Every time you start the VVVV, it tries to access a host: cdn-185-199-111-133[.]github[.]com:443 (184.108.40.206). I did a bit of googling and found some worrying reports about this IP. What could it be?
This is also a matter of concern
If you follow the message at this address and replace .com with .io
If sharing a dubious and potentially harmful URL in your initial post, could you please defang it? If need a hand, see Cyberchef here.
Thanks! Probably didn’t feel that link as potentially dangerous, but you’re right. Especially since it is accessed by Gamma every run.
Good find. Naman appears to be a cyber security expert: hxxps[://]www[.]linkedin[.]com/posts/nmnmalhotra_cybersecurity-malwareanalysis-ethicalhacking-activity-6997589662718414848-n07I
But it is a wonder that the app connects to that ip address. How did you detect that?
Also do you think it happens with vanilla Gamma without any nugets installed and no projects open?
It could have something to do with the Help Browser, because it gets its news from somewhere? I think more recent versions also check for updates too.
@Hadasi I put the Firewall on notification mode.
It does not seem to be an easy task to start vvvv without nugets:
- --noextensions does not affect anything
- --nuget-path on not existed folder throws an exception while it is hard to separate essential folders from nugets
I’m really not sure how to search.
Please tell me the correct way.
The command line doesn’t work or I can’t understand
This with an empty ‘a’ folder doesn’t work in this situation (access is still there):
Then it probably needs a clean install with a clean machine
@Hadasi Finally, with --nuget-path leading to an empty folder, I’m somehow emulating the clean install. Behaviour still the same. In other words, it doesn’t look like the nugets is going to cause this.
There is also an IPv6 address that leads to github. Probably the same mechanism. But rarely occurs
The initially mentioned url does not ring a bell. I don’t see anywhere we’d call that url directly. We do have a couple of requests to github though to our PublicContent repo. First thing that gets requested is the versions file. This can be disabled in settings though. Can you check if you still get that firewall notification when you turn of the “Check for new version on startup” setting?
@joreg Yes, that’s exactly what it is.
I did an experiment, switched it off and on.
That’s really it.
Thanks for confirming. Still weird since we definitely request the above url directly, so it must be happening through some indirection that is not under our control.