0

While I was monitoring my traffic today I noticed tunnels to many unknown IP addresses using the port 443.

These IPs do not come from one country... Some are from Germany, Russia, Spain, Ukraine, etc...

I'm using XAMPP, and running Apache on both 80 and 443 ports.

I have Kaspersky AV, and I'm not sure if this is some kind of trojan.

Fiddler Screenshot

DavidPostill
  • 153,128
  • 77
  • 353
  • 394
Mohammed Radwan
  • 1
  • And did you maybe take the time to search the web before asking? E.g. http://stackoverflow.com/questions/16171277/fiddler-tunnelled-http-requests-to-port-443 – Run CMD Oct 19 '15 at 09:21
  • Hi David... Yes I did. I actually checked the URL you posted before posting my question. As you can see, there are URLs with tunnels requests in the other guy's post, but with me I see only IPs... Moreover, that question was not answered, and I'm hoping I'll get your expert advise on this one. – Mohammed Radwan Oct 19 '15 at 11:38

1 Answers1

0

The most likely explanation here is that you've enabled remote connections to your Fiddler and your computer/network isn't properly protected by a firewall. As a consequence, bad guys on the networks have noticed that you're running an open proxy and they're misusing that open-proxy to mask the source of their traffic.

You should untick the "Allow remote computers to connect" option in the Fiddler Options until you properly configure your network to not allow external traffic.

EricLaw
  • 437
  • 2
  • 10