Traffic From fiddler2.com (50.56.19.116) to client

4 posts, 1 answers
  1. Muiz
    Muiz avatar
    2 posts
    Member since:
    Nov 2015

    Posted 16 Nov 2015 Link to this post

    Our firewalls are indicating that the host fiddler2.com (50.56.19.116) is sending traffic from its port 80 to our client which is being identified as potentially malicious malware. I am quite sure that this is a false-positive, but can anybody list the possible ways in which a client and a telerik server will communicate?

     

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 16 Nov 2015 Link to this post

    Hi, Muiz--

    Which "firewalls" are you using?

    Can you elaborate on what "to our client" means? 

    The Fiddler client application performs a version check on startup (e.g. by performing a HTTP GET to https://www.telerik.com/UpdateCheck.aspx?isBeta=True).

    End-users may visit our website in their browser to download Fiddler.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Muiz
    Muiz avatar
    2 posts
    Member since:
    Nov 2015

    Posted 16 Nov 2015 Link to this post

    Hi Eric,

    These are enterprise-class Palo Alto Networks firewalls. The firewalls and the associated SIEM software indicated that there was data flow from 50.56.19.116 to the host running the Fiddler client which was tagged as generic command-and-control type data. I can't give you more information than that.

     

    Muiz

  4. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 17 Nov 2015 Link to this post

    Hi,

    Yup, it sounds like the firewalls are complaining about the version checks. You'll have to ask the vendor why the firewall has a false-positive here.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top