What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I use apple devices daily and never have any issues or are any being reported. Please post logs of what you believe is causing your problems so we can work from there.

Not a problem. What debug command do you want me to run?
 
Adamm,

I have uploaded the contents of my current skynet folder. I messaged you with a link.

-J
 
Run the install script again and enable debug mode. Then collect a days worth of data (trying the apple devices several times during this period) and run a stats dump when finished. You should see the outbound connection results with attempts by your apple devices. Check the IP's against something like whois and forward the info to this thread. You can also search the IP against the malware lists and see who has the IP's blocked. You can do this all from Skynet terminal session.
 
Most of this doesn't matter, it is the results of my above post that matters. The first post in this thread has a great guide on how to track down an IP problem when something is blocked that you normally need. You have a lot of IP ranges blocked by the way.
 
Are you running any country blocks?
 
Also, skynet already has an extensive whitelist.
Have you even looked at these skynet.log file?

You have a lot of outbound blocks to 72.21.91.29 which is verizon business from looks to be multiple devices.

And to 167.89.118.52 which looks suspicious to me

just to name a few

you should look at this log file and search for outbound connection blocks. Lookup the CIDR range of the block and the owner. If you think the traffic is legitimate, add it to the whitelist.
 
Adamm,

I have uploaded the contents of my current skynet folder. I messaged you with a link.

-J

Whatever list you imported Jul 30 11:44 sucks and is causing all your issues. I suggest removing it immediately using the following command;

Code:
sh /jffs/scripts/firewall unban comment "Imported"

Your country bans probably aren't helping either.
 
Thanks,

Pulling them now.
 
Skynet and AiProtection

So just to appease my own curiosity...

I see 80.211.185.70 in my aiprotect logs
Code:
External Attacks    80.211.185.70    192.168.1.102    WEB GoAhead login.cgi Information Disclosure Vulnerability
2018-07-27 00:45:52


I check and see that its an italian ip address which is not part of my country blocks
https://myip.ms/info/whois/80.211.185.70


I check and see that it was added to my skynet blacklist
Code:
ipset -L Skynet-Blacklist | grep AiProtect
80.211.185.70 comment "BanAiProtect"

I see other traffic now being blocked to that ip address that did not trigger aiprotect
Code:
Line 415468: <4>1 2018-07-27T04:41:17-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48164 DPT=81 SEQ=576578511 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 415759: <4>1 2018-07-27T07:16:49-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=50380 DPT=81 SEQ=410143747 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417409: <4>1 2018-07-27T23:44:30-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41787 DPT=81 SEQ=2319680743 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417467: <4>1 2018-07-28T00:04:04-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=45008 DPT=81 SEQ=1887447114 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417594: <4>1 2018-07-28T01:32:08-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=34666 DPT=81 SEQ=2458031098 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417632: <4>1 2018-07-28T01:55:38-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=59538 DPT=81 SEQ=3294947754 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417759: <4>1 2018-07-28T03:24:50-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=58376 DPT=81 SEQ=1282468763 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417855: <4>1 2018-07-28T04:31:41-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=43674 DPT=81 SEQ=3633484248 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418247: <4>1 2018-07-28T09:09:32-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48933 DPT=81 SEQ=2274426019 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418357: <4>1 2018-07-28T10:24:58-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41095 DPT=81 SEQ=1083644364 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418668: <4>1 2018-07-28T13:51:25-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=35720 DPT=81 SEQ=3868071557 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418813: <4>1 2018-07-28T15:16:14-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=37721 DPT=81 SEQ=2449528176 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418849: <4>1 2018-07-28T15:43:39-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=55845 DPT=81 SEQ=3822381768 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
Search "89.248.174.45" (324 hits in 1 file)

this is freaking awesome!

I'm a little surprised by the uniqueness of the ips though. I only see this for a small sampling of the ip addresses that aiprotect caught. I'll probably spend some time next seeing what the overlap is between aiprotect and the default skynet blacklists.
 
Last edited:
Skynet and AiProtection

So just to appease my own curiosity...

I see 80.211.185.70 in my aiprotect logs
Code:
External Attacks    80.211.185.70    192.168.1.102    WEB GoAhead login.cgi Information Disclosure Vulnerability
2018-07-27 00:45:52


I check and see that its an italian ip address which is not part of my country blocks
https://myip.ms/info/whois/80.211.185.70


I check and see that it was added to my skynet blacklist
Code:
ipset -L Skynet-Blacklist | grep AiProtect
80.211.185.70 comment "BanAiProtect"

I see other traffic now being blocked to that ip address that did not trigger aiprotect
Code:
Line 415468: <4>1 2018-07-27T04:41:17-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48164 DPT=81 SEQ=576578511 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 415759: <4>1 2018-07-27T07:16:49-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=50380 DPT=81 SEQ=410143747 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417409: <4>1 2018-07-27T23:44:30-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41787 DPT=81 SEQ=2319680743 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417467: <4>1 2018-07-28T00:04:04-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=45008 DPT=81 SEQ=1887447114 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417594: <4>1 2018-07-28T01:32:08-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=34666 DPT=81 SEQ=2458031098 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417632: <4>1 2018-07-28T01:55:38-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=59538 DPT=81 SEQ=3294947754 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417759: <4>1 2018-07-28T03:24:50-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=58376 DPT=81 SEQ=1282468763 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417855: <4>1 2018-07-28T04:31:41-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=43674 DPT=81 SEQ=3633484248 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418247: <4>1 2018-07-28T09:09:32-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48933 DPT=81 SEQ=2274426019 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418357: <4>1 2018-07-28T10:24:58-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41095 DPT=81 SEQ=1083644364 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418668: <4>1 2018-07-28T13:51:25-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=35720 DPT=81 SEQ=3868071557 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418813: <4>1 2018-07-28T15:16:14-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=37721 DPT=81 SEQ=2449528176 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418849: <4>1 2018-07-28T15:43:39-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=55845 DPT=81 SEQ=3822381768 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
Search "89.248.174.45" (324 hits in 1 file)

this is freaking awesome!

I'm a little surprised by the uniqueness of the ips though. I only see this for a small sampling of the ip addresses that aiprotect caught.
I know right...:cool:
 
@Adamm
I needed a quick way to see the number of entries in my ipset lists and put this together. Any suggestions to make it run faster?

Copy and paste this code inside the /jffs/configs/profile.add file.
liststats () {
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
true > /tmp/ipsetlist
for SETLIST in $(ipset -L | grep "Name:" | sed 's/Name: //')
do
ENTRIES=$(ipset -L "$SETLIST" | grep "entries:" | sed 's/Number of entries: //')
printf '%s %b%s%b\n' "$SETLIST" "$GREEN" "$ENTRIES" "$NC" >> /tmp/ipsetlist
done
cat /tmp/ipsetlist | sort -u
rm /tmp/ipsetlist
}
Then, open up a new SSH session and type the command liststats

Code:
Skynet-Blacklist 109200
Skynet-BlockedRanges 1701
Skynet-Master 2
Skynet-Whitelist 1080
x3mRouting_AMAZONAWS_US 282
x3mRouting_NETFLIX 106
 
@Adamm
I needed a quick way to see the number of entries in my ipset lists and put this together. Any suggestions to make it run faster?

Copy and paste this code inside the /jffs/configs/profile.add file.
liststats () {
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
true > /tmp/ipsetlist
for SETLIST in $(ipset -L | grep "Name:" | sed 's/Name: //')
do
ENTRIES=$(ipset -L "$SETLIST" | grep "entries:" | sed 's/Number of entries: //')
printf '%s %b%s%b\n' "$SETLIST" "$GREEN" "$ENTRIES" "$NC" >> /tmp/ipsetlist
done
cat /tmp/ipsetlist | sort -u
rm /tmp/ipsetlist
}
Then, open up a new SSH session and type the command liststats

Code:
Skynet-Blacklist 109200
Skynet-BlockedRanges 1701
Skynet-Master 2
Skynet-Whitelist 1080
x3mRouting_AMAZONAWS_US 282
x3mRouting_NETFLIX 106


Code:
for SETLIST in $(ipset -L -n); do
    echo "$SETLIST - $(($(ipset -L "$SETLIST" | wc -l) - 8))"
done

Code:
admin@RT-AC86U-2EE8:/tmp/home/root# time -v /opt/tmp/test.sh
NETFLIX - 37
Skynet-Whitelist - 1119
Skynet-Blacklist - 111877
Skynet-BlockedRanges - 1725
Skynet-Master - 2
    Command being timed: "/opt/tmp/test.sh"
    User time (seconds): 0.92
    System time (seconds): 0.06
    Percent of CPU this job got: 103%
    Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 0.94s
    Average shared text size (kbytes): 0
    Average unshared data size (kbytes): 0
    Average stack size (kbytes): 0
    Average total size (kbytes): 0
    Maximum resident set size (kbytes): 5072
    Average resident set size (kbytes): 0
    Major (requiring I/O) page faults: 0
    Minor (reclaiming a frame) page faults: 2002
    Voluntary context switches: 966
    Involuntary context switches: 116
    Swaps: 0
    File system inputs: 0
    File system outputs: 0
    Socket messages sent: 0
    Socket messages received: 0
    Signals delivered: 0
    Page size (bytes): 4096
    Exit status: 0
 
How is skynet blocking domain based blacklists? Via iptables or dns/host files? Is there a reason we don't feed the adblock lists directly into skynet?
 
How is skynet blocking domain based blacklists? Via iptables or dns/host files? Is there a reason we don't feed the adblock lists directly into skynet?
Domain blacklist is just for user convenience. It will still be resolved to IP address, during a loading/restart of Skynet and during adding of the domain.
You can choose to import the Adblock list into Skynet but it is not recommended as there is a limit in the number of ip to be blocked in Skynet. 500k. It will also slow down the matching of ip with a huge blacklist. And may affect the surfing experience.

Ad-solution is a better option for ad block as they compliment each other.
 
Domain blacklist is just for user convenience. It will still be resolved to IP address, during a loading/restart of Skynet and during adding of the domain.
You can choose to import the Adblock list into Skynet but it is not recommended as there is a limit in the number of ip to be blocked in Skynet. 500k. It will also slow down the matching of ip with a huge blacklist. And may affect the surfing experience.

Ad-solution is a better option for ad block as they compliment each other.

Thanks
 
Code:
for SETLIST in $(ipset -L -n); do
    echo "$SETLIST - $(($(ipset -L "$SETLIST" | wc -l) - 8))"
done

Code:
admin@RT-AC86U-2EE8:/tmp/home/root# time -v /opt/tmp/test.sh
NETFLIX - 37
Skynet-Whitelist - 1119
Skynet-Blacklist - 111877
Skynet-BlockedRanges - 1725
Skynet-Master - 2
    Command being timed: "/opt/tmp/test.sh"
    User time (seconds): 0.92
    System time (seconds): 0.06
    Percent of CPU this job got: 103%
    Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 0.94s
    Average shared text size (kbytes): 0
    Average unshared data size (kbytes): 0
    Average stack size (kbytes): 0
    Average total size (kbytes): 0
    Maximum resident set size (kbytes): 5072
    Average resident set size (kbytes): 0
    Major (requiring I/O) page faults: 0
    Minor (reclaiming a frame) page faults: 2002
    Voluntary context switches: 966
    Involuntary context switches: 116
    Swaps: 0
    File system inputs: 0
    File system outputs: 0
    Socket messages sent: 0
    Socket messages received: 0
    Signals delivered: 0
    Page size (bytes): 4096
    Exit status: 0
Grateful! Thank you for the help.
 
Looking to seek some advice here.

I noticed my Sony smart TV is trying to communicate with random IPs.

Example:
[BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.98 DST=50.200.136.108 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=19956 DF PROTO=UDP SPT=6881 DPT=57599 LEN=112

It will always try to communicate with the same IP about every 10 minutes until I reboot the TV, then it will try to communicate with another IP address. Is this considered a compromised smart TV?
 
Looking to seek some advice here.

I noticed my Sony smart TV is trying to communicate with random IPs.

Example:
[BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.98 DST=50.200.136.108 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=19956 DF PROTO=UDP SPT=6881 DPT=57599 LEN=112

It will always try to communicate with the same IP about every 10 minutes until I reboot the TV, then it will try to communicate with another IP address. Is this considered a compromised smart TV?
https://otx.alienvault.com/indicator/ip/50.200.136.108
https://www.hybrid-analysis.com/sam...f9b2d087cffe2341030533d64f5?environmentId=100

What’s the other ip? Seems to be malicious... like from some torrent apps. What apps you have installed in your tv. Have u tried removing them?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top