Page 1 of 1
Meteobridge suspicious IP
Posted: Fri Aug 21, 2020 1:26 pm
by masc
After each restart of Meteobridge PRO a connection to a suspicious IP (172.67.73.191 - serverminer.com) is established.
Has anyone else noticed
Re: Meteobridge suspicious IP
Posted: Fri Aug 21, 2020 2:39 pm
by galfert
That IP address is used for a whole lot more than just serverminer.com:
These still share the same IP address....which indicate that this IP address is being used as a shared hosted IP address. There are also other domains that use this IP address (I didn't include those...like 30 others). The IP traces back to California.
www.rainydayrestoration.com
rainydayrestoration.com
13chen.cn.cdn.cloudflare.net
banan.tech
plan-your-federal-retirement.com
wu1can-play.bet
sintechsistemas2.com
serverminer.com
equran.me
mostentertaining.com
www.comunicae.com.cdn.cloudflare.net
www.digitalsoftwaremarket.com
Re: Meteobridge suspicious IP
Posted: Sat Aug 22, 2020 4:19 pm
by masc
Today i captured the network traffic.The ip belongs to the address
www.ip-tracker.org . Is it possible to switch off the
IP-based Location on the Meteobridge PRO?
Re: Meteobridge suspicious IP
Posted: Sat Aug 22, 2020 6:12 pm
by galfert
The Meteobridge has some location identification smarts. This is not something suspicious nor something to worry about, but it is just something that is part of the code and by design. It is likely used to proper time sync.
- MB location.jpg (9.83 KiB) Viewed 1652 times
Re: Meteobridge suspicious IP
Posted: Wed Aug 26, 2020 10:53 am
by admin
Meteobridge just calls "ip-tracker" without any further information and gets a web page with guessed location and long/lat coordinates back. I can make this optional in a future version, but to be honest, I can't see a security threat by just calling this IP and to grab some information from the returned data. May be you can explain what kind of issue you want to avoid?