Revision history [back]
To my knowledge, no. Neither wireshark.net nor dl1.wioreshark.net are affiliated with Wireshark. The only legitimate download servers I'm aware of are listed at https://www.wireshark.org/download.html#spelunking, and they currently only include the following:
- MARWAN (https, ma)
- University of Kaiserslautern (ftp, de)
- University of Kaiserslautern (http, de)
- Wireshark AS 1 (https, sg)
- Wireshark EU 1 (https, nl)
- Wireshark NA 1 (https, us)
- Wireshark NA 2 (https, us)
- Wireshark.org (https, us)
- Yamagata University (http, jp)
Personally, unless you're aware of some other legitimate reason for those devices contacting those sites - and judging by your question here, that doesn't appear to be the case - then I'd block access to them.
EDIT: Well, according to a whois lookup, it does appear that the registrant organization is the Wireshark Foundation after all:
Registrant Organization: Wireshark Foundation, Inc.
Still, I can't think of a valid reason why any device should be attempting to contact that domain instead of wireshark.org or any of those listed above. (And I assume dl1.wioreshark.net was a typo and you meant dl1.wireshark.net ?)
To my knowledge, no. Neither wireshark.net nor dl1.wioreshark.net are affiliated with Wireshark. The only legitimate download servers I'm aware of are listed at https://www.wireshark.org/download.html#spelunking, and they currently only include the following:
- MARWAN (https, ma)
- University of Kaiserslautern (ftp, de)
- University of Kaiserslautern (http, de)
- Wireshark AS 1 (https, sg)
- Wireshark EU 1 (https, nl)
- Wireshark NA 1 (https, us)
- Wireshark NA 2 (https, us)
- Wireshark.org (https, us)
- Yamagata University (http, jp)
Personally, unless you're aware of some other legitimate reason for those devices contacting those sites - and judging by your question here, that doesn't appear to be the case - then I'd block access to them.
EDIT: Well, according to a whois lookup, it does appear that the registrant organization is the Wireshark Foundation after all:
Registrant Organization: Wireshark Foundation, Inc.
Still, I can't think of a valid reason why any device should be attempting to contact that domain instead of wireshark.org or any of those listed above. (And I assume dl1.wioreshark.net was a typo and you meant dl1.wireshark.net ?)