Question about an address in the log

Hi, I have many entries in the log which looks like this:

fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com

some are like this:
LB-IM-01-954519054.eu-central-1.elb.amazonaws.com

Can anyone advise how I can find out which appliaction does this querys?

Thanks,
Pitter

Please follow the below template, it will help us to help you!

Expected Behaviour:

[Replace this text with what you think should be happening]

Actual Behaviour:

[replace this text with what is actually happening]

Debug Token:

[Replace this text with the debug token provided from running pihole -d (or running the debug script through the web interface]

First, you will need to determine which client is making the request. Then you can chase down applications on just that client. In your query log, are you seeing requests from individual clients or are all requests shown as coming from your router IP?

xiaomi.net indicates a xiaomi device - perhaps a router, security camera or the like.

You can also tail your pihole.log, which will show you more detail on the query. The request, any aliases (CNAMES) it leads to, and the eventual returned domain IP.

Thanks, can I somehow find out what chat app this could be? I think it‘s not whatsapp or facebook, right?

We can help you with Pi-Hole issues, but you will need to look on your network to see which app is doing this.

One way to have Pi-Hole help you with this - block the domain(s) and see what app stops working.

I know from the IP that it is the mobile of my wife. As she heavly cheated on me in the past, I fear this can be a hint that she does it again. So it would be helpfull for me to find out which app this is, or if this normal behaviour of the app or chat messages from her.

I found in the log something like this:
Oct 15 00:03:25 dnsmasq[5196]: query[A] fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com from 192.168.188.51
Oct 15 00:03:25 dnsmasq[5196]: forwarded fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com to 208.67.220.220
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.194.34.245
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 35.157.84.137
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 35.156.26.6
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 35.158.57.95
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 35.156.135.80
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.194.78.93
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.195.0.164
Oct 15 00:03:25 dnsmasq[5196]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.195.10.159

The device that's requesting those, is located at 192.168.188.51 as for the domain itself, it's a telemetry domain for xiaomi devices.
It can be anything that's manufactured by xiaomi.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.