This is a new DIR-628. With firmware 1.12, "SecureSpot" turned off, and the option to automatically check for new firmware also turned off, the router attempts to contact these addresses at every boot:
I have also seen periodic connection attempts to wrpd.dlink.com.tw.
After updating the firmware to 1.20 (release), it's worse: I'm now seeing constant queries, about one every second, to 40.17.bsecure.com. Again, "SecureSpot" is still turned off.
What is the purpose of this unauthorized use of my network and how can it be disabled?