Jump to content

Strange IP requests to my server - am I being hacked?

JuJuJurassic

By JuJuJurassic
in General/Windows

 Share
Go to solution Solved by JuJuJurassic,

Recommended Posts

JuJuJurassic

JuJuJurassic 49

Posted
Posted

I'm trying to do the impossible......Remove all the errors from my Emby servers logs. 🙂 

In looking through the log I've found requests that are being refused, the entire log is attached, but here's the request in the logs

Firstly, I use the IP range 193.37.226.x internally, it is my lan address, not a public address. This goes back 30 years.....

So the requests are coming from my lan. They are in the DHCP scope, and I haven't a clue what they are. I have a lot of smart devices , switches etc.

The devices have the IP/Macs of devices are 193.37.226.61, C4-4F-33-F0-1E-40 with the host of ESPF01E40, registered to Espressif Inc. and 193.37.226.112 Mac FC-67-1F-15-FA-6E  with no host id, registered to Tuya Smart Inc.

What do you think is going on? As they are requesting on port 80, I don't have to worry(?). I have no other web servers or anything on port 80

Thanks

 

026-01-30 07:15:00.213 Info HttpClient: GET http://193.37.226.112/discover.json
2026-01-30 07:15:00.228 Error HttpClient: Error getting response from http://193.37.226.112/discover.json
    *** Error Report ***
    Version: 4.9.3.0
    Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_amd64.deb
    Operating system: Linux version 5.4.0-225-generic (buildd@lcy02-amd64-078) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)) #245-Ubuntu SMP Fri Jan 9 18:53:35 UTC 20
    OS/Process: x64/x64
    Framework: .NET 8.0.22
    Runtime: opt/emby-server/system/System.Private.CoreLib.dll
    Processor count: 16
    Data path: /var/lib/emby
    Application path: /opt/emby-server/system
    MediaBrowser.Model.Net.HttpException: MediaBrowser.Model.Net.HttpException: Connection refused (193.37.226.112:80)
     ---> System.Net.Http.HttpRequestException: Connection refused (193.37.226.112:80)
     ---> System.Net.Sockets.SocketException (111): Connection refused
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
       at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
       --- End of inner exception stack trace ---
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
       at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
       at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
       at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
       --- End of inner exception stack trace ---
    Source: 
    TargetSite: 
    No Stack Trace Available
    InnerException: System.Net.Http.HttpRequestException: Connection refused (193.37.226.112:80)
    Source: System.Net.Http
    TargetSite: Void MoveNext()
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
       at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
       at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
       at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
    InnerException: System.Net.Sockets.SocketException: Connection refused
    Source: System.Net.Sockets
    TargetSite: Void ThrowException(System.Net.Sockets.SocketError, System.Threading.CancellationToken)
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
       at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
    
2026-01-30 07:15:00.228 Info HttpClient: GET http://193.37.226.112/discover.json
2026-01-30 07:15:00.644 Info HttpClient: Http response 200 from https://www.mb3admin.com/admin/service/EmbyPackages.json after 454ms
2026-01-30 07:15:00.961 Info SqliteItemRepository: Opening sqlite connection to /var/lib/emby/data/library.db. isReadOnly: True
2026-01-30 07:15:00.961 Info SqliteItemRepository: PRAGMA cache_size=-2097152
2026-01-30 07:15:00.961 Info SqliteItemRepository: PRAGMA page_size=4096
2026-01-30 07:15:00.961 Info SqliteItemRepository: PRAGMA foreign_keys=1
2026-01-30 07:15:00.961 Info SqliteItemRepository: PRAGMA SECURE_DELETE=0
2026-01-30 07:15:00.961 Info SqliteItemRepository: Result of setting SQLITE_DBCONFIG_DQS_DDL to 0 is 0
2026-01-30 07:15:00.961 Info SqliteItemRepository: Result of setting SQLITE_DBCONFIG_DQS_DML to 0 is 0
2026-01-30 07:15:01.074 Info App: ValidatePhysicalRoots completed validating 25276137 3d /data/ssd/3d
2026-01-30 07:15:01.074 Info App: ValidatePhysicalRoots start validating 25278645 AudioBooks /data/ssd/AudioBooks
2026-01-30 07:15:01.145 Info HttpClient: Http response 200 from https://api.github.com/repos/MediaBrowser/Emby.Releases/releases after 954ms
2026-01-30 07:15:01.319 Info TaskManager: Check for plugin updates Completed after 0 minute(s) and 1 seconds
2026-01-30 07:15:01.939 Info App: No application update available.
2026-01-30 07:15:01.939 Info TaskManager: Check for application updates Completed after 0 minute(s) and 1 seconds
2026-01-30 07:15:03.205 Info HttpClient: GET http://193.37.226.61/discover.json
2026-01-30 07:15:03.246 Error HttpClient: Error getting response from http://193.37.226.61/discover.json
    *** Error Report ***
    Version: 4.9.3.0
    Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_amd64.deb
    Operating system: Linux version 5.4.0-225-generic (buildd@lcy02-amd64-078) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)) #245-Ubuntu SMP Fri Jan 9 18:53:35 UTC 20
    OS/Process: x64/x64
    Framework: .NET 8.0.22
    Runtime: opt/emby-server/system/System.Private.CoreLib.dll
    Processor count: 16
    Data path: /var/lib/emby
    Application path: /opt/emby-server/system
    MediaBrowser.Model.Net.HttpException: MediaBrowser.Model.Net.HttpException: Connection refused (193.37.226.61:80)
     ---> System.Net.Http.HttpRequestException: Connection refused (193.37.226.61:80)
     ---> System.Net.Sockets.SocketException (111): Connection refused
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
       at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
       --- End of inner exception stack trace ---
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
       at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
       at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
       at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
       --- End of inner exception stack trace ---
    Source: 
    TargetSite: 
    No Stack Trace Available
    InnerException: System.Net.Http.HttpRequestException: Connection refused (193.37.226.61:80)
    Source: System.Net.Http
    TargetSite: Void MoveNext()
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
       at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
       at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
       at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
       at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
    InnerException: System.Net.Sockets.SocketException: Connection refused
    Source: System.Net.Sockets
    TargetSite: Void ThrowException(System.Net.Sockets.SocketError, System.Threading.CancellationToken)
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
       at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
       at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
       at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
    

 

embyserver(13).txt

Q-Droid

Q-Droid 989

Posted
Posted

Everything is suspicious until you can figure out what it is.

If they are within your DHCP scope then you should know which devices have those IPs assigned. Does your router list them as clients?

You could get something like Zenmap GUI to scan your LAN and identify the devices.

 

 

 

  • Solution
JuJuJurassic

JuJuJurassic 49

Posted
  • Author
  • Solution
Posted

I typed it into chatgpt, it's due to the queries going out, not in, so it' ok. I'll leave it here for others 

brothom

brothom 177

Posted
Posted (edited)

@JuJuJurassicdamn dude. You have a lot of faith in chatgtp. Good luck.

It's also funny that 193.37.226.61 is an address in Czech Republic. Are you sure you're not confusing 192.* with 193.*?

Edited by brothom
sa2000

sa2000 674

Posted
Posted (edited)
2 hours ago, brothom said:

It's also funny that 193.37.226.61 is an address in Czech Republic. Are you sure you're not confusing 192.* with 193.*?

The local network is defined on the 193.37.226.xx network - stated earlier 

2026-01-30 07:14:43.872 Info NetworkManager: Detecting local network addresses
2026-01-30 07:14:43.873 Info NetworkManager: networkInterface: Ethernet enp6s0, Speed: 2500000000, Description: enp6s0
2026-01-30 07:14:43.874 Info NetworkManager: GatewayAddresses: 193.37.226.187
2026-01-30 07:14:43.877 Info NetworkManager: UnicastAddresses: 193.37.226.252,fdb0:298b:6886:0:dabb:c1ff:fe1a:992e,fe80::dabb:c1ff:fe1a:992e%2

@JuJuJurassic

The http://ip.address/discover.json are normally seen for products like SiliconDust HD Homerun DVRs. See what you have showing as device IP Addresses in Live TV Settings

 

Edited by sa2000
Q-Droid

Q-Droid 989

Posted
Posted
4 hours ago, JuJuJurassic said:

I typed it into chatgpt, it's due to the queries going out, not in, so it' ok. I'll leave it here for others 

D'oh! I didn't notice those were outbound calls.

 

JuJuJurassic

JuJuJurassic 49

Posted
  • Author
Posted
22 hours ago, brothom said:

@JuJuJurassicdamn dude. You have a lot of faith in chatgtp. Good luck.

It's also funny that 193.37.226.61 is an address in Czech Republic. Are you sure you're not confusing 192.* with 193.*?

This ip range was given to me by the university of London 30+ years ago, but I didnt connect it to the web, so they gave it out again. But I had devices on the subnet so it’s sort of stayed. Changing it now would be a major issue. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...