Share via

C# app flagged in virus total "contacted IP addresses" don't know why

James 21 Reputation points
2022-05-01T02:57:16.967+00:00

I have created an application in C# that is just about ready to hit production, just off the top of my head I thought I had better upload this to virus total to make sure there are no False-Positives, 2 antivirus's threw false positives, however on the behaviour tab I saw something that really concerned me, The application apparently according to virustotal connects to 3 IP's

13.107.4.52

20.189.173.20

23.216.147.64

This makes little sense to me as I have no networking code in the application and ive tripple checked all the code and cant find anything that could be doing this... Quite puzzled, does anyone have any solutions as to why it is apparently trying to connect to these IP's?

https://www.virustotal.com/gui/file/55eaeb46ee13d69a49815b85ee9cdee85429a7698b7303cbe206a824f7800a79/relations

Developer technologies | C#

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. da57e6 ‎ 1 Reputation point
    2022-06-09T14:34:21.493+00:00

    I happened to run across the third IP while running VirusTotal myself, and decided to do look around the internet. 23.216.147.64 belongs to a company called Akamai International BV/Akamai Technologies.

    https://en.wikipedia.org/wiki/Akamai_Technologies

    https://www.plixer.com/blog/computer-connecting-to-akamai-technologies/

    As the second link suggests;

    Akamai is a content delivery network (CDN) and cloud services provider. Other companies use their services to distribute content on servers located all over the world. This means that when you download something from one of those companies, the file will be accessed from a server physically near you, resulting in a faster download speed.

    CyRadar on VirusTotal was the only provider which detected the IP as malicious, but some people have reported CyRadar to have an outdated SSL certificate (https://www.reddit.com/r/antivirus/comments/lvb6ol/comment/gpbznhq), but that's over a year ago and we're getting off track. If you're absolutely certain your app doesn't contain networking code, you should try something to track your internet traffic when running the program, and see if it actually contacts those IPs or is it just a problem with the VirusTotal sandbox.

    Although this answer got quite long, my knowledge on the subject is no "better than average" and I only found my way here by doing a quick Google search with the IP.

    Thanks

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.