For many years now I have used check2ip to, well, check my IP address. That service on a single page on the net gave me a quick snapshot of my current address and the DNS servers I was resolving against. I used it because I have a bunch of VPNs (and usually route my traffic through one of them) and I also use Tor. Getting an outsider’s view of my public IP address gives me reassurance that I am not visible on my ISP’s assigned address.
There are umpteen such services out there with a lot of similar names (such as whatsmyip.net whatismyipaddress.com, whatismyip.net etc. ad nauseam) but I could never remember which name to use, some of them are slow or give you way too much additional information (like browser details) which, whilst useful, are often unnecessary, and worse, some are even behind captcha mechanisms.
So check2ip was my first port of call because it was quick and I could always remember the name.
But now it has gone – disappeared. It is no longer even listed in the DNS. What happened?
Well, according to krebsonsecurity, check2ip was run by a Russian speaking malware author by the name of Corpse (or Revive) on the same IP address as a long standing criminal anonymity service called VIP72. Krebs says:
“Check2IP is so popular that it has become a verbal shorthand for basic due diligence in certain cybercrime communities. Also, Check2IP has been incorporated into a variety of cybercrime services online — but especially those involved in mass-mailing malicious and phishous email messages.”
So I have been regularly using a resource provided by a criminal. Who knew?
Krebs doesn’t say why the site has gone, only that VIP72 has gone and it can be assumed that check2ip was collateral damage. Shame really, now I have to find a another quick IP checker. Maybe whoer will do.
(Actually, for command line junkies, the quickest way to get your public address is to use curl like this: “curl http://ipinfo.io/ip”)