Why is the mod version 0.20.2 for Fabric making TCP connections to a Microsoft ip? 0.20.1 doesn't have this indicator and no other mod I have ever used has 'tcp' capabilities in this way, and no other has had this as a suspicious indicator so I'm just curious.

From what I understand it's making a tcp connection because it launches with javaw and that usually connects to a Microsoft ip
. Is this a seperate connection the mod is making? or is it because it runs with Java/Javaw.exe?

Results from 'Hybrid-analysis'
Sends traffic on typical HTTP outbound port, but without HTTP header
details
TCP traffic to 20.72.205.209 on port 443 is sent without HTTP header
source
Network Traffic

Spawned process connects to a network
details
Process "%PROGRAMFILES%(x86)\Java\jre1.8.0_161\bin\javaw.exe" connects to 20.72.205.209 on port 443 (TCP)
source
Monitored Target

Are you completely sure this is caused by this mod...? This seems like the vanilla Narrator (speechruntime.exe) phoning home. This is very likely just standard Microsoft telemetry which is bundled with Minecraft itself.

@Noaaan yeah I thought it was caused by Minecraft itself but the previous version of the mod doesn't get this, and the contacted hosts on that previous version come up with

Network Analysis
DNS Requests
No relevant DNS requests were made.

Contacted Hosts
No relevant hosts were contacted.

HTTP Traffic
No relevant HTTP requests were made. Maybe it's the way it was scanned or maybe hybrid analysis just did it differently? I can run a rescan but I thought it was odd that the newest v for 1.21 is making connections when the others didn't. I wouldnt think it's weird if older versions of the mod did the same, but they don't

Looking further into these logs I do still believe this is a false positive. If you are able to rerun this check, as this scan dates back to November, and it still produces traffic that isn't related to Minecraft, then I would reopen this and look into it more