Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Speedfan 4.49 - Caught Connecting to 178.255.87.3


  • Please log in to reply
No replies to this topic

#1 OffByOneError

OffByOneError

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 08 May 2014 - 10:31 PM

Comodo Internet Security caught my speedfan program trying to connect to 178.255.87.3 from local port 1687 to remote port 443.

 

Is this legit?

 

I have been using SpeedFan 4.49 for quite a while, 100% of the time to monitor my CPU and GPU temperatures and provide warnings if they are in danger of damage.

 

But I am worried about security 

 

178.255.87.3 is registered in the RIPE internet number authority as CCANet-Bradford in country GB.

 

I know speedfan has the ability to do internet communication with a repository of information about overclocking.

 

However I can't be sure that this site is legit.

 

It is suspect because I did not initiate the connection, it connected on its own shortly after startup and it doesn't normally do so every startup, it is unusual.

 

It is also suspect because the address seems not to be related to the speedfan website.

 

A third factor is that i tested 178.255.87.3 in a web browser (Chrome) and it doesn't have a page.  In other words http://178.255.87.3/ doesn't load a web page that might perhaps identify what the site is for.

 

https://178.255.87.3/  tries to download a file but then reports "failure - no file"

 

On one occasion an attempt to access 178.255.87.3 directly via the browser led to the display of a danger warning page generated by the browser indicating that 178.255.87.3 is unsafe.

 

Can anyone tell me who 178.255.87.3 is, and why speedfan tried to connect there?

 

Is this a virus hijacking speedfan or a normal function of speedfan?

 

Also what is a good way to evaluate unknown remote addresses the PC tries to connect to apart from the five or so international internet registered number authorities such as www.RIPE.net?

 

Apart from asking questions, I just wanted to put the IP address out there so it was documented ( in case I get abducted by aliens or what not )  At least I will leave some trace.

 

Perhaps someone elses speedfan connects here or perhaps I am the only one in the world (oooo spooky!)


Edited by OffByOneError, 08 May 2014 - 10:33 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users