Api.snapcraft.io IP reported as IOC

Hello, Recently found that one of api.snapcraft.io’s IPs ( was reported as an IOC and being associate with venus ransomware in an HHS report. Any thoughts with this?


Hi, thanks for flagging this. We’ve received reports of this via multiple channels, this has been escalated and is being investigated.

  • Daniel

Hi @roadmr,

For further reference, the document cites these further Canonical-owned IP Addresses as associated with the ransomware:


We’ve been in contact with HHS, and determined that it was a false positive. They’ve updated https://www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf to no longer include Canonical’s IP addresses.

We’re still working with VirusTotal to get the false positives removed from their pages.