I have been doing some various cleanups on my server and noticed svchost always connected and sending data to mail.marooncapital.com - After watching the process list for a while, PlexMedia Server jumped into the list.
This is apparently a Bank in America… but they have a slighlty different group. Is this something known to Plex or do you think its a rogue app pretending to be Plex. I have been scanning using Malware Antimalware but nothing comes up.
Your reverse DNS lookup is not up to par.
Plex uses the Amazon cloud to host several of its services. The way the Amazon cloud works, there can be rapidly switching IP adresses for servers.
So your router/server fetched an outdated domain name when it tried to get a hostname for an IP adress that plex accessed.
In short: false alarm.
And you think trying to send data to a random server… is good?
Actually just checked now. Still showing up in my resource monitor.
Its a Windows Server, hosting IIS sites and various things, I would have thought this “DNS” propagation issue would have passed, especially since I jsut updated the server component and restarted Plex Server.
disable name resolution on Resource Monitor and lets see what the IP Address is and if it is within the Amazon cloud range
The IP is reported as
89.185.151.99
@ppumkin said:
The IP is reported as
89.185.151.99
It does not look like an Amazon Cloud IP address. Tracert for me shows
>tracert 89.185.151.99
Tracing route to 89.185.151.99 over a maximum of 30 hops
1 1 ms <1 ms <1 ms BTBusinessHub.home [192.168.1.254]
2 * * * Request timed out.
3 * * * Request timed out.
4 6 ms 6 ms 5 ms 213.120.158.173
5 10 ms 10 ms 10 ms 212.140.206.90
6 9 ms 9 ms 9 ms 217.41.169.215
7 10 ms 10 ms 10 ms 217.41.169.109
8 9 ms 9 ms 9 ms acc2-xe-5-1-2.sf.21cn-ipp.bt.net [109.159.251.243]
9 18 ms 18 ms 15 ms core1-te-0-13-0-10.ilford.ukcore.bt.net [109.159.251.191]
10 16 ms 14 ms 14 ms peer5-te0-0-0-12.telehouse.ukcore.bt.net [109.159.254.245]
11 18 ms 45 ms 27 ms 40ge1-3.core1.lon2.he.net [195.66.224.21]
12 17 ms 17 ms 58 ms 10ge8-4.core1.lon1.he.net [72.52.92.221]
13 * * * Request timed out.
14 27 ms 27 ms 27 ms 89.185.139.149
15 25 ms 25 ms 25 ms 89.185.155.27
16 25 ms 25 ms 25 ms vl908-core-1-ind1.network.tibus.net [89.185.155.18]
17 25 ms 25 ms 25 ms vl902-core2-tckp.network.tibus.net [89.185.155.14]
18 27 ms 27 ms 27 ms 89.185.155.58
19 26 ms 25 ms 25 ms 89.185.155.54
20 26 ms 26 ms 26 ms 89.185.155.57
21 27 ms 27 ms 27 ms 89.185.151.4
22 * * * Request timed out.
23 37 ms 36 ms 40 ms 89.185.151.99
Trace complete.
Could it be that you have one of the many rogue DLL’s identified here that plug themselves into programs and get in the way of all tcp connections - see https://support.plex.tv/hc/en-us/articles/206910047-Repeated-crashing-of-Plex-Media-Server-on-Windows
May be using wireshark to detect when exactly it is happening and then look into the Plex Media Server.log (with debug and verbose logging) to see what was going on then. Also the plugins logs - may be an added channel
Unless ~~Plex or ~~Amazon have bought some space on this ISP’s servers (http://www.tibus.com)
Edited: Got confirmation that Plex does not host anything on tibus.net domains
Turns out my ISP gave me a recycled IP address and never changed the reverse lookup. So I basically got some banks old email server IP…
Thanks for your feedback
