I have the official Speedtest.net integration installed as well as the official AdGuard Home Add-On. I recently noticed that AdGuard showed several blocked malware/phishing requests. The DNS requests were to speedtest.serverpoint.com, and the request came from 172.30.32.3 dns.local.hass.io, which I assume is the local container for the speedtest integration on my HA host? The AdGuard rule that caught the attempts was listed as adguard-malware-shavar.
When I pinged speedtest.serverpoint.com at the time, it showed that the response came from 176.103.130.133, which an IP Lookup shows to registered to 176-103-130-133.dns.adguard.com, with the Domain of xdel.ru and the Country is listed as “Russian Federation”.
I’ve disabled the speedtest.net integration and haven’t seen any more AdGuard messages about speedtest.serverpoint.com being blocked. If I now ping speedtest.serverpoint.com it responds with 64.235.49.19, which is listed as being registered in Las Vegas, so I’m assuming that’s a valid server for speedtest.
Does this sound like there was a DNS hijack causing this? I’d like to re-enable the speedtest.net integration but want to make sure there’s not an issue with it doing something suspicious.