I think it says its contacting ip addresses that had ransomware hosted on them before but also hosted github pages? Saying it was an azure server that maybe someone had compromised. I'm not an expert on such things. But regardless, because of that, it flags your file.
ooohhh man. okay thank you so much for saying this. I'm going to take down the files but keep up the page so others can know this risk. This may be one of my biggest fears. I'll go through my project and see what's going on, this is the first time I tried making something that saves data, I don't believe the project has any kind of online functionality but I also used premade assets. I'm very sorry about this.
It could've been a false positive too. I did more research and redid the VT scan because I actually found another thing come up with the same exact IP addresses and it's an akamai address which is a CDN and might refer to a data center breach that happened and others say that address might be easy to abuse by hackers because its an akamai address but that doesn't necessarily mean that contacting it is GOING to get your computer sick.
and this is the one where I had mentioned github pages. It's also related to akamai and has potential for abuse if someone compromises that address and uses it in an attack but that's usually not a permanent thing anyways.
I would wager this was actually a false positive but I commend you for taking security seriously. I feel kinda bad that you took your neat little art program down because of what I had said. Looks like whatever was going on with that ip address, people in the malware security field know about it and are doing stuff so you might be good but of course exercise your own best judgement.
← Return to game
Comments
Log in with itch.io to leave a comment.
did you know this comes up as a virus for one vendor?
https://www.virustotal.com/gui/file/6ec74fdf89b5a730c4568072753a26c583e3a5c4ec2c...
I think it says its contacting ip addresses that had ransomware hosted on them before but also hosted github pages? Saying it was an azure server that maybe someone had compromised. I'm not an expert on such things. But regardless, because of that, it flags your file.
ooohhh man. okay thank you so much for saying this. I'm going to take down the files but keep up the page so others can know this risk. This may be one of my biggest fears. I'll go through my project and see what's going on, this is the first time I tried making something that saves data, I don't believe the project has any kind of online functionality but I also used premade assets. I'm very sorry about this.
It could've been a false positive too. I did more research and redid the VT scan because I actually found another thing come up with the same exact IP addresses and it's an akamai address which is a CDN and might refer to a data center breach that happened and others say that address might be easy to abuse by hackers because its an akamai address but that doesn't necessarily mean that contacting it is GOING to get your computer sick.
See more here:
https://www.abuseipdb.com/check/23.216.147.76
(It actually says it's not malicious)
and here:
https://www.virustotal.com/gui/ip-address/23.216.147.76/detection
Saying it's related to attacks performed by APT27 aka LuckyMouse:
https://attack.mitre.org/groups/G0027/
This is the other address mentioned in the VT report:
https://www.virustotal.com/gui/ip-address/20.99.184.37/community
and this is the one where I had mentioned github pages. It's also related to akamai and has potential for abuse if someone compromises that address and uses it in an attack but that's usually not a permanent thing anyways.
I would wager this was actually a false positive but I commend you for taking security seriously. I feel kinda bad that you took your neat little art program down because of what I had said. Looks like whatever was going on with that ip address, people in the malware security field know about it and are doing stuff so you might be good but of course exercise your own best judgement.