TLDR: How can I trace which of my devices, or maybe the router itself, is making constant request to connect to kaspersky servers? Thanks
Hello. My network setup is like this.
Sophos Firewall 10.0.0.1 - PC connected on under this subnet for management.
- Streaming VLAN 172.16.10.1
- IOT VLAN 172.16.20.1 - where pihole is
- LOCAL WLAN 172.16.30.1 - where my surface pro is
- Guest WLAN 172.16.40.1
- Switches / AP VLAN 10.0.10.1
I uninstalled Kaspersky AV for obvious reasons. However, I still get queries from my pihole going to kaspersky server every single minute. I only have kaspersky in my PC and surface pro, which I uninstalled a month a go. I powered off (power supply switch) my PC, shutdown my surface pro and put it outside wifi range, but I still keep seeing blocked queries in my pihole log. The offending ip address is 18.104.22.168, which is located in switzerland according to ip2location or russia according to IpInfo. I put it in my pihole blocklist.
How do I trace which device is making the request? I tried searching for logs, I even did any-any-any with logging enabled in my firewall, opened the live log and couldn't find it. My DNS forward is set to pihole. When I look clients section in my pihole, I only get the gateway, which is 172.16.20.1.
This thread was automatically locked due to age.