Skip to content
Snippets Groups Projects
README.md 1.07 KiB
Newer Older
init6's avatar
init6 committed
This google.com.onion thing pops up every now and then. It's Samsungs Wireless IPS applicationn that is making the request. 
init6's avatar
init6 committed

init6's avatar
init6 committed
Figured I should upload the decompiled files so others can take a look at it a bit easier. 
init6's avatar
init6 committed


init6's avatar
init6 committed
From a reddit post I made back when I first dug into it. 
I've decompiled this app. only have had a chance to look at a few funtions but it looks like it's trying to protect the phone against a slew of WiFi attacks like EvilTwin. There is a black/white list haven't found them yet but functions talk about them.
init6's avatar
init6 committed

init6's avatar
init6 committed
I found the file with the google.com.onion string https://pastebin.com/bNteJBFH
init6's avatar
init6 committed

init6's avatar
init6 committed
From what I can tell its trying to find a Malicious DNS responder by making a DNS request to known Question with no answer.
init6's avatar
init6 committed

init6's avatar
init6 committed
IMHO, they could have used something that didn't look so damn malicious.
init6's avatar
init6 committed


init6's avatar
init6 committed
https://www.reddit.com/r/pihole/comments/19a4om2/should_i_be_worried_of_this_onion/
https://old.reddit.com/r/samsunggalaxy/comments/eq0qu5/weird_googleish_domains_from_samsung_galaxy_s10/
https://old.reddit.com/r/onions/comments/esaes7/weird_packet_capture_from_my_wifes_phone/