Our DNS logs caught the following DNS lookups from an Samsung 10 phone after it updated to Android 10, December 2019 patch level:
*google.com (with the asterisk)
I can't find any reason for these lookups. The first is invalid, the second is a parked domain registered with GoDaddy, and the third is a TOR domain.
Finally, the device is communicating to an AWS IP address using TCP port 5229 without any corresponding DNS lookup that resolves to the address.
Anyone seen anything similar?
Dec 21st 2019
5 months ago