On Tue, Aug 22, 2023 at 9:00 AM Thomas Schweikle wrote: It is the address of one of the distribution servers. Since this is not > "one server", but a cluster of servers, your "suspicious" server shows > only one thing: those "suspicious" flags are suspicious by themselves: > > this particular server ist down since some time and only reports back a > broken html page telling "<h2>Our services aren't available right > now</h2><p>We're working to restore all services as soon as possible. > Please check back > soon.</p>06cvkZAAAAAA8FvmXFYIOTZ2TS15AJl0/RFVTMzBFREdFMDkxNwBFZGdl" > > If this is enough to get flagged as "suspicious" ... >
Unfortunately yes, nowadays. I have run into this same problem also because I wrote an installer for an open source tool. Said tool makes outgoing TCP connections to servers configured as relays. One of the IP addresses used by one of these relays was (or is) shared with a "dangerous" service. As a result I had to disable the relay feature in the installer as a default to (hopefully) reduce the number false positives. Bill -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple