Why is windows update contacting thedailyshow.com

Discussion in 'ESET Smart Security' started by Jager, May 9, 2012.

Thread Status:
Not open for further replies.
  1. Jager

    Jager Registered Member

    Joined:
    Apr 5, 2009
    Posts:
    26
    msiexec running due to Windows updates is contacting thedailyshow.com according to ESET. Anyone know why this would be happening?
     

    Attached Files:

  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Why no response for this guy?
     
  3. m0unds

    m0unds Guest

    it's not thedailyshow.com, it belongs to akamai, who tons of organizations (including MS) use for content distribution. something is either wonky with your DNS resolver or ESET is doing something goofy with the reverse dns query.

    Code:
    $ host 119.224.129.201
    201.129.224.119.in-addr.arpa domain name pointer 119-224-129-201.akamai.callplus.net.nz.
    
     
  4. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    Windows installer often contacts a web site related to the software it is installing.
    Are you sure it was Microsoft windows operating system update or could you have been updating other software on a windows machine.
     
  5. Jager

    Jager Registered Member

    Joined:
    Apr 5, 2009
    Posts:
    26
    Thanks yes that makes sense I did an nslookup of the IP later after I posted that and it said akamai. I guess ESET was doing something goofy. :p
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Firewalls must be really hard for them to still not have it perfect after all this time. Makes you wonder how UFW/IPTables and WinFW survives.
     
  7. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    IMO it is more likely thedailyshow.com uses Akamai for content distribution as ESET usually get it right in my experience.
     
Thread Status:
Not open for further replies.