FileZilla Forums

so I installed the ftp server on windows 10 from this link https://filezilla-project.org/download.php?type=server and all is well and the server is running fine....

however I continuously log my network traffic and all of a sudden I am seeing this traffic..........(sorry about the formatting ..but you get the picture...)

any idea what this is...I'd hate to stop using this fine product because of this..but I am concerned, that I may have gotten more than I had expected

and ..no I absolutely did not agree to any 3rd party programs being installed on my computer

7/2/2020 8:13:38 PM Open 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:15:51 PM Close 136.243.75.9 hosting.adhigh.net 50251 443 chrome.exe Germany
7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:06 PM Open 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:08 PM Close 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany
7/2/2020 8:17:12 PM Close 49.12.121.47 filezilla-project.org 50290 443 chrome.exe Germany
7/2/2020 8:17:26 PM Open 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:29 PM Close 49.12.121.47 filezilla-project.org 50310 443 chrome.exe Germany
7/2/2020 8:17:35 PM Open 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:37 PM Close 49.12.121.47 filezilla-project.org 50311 443 chrome.exe Germany
7/2/2020 8:17:58 PM Open 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:01 PM Close 49.12.121.47 filezilla-project.org 50312 443 chrome.exe Germany
7/2/2020 8:18:30 PM Open 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:18:32 PM Close 49.12.121.47 filezilla-project.org 50314 443 chrome.exe Germany
7/2/2020 8:13:07 PM Open 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:38 PM Open 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:13:41 PM Close 51.210.112.64 ns3174900.ip-51-210-112.eu 50254 443 chrome.exe France
7/2/2020 8:14:47 PM Close 217.182.200.19 50176 443 chrome.exe France
7/2/2020 8:13:06 PM Open 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:07 PM Open 199.187.193.166 50205 443 chrome.exe Canada
7/2/2020 8:13:12 PM Close 209.15.36.33 50199 443 chrome.exe Canada
7/2/2020 8:13:14 PM Close 209.15.36.33 50144 443 chrome.exe Canada
7/2/2020 8:15:51 PM Close 199.187.193.166 50205 443 chrome.exe Canada

As you didn't post the column headers, I need to ask: Are you running your server on port 443?

sorry..i accidentally messed up my account and had to create another one - I am the original poster

yes I am running the ftp server on a non-standard port but not 443

2 more items -

i checked the hash on the downloaded install file and it is correct - so the file matches what has been defined by the website

i de-installed the filezilla server last night and for the past 12 hours, i have not seen the offending network traffic

while the filezilla server was installed I ran the usual virus and adware scans and the server came up pretty clean

i am port forwarding through my google wifi router but only have a few selected ports open (443 is not one of them)
I am also using a paid ddns but these were in place for a few months without having this issue

I also have the windows firewall pretty well restricted

I might re-install and monitor this with wireshark, but again I did not expect to see this kind of traffic

This traffic is not coming from FileZilla Server.

I have not said that there is anything nefarious going on...

but doesn't it seem a bit "off" that right after I installed the server .. I get traffic from a IPs in Germany etc....and after I de-install the traffic goes away???

I normally see a lot of microsoft driven svhost traffic whic is annoying but normal...akamai highwinds etc. all legit ... but this stuff is new and somewhat troubling...

7/2/2020 8:17:05 PM Open 49.12.121.47 filezilla-project.org 50285 443 chrome.exe Germany

If it wasn't for the chrome.exe part, it might have been the IP check (if enabled).

yup .. and one of the first things that I checked was that I didn't have any new chrome extensions installed

now that my curiosity has been triggered I might just re-install and let wireshark do it's thing

soooo...about 16 hours after the filezilla server was de-installed I saw a pair of hits from that address in germany

so...I reinstalled the ftp server because I needed it and just blocked the offending ip addresses in my firewall

not getting any strange traffic now (16 hours)