\Program Files (x86)\qBittorrent>fciv -md5 qbittorrent.exe
650e716e09b86e8300dddd0d55baae96 qbittorrent.exe
C:\Program Files (x86)\qBittorrent>fciv -md5 qbittorrent.pdb
f5aa356d0874f9e8691b37533143cd46 qbittorrent.pdb