I'm seeing DNS queries for A and AAAA records for jetstream.tour.in. tour.in doesn't exist. In 'Reporting', it accounted for somewhere around 10 percent of passed domains (making it the largest by far) before I put it in a blocklist. I'm almost certain that I don't have any malware on any of my devices. Has anyone else encountered this domain?
Nope. Is the client ip making the query not available to trace it ?
tour.in is registered but the name servers are not reachable. Anyone on your network planning to travel to India?
https://www.whois.com/whois/tour.in
Examining a packet capture, I was able to trace the requests back to my mail server, which is in a VM on a separate VLAN. I'll have to figure out why it's asking for this particular domain.
Because it want to send a mail there? Maybe a bounce?