I am curious why I have all these connections upon using netstat -b. Can someone tell me if I have someone in my system please?

Question

I am curious why I have all these connections upon using netstat -b. Can someone tell me if I have someone in my system please?

C:\Windows\system32>netstat -b

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    192.168.4.131:49670    104.18.35.23:https     ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:49780    47:https               ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:50226    104.18.40.222:https    TIME_WAIT
  TCP    192.168.4.131:50286    160:https              ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:50635    13.69.239.74:https     ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:50986    104.18.35.23:https     ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:51013    a23-63-180-17:https    ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:51965    104.18.41.33:https     TIME_WAIT
  TCP    192.168.4.131:52513    52.238.235.86:https    CLOSE_WAIT
 [SystemSettings.exe]
  TCP    192.168.4.131:53543    101:https              ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:53833    20.25.227.174:https    TIME_WAIT
  TCP    192.168.4.131:53834    20.94.153.70:https     TIME_WAIT
  TCP    192.168.4.131:53997    104.18.32.7:https      TIME_WAIT
  TCP    192.168.4.131:55710    server-3-162-174-32:https  TIME_WAIT
  TCP    192.168.4.131:56570    20.25.227.174:https    ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:56571    172.183.192.109:https  ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:57479    52.188.247.147:https   ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:57482    212:https              ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:57761    ip-185-184-8-90:https  ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:58670    20.54.232.160:https    ESTABLISHED
  CDPUserSvc_148155
 [svchost.exe]
  TCP    192.168.4.131:59569    146.75.81.91:https     ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:59808    172.64.152.233:https   TIME_WAIT
  TCP    192.168.4.131:59975    104.18.39.38:https     TIME_WAIT
  TCP    192.168.4.131:60620    a23-44-16-9:https      CLOSE_WAIT
 [WinStore.App.exe]
  TCP    192.168.4.131:60621    a23-44-16-9:https      CLOSE_WAIT
 [WinStore.App.exe]
  TCP    192.168.4.131:60622    a23-44-16-9:https      CLOSE_WAIT
 [WinStore.App.exe]
  TCP    192.168.4.131:60623    a23-44-16-9:https      CLOSE_WAIT
 [WinStore.App.exe]
  TCP    192.168.4.131:60624    a23-44-16-9:https      CLOSE_WAIT
 [WinStore.App.exe]
  TCP    192.168.4.131:60625    a23-44-16-9:https      CLOSE_WAIT
 [WinStore.App.exe]
  TCP    192.168.4.131:60626    a23-44-16-9:https      CLOSE_WAIT
 [WinStore.App.exe]
  TCP    192.168.4.131:60760    13.105.74.49:https     ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:61142    146.75.76.193:https    ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:61193    153:https              ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:61508    140:https              ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:62259    172.64.155.249:https   TIME_WAIT
  TCP    192.168.4.131:63303    13.69.239.74:https     ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:63798    13.107.5.80:https      ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:64490    104.18.43.226:https    ESTABLISHED
 [msedge.exe]
  TCP    192.168.4.131:65349    192.168.4.24:8009      ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:49593  [2620:1ec:bdf::254]:https  CLOSE_WAIT
 [SearchApp.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:49757  [2606:2800:21f:fedd:8b7a:88ab:fc7e:fa3b]:https  CLOSE_WAIT
 [SearchApp.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:51047  [2603:1036:3000:60::11]:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:51740  [2606:4700:3037::6815:4ef6]:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:51795  ord37s34-in-x0a:https  TIME_WAIT
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:52443  ord38s29-in-x01:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:53080  xx-fbcdn6-shv-01-ord5:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:53270  [2603:1030:608:7::401]:https  ESTABLISHED
  WpnService
 [svchost.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:54300  ord38s28-in-x01:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:55229  [2620:1ec:c11::239]:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:56222  ord38s32-in-x03:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:57157  ord30s31-in-x01:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:57170  [2620:1ec:bdf::254]:https  CLOSE_WAIT
 [SearchApp.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:57977  [2a04:fa87:fffe::c000:4902]:https  TIME_WAIT
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:59115  g2600-1407-7400-001d-0000-0000-172e-172c:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60185  [2606:4700::6811:3b8]:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60611  g2600-1407-7400-1087-0000-0000-0000-3114:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60612  g2600-1407-7400-1087-0000-0000-0000-3114:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60613  g2600-1407-7400-1087-0000-0000-0000-3114:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60614  g2600-1407-7400-1087-0000-0000-0000-3114:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60615  g2600-1407-7400-1087-0000-0000-0000-3114:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60616  g2600-1407-7400-1087-0000-0000-0000-3114:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60617  g2600-1407-7400-1585-0000-0000-0000-4106:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60619  g2600-1407-7400-1087-0000-0000-0000-3114:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60627  g2600-1407-7400-1585-0000-0000-0000-4106:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60628  g2600-1407-7400-1585-0000-0000-0000-4106:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60629  g2600-1407-7400-1585-0000-0000-0000-4106:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60630  g2600-1407-7400-1585-0000-0000-0000-4106:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60631  g2600-1407-7400-1585-0000-0000-0000-4106:https  CLOSE_WAIT
 [WinStore.App.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:60818  [2620:1ec:c11::200]:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:62103  [2606:4700:4400::6812:2089]:https  ESTABLISHED
 [msedge.exe]
  TCP    [2604:2d80:d883:e200:d504:68a4:ff40:506]:62839  [2606:4700::6813:b234]:https  ESTABLISHED
 [msedge.exe]

There is absolutely nothing malicious about any of those connections. Hang up the phone with whomever had you run that command, contact your bank, as you have likely been scammed — Ramhound, Commented Jun 8 at 23:50

DrMoishe Pippik · Accepted Answer · 2024-06-09 03:05:26Z

First, the IP addresses starting 192.168... are almost certainly handshakes to the router.

Second, to see the servers to which your PC is connecting, look them up, e.g., at IP WhoIs . For example, 2604:2d80:d883:e200:d504:68a4:ff40:506 is owned by Mediacom Communications Corp, likely your internet service provider (ISP).

Third, for more detail on which application are communicating with which internet sites, you can use an application such as Glasswire or an alternative.

BTW, Microsoft has a number of connections to Windows PC's that cannot be blocked easily -- even the hosts file is ignored. This is "baked into" Windows.

user10489 · Accepted Answer · 2024-06-09 03:07:26Z

These are outgoing web connections between your system and systems on internet. Some are active, some are recently completed.

If you have a web browser open, these are very likely normal. They could be from pages you recently visited or from push notifications you have subscribed to. If you close all your web browsers, all the ESTABLISHED connections will likely go to CLOSE_WAIT and eventually disappear.

As the commenter said, if someone told you these were a sign your system is compromised, you should consider anything they said to you as likely deceitful.

To be sure, it would be necessary to investigate what each of those addresses corresponds to, or check your browser history or cache and match what is listed there to the address listed. Unless there is a specific address that can be shown to be harboring malware, there is nothing interesting to see here.

Stack Exchange Network

I am curious why I have all these connections upon using netstat -b. Can someone tell me if I have someone in my system please?

2 Answers 2

You must log in to answer this question.

Hot Network Questions

I am curious why I have all these connections upon using netstat -b. Can someone tell me if I have someone in my system please?

2 Answers 2

You must log in to answer this question.

Related

Hot Network Questions