On 04.12.2015 23:31, Jonathan Roemer wrote:
* What malware prevention service would connect to the IP of a !!mobile device??!! - none!
You are assuming that this whois lookup is reliable, which it very frequently is not. IP space is bought and sold all the time, and whois data may not be updated to reflect this.
A wrong entry in whois? According to my knowledge there should not be any 'wrong' entries in whois as every IP/domain is associated with a timespan and a real world address which is tested to be valid by the domain registrar; f.i. the whois data I provide for my own domain elstel.org was checked from time to time; stating wrong data would lead to the withdrawal of my domain. Can you show me any current and valid examples of wrong/outdated whois entries *?
* What has Amazon Technologies Inc. to do with all of that? - nothing!
AWS
Wikipedia: In 2013 it became public knowledge that AWS (Amazon Web Services) has received a big work order directly from the CIA. I do not want to be overduely paranoid but this does not appear to be one of the most trustworthy places in the net.
As mentioned by myself and others, Firefox, and possibly other applications, may be making these connections as well. All of those suggested tiles, favicons, OCSP responder servers, and other resources have to be loaded from somewhere, and these are opt-out within Firefox, not opt-in.
be it as it is; I can not examine every incident in detail; nonetheless I know that from previous incidents that unnatural high and long CPU load can point to intrusions. * I will have to confess that it would be possible to state a wrong address for the whois records without anyone obtaining knowledge about that soon. Nonetheless such an incident would even more point to some abnormal/ illegeal activity. Likely registrars do not have sufficient rights or access to citizen data in order to verify each entry. more important: IP and domains are regularely reassigned and transferred but then so immediately is the whois data on completion of such transfers; otherwise your resources are still 'in transfer' which means that there is no way to access / get hold of them.