Author Topic: False positive github server IP registered in Botnet:Blacklist  (Read 458 times)

0 Members and 1 Guest are viewing this topic.

Offline InfiniteP

  • Newbie
  • *
  • Posts: 1
False positive github server IP registered in Botnet:Blacklist
« on: October 05, 2023, 09:50:28 PM »
Hi,

I got this warning popup window:


when conEmuPack (an enhanced terminal window) want to give me hint when a new version is available on github project page.
I checked the IP address given and found out it was github, so I'm very surprised it is shown as threat.

It would be fair to remove this IP from the list or just clear it as not a threat, it would be well known if github server(s) would have been infected, or it was the case once but it was never cleared from the list.

Regards.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33871
  • malware fighter
Re: False positive github server IP registered in Botnet:Blacklist
« Reply #1 on: October 05, 2023, 11:01:19 PM »
IP is being flagged here: https://www.abuseipdb.com/check/185.199.110.153
That means that abuse occured from this IP - https://www.shodan.io/host/185.199.110.153

Also VT has it, and precising -> Crowdsourced context
HIGH 1
MEDIUM 0
LOW 0
INFO 0
SUCCESS 0
Activity related to METASPLOIT - according to source Cluster25 - 6 months ago
This IPV4 is used as a CnC by METASPLOIT

Given the all green here: https://quttera.com/detailed_report/cdn-185-199-110-153.github.com
But be aware of three communicating files:
https://www.virustotal.com/gui/domain/cdn-185-199-110-153.github.com/relations - under the markmonitor umbrella

For the present situation, wait for a final verdict from avast team, as these are their definitions.

polonus (volunteer 3rd-party cold recon website security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88778
  • No support PMs thanks
Re: False positive github server IP registered in Botnet:Blacklist
« Reply #2 on: October 05, 2023, 11:28:46 PM »
@ InfiniteP
Images should be attached to the topic, many won't visit unknown third party links.

- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security