Is IP : 208.116.56.174 used by Comodo?

Bob_Morane · November 3, 2010, 3:22pm

Hello. I’ve noticed Commodo Agent connecting to an IP located at “208.116.56.21”. Searching on google sent me directly in this forum and it appears it’s an IP used by the Comodo cloud. Great then, i should not worry.

However, a few minutes earlier, explorer.exe asked me for access to IP “208.116.56.174” Is this IP also used by Comodo? I blocked this request until i have investigated it, but the first results i got from google don’t really look clean to me :
http://www.threatexpert.com/report.aspx?md5=181f41f863f902c547790c2cb8480887
(scroll to the bottom, you’ll see the IP mentioned)

* There were registered attempts to establish connection with the remote hosts. The connection details are: Remote Host Port Number 208.116.56.174 80

Also : http://www.threatexpert.com/report.aspx?md5=d319cffa3cb8d8f7cc2270d533e1db95 I didn't found any of the files listed in those pages so i hope i'm clean.

The IP is quite similar to several IPs used by Comodo and it’s hosted by FortressITX, but i didn’t find any mention of it on this forum. Is there a list of IPs used by Comodo somewhere. Is it a common behaviour for explorer.exe to connect to a non-local IP at system boot?

Citizen_K · November 13, 2010, 6:55pm

What is the port that is being used to connect to 208.116.56.174?

thedragon · November 14, 2010, 4:25am

it says port 80 in op’s op.

languy99 · November 14, 2010, 5:41am

208.116.56.174 - Geo Information
IP Address 208.116.56.174
Host 208.116.56.174
Location US US, United States
City Clifton, NJ 07014
Organization FortressITX
ISP FortressITX
AS Number AS48447 Comodo CA Ltd
Latitude 40°83’26" North
Longitude 74°13’07" West

Citizen_K · November 14, 2010, 1:14pm

That was somebody else’s finding with that IP address.

RxDdude · November 16, 2010, 6:22am

EricJH,

What is the conclusion that should be drawn, from this discussion? It doesn’t look like this question is fully answered.

[a] Why should explorer.exe (which is not IE) go out to the IP address that he cited?
[b] Is the cited IP a Comodo-owned and -operated server, or not?

Citizen_K · November 16, 2010, 4:11pm

The cited IP is from Fortress ITX hosting company. Comodo is only one of their customers. CIS does not use explorer.exe for communication.

I initially missed it was explorer.exe that is connecting (thought it was cmdagent.exe). I think topic starter should seriously scan his computer with a multitude of scanners. He may be infected.