Ibraham-Ceh 0 Posted January 27, 2017 Share Posted January 27, 2017 Hello This is my First time in ESET and i proud. last night after format and install original windows 10 i see a lot of attempts to connect all these ips in Saudi Arabia domain: ctldl.windowsupdate.com ips: 94.97.232.99 94.97.232.118 94.97.233.105 94.97.233.89 94.97.232.218 94.97.232.201 port:80 if i Deny this Connection I can't browsing Internet Please let me know if it is Fake Update Or not Regards Link to comment Share on other sites More sharing options...
Ibraham-Ceh 0 Posted January 27, 2017 Author Share Posted January 27, 2017 No , I am in doubt about these servers Because usually i got all updates From USA IPs. not from Saudi Arabia that's why. sometimes svchost.exe infected and redirect the connections to malware DNS. How can i make sure if its real update ? Thank you. ing WHOIS Lookup Source: whois.ripe.net IP Address: 94.97.232.99 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See hxxp://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '94.97.0.0 - 94.97.255.255' % Abuse contact for '94.97.0.0 - 94.97.255.255' is 'registry@stc.com.sa' inetnum: 94.97.0.0 - 94.97.255.255 netname: SAUDINET-INFRASTRUCTURE descr: DIA customer P2P links country: SA admin-c: STCR1-RIPE tech-c: STCR2-RIPE status: ASSIGNED PA mnt-by: SAUDINET-STC created: 2009-02-09T08:32:57Z last-modified: 2016-05-08T11:00:51Z source: RIPE Link to comment Share on other sites More sharing options...
itman 1,756 Posted January 27, 2017 Share Posted January 27, 2017 (edited) Looks suspect to me. According to Robtex, here are the IP address associated with that domain name: CTLDL.WINDOWSUPDATE.COM uses the 18 IP addresses 23.1.240.120, 23.3.105.154, 23.3.105.160, 72.246.216.32, 72.246.216.213, 92.123.72.89, 92.123.72.112, 104.72.70.19, 106.187.61.35, 106.187.61.63, 107.14.45.27, 107.14.45.59, 184.25.56.157, 184.25.56.173, 184.51.112.80, 184.51.112.88, 203.117.152.195 and 203.117.152.201 which also one other use. Do you reside in Saudi Arabia? Appears to me that Internet traffic is being routed through servers there. I also saw a reference to Iran in the lookup. FYI Saudi Arabia directs all international Internet traffic through a proxy farm located in King Abdulaziz City for Science & Technology. A content filter is implemented there, based on software by Secure Computing.[5] Since October 2006, the Communications and Information Technology Commission (CITC) has been handling the DNS structure and filtering in Saudi Arabia in the place of KACST. Additionally, a number of sites are blocked according to two lists maintained by the Internet Services Unit (ISU):[6] one containing "immoral" (mostly pornographic or supportive of LGBT-rights) sites and sites promoting Shia Ideology, the others based on directions from a security committee run by the Ministry of Interior (including sites critical of the Saudi government). An interesting feature of this system is that citizens are encouraged to actively report "immoral" sites (mostly adult and pornographic) for blocking, using a provided web form, available on the government's website. Ref.: https://en.wikipedia.org/wiki/Censorship_in_Saudi_Arabia#Cybercrime_and_The_Internet Edited January 27, 2017 by itman Link to comment Share on other sites More sharing options...
Ibraham-Ceh 0 Posted January 27, 2017 Author Share Posted January 27, 2017 Yes i am in Saudi Arabia , So what do we do now? Link to comment Share on other sites More sharing options...
itman 1,756 Posted January 27, 2017 Share Posted January 27, 2017 1 minute ago, Ibraham-Ceh said: Yes i am in Saudi Arabia , So what do we do now? See my edited reply. Link to comment Share on other sites More sharing options...
Ibraham-Ceh 0 Posted January 27, 2017 Author Share Posted January 27, 2017 Thank you all for your quick and helpful response . Link to comment Share on other sites More sharing options...
Recommended Posts