He might not be intentionally mining, but something on his laptop wants to communicate with that site. I would start that laptop in safe mode and see if this stops. Also, a virus scan might be in order.
Thanks @jfb, we did a scan without result, will do the safe mode tomorrow and will report back, we in the southern hemisphere , time to sleep , cheers
[api.ibm.xtify.com] search on google says “IBM marketing cloud”
Just try to block and see if something breaks. You can always unblock.
The [pool.supportxmr.com] also block and as jfb said: probably malware on that laptop.
Best to check and virusscan: if it does not stop connecting: format and re-install the os.
First, narrow it down to a client. Then you have to take a look at all the running processes on that client, and perhaps use a packet sniffer.
If the domain request is coming from a Windows machine, you can block it at the PC in the PC’s hosts file. Just map it on the PC to 0.0.0.0 and the request won’t leave the PC, and it won’t clutter up your Pi-Hole logs. I have a number of repetitive Windows DNS requests blocked that way.