windows10 keepassxc.exe, 11.03.2024 18:40:26, 52509, 140.82.121.5, lb-140-82-121-5-fra.github.com, 443 (https), tcp, Outbound, [B] Internal\BlockConnection
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.96K Posts
- 74.6K Comments
- Modlog
VirusTotal doesn’t indicate keepassxc.exe 2.7.7 contacts this address. I’d be careful. Check the binaries’ signatures. Try a full install to see if that behaves differently.
keppassxc.exe: https://www.virustotal.com/gui/file/fea4df5024f83155f6742a3372a801fc6cc97ed82627b36fce6f0caed54506cf/relations
KeePassXC-2.7.7-Win64.msi: https://www.virustotal.com/gui/file/9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd
Hash matches yours KeePassXC-2.7.7-Win64.msi https://www.virustotal.com/gui/file/9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd/detection/f-9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd-1710242440
Well, apparently, this is an A record for api.github.com. This name resolves to a different IP around the globe. See https://www.whatsmydns.net/#A/api.github.com
The IP is detected as “clean” on VirusTotal: https://www.virustotal.com/gui/ip-address/140.82.121.5/detection , although apparently (probably not surprising as it is github) is also a favorite address for everything including malware.
Maybe you can ask in the keepassxc discussion forum on github.
Maybe it’s trying to get favicons?
Did you get the app from trusted source? Did you check the md5 / sha512 hash after downloading to ensure no tamper?
That would freak me out also…
Checking the hash is only useful to confirm a correct download. If someone can change what binary you download, they can also change the hash and would be stupid not to…
removed by mod
Forsure, but if you still had the download and went to the sites official page today and could check if it matches to alleviate fear you downloaded a fake version etc.
removed by mod
Is that it’s update check?
it’s disabled
There is a setting to automatically check for updates. I would see if that is enabled.
keepassxc is blocked by the firewall and updates are disabled, so calling the firewall confused me