Constant queries for delven.txt on [Semi-solved]

[b]SEMI-SOLVED[/b] so far and are necessary for Comodo updates (thank you, futuretech for the hints) Question remains why checks were so frequent for delven.txt


I was checking my network traffic to reassure my paranoia when i noticed that my PC sends frequent requests to which seems like requests for a certificate.

This is an excerpt of the network traffic:

"Source:","Dest:","TCP","Length:66","53349 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1"

GET /av/tvl/delven.txt HTTP/1.1
Accept: */*
Cache-Control: no-cache
Cookie: __cfduid=d06c96f3a6206bc50f81d393538b513171519061919

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 21 Feb 2018 20:13:27 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Keep-Alive: timeout=1
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>

"Source:","Dest:","HTTP","Length:483","HTTP/1.1 200 OK  (text/plain)"

GET /av/tvl/delven.txt HTTP/1.1
Accept: */*
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: __cfduid=d06c96f3a6206bc50f81d393538b513171519061919

HTTP/1.1 200 OK
Date: Wed, 21 Feb 2018 20:13:27 GMT
Content-Type: text/plain
Content-Length: 108
Connection: keep-alive
Last-Modified: Mon, 19 Feb 2018 13:30:57 GMT
ETag: "5a8ad191-6c"
X-CCACDN-Mirror-ID: rmdccgdown3
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 3f0c5dc687e61ac3-DUS

Kuzyakov Artur Vyacheslavovich IP
OOO Firma "Blek-Pljus"
Pointstone Software, LLC
Megaify Software Co.,Ltd.

There is not a lot to be found except for a few mentions of “OOO Firma Blek-Pljus” in relation to malware, which is sort of distressing.
I was not able to determine the process responsible for this traffic and hence am a bit concerned.
For now I manually have blocked any IPs involved in the queries in Comodo.

Are there any known programs to cause these queries or maybe even related software?


bump Nothing?

You either have CCAV or CIS/CFW/CAV installed as that traffic is related to the trusted vendors list and removing those vendors from the list.

Thank you for your reply; Yes, I have Comodo Firewall installed (which I am ironically using to block the traffic to, respectively the involved IPs)

Is this a bug or a feature that it sends that same request every other minute?

It happens when you have check for database updates enabled under update settings.

I just checked and it is set to standard (6 hours)

I also see that an artifact remains. Every 300 seconds (exactly 300 seconds) I get 3 packets from, which my computer doesn’t reply to anymore (At least thats what Wireshark is reporting)

3 Packets each time with 0.5 seconds between each; content respectively

“”,“”,“TCP”,“54 bytes”,“port 80 → 49990 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0”

Also I checked by now manually if Comodo can update and got the response that no connection could be established. (After Allowing it works again)

Still odd, that Comodo never nagged me about not being able to reach update servers and also that it was constantly querying for this delven.txt before… Thanks for pointing me to the updates, futuretech