As Pi-hole’s userbase has grown, so have the posts about people discovering interesting, perplexing, and nefarious things happening on their network. While Pi-hole doesn’t provide
deep insight into the traffic in your network, it’s great for a high-level overview of the sites/domains being visited on your network.
This is the fourth iteration of this type of post. It’s just an amalgamation of links to public forums where people have posted their discoveries and screenshots. Enjoy!
In case you missed the last iterations of this blog post, here are the links to them:
The layout for this blog post, will contain links to posts where people have discovered things happening on their networks via Pi-hole. If there is a screenshot, it will be posted below the link.
This format is intended so you can quickly get an idea of what people have discovered on their networks and then click on the ones you think are interesting.
A TP-LINK Wi-Fi extender generated tens of thousands of queries cg2.pw was queried every 10 minutes A weird spike in DNS queries when using IPSec was detected A large amount of requests to socket.wunderlist.com were detected This user noticed repeated queries to api.github.com An external client was querying Pi-hole 100,000 requests generated by Discord Quora.com suspiciously and continually queried their own domain, without user interaction A slow network was diagnosed with traffic querying Chinese domains 7fcaw.voluumtrk3.com was showing up as a client in the logs and querying yahoo.com A single, strange request was sent to mkt5707.com accscdn.taobao.com was showing up as a Top Client This user noticed lots of requests to mumucnc.cozow.com Advertisements on this network were being blocked in the middle of the night Queries were happening for host-213-14-82-99.reverse.superonline.net An access point was reaching out to Unifi every minute A server made 100 queries to some domain in France w.x.y.z consists of around 200,000 of queries with a 24 hour time span A device was noticed contacting a Russian mail server Crazy ring.com queries were happening on this network Another case of Samsung’s television spynet A ton of traffic to digitalrealty.com was noticed This user detected constant requests from a Roku 2 More Samsung telemetry woes Requests from an old employer’s domain noticed on a network Queries for the domain name + (just the plus symbol) Strange domains were noticed in query log that ended up being from Netflix Some 10,000 requests/hour from an IPv6 address Malware discovered and remediated thanks to Pi-hole This user noticed strange requests to vpn.0x00sec.org Massive amount of queries to usgs.gov were noticed on this network Microsoft and their spynet… It’s very noticeable that the Internet is off for this family’s Pi-hole during certain time periods 80,000 queries for BN4SCH101122705.wns.windows.com Another ASUS router gone wild Yet another smart TV gone wild And yet another smart TV running rampant with metrics This user simply discovered which machine on the network was the chattiest Queries for beacons[*].gvt2.com domains were noticed on this network 261 queries a day were being sent to http://asdjkljfjaowjfq.net Mozilla domains were pinging home via Firefox Strange requests were noticed to host-213-14-82-99.reverse.superonline.net.<your domain>