Author Topic: Is Web protection using Malaysian DNS Server IP?  (Read 7915 times)

0 Members and 1 Guest are viewing this topic.

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Is Web protection using Malaysian DNS Server IP?
« on: July 23, 2021, 06:38:07 PM »
Hi.

Because of recent events, I have installed a network analyser app on my iPhone.
When I launch this app, it is display that my DNS Server IP is:

121.121.121.121
121.121.121.122
121.121.121.123

This is when I have Avast Web Protection enabled. If I disable it, I get the IP of my gateway as DNS IP which I think is normal so then I use the DNS set in my router.
So this is definitely the result of enabling Avast Web protection.
I did look up this IP and it seems to belong to an ISP in Malaysia called Maxis.

Now since I have no knowledge about how all this supposed to work, I am surprised because for one, in the VPN settings for Web protection I see a different address, my ISP DNS address is also different and second.. Malaysia? It is on the other side of the globe compared to my location. I find it weird.

So could anyone please confirm if the above Malaysian DNS IP is correct for Avast Web protection on iOS?

Thanks.
« Last Edit: July 28, 2021, 07:57:52 PM by ddabrahim »

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Re: Malaysian DNS Server IP address for web protection?
« Reply #1 on: July 24, 2021, 09:01:33 AM »
So, I did more search and discovered that many people using free DNS servers like Google and others, do complain about that their DNS IP automatically change to 121.121.121.121 instead of 8.8.8.8 for example.

Some people was recommending to block 121.121.121.121 and redirect it to your actual DNS IP in IP configurations.
Other people was suggesting it is not the actual DNS IP but only the public IP on the local network. Similarly if I turn web protection off, it is show my router (Gateway) IP as DNS IP but it is only the public IP on my local network that point to my router and the actual DNS IP is set in the router. So then it would make sense 121.121.121.121 is only the public IP for Avast Web Protection and it is only point to the VPN configuration on the device.

Could anyone please confirm this? Since Tuesday Avast warn me my router is not secure because a port is open, so I am only trying to turn random stones to see if is there any weird activities on my network, but I don't actually know anything about networks and protocols.

I would appreciate any help.
Thanks.
« Last Edit: July 24, 2021, 09:07:15 AM by ddabrahim »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Malaysian DNS Server IP address for web protection?
« Reply #2 on: July 24, 2021, 12:23:48 PM »
Just avast reporting on Maxis Communications being untrustworthy, Bitdefender's TrafficLight gives it the all green.
Apart from a zone issue nothing wrong there at this maxisnet-hsdpa-2 address in Kuala Lumpur, checked at DNSViz.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Re: Malaysian DNS Server IP address for web protection?
« Reply #3 on: July 24, 2021, 12:51:08 PM »
Thank you for the reply.

Just to make sure I understand it, 121.121.121.121 is the actual DNS server in Malaysia and Avast actually use this server? Is it normal for Avast to use this server? I did not set this server, it is automatically switch to this IP when I enable Avast Web protection.

I checked the DNS settings in my router and it is normal.
I checked the VPN settings for Web protection and it is also looks normal, it says using the system default server, which is my router.
So I have no idea where this 121.121.121.121 is coming from.

Thank you.
« Last Edit: July 24, 2021, 03:50:09 PM by ddabrahim »

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Re: Malaysian DNS Server IP address for web protection?
« Reply #4 on: July 24, 2021, 03:38:51 PM »
So I just tried Safer.com and some other DNS leak test sites and they report that if I have Web Protection enabled on my iPhone, then I am on a DNS server from Cisco OpenDNS LLC. If I disable web protection, it is report that I am on a DNS server from my ISP. No Sign of this Malaysian IP anywhere else but the Network Analyser app.

I have also tried on my Mac and it is weird. One time it is report that I am on a DNS from my ISP and other time report that I am on a DNS from Avast.
In the mean time, I have also booted up my old Linux desktop and nor Firefox and Chrome wanted to let me visit google.com or avast.com because my connection was not secure. The Linux desktop has no protection or VPN or anything, connected with ethernet to my router directly similar to my Mac but I did not had this problem with my Mac which is protected by Avast. After updating and restarting, the problem was solved on my Linux desktop and safer.com reported I am on a DNS from my ISP.

At this point I am really lost, I guess I give up if I am hacked there is noting I can do about it, Avast was my attempt to avoid being hacked.
If anyone could share ideas how to know for certain if I am hacked and could also answer the following questions I would appreciate that.

Is it normal for Avast to use this 121.121.121.121 Malaysian IP? As I get this IP in the network analyser app only when I have Avast Web protection enabled on my iPhone.
Could this 121.121.121.121 IP just a local IP on my local network to point to the Avast VPN settings? As it is shown only in the Network Analyser app on my iPhone, nowhere else.
Is it normal for Avast to use a DNS server from Cisco OpenDNS LLC? As I am connected to this DNS only when I have Avast Web protection enabled on my iPhone.

Thanks in advance.
« Last Edit: July 24, 2021, 03:49:20 PM by ddabrahim »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Malaysian DNS Server IP address for web protection?
« Reply #5 on: July 24, 2021, 05:11:25 PM »
Wait for one of the devs and/or submit a ticket: https://support.avast.com/contact (paid versions)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Re: Is Web protection using Malaysian DNS Server IP?
« Reply #6 on: July 24, 2021, 06:47:49 PM »
Thanks, I'll guess I be waiting. I don't think it is that serious to contact customer support.

It is just that I have installed this Network Analyser app on my iPhone, which is reporting my DNS IP is 121.121.121.121 if web protection is enabled. Did find it weird. https://techet.net/netanalyzer/
Also find it weird Avast using 3rd party DNS servers like OpenDNS when I have web protection enabled on both 4G and Wi-Fi network, I always thought Avast uses it own DNS servers.

I'll wait and see if any devs able to confirm it is all fine or offer any advice how to proceed.
Thanks. 
« Last Edit: July 28, 2021, 08:06:18 PM by ddabrahim »

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Re: Is Web protection using Malaysian DNS Server IP?
« Reply #7 on: August 07, 2021, 10:41:18 AM »
So, I have confirmed that with multiple devices and multiple network scanning apps this 121.121.121.121 IP is belongs to the Web Protection VPN in Avast Security on iOS. It is not just my device or my network or this particular app I mentioned. It is definitely Avast and Web Protection VPN on both 4G and Wi-Fi network.

I still find it weird though and it is actually seems to be causing some conflicts with the Wi-Fi protection VPN that we get with the paid premium security:
https://forum.avast.com/index.php?topic=293792.0
« Last Edit: August 07, 2021, 11:04:46 AM by ddabrahim »