Windows 10 | Unknown Endpoints http://192.33.139.163 & http://151.139.51.189

Adrian Palmer 40 Reputation points
2023-11-20T10:22:51.41+00:00

Hi,

We recently seem to be getting a lot of URLs are being blocked due to them not being tested/unknown by our AV solution.

The URLs are being accessed by a Svhost process and seems to be accessing two IPs with regard to downloading what appear to be update files:

http://192.33.139.163/filestreamingservice/files/511c6cff-ed08-4366-a308-56cdb4e4d3e5/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://192.33.139.163/filestreamingservice/files/76864380-9ee8-4f9b-907f-7ccce9c7ca57/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://192.33.139.163/filestreamingservice/files/986a8270-404c-4470-871d-5c4090dcaa79/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://192.33.139.163/filestreamingservice/files/cd62da91-72eb-4972-9fdd-41647aeede71/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://192.33.139.163/filestreamingservice/files/f5bfaa2a-4007-4d5f-ba81-0565d5143cd9/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://151.139.51.189/filestreamingservice/files/28edaebf-8019-4844-ba32-8ab019bc9391?P1=1699006332&P2=404&P3=2&P4=m3bjVB2ZaTg5QRA4G%2bPtY7RlQHFzfAnpvDeY8XFkUSlGKy8F6xhvb8CvkkCFYbJiPMTDc1O8jpBgPqT4Oeol7A%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com
http://151.139.51.189/filestreamingservice/files/28edaebf-8019-4844-ba32-8ab019bc9391?P1=1699020744&P2=404&P3=2&P4=ne%2fn9nLy4C%2byBkXzCVi%2fdgPdWBHnyNQlvQjN1Mxq9YSzy6Angtipr72WpMbXSg%2f3173rsQ3KlyS%2b3vHea9NzPg%3d%3d&cacheHostOrigin=3.tlu.dl.delivery.mp.microsoft.com
http://151.139.51.189/filestreamingservice/files/cd62da91-72eb-4972-9fdd-41647aeede71/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://151.139.51.189/filestreamingservice/files/17e72fea-05d2-4e88-b80b-75050bd568e7/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://151.139.51.189/filestreamingservice/files/451c9759-f3e9-4541-b42b-d151994fe7cc/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
http://151.139.51.189/filestreamingservice/files/986a8270-404c-4470-871d-5c4090dcaa79/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com

I have looked at the MSFT Public IPv4 & IPv6 list and these ranges are not listed there.

Can you confirm if this is legitimate traffic? If so where can I find the documentation that lists the correct IP we should be whitelisting?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,825 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.