Jump to content
DSperber

We've been here before: 216.146.38.70 (checkip.dyndns.org) is NOT MALICIOUS!

Recommended Posts

N2Ipon.jpg

 

The application program DynUpdater is provided from the DynDNS.ORG web site.

 

The program is a DNS Hosting assistant used to provide IP addresses in a DHCP environment, which "phones home" every 10 minutes to provide the current IP.

 

This is NOT a malicious website.  We went through this last year.  You researched it and confirmed this was a false positive, and corrected the database in the next update.

 

Well, it looks like the problem has returned. This is once again being reported as a false positive, and needs to be corrected again.

 

Please fix this.

Share this post


Link to post
Share on other sites

Is this the same? Why would NVIDIA be involved with my dns service?

Could it be they just happen to use the same dns service (for updates) as I use for my PC?

 

Detection, 9/27/2015 8:38 AM, SYSTEM, W7-I7-SVR, Protection, Malicious Website Protection, IP, 91.198.22.70, checkip.dyndns.org, 49489, Outbound, C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe,
Detection, 9/27/2015 8:38 AM, SYSTEM, W7-I7-SVR, Protection, Malicious Website Protection, IP, 91.198.22.70, checkip.dyndns.org, 49489, Outbound, C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe,

Share this post


Link to post
Share on other sites

I'm not sure why there's any confusion or ambiguity here... this has nothing at all to do with NVidia.

 

The URL identified is checkip.dyndns.com for the software product DynDNS Updater, and it is the "phone home" server IP address that installed clients (on user PCs) contact every 10 minutes to provide their current IP address to the server, for DNS resolution in a client DHCP environment to other software (e.g. RealVNC) which needs to know the actual physical IP address of a target installed client for that software, in order to provide remote connectivity to that IP.

 

I now notice that this current physical IP address is actually resolving to a DIFFERENT IP address from the original one reported some months back for the same symbolic checkip.dyndns.com domain.  In fact, I just checked it again with SmartWHOIS and checkip.dyndns.com now resolves to 216.146.43.70, which is again a DIFFERENT IP.

 

However ALL of these are all registered to the same company Dynamic Network Services, Inc. in Manchester NH.  It is NOT a malicious company, nor a malicious website. It's possible that the alternating resolved multiple IP addresses are to try and evade malicious uses, or false positives from products like MBAM.  But whatever the explanation, the CHECKIP.DYNDNS.COM domain is NOT MALICIOUS!!!

Share this post


Link to post
Share on other sites

Just noticed that the 91.198.22.70 address is from the UK location of DynDNS-UK.  Same Dynamic Network Services company as their NH-based location with its 216.146.38.70 and 216.146.43.70 addresses.

 

They all have the same *.dyn.com email addresses to contact for administrator, or abuse, etc.

 

FALSE POSITIVE.  MBAM - please update the database.

Share this post


Link to post
Share on other sites

I've added it to the whitelist to prevent its re-addition.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.