Server Version#: linuxserver/plex:version-1.42.2.10156-f737b826c-ls286
Hi,
After updating the Plex container yesterday evening (approx. 2025-12-03 17:06 CET), my router started reporting outbound connections from the dedicated Docker network where the Plex container runs. The router flags the destination IPs as malicious (also reported as suspicious on abuseipdb.com).
The IP addresses are:
61.177.173.204
45.149.173.201
168.81.204.44
165.154.238.243
Is this expected/normal Plex behavior (e.g., metadata, update checks, relay, telemetry), or does it indicate a potential compromise?
If it is a real security issue, do you think it is more likely related to Plex Media Server itself, or to the LinuxServer.io (LSIO) container image/build?
Sorry — you’re probably right. This now looks like a coincidence rather than something caused by Plex.
Around the same time I updated the Plex container on my NAS, several Synology packages were also updated (Download Station, SAN Manager, Storage Manager, and Synology Photos). One of those updates may have forced a restart of the network interfaces, and as a side effect it seems the NAS default gateway changed to the secondary (Docker) interface. That would explain why my router suddenly started reporting these outbound connections as coming from the Docker network.
So it’s very likely this was triggered by the Synology updates/network interface restart (and the resulting gateway change), not by Plex itself.
Hi @KodloN1, did you find what service is trying to reach these IPs?
I also have Plex, a Synology NAS and some docker containers, and my NAS is trying to reach these IPs…
It turned out that the Download Station package was the source of those suspicious requests. When I stopped Download Station, the alerts on the router immediately stopped as well.
After that, I found that I can keep Download Station running, but I need to disable some BitTorrent-related features/ports in its settings (most likely DHT, though I don’t recall the exact option). Disabling these BitTorrent functions has no impact on my usage, as I don’t use BitTorrent at all.
Thanks a lot for this very clear answer!!
I was afraid that some Docker container was doing nasty things…
I will try to find what BT option is doing that thing, but maybe these are false positive:
I found out that these IPs were flagged as malicious because of massive spam, so nothing to do with NAS connecting to this IP
My DownloadStation settings are the default ones, so basic Synology configuration
