[SOLVED] (kind of) Yh exchanges a lot of traffic with unknown IP

Hello my fellow yunohosters!

My YunoHost server

Hardware: Raspberry Pi 3 at home
YunoHost version:
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | all above
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I am not sure, this is really a problem. But I would like to err on the side of caution.

Since about a week ago my yunohost started to produce quite a lot of network traffic (ie network LED blinking like crazy all the time) even when no device was actively accessing it.

I looked at the traffic with ‘tcpdump’ and found out that there is a continous traffic exchange between yunohost and IP This IP leads me to https://chipmixer.com/ some kind of bitcoin mixer.

The problem continues even after a fresh install of yunohost. Blocking port 80 but not 443 stops this.

Does anyone understand what is going on here, and why my yunohost connects to this IP?

Many thanks in advance


Whois output

% Information related to ' -'

% Abuse contact for ' -' is 'email@digitalocean.com'

inetnum: -
netname:        DIGITALOCEAN-LON-1
descr:          DigitalOcean London
country:        GB
admin-c:        PT7353-RIPE
tech-c:         PT7353-RIPE
status:         ASSIGNED PA
mnt-by:         digitalocean
mnt-lower:      digitalocean
mnt-routes:     digitalocean
created:        2014-04-07T06:16:03Z
last-modified:  2015-11-20T14:45:50Z
source:         RIPE

person:         Network Operations
address:        101 Ave of the Americas, 10th Floor
address:        New York, NY, 10013
address:        United States of America
phone:          +13478756044
nic-hdl:        PT7353-RIPE
mnt-by:         digitalocean
created:        2015-03-11T16:37:07Z
last-modified:  2019-04-17T14:37:51Z
source:         RIPE # Filtered
org:            ORG-DOI2-RIPE

Hmyeah that sounds suspicious ?

I don’t know, naively i would check top / htop just in case there’s a suspicious program running on your machine …?

That’s a good idea. I’ll check this out.

I could suggest netstat -t -u -p -n |grep, this should give you the Process name generating the traffic.


For what ever reason this traffic suddenly stopped. I can’t investigate it further.

But I will mark this forum thread for the future, in case something suspicious shows up again.

Many thanks to @Aleks and @anubis for your helpful suggestions.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.