Part 4: What Really Happens On Your Network?

Part 4: What Really Happens On Your Network?

As Pi-hole’s userbase has grown, so have the posts about people discovering interesting, perplexing, and nefarious things happening on their network. While Pi-hole doesn’t provide deep insight into the traffic in your network, it’s great for a high-level overview of the sites/domains being visited on your network.

This is the fourth iteration of this type of post. It’s just an amalgamation of links to public forums where people have posted their discoveries and screenshots. Enjoy!

In case you missed the last iterations of this blog post, here are the links to them:

The layout for this blog post, will contain links to posts where people have discovered things happening on their networks via Pi-hole. If there is a screenshot, it will be posted below the link.

This format is intended so you can quickly get an idea of what people have discovered on their networks and then click on the ones you think are interesting.

A TP-LINK Wi-Fi extender generated tens of thousands of queries was queried every 10 minutes

A weird spike in DNS queries when using IPSec was detected

A large amount of requests to were detected

This user noticed repeated queries to

An external client was querying Pi-hole

100,000 requests generated by Discord suspiciously and continually queried their own domain, without user interaction

A slow network was diagnosed with traffic querying Chinese domains was showing up as a client in the logs and querying

A single, strange request was sent to was showing up as a Top Client

This user noticed lots of requests to

Advertisements on this network were being blocked in the middle of the night

Queries were happening for

An access point was reaching out to Unifi every minute

A server made 100 queries to some domain in France

w.x.y.z consists of around 200,000 of queries with a 24 hour time span

A device was noticed contacting a Russian mail server

Crazy queries were happening on this network

Another case of Samsung’s television spynet

A ton of traffic to was noticed

This user detected constant requests from a Roku 2

More Samsung telemetry woes

Requests from an old employer’s domain noticed on a network

Queries for the domain name + (just the plus symbol)

Strange domains were noticed in query log that ended up being from Netflix

Some 10,000 requests/hour from an IPv6 address

Malware discovered and remediated thanks to Pi-hole

This user noticed strange requests to

Massive amount of queries to were noticed on this network

Microsoft and their spynet…

It’s very noticeable that the Internet is off for this family’s Pi-hole during certain time periods

80,000 queries for

Another ASUS router gone wild

Yet another smart TV gone wild

And yet another smart TV running rampant with metrics

This user simply discovered which machine on the network was the chattiest

Queries for beacons[*] domains were noticed on this network

261 queries a day were being sent to

Mozilla domains were pinging home via Firefox

Strange requests were noticed to<your domain>

Comments are closed.