Warning: Suspicious DNS IPs Found in Home Routers

Home router users are advised to check their DNS settings for suspicious modifications. It is possible that home routers have been compromised if the DNS is altered to include suspicious IPs such as the ones listed below. It is recommended to upgrade the router firmware and change the DNS to a provider's recursive DNS or a well-known public DNS like 119.29.29.29.

The suspicious DNS IPs include:

* 122.9.187.125 - Shanghai Huawei Cloud
* 118.31.55.110 - Zhejiang Alibaba Cloud
* 47.102.126.197 - Shanghai Alibaba Cloud
* 8.140.21.95 - Beijing Alibaba Cloud
* 101.37.71.80 - Zhejiang Alibaba Cloud
* 47.113.115.236 - Guangdong Alibaba Cloud
* 47.109.47.151 - Sichuan Alibaba Cloud

These suspicious recursive DNS servers typically exhibit the following characteristics:

* They can only resolve domains with a TTL of 86400 seconds (1 day)
* They intermittently return NXDOMAIN errors and incorrectly return SOA records for assigned domains
* They use the DNS software Unbound-1.16.2
* They began to appear around May 2024

For more information, please refer to the original article at: https://lovelyping.com/?p=294

Warning: Suspicious DNS IPs Found in Home Routers

Fugitives Break Out of Detention Center, Police Launch Manhunt

That's all.