• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help IP query

solquiff

Newbie
Feb 24, 2015
14
0
Hi i downloaded the app 'network connections' and for every app or webpage in use by my phone it connects to a different i.p. some have the first 3 numbers in common but most are totally unrelated. Even under the same app ot gives many diff ips located in ireland or usa. Is this normal? In the photo for the app it shows someone with diff appsand the connections (ips) all start with the same number.

Is it then normal for example whatsapp to show a totally diff ip to say a web page. Sorry if this question is stupid. It is just that on the 'network connection' app sitr..the ips in the screen shots all have the first 3 digits in common.


Thanks
 
Hi thanks a lot for your reply. An example is CLEAN MASTER 31.13.83.8:443 then another one for the same app of 54.229.181.59.80
Chrome shows as 216.58.211.226:80 and another one under chrome of 185.43.181.194:443. Below the I.P for skype it says: 5 abusers are hosted by MICROSOFT CORP. I'm not really tech savy so this is freaking me out a bit. Does all of this still sound normal?

Ive been concerned lately about security on my phone since I realised it had Super Su on it and I think it may have been rooted without my knowledge. Is it common for phones to be rooted before being unlocked so they can be used with any carrier. The Super Su app was installed on 1/1/2013 - 2 years before I got my phone, and 6 months before the phone was even released. This would mean then that the phone either came with it installed or it was added before unlocking it as it may have been a refurbished phone.

thanks again
 
Upvote 0
Hi thanks a lot for your reply. An example is CLEAN MASTER 31.13.83.8:443 then another one for the same app of 54.229.181.59.80

So that snake oil app is not pinging and phoning home to any IP addresses in China then, that surprises me somewhat. That's when might be concerned about your privacy and security, when your personal stuff is uploaded to a server in Beijing. And FYI the first IP address is Facebook and second is Amazon S3, both with servers in Ireland. Amazon S3 being a data services provider for many companies.
http://whatismyipaddress.com/ip-lookup


Chrome shows as 216.58.211.226:80 and another one under chrome of 185.43.181.194:443. Below the I.P for skype it says: 5 abusers are hosted by MICROSOFT CORP. I'm not really tech savy so this is freaking me out a bit. Does all of this still sound normal?

Ive been concerned lately about security on my phone since I realised it had Super Su on it and I think it may have been rooted without my knowledge. Is it common for phones to be rooted before being unlocked so they can be used with any carrier. The Super Su app was installed on 1/1/2013 - 2 years before I got my phone, and 6 months before the phone was even released. This would mean then that the phone either came with it installed or it was added before unlocking it as it may have been a refurbished phone.

thanks again

Rooting and the presence of SuperSU is absolutely nothing to do with carrier SIM unlocking. Did you buy the phone second hand, or has it ever been out of your possession and into the hands of others?

What phone is it anyway, make, model and Android version, and is it carrier branded and customized?
 
Last edited:
Upvote 0
Hi, I am not sure what you mean by ' So that snake oil app is not pinging and phoning home to any IP addresses in China then, that surprises me somewhat' which app are you referring to, the one I used to get the Ip addresses 'Network connections'?

Is it normal then for every app, webpage, pop up etc to register under a different i.p address like in my examples. Regarding the IPs in my earlier post, do you think the app is giving me the wrong info? Both 31.13.83.8:443 and 54.229.181.59.80 are showing up as CLEAN MASTER. Im also getting loads of different IPs for whatsapp. I hope this is normal.

Regarding the phone it is a Samsung S4 mini running 4.2.2. I think the phone was definitely refurbished as there are Vodaphone apps on it but I am with another carrier. The phone is always with me and I dont know anyone who knows how to root a phone. The super SU app is saying it was installed in jan 2013, 2 years before I got the phone. How is that possible. Do you think it was rooted, refurbished then sold on to me, or possibly rooted then unlocked. In the country where Im living there seems to be a lot of talk online about rooting before unlocking a phone, maybe they do that here even though you say it is not linked.

Thanks again
 
Upvote 0
Hi, I am not sure what you mean by ' So that snake oil app is not pinging and phoning home to any IP addresses in China then, that surprises me somewhat' which app are you referring to, the one I used to get the Ip addresses 'Network connections'?

The one you started with, Clean Master by Cheetah Mobile of Beijing. You might want to have a read of our forum sticky about such apps. :thumbsupdroid:
http://androidforums.com/threads/pu...k-killers-ram-optimizers-and-the-like.896663/

Is it normal then for every app, webpage, pop up etc to register under a different i.p address like in my examples. Regarding the IPs in my earlier post, do you think the app is giving me the wrong info? Both 31.13.83.8:443 and 54.229.181.59.80 are showing up as CLEAN MASTER. Im also getting loads of different IPs for whatsapp. I hope this is normal.

Regarding the phone it is a Samsung S4 mini running 4.2.2. I think the phone was definitely refurbished as there are Vodaphone apps on it but I am with another carrier. The phone is always with me and I dont know anyone who knows how to root a phone. The super SU app is saying it was installed in jan 2013, 2 years before I got the phone. How is that possible. Do you think it was rooted, refurbished then sold on to me, or possibly rooted then unlocked. In the country where Im living there seems to be a lot of talk online about rooting before unlocking a phone, maybe they do that here even though you say it is not linked.

Thanks again

The presence of SuperSU means it's rooted, and is certainly not as Samsung originally made it. If it was refurbished, not new, then very possibly it could have been rooted. Who sold it to you as refurbished, not Vodafone I presume. Rooting date may not mean anything, the phone's calendar could have been wrong for all you know.

Whatsapp uses P2P technology AFAIK, like Skype, so yes it could indeed be pinging many different IP addresses.
 
Upvote 0
Hi thanks again. You are very helpful. So basically seeing a whole load of different ip address for all the different apps, webpages I visit etc is normal then just to clarify?

The phone was actually bought on the cheap, not through an official store. I am certain the phone was used by someone else then sent back as it was broken or something then that phone was sold on to me..on the black market. It must have been with vodaphone due to some of their apps being installed. it was obviously unlocked before being sold onto me as i wouldnt have been able to use it with my carrier. So either it was rooted by the original owner or was rooted just before being unlocked. I definitely didnt root it as I only learned what that was a few days ago. I had never downloaded Super Su and only really noticed the app the other day as I just assumed it was one of the pointless apps loaded onto the phone as stock but after reading up on root i realised i already had the app.

The phone hasnt been in the possesion of anyone who would know how to root a phone. Getting super su on the phone isnt as simple as just downloading the app is it, there are more stages involved first I think. I dont think it is possible that someone rooted my phone without my knowledge by hooking it up to a pc etc. Also, I must add that developer mode wasnt even showing up in settings.

You think the only likely story is that the phone was sold to me having been previously rooted as it would have been impossible without my knowledge. There were also vodaphone apps installed on the phone at almost exactly the same time as the super su app - which would suggest the phone came this way.

Thanks hope you can clear up my final doubts
 
Upvote 0
Happy to help, no problem.. :)


You got a Samsung S4 Mini, well rooting some of the older Samsungs is as easy as just installing a rooting app, running it and rebooting, that's it, boom!..it's rooted and there is SuperSU. SuperSU is definitely NOT something Samsung or Vodafone would have as pre-installed apps or bloat on a new phone.

Did you buy it from one of those Cexx or Cash Converters type places, where people trade-in their items and they're cleaned up, refurbished and sold on. If you wanted you could actually restore it back to factory state, as Samsung originally made it, and then you can be truly sure about it's integrity and security. Might be useful to look at our S4 Mini, All Things Root forum..
http://androidforums.com/forums/root-samsung-galaxy-s4-mini.2294/

Later Samsungs such as S5, S6 and Note 4 have a security feature called KNOX. Which is a way of determining for sure if the phone has been rooted or otherwise modified in an unauthorized manner, and not as Samsung intended.
 
Last edited:
Upvote 0
The reason all this started was cus the phone was acting weird. Turning on n off every few weeks..settings popping up..contact popping up after screen unlock so i tried to do a factory reset but could. Tried about 100times..a load of writing appeared..something about fstat then either went to a brown screen or restarted back to nornal mode.

After reading about this online i kept seeing ppl with rooted phones saying they had similar issues. That was the first time id heard about rooting so read up on it and realised i had super su installed. Did all the tests and had root. The nxt day i didnt have root..dunno what happened(maybe when i unlicked usb debugging after unlocking the developer mode. Or when i unticked super user access in super su becausr now when i try to open super su it says something about binaries not working.

all of this was kinda weird to me hence my post and me checking connection types.

The phone was sold on thr black market by someone who worked for vodafone..ppl handing back phones then this person sold them from home. So either the phone was rooted by the previous vodafone customer or it wss rooted before unlocking it and selling it on to me. Were were sold 2 phones exactly the same but my gfs doesnt have super su.

What is the most likely story here? Could someone somehow remotely have rooted my phone without me knowing? The date of install super su is around the time the vodafone apps were installed..even if the time was incorrect it would suggest these things happened around the same time.

Can u help me stop worrying by telling me if my phone couldve bern hacked or something without my knowledge even tho super su has been on it from day 1 and it is not in my downloaded apps in app store etc. Thanks
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones