Share via

How to find the actual IP addresses.

Anonymous
2022-03-15T07:13:45+00:00

Hi,

I have been observing that there are suspicious network connections established with the following Microsoft domains from werfault.exe. These results have been generated from the EDR.

  • umwatson.events.data.microsoft.com, kmwatson.events.data.microsoft.com :- 20.189.173.21:443
  • watson.microsoft.com :- 20.42.73.29:443
  • ctldl.windowsupdate.com, au.download.windowsupdate.com :- 125.214.166.82:80

I want to know whether these, IP addresses are the correct ones or not. Is there a way to verify that? instead of just searching about the IP address.

Thank you.

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-03-15T07:50:12+00:00

    Good Day Gihan,

    My name is Carlo, I am also using Windows 10 pc and community member like you.

    It appears that those IP's are Microsoft related and they are legimate IP's.

    Here's the results.

    NetRange: 20.33.0.0 - 20.128.255.255

    CIDR: 20.33.0.0/16, 20.128.0.0/16, 20.48.0.0/12, 20.64.0.0/10, 20.34.0.0/15, 20.36.0.0/14, 20.40.0.0/13

    NetName: MSFT

    NetHandle: NET-20-33-0-0-1

    Parent: NET20 (NET-20-0-0-0-0)

    NetType: Direct Allocation

    OriginAS:

    Organization: Microsoft Corporation (MSFT)

    RegDate: 2017-10-18

    Updated: 2021-12-14

    Ref:

    OrgName: Microsoft Corporation

    OrgId: MSFT

    Address: One Microsoft Way

    City: Redmond

    StateProv: WA

    PostalCode: 98052

    DNS Records: ns1-02.azure-dns.com azuredns-hostmaster@microsoft.com 1 3600 300 2419200 300

    Have a wonderful day ahead and stay safe.

    Sincerely,

    Carlo T.

    1 person found this answer helpful.
    0 comments