Windows update linked to Chinese IP

Dominika Helena Jantas 5 Reputation points
2024-02-06T08:42:09.55+00:00

Dear Team,

For the past few days, I have been facing the following issue with windows updates on 2 machines.

The machines are connecting to the following site [legitimate, as it seems] for updates: [http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?]

However, I get AV detections that the connections to this site are basically connections to the suspicious IP:

Remote IP 175.4.51.35

Remote Port 80

This IP belongs to China Telecom, as can be viewed in

https://whois.domaintools.com/175.4.51.35 and is of mixed reputation reviews.

I checked DNS, WUSUS. All good.

One of the 2 machines, was disconnected from the Internet and still connected to same http and Chinese IP.

I cannot really explain this. Your feedback would be appreciated.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,165 questions
Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
922 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Peter yavi 0 Reputation points
    2024-02-08T11:13:04.9166667+00:00

    Even I have a similar question. The machines were updated with six Chinese IPs, which belonged to China Unicom China169 Backbone and Shenzhen Tencent Computer Systems Company Limited. However, the domains resolved to various names when I did an iplookup.
    I even check in abuseipdb but there were no abuse reports there.

    0 comments No comments