Comodo Internet Security caught my speedfan program trying to connect to 18.104.22.168 from local port 1687 to remote port 443.
Is this legit?
I have been using SpeedFan 4.49 for quite a while, 100% of the time to monitor my CPU and GPU temperatures and provide warnings if they are in danger of damage.
But I am worried about security
22.214.171.124 is registered in the RIPE internet number authority as CCANet-Bradford in country GB.
I know speedfan has the ability to do internet communication with a repository of information about overclocking.
However I can't be sure that this site is legit.
It is suspect because I did not initiate the connection, it connected on its own shortly after startup and it doesn't normally do so every startup, it is unusual.
It is also suspect because the address seems not to be related to the speedfan website.
A third factor is that i tested 126.96.36.199 in a web browser (Chrome) and it doesn't have a page. In other words http://188.8.131.52/ doesn't load a web page that might perhaps identify what the site is for.
https://184.108.40.206/ tries to download a file but then reports "failure - no file"
On one occasion an attempt to access 220.127.116.11 directly via the browser led to the display of a danger warning page generated by the browser indicating that 18.104.22.168 is unsafe.
Can anyone tell me who 22.214.171.124 is, and why speedfan tried to connect there?
Is this a virus hijacking speedfan or a normal function of speedfan?
Also what is a good way to evaluate unknown remote addresses the PC tries to connect to apart from the five or so international internet registered number authorities such as www.RIPE.net?
Apart from asking questions, I just wanted to put the IP address out there so it was documented ( in case I get abducted by aliens or what not ) At least I will leave some trace.
Perhaps someone elses speedfan connects here or perhaps I am the only one in the world (oooo spooky!)
Edited by OffByOneError, 08 May 2014 - 10:33 PM.