how we found, analyzed (with the help of Reddit) and in the end caught the culprit of a malicious device in our network