Strange Google-ish domain name lookups after update to Android 10
Our DNS logs caught the following DNS lookups from an Samsung 10 phone after it updated to Android 10, December 2019 patch level:

* (with the asterisk)

I can't find any reason for these lookups. The first is invalid, the second is a parked domain registered with GoDaddy, and the third is a TOR domain.

Finally, the device is communicating to an AWS IP address using TCP port 5229 without any corresponding DNS lookup that resolves to the address.

Anyone seen anything similar?

7 Posts

Sign Up for Free or Log In to start participating in the conversation!