Mail Archives: cygwin/2023/08/22/10:13:41

Dom Woods - BGS via Cygwin <cygwin AT cygwin DOT com> · Tue, 22 Aug 2023 14:12:51 +0000

Hi Cygwin,

I scanned your application through Virus Total as per our company policy and noticed that the installation process calls out to a suspicious Microsoft IP 13.107.4.50, this ip has been flagged by 8 vendors as malicious, I get varying responses for what it is used for (an os updater or a file distributer) and wanted to ask what does Cygwin use it for? I can't seem to contact it with nslookup or ping it and Virus Total says that it gives a 'status 400' results so it might not be in use anymore anyway but just wanted to check.

Here is your Virus Total graph results: https://www.virustotal.com/graph/6bad4555154b3b348d1bfb633a2e9d6086aa46e36952f456a434ecef5b0010e0
Here is the scan of the IP address' results: https://www.virustotal.com/gui/url/3397a00da1c5aa448611892c12d38fee37fcd60321720a6e242cb0167e381901/detection

Kind regards,
Dom woods

This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete this email from your system. UK Research and Innovation (UKRI) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before opening the attachments. UKRI does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses.

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 1FC34386075C
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1692713618;
	bh=QfQdSvFNGos71mc6fDrRW5jrKEHMnZkvOBIe6hH/Trg=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	List-Help:List-Subscribe:From:Reply-To:From;
	b=KRu5TbNDiYglRCvmwMUhUNKsE7mDCEo6FOxqYvv+2RRPV94lrWaM2tmLELOgyJr2W
	u2GXpf4IWi5Iehfzc64mTBUfH7NokoMRwDGBGY6Fr/R5qWQcxtaP34T5qZYMHSnHqP
	NQUYGr07QEdPI20PxOJRuZRzQUskHo3eQ3TEzi8U=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 4EAC93858D1E
ARC-Seal:	i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
	b=ZHyu53anXh5LNR2qA9ZTgNveQiiq0UxnfP/8/oTEbY2VCBMOOSHpCRzhYizvoQCnTN/26+dt04iTOj5Qt4tsraRXSk27HS3lzv77SaG4cHsxcNe6OAZoEENA2jdp/0d5imNPOL9r8WabwI+l2HXAI5aeAtycLzWxDIJmtdl7w28NzLScne5QXJCzfD4LGomdBTb5n7CfAqJBImzt1g+TxYOUUhfyEd3EShGJq3V5o/uSUFstCinWc5MgvkS8pgaBNNnQtPVfENUqVPwR3/4npmAk2z2+ZJPzehy+x+oSCo7qLx02dRbwiDq63s3dcmB3jfrrOF5azjMldy1FzoFarg==
ARC-Message-Signature:	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
	s=arcselector9901;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
	bh=IX+jsYz5bd+FUgkt081b9GT+f5uL2QLt4Zz9Xk+XBQk=;
	b=Z3y1AOoNXgFUyw+k3lkE/lydNSScUdSB5Zq3rolDZ5ijj2n9z9t4Yzylz1kPf6H4C10wO0+MmDNjWvRyENlOajbOnQKvdO94oPwcIfzyXHLqYqhRNVEX/0+cFdrs3ABhjHevVURuvfpReVMpAWcGNBMURx/ML4cHe0XWj5UhUdFubLt1eA21IO7HCioIGsOcFr0e6yZywkqcFC/d83vUcB/S8Qt7RIBYBNhZPVdlwupUNgUNILHPOL8SapkqmGp62HOJWQ5zRthJV+ePZY9SNmTQ4/d4ikvU9p1BeJ0a3OdPYTYvbojsJBecsajmTRHhqNlDCQyEkE6jrV53OB8dqg==
ARC-Authentication-Results:	i=1; mx.microsoft.com 1; spf=pass
	smtp.mailfrom=bgs.ac.uk; dmarc=pass action=none header.from=bgs.ac.uk;
	dkim=pass header.d=bgs.ac.uk; arc=none
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject:	Virus Total scan
Thread-Topic:	Virus Total scan
Thread-Index:	AdnVAT10S7FswRCfQtKNtNXpSh94JA==
Date:	Tue, 22 Aug 2023 14:12:51 +0000
Message-ID:	<LO3P123MB334069FD42052E97C5917179811FA@LO3P123MB3340.GBRP123.PROD.OUTLOOK.COM>
Accept-Language:	en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype:	Email
x-ms-traffictypediagnostic:	LO3P123MB3340:EE_\|LO0P123MB6587:EE_
x-ms-office365-filtering-correlation-id:	a71330f1-08c0-4443-ab8b-08dba319df4e
x-ms-exchange-senderadcheck:	1
x-ms-exchange-antispam-relay:	0
x-microsoft-antispam:	BCL:0;
x-microsoft-antispam-message-info:	ZFi53oV96uxNuscqehmLjZJGEnG2i8dGtmuTTDFeNtDQfgjKD01/KO7/osJGlTVHSu+jqYx8d6Qu68R6Sunyvl9ciR/cG16ZvFO9cWGVbMhyy0eDJm9/ttuvGtHSUHWT++V+JQD7bozkfhMCJtzbT/BTxrkYx87hicV0fnHk5YUtwCTUDetzeeSsI1oHC3/j8I9oU+jqylbwCQHT5+EEU3+rILQRaAGm4pUvT9NkykgLP9Z4oGoM/5+48ifTLAElowQ8zyfRWX2b02EUBUp6mSFjw0kMDP6bv3CWGz3coFL01tYCf0Zja+h+RalXeKBqUb1L0vu0mOh59tUwDft7dSlNGgdJK8iIFdeltje4uOZ6J4h5gHKdLA6PtlBtfJFEPdQ7nBVxnV8CyMdHOoztq8008pjEehMye+irSrqwiWJARVtl/CG1Qux1tqPfJg+td8g7ZgnHd6ww8GS9c27Olp6eodcPgTqkUcXuaVkn7fiWWdKScpwvJ/Hth4tC2gs4SxoaL+CrnSkfYaJIldZDLA0RDcHYhXiNUyOCYytvoxEtxCAT5t7EBv3L9GWjDXkITJbOGtA0aLdEILYy7thdXMDCRbpKWp8Lf4sFYYA1NuY=
x-forefront-antispam-report:	CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:LO3P123MB3340.GBRP123.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
	SFS:(13230031)(366004)(346002)(376002)(39860400002)(136003)(396003)(186009)(1800799009)(451199024)(9326002)(8676002)(8936002)(7116003)(52536014)(86362001)(66574015)(26005)(9686003)(3480700007)(83380400001)(166002)(55016003)(38070700005)(122000001)(38100700002)(33656002)(41300700001)(64756008)(66446008)(316002)(45080400002)(966005)(7696005)(6506007)(66476007)(478600001)(71200400001)(76116006)(66946007)(66556008)(6916009)(786003)(2906002)(5660300002);
	DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount:	1
x-ms-exchange-antispam-messagedata-0:	=?us-ascii?Q?eSihU6fYllXu5PtkNssFlillLao5NlkcWHlLrvtS9nsRnGFH6yPGtwl4obgu?=
	=?us-ascii?Q?MMVWHR8Ciic96pz9s3173QBHThxaTvp58fwc9WFO1rjh8gJ5AlV+J8spHV4E?=
	=?us-ascii?Q?m8kOl5g6/cbqkKj+jKRykH0pwgHtIxb6eT4xBuFr+5MbHHvjRpYaicgQS3OD?=
	=?us-ascii?Q?qqaKXK69X7tThqFmtE74f0NYwXXgaznm+yDdvxQgDtaKIKkKlVhM/cAeWJ8a?=
	=?us-ascii?Q?Wtt3nhaaVwCWa7YvXLNe2nmcfJJ/UdilLiRycfRc66wvTokE/hMgeSlQJHrs?=
	=?us-ascii?Q?nke//INyWUlbkC1QCjrMYCBU448oDSbNFZpSpRYMbdVQ4XqeYb09OSFgKi/W?=
	=?us-ascii?Q?7FU0uU4iyoL4hKt6QfArMnm/F6s2xVzEzp8iFx9McwG1DaLGF66NfRjo566X?=
	=?us-ascii?Q?ImqbfugZNp2fiTMpfCATYqlwEjOl0XakjHWPwheXa93SyvIeY8Q+VTyBWNOE?=
	=?us-ascii?Q?qlDiDZsYx+dCmeo/2zMMRJpHs/kVAXZSLoZW5Lkqmhg0fYqQXRTlrTYErTV+?=
	=?us-ascii?Q?i4eUrQ5kKHxXCnmHFgffoDhkLePdQ35/SmO+gqVySKBgIwpFjacyuaJ5G1WB?=
	=?us-ascii?Q?JA5P9Sb3KVQw7hdSllSdYVbQtdblZvbzMRD0IAtjSNwpPzNdMJkQD0zKCD8V?=
	=?us-ascii?Q?nwE2oxdci1WzzctO7kkPzFl8+v4kjJJC7jHnAc//pNhI1DP0W+gUoZlz6ez7?=
	=?us-ascii?Q?I5NEblTI5Zt9C5u3jQ6wAJEZ9idIirDJ8kNgvpUh3+xlmHbXa1ykuec4Omu/?=
	=?us-ascii?Q?qY47NXvzECgEgEqCC5PQjCbBvE0DRn1E8h6yOIMrR6DtSOCxCJUZqItpgl0k?=
	=?us-ascii?Q?WZvEFJiUnPCmiUpmYnL7sISOS4TxZ95sNYA2nOt2DEJ3xhVV+muISddvYZQk?=
	=?us-ascii?Q?xxZSeeH04kt82cumpWtIUg4CoqA5rE/iWMUYX8RKCOVUYcOwUD+DhP8hOoPK?=
	=?us-ascii?Q?Gg3FgFecy+890mPBjYDbe1Jmgk+olWHEj0IjY6sO0cD3Oj8ARUbLb81Ihq/y?=
	=?us-ascii?Q?Z9SR5JKgiE7rV6t0k5zDPKziUHQpZvW3zLEx33fy/pOhpHP8THP4fUKV1lC2?=
	=?us-ascii?Q?VxKpfj/ZBcELkayppv2BGVCSPfmJFQJ3ZbGcssWn9PUhnLpDatlPHAgIraCg?=
	=?us-ascii?Q?2WSqMY7TQoUd8dvToR8HFxnfOLW0g8233WitVc02T/NDgaY9YIPlp4wLaAFa?=
	=?us-ascii?Q?JE7zDd7UGrarAEOwhZF+MoIY8nKKLnCSlfkLk80pTCND+QJlTGx2MsjUGx8n?=
	=?us-ascii?Q?SXvMEL6UHyLdAiOaHoEz11g7GAN0plG2fcl6LnmLrE2mWjj5OuyrkqQCR/JH?=
	=?us-ascii?Q?YNCzXAoTBL2buEjV4LIGzQYaJxdGZY85vviA3sEhdgfkQQwpvHhkDcpU3GUs?=
	=?us-ascii?Q?BKEYjl/Ma6UhMw2mf4G5GrnhXzJZyxczfWHfJpCt4jf95E5W2GqX+VZ3VKXi?=
	=?us-ascii?Q?8lRENU71iQaqupMfy3uJtW/0dUoRVSKNtPZlNPdZr3x5B/QPNu31KBHBo5K8?=
	=?us-ascii?Q?Bml4SDh5z6VoU8HVVh5u6tn73vKT4bmlJ8RJ49QHGj3wK3YRjfKz8Z6yCh3S?=
	=?us-ascii?Q?EWRorYqWTdNCowbqe0A=3D?=
MIME-Version:	1.0
X-OriginatorOrg:	bgs.ac.uk
X-MS-Exchange-CrossTenant-AuthAs:	Internal
X-MS-Exchange-CrossTenant-AuthSource:	LO3P123MB3340.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id:	a71330f1-08c0-4443-ab8b-08dba319df4e
X-MS-Exchange-CrossTenant-originalarrivaltime:	22 Aug 2023 14:12:51.8748 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader:	Hosted
X-MS-Exchange-CrossTenant-id:	b311db95-32ad-438f-a101-7ba061712a4e
X-MS-Exchange-CrossTenant-mailboxtype:	HOSTED
X-MS-Exchange-CrossTenant-userprincipalname:	ZBhEB9qoh1kjHmkRjj7pBmtpHBj4HgTX15LJcZz3+YykvaDSPaH1zNhEyfqDbBHC
X-MS-Exchange-Transport-CrossTenantHeadersStamped:	LO0P123MB6587
X-Spam-Status:	No, score=0.9 required=5.0 tests=BAYES_50, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, HTML_MESSAGE, KAM_LOTSOFHASH,
	RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,
	SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-Content-Filtered-By:	Mailman/MimeDel 2.1.29
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Dom Woods - BGS via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Dom Woods - BGS <domw AT bgs DOT ac DOT uk>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019