“The page <url removed for safety reasons (it’s in the pic)> has been detected with suspicious activity. It is not recommended to continue browsing this website. Accessed by: plex media server.exe”
Has anyone seen this before? I’m not sure what to make of it because everything is up-to-date (Plex, Windows) and I just find it hard to believe that it’d be a 0day
It doesn’t seem to be a false positive either? It’s some Chinese website
Edit: I’m also doing a system scan and I have it disconnected from the internet for the time being
Do you remember what exactly you did/looked at, that lead to this warning?
The address is not something that occurs in Plex as such. So my suspicion would be that it was inserted into metadata, like an artist biography or similar.
Have you experimented with Plex plug-ins?
Is it possible that it is caused by some long-forgotten plugin that was installed and never removed?
Better remove them all: https://support.plex.tv/articles/201187656-how-do-i-manually-install-a-plugin/
(If you remove one of the default plug-ins, you might have to start the installer for Plex Media Server again to restore them, but that’s no biggie.)
Not sure if it is related but my Malwarebytes is regularly detecting ‘website blocked due to compromised’ and this is associated with Plex Media server.exe.
This is inbound from a number of external IP addresses and started a few days ago. These IP addresses are all reported in the AbuseIPDB database.
