Network Trojan Present
Hi I have a modern router that carries out deep inspections of network packets. It uses the 4 popular databases created by google, IBM and two others which list bad IP addresses. My router alerts me went Variety is run up and it repeatedly tries to contact the same IP address about every 10 minutes.
The address is 192.241.240.89
My router reports this message:-
drop tls 192.241.240.89 any -> xxx.x.x.xx any (msg:"ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc)"; flow:from_
The IP address being called is listed on the abuse website and can be seen:-
https:/
There are numerous abuse complaints about this IP address.
Even though my router drops all the packets aimed for 192.241.240.89 the photos change as expected and new photos are downloaded so the app doesn't seem to need this IP address, and even if it did, I really don't want anything to do with IP addresses listed by organisations lookng out for bad IP addresses. By turning off vrty.org option the packs sent to 192.241.240.89 stop.
Please can you inspect the code an remove this alarming packet sending and contact me when the app has been updated?
Thank you.
Neil
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Variety Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Neil Down for more information if necessary.