Samsung MobileWips

2023-09-13 by Micah Babinski (@mbabinski)

Bizarre DNS requests on Samsung phones.

Samsung MobileWips (presumably a Wireless Intrusion Prevention System) is a default system app on certain Android OS versions. It has been observed making DNS requests to google.com.onion, which will trigger network/DNS-related alerts, such as the Sigma rule Query Tor Onion Address. This domain does not resolve to an IP address, and is not accessible via Tor. It appears to have been added as some sort of DNS check by an Android developer with poor taste!

Documentation