Part 4: What Really Happens On Your Network?

Originally published at: https://pi-hole.net/2017/09/01/part-4-what-really-happens-on-your-network/

As Pi-hole's userbase has grown, so have the posts about people discovering interesting, perplexing, and nefarious things happening on their network. While Pi-hole doesn't provide deep insight into the traffic in your network, it's great for a high-level overview of the sites/domains being visited on your network.

This is the fourth iteration of this type of post. It's just an amalgamation of links to public forums where people have posted their discoveries and screenshots. Enjoy!

In case you missed the last iterations of this blog post, here are the links to them:


The layout for this blog post, will contain links to posts where people have discovered things happening on their networks via Pi-hole. If there is a screenshot, it will be posted below the link.

This format is intended so you can quickly get an idea of what people have discovered on their networks and then click on the ones you think are interesting.

A TP-LINK Wi-Fi extender generated tens of thousands of queries

cg2.pw was queried every 10 minutes

A weird spike in DNS queries when using IPSec was detected

A large amount of requests to socket.wunderlist.com were detected

This user noticed repeated queries to api.github.com

An external client was querying Pi-hole

100,000 requests generated by Discord

Quora.com suspiciously and continually queried their own domain, without user interaction

A slow network was diagnosed with traffic querying Chinese domains

7fcaw.voluumtrk3.com was showing up as a client in the logs and querying yahoo.com

A single, strange request was sent to mkt5707.com

accscdn.taobao.com was showing up as a Top Client

This user noticed lots of requests to mumucnc.cozow.com

Advertisements on this network were being blocked in the middle of the night

Queries were happening for host-213-14-82-99.reverse.superonline.net

An access point was reaching out to Unifi every minute

A server made 100 queries to some domain in France

w.x.y.z consists of around 200,000 of queries with a 24 hour time span

A device was noticed contacting a Russian mail server

Crazy ring.com queries were happening on this network

Another case of Samsung's television spynet

A ton of traffic to digitalrealty.com was noticed

This user detected constant requests from a Roku 2

More Samsung telemetry woes

Requests from an old employer's domain noticed on a network

Queries for the domain name + (just the plus symbol)

Strange domains were noticed in query log that ended up being from Netflix

Some 10,000 requests/hour from an IPv6 address

Malware discovered and remediated thanks to Pi-hole

This user noticed strange requests to vpn.0x00sec.org

Massive amount of queries to usgs.gov were noticed on this network

Microsoft and their spynet...

It's very noticeable that the Internet is off for this family's Pi-hole during certain time periods

80,000 queries for BN4SCH101122705.wns.windows.com

Another ASUS router gone wild

Yet another smart TV gone wild

And yet another smart TV running rampant with metrics

This user simply discovered which machine on the network was the chattiest

Queries for beacons[*].gvt2.com domains were noticed on this network

261 queries a day were being sent to http://asdjkljfjaowjfq.net

Mozilla domains were pinging home via Firefox

Strange requests were noticed to host-213-14-82-99.reverse.superonline.net.<your domain>

Here's another one from my android phone

https://cdn.pbrd.co/images/GIofMk1.jpg