Getting advanced threat protection errors (C2/Generic-A) from PMS accessing ia601609.us.archive.org

Plex Media Server
,
1

Server Version#: 1.23.4.4805
Player Version#: Web

This has been happening for some time, and it’s been narrowed down to my PMS making calls to ia601609.us.archive.org, which registers a C2/Generic-A with my security appliance.

Multiple scans with multiple tools have shown no infections within my network. DNS logs show my PMS calling out to this address. The traffic is getting blocked by the appliance.

Assumptions are that the external address has been compromised by some kind of malware. If I try to access that address with a protected computer, I get EP warnings that the site is infected.

What is Plex doing that it needs to call to an infected, undocumented server in the cloud?

Is this related to the current problems Plex is experiencing with DNS?

Thanks,
B.

2021-07-18_124321
2021-07-18_1243211188×579 14 KB

2

It’s a false alarm. archive.org is on many blacklists, because some miscreant used it in the past to host malicious files.
What plex is actually doing is to fetch cover art from it, because it is the home of the cover art archive.

1 Like
3

Thanks for the response and clearing up the ambiguity. I did check the address on a couple of BLs but it wasn’t listed in the ones I checked.

Cheers!
B.

4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.