|
Our DNS logs caught the following DNS lookups from an Samsung 10 phone after it updated to Android 10, December 2019 patch level: *google.com (with the asterisk) www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com google.com.onion I can't find any reason for these lookups. The first is invalid, the second is a parked domain registered with GoDaddy, and the third is a TOR domain. Finally, the device is communicating to an AWS IP address using TCP port 5229 without any corresponding DNS lookup that resolves to the address. Anyone seen anything similar? |
jauntysankey 7 Posts |
| thread locked Quote Subscribe |
Dec 21st 2019 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
