this post was submitted on 11 Mar 2024

26 points (88.2% liked)

Privacy

31859 readers

176 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Unexpectedly, after updating KeePassXC started knocking on the Internet. Is this behavior normal? (lemmy.world)

submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]

13 comments fedilink hide all child comments

windows10 keepassxc.exe, ‎11.‎03.‎2024 ‏‎18:40:26, 52509, 140.82.121.5, lb-140-82-121-5-fra.github.com, 443 (https), tcp, Outbound, [B] Internal\BlockConnection

all 14 comments

sorted by: hot top controversial new old

[–] [email protected] 13 points 8 months ago* (last edited 8 months ago)

Can you rewrite the question without the word "itself"? Because I am confused by it.

PS unlike Reddit, you can edit titles on posts

Edit: actually I wasn't too clear myself: I didn't know if you were referencing a Windows update or a KeePass update

[–] [email protected] 11 points 8 months ago

Maybe it's trying to get favicons?

[–] [email protected] 8 points 8 months ago (2 children)

Is that it's update check?

[–] [email protected] 4 points 8 months ago

it's disabled

[–] [email protected] 3 points 8 months ago

its* update check

[–] [email protected] 6 points 8 months ago* (last edited 8 months ago) (1 children)

There is a setting to automatically check for updates. I would see if that is enabled.

[–] [email protected] 4 points 8 months ago

keepassxc is blocked by the firewall and updates are disabled, so calling the firewall confused me

[–] [email protected] 6 points 8 months ago* (last edited 8 months ago) (1 children)

VirusTotal doesn't indicate keepassxc.exe 2.7.7 contacts this address. I'd be careful. Check the binaries' signatures. Try a full install to see if that behaves differently.

keppassxc.exe: https://www.virustotal.com/gui/file/fea4df5024f83155f6742a3372a801fc6cc97ed82627b36fce6f0caed54506cf/relations

KeePassXC-2.7.7-Win64.msi: https://www.virustotal.com/gui/file/9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd

[–] [email protected] 3 points 8 months ago (1 children)

Hash matches yours KeePassXC-2.7.7-Win64.msi https://www.virustotal.com/gui/file/9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd/detection/f-9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd-1710242440

[–] [email protected] 3 points 8 months ago

140.82.121.5

Well, apparently, this is an A record for api.github.com. This name resolves to a different IP around the globe. See https://www.whatsmydns.net/#A/api.github.com

The IP is detected as "clean" on VirusTotal: https://www.virustotal.com/gui/ip-address/140.82.121.5/detection , although apparently (probably not surprising as it is github) is also a favorite address for everything including malware.

Maybe you can ask in the keepassxc discussion forum on github.

[–] [email protected] 5 points 8 months ago (1 children)

Did you get the app from trusted source? Did you check the md5 / sha512 hash after downloading to ensure no tamper?

That would freak me out also..

[–] [email protected] 0 points 8 months ago (2 children)

Checking the hash is only useful to confirm a correct download. If someone can change what binary you download, they can also change the hash and would be stupid not to…

[–] [email protected] 1 points 8 months ago

Forsure, but if you still had the download and went to the sites official page today and could check if it matches to alleviate fear you downloaded a fake version etc.