Unbound-Control.exe outgoing connections

RayG rgsub1 at btinternet.com
Tue Jan 30 14:06:59 UTC 2024 

Here is another example that has just popped up.

I use Netlimiter (https://www.netlimiter.com/) to ask about all outgoing
connections then I I agree with what is being asked for I allow it and it
will work without issue from then on.

I have purposely left the setting as ask as I wanted to capture as many
instances as possible I could select deny and I would never get that popup
again.

I am hoping this will be useful at some point. The process ID no longer
exists in my system. I will take a look next time it pops up, that may shed
some more light.

Outgoing connection - TCP(6)
From
Unbound Remote Control Tool
services.gfe.nvidia.com
To
London, United Kingdom of Great Britain and Northern Ireland
Application:
Process ld:
Local Address:
Remote Address:
unbound-control.exe
Process 14668
<My IPv4 address> Port 56914
152.199.20.80 Port: 443 Whois

RayG

-----Original Message-----
From: RagG <rgsub1 at btinternet.com> 
Sent: Sunday, January 28, 2024 8:33 PM
To: unbound-users at lists.nlnetlabs.nl
Subject: Unbound-Control.exe outgoing connections

Hi, Has anyone any idea of why on rare occasions Unbound-control.exe wants
to make the connection detailed below?

They pop up at random times and for do apparent reasons. I thought this
program was (mainly) to control the local instance.

Thanks

Outgoing connection - TCP(6)
From: Unbound Remote Control Tool
To: 20.54.24.148
Dublin, Ireland
Application: unbound-control.exe
Process ld: Process 10956
Local Address: <My IPv4 address> Port 56817 Remote Address: 20.54.24,148
Port 443 Whois

===========================================

C:\>dig -x 20.54.24.148

; <<>> DiG 9.17.14 <<>> -x 20.54.24.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43656 ;; flags: qr rd
ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;148.24.54.20.in-addr.arpa.     IN      PTR

;; AUTHORITY SECTION:
24.54.20.in-addr.arpa.  157     IN      SOA     ns1-01.azure-dns.com.
azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Sun Jan 21 17:16:21 GMT
Standard Time 2024 ;; MSG SIZE  rcvd: 140

===========================================


Whois information:

#
# ARIN WHOIS data and services are subject to the Terms of Use # available
at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at #
https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#


NetRange:       20.33.0.0 - 20.128.255.255
CIDR:           20.33.0.0/16, 20.40.0.0/13, 20.128.0.0/16, 20.64.0.0/10,
20.36.0.0/14, 20.34.0.0/15, 20.48.0.0/12
NetName:        MSFT
NetHandle:      NET-20-33-0-0-1
Parent:         NET20 (NET-20-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Microsoft Corporation (MSFT)
RegDate:        2017-10-18
Updated:        2021-12-14
Ref:            https://rdap.arin.net/registry/ip/20.33.0.0


OrgName:        Microsoft Corporation
OrgId:          MSFT
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        1998-07-10
Updated:        2023-11-17
Comment:        To report suspected security issues specific to traffic
emanating from Microsoft online services, including the distribution of
malicious content or other illicit or illegal material through a Microsoft
online service, please submit reports to:
Comment:        * https://cert.microsoft.com.  
Comment:        
Comment:        For SPAM and other abuse issues, such as Microsoft
Accounts, please contact:
Comment:        * abuse at microsoft.com.  
Comment:        
Comment:        To report security vulnerabilities in Microsoft products
and services, please contact:
Comment:        * secure at microsoft.com.  
Comment:        
Comment:        For legal and law enforcement-related requests, please
contact:
Comment:        * msndcc at microsoft.com
Comment:        
Comment:        For routing, peering or DNS issues, please 
Comment:        contact:
Comment:        * IOC at microsoft.com
Ref:            https://rdap.arin.net/registry/entity/MSFT


OrgAbuseHandle: MAC74-ARIN
OrgAbuseName:   Microsoft Abuse Contact
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse at microsoft.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/MAC74-ARIN

OrgTechHandle: MRPD-ARIN
OrgTechName:   Microsoft Routing, Peering, and DNS
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  IOC at microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/MRPD-ARIN

OrgTechHandle: SINGH683-ARIN
OrgTechName:   Singh, Prachi 
OrgTechPhone:  +1-425-707-5601
OrgTechEmail:  pracsin at microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/SINGH683-ARIN

OrgTechHandle: BEDAR6-ARIN
OrgTechName:   Bedard, Dawn 
OrgTechPhone:  +1-425-538-6637
OrgTechEmail:  dabedard at microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/BEDAR6-ARIN

OrgTechHandle: IPHOS5-ARIN
OrgTechName:   IPHostmaster, IPHostmaster 
OrgTechPhone:  +1-425-538-6637
OrgTechEmail:  iphostmaster at microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/IPHOS5-ARIN

OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName:   Chaturmohta, Somesh 
OrgRoutingPhone:  +1-425-882-8080
OrgRoutingEmail:  someshch at microsoft.com
OrgRoutingRef:    https://rdap.arin.net/registry/entity/CHATU3-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#


Regards
Ray

More information about the Unbound-users mailing list