Skip to main content

Browse GamesGame JamsUpload GameDeveloper LogsCommunity
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines
quyse4 years ago(+1)

href=“blob:https://A_SUBDOMAIN_WAS_HERE.ssl.hwcdn.net/A_GUID_WAS_HERE”

This is a blob URL (note blob:), created with URL.createObjectURL browser API, and so it is not served from that domain (and the URL is only valid in your browser btw). Presence of the domain there only means that the URL was generated by script served from that domain, that is, by your game.

So, for what it’s worth, it still may be that your game build somehow got infected before you uploaded it. Also it may simply be some shady ad, if you have integrated some in-game ad SDK. It seems you took down the web version, so of course cannot say for sure.

Reply
Anduo Games4 years ago(+1)

Hey there, thanks a lot for the answer!

I didn't know blob is for local downloading. That makes this a lot more concerning. The zip we uploaded is coming directly from our unity cloud build setup. I can't see how that would have gotten infected. Here's a link to our webgl zip: https://drive.google.com/open?id=17GRKiDZowuip0tr3vFeIa2TK-6zPY-41

We've took the browser version down because of the security concern. 

I can't find anything suspicious in the index.html

Reply
leafoAdmin4 years ago

I can’t find anything suspicious in the index.html

Unity games run inside of an entire virtual machine with code stored in the binary files that are shipped along with your game, if there’s something malicious in your game then there’s a good chance the code for that is located within that binary file, and not sitting in plain sight in your index.html file.

Also it may simply be some shady ad, if you have integrated some in-game ad SDK

This seems like the most reasonable explanation

Reply
AboutFAQBlogContact us
Copyright © 2024 itch corp · Directory · Terms · Privacy · Cookies