Plex Server reaching out to IP addresses that my router is blocking

My router is alerting me that it is blocking connections to “a known malicious IP” (IP Reputation). When I look in my Plex Media Server logs, I can see that Plex is reaching out to the IP addresses that my router is flagging. They are always of the form 87.236.176.xxx.

Here are relevant Plex log entries from today:

...
Nov 10, 2023 13:38:20.220 [19060] DEBUG - [Req#23d5fe/Transcode/2a11149f-4aaf-42bd-b4c0-230d2cbcfb45/8ec9fb97-049c-4f95-8c12-36b365c05378] Transcoder segment range: 0 - 2568 (2567)
Nov 10, 2023 13:38:20.639 [17056] DEBUG - Request: [87.236.176.210:43481 (WAN)] GET / (8 live) #23d5e4 GZIP Signed-in
Nov 10, 2023 13:38:20.640 [13864] DEBUG - Completed: [87.236.176.210:43481] 401 GET / (8 live) #23d5e4 GZIP 0ms 435 bytes
Nov 10, 2023 13:38:21.296 [4560] DEBUG - [Req#23d5fb/Live/2a11149f-4aaf-42bd-b4c0-230d2cbcfb45/1c1bc3f9-574b-4899-8c02-810b18bfbbe2] buildLiveM3U8: min 0 max 2567 ended 0
...

And

...
Nov 10, 2023 13:38:36.889 [17056] DEBUG - Removed transcode data consumer, active count 1 => 0
Nov 10, 2023 13:38:37.225 [17056] DEBUG - Request: didn't get any data from [::ffff:87.236.176.187]:59127: The semaphore timeout period has expired
Nov 10, 2023 13:38:37.325 [4560] DEBUG - [Req#23d689/Transcode/2a11149f-4aaf-42bd-b4c0-230d2cbcfb45/8ec9fb97-049c-4f95-8c12-36b365c05378] Transcoder segment range: 0 - 2584 (2584)
...

Why is Plex reaching out to these IP addresses? Is this legitimate or a sign of something going wrong?

I am not sure if this is related or not, but I am also having an issue with the Plex DVR and my HdHomeRun FLEX 4K where the Plex Dashboard keeps showing that it is recording shows, but it is not actually recording them and the DVR keeps thinking that tuners are in use that aren’t in use.

Server Version#: 1.32.7.7621

Okay, I think I may have found the issue. I am using an Xfinity xFi router (Gateway) with “Advanced Security” enabled. The bottom of this article states that it will attempt to block Plex’s remote access capability. I would feel better if I could confirm that this what is going on… The IP addresses I list above does not match Plex’s current list of IPs, but maybe that is because they have updated since the socket was blocked (8.5 hours ago).

Doing a quick dive, it looks like that IP address is Constantine Cybersecurity Ltd. It is not uncommon for 3rd parties to randomly scan your router/IP for accessible ports. Since Plex is running it can talk to plex, but does not pose a security issue since Plex requires you to be authenticated before actually accessing the server.

Thanks! But it looks to me from those log entries I posted above like my Plex Media Server is reaching out to this IP address. Any idea why that would be?

You are miss reading the logs. I just did a demo using a VPN service:

Nov 11, 2023 14:19:43.394 [8088] DEBUG - Request: [xxx.xxx.xx.134:6919 (WAN)] GET / (10 live) #b2f329 GZIP Signed-in
Nov 11, 2023 14:19:43.394 [8088] DEBUG - Completed: [xxx.xxx.xx.134:6919] 401 GET / (10 live) #b2f329 GZIP 0ms 435 bytes

Those logs are me opening the embedded web interface for plex.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.