Part 4: What Really Happens On Your Network?
As Pi-hole’s userbase has grown, so have the posts about people discovering interesting, perplexing, and nefarious things happening on their network. While Pi-hole doesn’t provide deep insight into the traffic in your network, it’s great for a high-level overview of the sites/domains being visited on your network.
This is the fourth iteration of this type of post. It’s just an amalgamation of links to public forums where people have posted their discoveries and screenshots. Enjoy!
In case you missed the last iterations of this blog post, here are the links to them:
- Part one: What Really Happens On Your Network?
- Part two: What Really Happens On Your Network?
- Part three: What Really Happens On Your Network?
- Part four: What Really Happens On Your Network?
- Part five: What Really Happens On Your Network?
- Part six: What Really Happens On Your Network?
- Part seven: What Really Happens On Your Network?
- Part eight: What Really Happens On Your Network?
The layout for this blog post, will contain links to posts where people have discovered things happening on their networks via Pi-hole. If there is a screenshot, it will be posted below the link.
This format is intended so you can quickly get an idea of what people have discovered on their networks and then click on the ones you think are interesting.
A TP-LINK Wi-Fi extender generated tens of thousands of queries
cg2.pw was queried every 10 minutes
A weird spike in DNS queries when using IPSec was detected
A large amount of requests to socket.wunderlist.com were detected
This user noticed repeated queries to api.github.com
An external client was querying Pi-hole
100,000 requests generated by Discord
Quora.com suspiciously and continually queried their own domain, without user interaction
A slow network was diagnosed with traffic querying Chinese domains
7fcaw.voluumtrk3.com was showing up as a client in the logs and querying yahoo.com
A single, strange request was sent to mkt5707.com
accscdn.taobao.com was showing up as a Top Client
This user noticed lots of requests to mumucnc.cozow.com
Advertisements on this network were being blocked in the middle of the night
Queries were happening for host-213-14-82-99.reverse.superonline.net
An access point was reaching out to Unifi every minute
A server made 100 queries to some domain in France
w.x.y.z consists of around 200,000 of queries with a 24 hour time span
A device was noticed contacting a Russian mail server
Crazy ring.com queries were happening on this network
Another case of Samsung’s television spynet
A ton of traffic to digitalrealty.com was noticed
This user detected constant requests from a Roku 2
Requests from an old employer’s domain noticed on a network
Queries for the domain name + (just the plus symbol)
Strange domains were noticed in query log that ended up being from Netflix
Some 10,000 requests/hour from an IPv6 address
Malware discovered and remediated thanks to Pi-hole
This user noticed strange requests to vpn.0x00sec.org
Massive amount of queries to usgs.gov were noticed on this network
It’s very noticeable that the Internet is off for this family’s Pi-hole during certain time periods
80,000 queries for BN4SCH101122705.wns.windows.com
Yet another smart TV gone wild
And yet another smart TV running rampant with metrics
This user simply discovered which machine on the network was the chattiest
Queries for beacons[*].gvt2.com domains were noticed on this network
261 queries a day were being sent to http://asdjkljfjaowjfq.net
Mozilla domains were pinging home via Firefox
Strange requests were noticed to host-213-14-82-99.reverse.superonline.net.<your domain>
Comments are closed.