[becomer]

Hello, new to this forum.  Recently I  my anti-malware software has been flagging a potential "malicious" outbound connection attempt to the following Domain[ftp.snt.utwente.nl] with an IP address of 130.89.149.20.  I first noticed the attempts a couple of months ago, while using Kodi version 14.1 Helix(yes i know its a bit outdated but I've done a lot of work with it and I got it just the way I like it.), but it wasn't there before.  Meaning, I never had a problem with possible malicious connections attempts being flagged through Kodi.  I upgraded to to the latest stable release, and its the same thing.  What is it trying to connect with, and for what reason?  It wasn't there before.  And why is it trying to use a File Transfer Protocol?  What files of mine is it trying to take?

Thanks

[Karellen]

Hello becomer

I am not aware of that site and it is not one used by Kodi. I would suggest taking inventory of your add-ons as this might be the cause.

If you provide a debug log (wiki), we can help track it. Of course we are assuming it is Kodi, and not some other application you have installed on your computer. Are you able to reproduce when the connection to that site is made? If yes, please capture it in the debug log.

It is also worth mentioning that if you install add-ons from third party repositories, then you do so at your own risk. An interesting article... https://torrentfreak.com/popular-kodi-ad...et-170203/

1. Enable Debugging mode. Go to Settings>System Settings>Logging and it should be the first option
   
2. Restart Kodi
   
3. Replicate the problem as instructed above
   
4. Upload the results.
   

[becomer]

Hello becomer

I am not aware of that site and it is not one used by Kodi. I would suggest taking inventory of your add-ons as this might be the cause.

If you provide a debug log (wiki), we can help track it. Of course we are assuming it is Kodi, and not some other application you have installed on your computer. Are you able to reproduce when the connection to that site is made? If yes, please capture it in the debug log.
 

1. Enable Debugging mode. Go to Settings>System Settings>Logging and it should be the first option
   
2. Restart Kodi
   
3. Replicate the problem as instructed above
   
4. Upload the results.
   

 

 Greetings Karellen, and thank you for your prompt reply.  I will attempt to provide you with the best information i can. 

First off, this event occurs after a fresh install of Kodi.  Whether its version 14.1 or 17.6.  After a fresh install and first time load is when the outbound connection is attempted.  Before you can do anything.  It seems to be tied to the initial loading of Kodi.  There's not even time to load any additional add-ons outside of what installs automatically with a fresh install.  I used the Installer 32bit pulled from the official Kodi website.  This was last attempted about 2 hours ago est in the states.  My first exposure happened a couple of months ago using version 14.1 Helix with nothing but "out of the box" add-ons installed, same as today. It must have been from an update as it just flagged out of no where.  I even had it happen on a freshly reformatted Windows machine today.  Tried it on 3 other systems after to the same result.  All my own machines.  Two were fresh installs, and the last was heavily scanned using 4 different anti malware and virus software packages prior to install. Same results.  

I must apologize but i don't understand what you mean by connection to the site is made.  My anti-malware software flags and blocks the attempt before any connection to the domain is made.  This is when Kodi loads for the first time,before any interaction with the interface is made.  Kodi still loads, but I haven't to see what else may be wrong as I don't trust the behavior.  

After my post, I saw where another member posted something about the same thing back in June or July.  The response that member received was that it was one of the mirrors they use.  I didn't fully trust that response because there wasn't much substance in his reply.  Now with your response somewhat counters his so i'm left with more wonder.

[becomer]

Hello becomer

I am not aware of that site and it is not one used by Kodi. I would suggest taking inventory of your add-ons as this might be the cause.

If you provide a debug log (wiki), we can help track it. Of course we are assuming it is Kodi, and not some other application you have installed on your computer. Are you able to reproduce when the connection to that site is made? If yes, please capture it in the debug log.

It is also worth mentioning that if you install add-ons from third party repositories, then you do so at your own risk. An interesting article... https://torrentfreak.com/popular-kodi-ad...et-170203/
 

1. Enable Debugging mode. Go to Settings>System Settings>Logging and it should be the first option
   
2. Restart Kodi
   
3. Replicate the problem as instructed above
   
4. Upload the results.
   

 

BTW I forgot to mention these installs were all on Windows 7 Pro boxes with all updates installed...

[DaVu]

please use pastebin.com to provide the content from: %appdata%\Kodi\kodi.log

[becomer]

Hello becomer

I am not aware of that site and it is not one used by Kodi. I would suggest taking inventory of your add-ons as this might be the cause.

If you provide a debug log (wiki), we can help track it. Of course we are assuming it is Kodi, and not some other application you have installed on your computer. Are you able to reproduce when the connection to that site is made? If yes, please capture it in the debug log.

It is also worth mentioning that if you install add-ons from third party repositories, then you do so at your own risk. An interesting article... https://torrentfreak.com/popular-kodi-ad...et-170203/
 

1. Enable Debugging mode. Go to Settings>System Settings>Logging and it should be the first option
   
2. Restart Kodi
   
3. Replicate the problem as instructed above
   
4. Upload the results.
   

 

I did a little research and found a thread from a Kodi communicanity Forum where this same domain was captured in a member's DEBUG log as such [*http://ftp.snt.utwente.nl/pub/software/superrepo/v7/addons/plugin.video.pseudo.companion/plugin.video.pseudo.companion-0.0.2.zip.md5*]  seems to be tied to pseudo video companion or something..The domain is managed by Studenten Net Twente (SNT) located on the University Twente located in the Netherlands

[becomer]

Hello becomer

I am not aware of that site and it is not one used by Kodi. I would suggest taking inventory of your add-ons as this might be the cause.

If you provide a debug log (wiki), we can help track it. Of course we are assuming it is Kodi, and not some other application you have installed on your computer. Are you able to reproduce when the connection to that site is made? If yes, please capture it in the debug log.

It is also worth mentioning that if you install add-ons from third party repositories, then you do so at your own risk. An interesting article... https://torrentfreak.com/popular-kodi-ad...et-170203/
 

1. Enable Debugging mode. Go to Settings>System Settings>Logging and it should be the first option
   
2. Restart Kodi
   
3. Replicate the problem as instructed above
   
4. Upload the results.
   

 

 Just tried the nightly windows build from the official KOdi site; on a freshly reformatted machine, and was able to install it and open Kodi without the outbound connection attempt.  I did however get the outbound error while trying to get a new skin from the Kodi inventory.  Not a third party place.  It definitely seems to be Kodi add-on related.. BTW it's Malwarebytes Premium 3.3.1 which is catching the domain attempts..

[DaVu]

I did a little research and found a thread from a Kodi communicanity Forum where this same domain was captured in a member's DEBUG log as such [*http://ftp.snt.utwente.nl/pub/software/superrepo/v7/addons/plugin.video.pseudo.companion/plugin.video.pseudo.companion-0.0.2.zip.md5*]  seems to be tied to pseudo video companion or something..The domain is managed by Studenten Net Twente (SNT) located on the University Twente located in the Netherlands

AFAIK that add-on comes from a repo which is on our banned list. At least it's nothing we ship in our repo. So if you have problems with that you either have that repo and addon installed and therefore you won't get any assistance for them, hence it's banned, or your problem is not kodi related at all.

That's why we (Karellen and me) are asking for the logfile. Either you provide the log or we can't help at all.

Your choice

[Karellen]

Thanks for the info becomer

First off, it is not necessary to hit "Reply" or "Quote" each time you type. Simply type in the box at the bottom of the thread and hit "Post Reply" when you are done. It will stop all those annoying quotes messing up your responses

That link you found in another thread is directly related to a 3rd party repository that is Banned from this site. If that is what you have, then you won't receive assistance from us here.

Please post the debug log. We will get nowhere without it and no further responses can be made without it. You must capture the attempted / blocked outgoing connection in the debug log.

Thanks

[becomer]

Thanks for the tip on my replies Karellen!  Much appreciated. 

No, I do not have that particular add-on, or any third party add-on for that matter.  Everything installed is right out of the box from Kodi install.  I only posted that particular thread because I was doing a little reconn work and chomped at the bit when I found something Kodi related.  There's not much out there about it, which is why I was seeking help.  As I mentioned before, and sorry to repeat, but I'm getting the connection attempt after a fresh install on a fresh box while loading Kodi for first use.  Before anything is set up.  No additional add-ons or contents.  Almost as if it's being initialized when Kodi is run for the first time.  I don't see it a 2nd time.   I will work on the logs for you, but not sure how I can capture the event when it happens before I can activate the debug option.  The nightly build was the only build that didn't fire it off on initial load

Now the nightly build flagged it when i changed the skin to one I found in the Kodi repository.  I forget which one.  I performed it on a freshly reformatted windows 7 pro box. 

Your feedback is greatly appreciated, and I appreciate your patience..

[Karellen]

Yes, much better and cleaner posts

We'll wait for the log.

[becomer]

Looks like a simple uninstall of Kodi doesn't do the trick of resetting what ever triggers the event.  There must be some registry entries left that effect it.  I'm trying to repeat, but not getting anywhere. Plus this nightly build is crashing all over the place.  Give me about 30 minutes and I'll have a fresh OS install and Kodi to play with.

[becomer]

Appreciate the help Karellen and DaVu!

[Karellen]

We have just had some feed back from the Mirrors maintainer.

That address is one of our mirrors, and is most likely trying to perform a Repository Update. You will need to ensure your repository is upto date for a properly functioning Kodi. As an example, we have had quite an upheaval with Scrapers recently due to problems at the Scraper sites, so you need to ensure they are up to date or you will find that nothing will be added to the library.

You should allow that connection to go through. Kodi will always try to connect to the online repository on first install to download the latest version of required add-ons.

Hope that helps.

[becomer]

That sure does help!  But tell me something if you can.  Why now is it getting flagged and not before?  Is this a newer mirror site? I never saw this behavior before, and I've been using this same security software all along?  Or maybe its something Malwarebytes specific?