Does comodo call 195.62.253.138:80 (comodo-colo-03.theplanet.co.uh:http) and 70.87.178.26:80 (1a.b2.5746.static.theplanet.com:http)? Or am I being hacked. The ip addresses are from Tcpview. The 2nd domain translation maybe incorrect by tcpview. Looks wierd to me.
So am I being hacked or not?
Thanks,
Pete
Hi Pete, welcome to the forums.
I’ve no idea what those IPs are? Does TCPView say which element of CFP has those IPs open? It might be cpfupdat.exe, CFPs update process. But, the best thing to do is to go to Comodo Support, register on their system & raise a ticket on this. Then you’ll get the official response from Comodo. If you do this, please post back any feedback that Comodo Support give you, thanks.
comodo update calls
195.92.253.137:80 ( and maybe other IP’s in that range ) and that IP resolves to:
comodo-colo-03.whoc.theplanet.co.uk .
You can verify this by making a rule for cpfudate.exe and set it to “Ask” .
Comodo will then show the IP in the alert .