[is it real update.. Svcshost file try to connect to ctldl.windowsupdate.com?]

Thank you all for your quick and helpful response .

 

 

[is it real update.. Svcshost file try to connect to ctldl.windowsupdate.com?]

Yes  i am in Saudi Arabia , So what do we do now? 

 

[is it real update.. Svcshost file try to connect to ctldl.windowsupdate.com?]

No , I am in doubt about these servers Because usually i got all updates From USA IPs. not from Saudi Arabia that's why.

 

sometimes  svchost.exe  infected and  redirect the connections  to malware DNS.

How can i make sure if  its real update ?

 

Thank you.

 

ing WHOIS Lookup

Source: whois.ripe.net

IP Address: 94.97.232.99

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See hxxp://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '94.97.0.0 - 94.97.255.255'

% Abuse contact for '94.97.0.0 - 94.97.255.255' is 'registry@stc.com.sa'

inetnum:        94.97.0.0 - 94.97.255.255
netname:        SAUDINET-INFRASTRUCTURE
descr:          DIA customer P2P links
country:        SA
admin-c:        STCR1-RIPE
tech-c:         STCR2-RIPE
status:         ASSIGNED PA
mnt-by:         SAUDINET-STC
created:        2009-02-09T08:32:57Z
last-modified:  2016-05-08T11:00:51Z
source:         RIPE

[is it real update.. Svcshost file try to connect to ctldl.windowsupdate.com?]

Hello

 

This is my First time in ESET and i proud.

 

last night after format and install original windows 10 i see a lot of  attempts to connect all these ips in Saudi Arabia 

 

domain: ctldl.windowsupdate.com

ips:
94.97.232.99
94.97.232.118
94.97.233.105
94.97.233.89
94.97.232.218

94.97.232.201

 

port:80

if i Deny this Connection I can't browsing Internet 

Please let me know if it is  Fake Update Or not

 

 

Regards