Server Version#: linuxserver/plex:version-1.42.2.10156-f737b826c-ls286
Hi,
After updating the Plex container yesterday evening (approx. 2025-12-03 17:06 CET), my router started reporting outbound connections from the dedicated Docker network where the Plex container runs. The router flags the destination IPs as malicious (also reported as suspicious on abuseipdb.com).
The IP addresses are:
61.177.173.204
45.149.173.201
168.81.204.44
165.154.238.243
Is this expected/normal Plex behavior (e.g., metadata, update checks, relay, telemetry), or does it indicate a potential compromise?
If it is a real security issue, do you think it is more likely related to Plex Media Server itself, or to the LinuxServer.io (LSIO) container image/build?
Sorry — you’re probably right. This now looks like a coincidence rather than something caused by Plex.
Around the same time I updated the Plex container on my NAS, several Synology packages were also updated (Download Station, SAN Manager, Storage Manager, and Synology Photos). One of those updates may have forced a restart of the network interfaces, and as a side effect it seems the NAS default gateway changed to the secondary (Docker) interface. That would explain why my router suddenly started reporting these outbound connections as coming from the Docker network.
So it’s very likely this was triggered by the Synology updates/network interface restart (and the resulting gateway change), not by Plex itself.
