snigy Posted October 30, 2020 Share Posted October 30, 2020 My phone is calling out to goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com which resolves to 34.102.136.180 -- 180.136.102.34.bc.googleusercontent.com, the domain is registered with godaddy this seams a little suspect. looks like someone has registered the domain and is hosting a server in google compute. can anyone verify is this is malicious. Link to comment Share on other sites More sharing options...
Irukandji Posted October 30, 2020 Share Posted October 30, 2020 What the? Link to comment Share on other sites More sharing options...
Foxtrot Posted October 30, 2020 Share Posted October 30, 2020 A quick google search shows a few people mentioning the same thing (with Samsung phones, I guess). I wonder if some engineer just needed to make a random DNS request and used goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com and then GoDaddy parked it? Link to comment Share on other sites More sharing options...
snigy Posted November 3, 2020 Author Share Posted November 3, 2020 looks like someone registered it and is paying to host a server on the google compute engine to make it look like a legitimate google site. What could make a device call out to this site as well as a .onion site. sounds suspicious to me. <a href="https://ibb.co/ykRgbLJ"><img src="" alt="Screenshot-from-2020-11-03-21-49-28" border="0"></a> Link to comment Share on other sites More sharing options...
snigy Posted November 3, 2020 Author Share Posted November 3, 2020 see https://ibb.co/ykRgbLJ for pic of wireshark Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.