This also could be a false read but i would just like you to know that my checker is right 99.9% of the time.
Well, this is very likely a case inside that .1% where it's wrong.
Hi, I'm a person on the internet who spends their free time learning, testing, and sometimes breaking computers and software. I consider myself to be plenty qualified in saying that this is most likely(99.99999%, if I'm wrong I will quite literally eat my shoe.) a false positive, for the following reasons
1: Those detected URL's are schema resources that tell Windows the information it needs to know about the structure of the application and it's data.
2: Those IP addresses, while technically valid, are VERY unlikely to actually be used as such, and are more likely to be version numbers, or something similar. Addresses ending in .0 have a tendency to break things, and the address of "1.0.0.0" belongs to Cloudflare, who is responsible for per their own data, handling 16 % of all internet traffic. The odds of this being a malicious host, are virtually nonexistent. The other address, belongs to the US Army(specifically NETCOM), and has belonged to them for 30 years. The odds of THIS being a malicious host, are also virtually nonexistent
3: That "telegram bot token" is largely comprised of the same repeating number. If someone can generate a valid bot token with the same number repeated that many times, and prove to me that it is valid, I will eat my OTHER shoe.
It is for these reasons, I call your claim complete and utter BS. Please seek input from others before accusing a developer of uploading malware.