Can I see which app attempted a certain DNS lookup?

I’m running Android 10 on a Moto G7. I’ve just discovered Blokada Slim, which I downloaded from the Play Store. It’s a great app! Thanks for making it available.

Something on my phone keeps trying to contact mail.aol.de, which is a bit creepy because I don’t have an AOL account and I don’t live in Germany. Is there a way to see which app it is? I’ve hunted around in the GUI and in the guides but not found a way to do it.

Thanks,

Markus

Hi,
There was a possibility to do so but that was rendered obsolete with the introduction of android 10.
Unluckily there’s no easy way to find out which app contacted which domain as of right now. You could try:
PCAPdroid (No-root network monitor and traffic dump tool for Android devices) - https://f-droid.org/packages/com.emanuelef.remote_capture
while not running blokada and switch blokada back on afterwards

2 Likes

Thanks for this recommendation – I appreciate it. PCAPdroid is another good program (also available from the Play Store for those who prefer), and I’ll be keeping it on my phone.

It’s amazing to see how chatty certain programs are, including Microsoft Teams and Google’s Carrier Services.

The program doing DNS lookups of AOL’s mail server is none other than a Sophos antivirus program – and it also tries to access example.org and www.example.com, which (as I’m sure you know) are real domains that are intended to be used in sample code and documentation without fear of legal challenges. So my guess is that someone has copied and pasted some code and not fully cleaned it up.