DNS hijack? or malicious firmware on Netgear R7000? or just Ok?

After router check it says everything seems to be ok, but check interrupted.
 
Netgear R7000, Firmware:V1.0.9.6_1.2.19
Domain Name Server (DNS) Address
Get Automatically from ISP <-- selected
 
 
F-Secure Router Checker | Onko Internet-yhteytesi turvallinen?

DNS:n IP
91.233.116.241
AS-numero
51765
AS-organisaatio
Oy Crea Nova Russia LTD
ISP
Oy Crea Nova Russia LTD
Organisaatio
Oy Crea Nova Russia LTD
Maanosan koodi
EU
Maanosan nimi
Europe
Maan koodi
FI
Maan nimi
Finland
Rekisteröity maan koodi
FI
Rekisteröity maan nimi
Finland
Tunnettu julkinen DNS-palvelin
 
IfI put manually dns 8.8.8.8 everythin, then router check says everything is ok.
 
Im using elisa internet and I think it should use these: 195.197.54.100 212.54.0.3
or something else from Elisa, but with "Get automatically from ISP" it uses that dns
pointing to Oy Crea Nova Russia LTD.

Best Answer

  • naahnaah Posts: 2
    Accepted Answer
    Thanks Ukko, it is Avast. I didn't know this feature and after changing settings in router, and restarting it, it showed everything ok. So after restarting the router there was some time before Avast set up that dns again.
    Ukko

Comments

  • UkkoUkko Posts: 2,997 Superuser

    Hello,

     

    Sorry for my reply (I'm only F-Secure user);

    Maybe you able to contact Elisa and ask them about this situation (?!).

     

    Because AS-number/IP and organization-name looks as valid things (based on Google); With all abilities to be "just OK";

    And maybe Elisa able to use their DNS-servers (?! or so);

    Also looks like that 'Oy Crea Nova' partly can be related with VPN-services --> because some of IPs/Servers related with some VPN-services (not check it more -> but some VPN Service; And this certain IP from your log -> previously used by Avast VPN?!); So, quite likely that they able to provide different services and resources;

     

    Good if there will be official response or suggestion from more experienced users.

     

    Thanks!

This discussion has been closed.