Recently I have persistently been getting messages from AiProtection on my Asus AC68U router as shown below:
Event number : 1
Alert type : Infected Device Prevention and Blocking
Source : (48:27:EA:93:B0:B7)
Destination : 62.138.7.171
RT-AC68U's AiProtection detected suspicious networking behavior and prevented your device making a connection to a malicious website (see above and the attached log for details).Suggested actions:
1. If you know that the cause of this attempted connection was a proprietary app or program and not a web browser, we recommand (sic) that you uninstall it from your device.
Here is the whois for the domain attempting connection
WHOIS Source: RIPE NCC
IP Address: 62.138.7.171
Country:
Germany
Network Name: DE-HE-S4Y-LEGACY-SXB-4000
Owner Name: Host Europe Group
CIDR: 62.138.7.0/24
From IP: 62.138.7.0
To IP: 62.138.7.255
Allocated: Yes
Contact Name: Uwe Braun
Address: Hansestr. 109, 51149 Koeln
Email: uwe.braun@hosteurope.de
Abuse Email: abuse@hosteurope.de
Phone: +49 2203 1045 7000
Now here is a strange fact:
If I look up the MAC shown I get it is connected to Samsung.
As far as I am aware I have only 1 Samsung device (a mobile) and here is the confusing bit. The Router is in Thailand and the Samsung is in Spain so I do not see how it can be trying to connect through the router!
Anyway, can anyone shed any light on this and more importantly how I can go about solving this issue and preventing this happening?
Event number : 1
Alert type : Infected Device Prevention and Blocking
Source : (48:27:EA:93:B0:B7)
Destination : 62.138.7.171
RT-AC68U's AiProtection detected suspicious networking behavior and prevented your device making a connection to a malicious website (see above and the attached log for details).Suggested actions:
1. If you know that the cause of this attempted connection was a proprietary app or program and not a web browser, we recommand (sic) that you uninstall it from your device.
Here is the whois for the domain attempting connection
WHOIS Source: RIPE NCC
IP Address: 62.138.7.171
Country:
Network Name: DE-HE-S4Y-LEGACY-SXB-4000
Owner Name: Host Europe Group
CIDR: 62.138.7.0/24
From IP: 62.138.7.0
To IP: 62.138.7.255
Allocated: Yes
Contact Name: Uwe Braun
Address: Hansestr. 109, 51149 Koeln
Email: uwe.braun@hosteurope.de
Abuse Email: abuse@hosteurope.de
Phone: +49 2203 1045 7000
Now here is a strange fact:
If I look up the MAC shown I get it is connected to Samsung.
As far as I am aware I have only 1 Samsung device (a mobile) and here is the confusing bit. The Router is in Thailand and the Samsung is in Spain so I do not see how it can be trying to connect through the router!
Anyway, can anyone shed any light on this and more importantly how I can go about solving this issue and preventing this happening?
