Newer
Older
This google.com.onion thing pops up every now and then. It's Samsungs Wireless IPS applicationn that is making the request.
Figured I should upload the decompiled files so others can take a look at it a bit easier.
From a reddit post I made back when I first dug into it.
I've decompiled this app. only have had a chance to look at a few funtions but it looks like it's trying to protect the phone against a slew of WiFi attacks like EvilTwin. There is a black/white list haven't found them yet but functions talk about them.
I found the file with the google.com.onion string https://pastebin.com/bNteJBFH
From what I can tell its trying to find a Malicious DNS responder by making a DNS request to known Question with no answer.
IMHO, they could have used something that didn't look so damn malicious.
https://www.reddit.com/r/pihole/comments/19a4om2/should_i_be_worried_of_this_onion/
https://old.reddit.com/r/samsunggalaxy/comments/eq0qu5/weird_googleish_domains_from_samsung_galaxy_s10/
https://old.reddit.com/r/onions/comments/esaes7/weird_packet_capture_from_my_wifes_phone/