Every time you start the VVVV, it tries to access a host: cdn-185-199-111-133[.]github[.]com:443 (185.199.11.133). I did a bit of googling and found some worrying reports about this IP. What could it be?
This is also a matter of concern
If you follow the message at this address and replace .com with .io
Hey,
If sharing a dubious and potentially harmful URL in your initial post, could you please defang it? If need a hand, see Cyberchef here.
Thanks!
3 Likes
Thanks! Probably didnât feel that link as potentially dangerous, but youâre right. Especially since it is accessed by Gamma every run.
Good find. Naman appears to be a cyber security expert: hxxps[://]www[.]linkedin[.]com/posts/nmnmalhotra_cybersecurity-malwareanalysis-ethicalhacking-activity-6997589662718414848-n07I
But it is a wonder that the app connects to that ip address. How did you detect that?
Also do you think it happens with vanilla Gamma without any nugets installed and no projects open?
It could have something to do with the Help Browser, because it gets its news from somewhere? I think more recent versions also check for updates too.
@Hadasi I put the Firewall on notification mode.
It does not seem to be an easy task to start vvvv without nugets:
- --noextensions does not affect anything
- --nuget-path on not existed folder throws an exception while it is hard to separate essential folders from nugets
Iâm really not sure how to search.
Please tell me the correct way.
The command line doesnât work or I canât understand
This with an empty âaâ folder doesnât work in this situation (access is still there):
1 Like
Then it probably needs a clean install with a clean machine
@Hadasi Finally, with --nuget-path leading to an empty folder, Iâm somehow emulating the clean install. Behaviour still the same. In other words, it doesnât look like the nugets is going to cause this.
There is also an IPv6 address that leads to github. Probably the same mechanism. But rarely occurs
The initially mentioned url does not ring a bell. I donât see anywhere weâd call that url directly. We do have a couple of requests to github though to our PublicContent repo. First thing that gets requested is the versions file. This can be disabled in settings though. Can you check if you still get that firewall notification when you turn of the âCheck for new version on startupâ setting?
@joreg Yes, thatâs exactly what it is.
I did an experiment, switched it off and on.
Thatâs really it.
Thanks!
Thanks for confirming. Still weird since we definitely request the above url directly, so it must be happening through some indirection that is not under our control.