Unexpectedly, after updating KeePassXC started knocking on the Internet. Is this behavior normal?

Squire1039 , 2 months ago

VirusTotal doesn't indicate keepassxc.exe 2.7.7 contacts this address. I'd be careful. Check the binaries' signatures. Try a full install to see if that behaves differently.

keppassxc.exe: https://www.virustotal.com/gui/file/fea4df5024f83155f6742a3372a801fc6cc97ed82627b36fce6f0caed54506cf/relations

KeePassXC-2.7.7-Win64.msi: https://www.virustotal.com/gui/file/9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd

Garrytianomorph OP , 2 months ago

Hash matches yours
KeePassXC-2.7.7-Win64.msi
https://www.virustotal.com/gui/file/9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd/detection/f-9c3dab957db0f769c4e67bfdf4f0134a65ecfa65c5569718a36aa88e649158cd-1710242440

Squire1039 , 2 months ago

140.82.121.5

Well, apparently, this is an A record for api.github.com. This name resolves to a different IP around the globe. See https://www.whatsmydns.net/#A/api.github.com

The IP is detected as "clean" on VirusTotal: https://www.virustotal.com/gui/ip-address/140.82.121.5/detection , although apparently (probably not surprising as it is github) is also a favorite address for everything including malware.

Maybe you can ask in the keepassxc discussion forum on github.

Gooey0210 , 2 months ago

Maybe it's trying to get favicons?

Turbo , 2 months ago

Did you get the app from trusted source? Did you check the md5 / sha512 hash after downloading to ensure no tamper?

That would freak me out also..

fizzyvelcro , 2 months ago

Checking the hash is only useful to confirm a correct download. If someone can change what binary you download, they can also change the hash and would be stupid not to…

Turbo , 2 months ago

Forsure, but if you still had the download and went to the sites official page today and could check if it matches to alleviate fear you downloaded a fake version etc.

TheAnonymouseJoker Mod , 2 months ago

SHA-256 and stronger hashes have not been manipulated or cracked the way MD5 and CRC32 have been. Stop the FUD.

LWD , 3 months ago (edited 3 months ago)

Can you rewrite the question without the word "itself"? Because I am confused by it.

PS unlike Reddit, you can edit titles on posts

Edit: actually I wasn't too clear myself: I didn't know if you were referencing a Windows update or a KeePass update

UID_Zero , 3 months ago

Is that it's update check?

Garrytianomorph OP , 3 months ago

it's disabled

itsnotits , 2 months ago

its* update check

Matt , 3 months ago

There is a setting to automatically check for updates. I would see if that is enabled.

Garrytianomorph OP , 3 months ago

keepassxc is blocked by the firewall and updates are disabled, so calling the firewall confused me