Android Question Why is ZipAlign.exe going out to amazonaws.com through Opera?

Widget

Well-Known Member
Licensed User
Longtime User
This afternoon my software firewall detected ZipAlign.exe was using Opera to go out to
ec2-34-205-104-156.compute-1.amazonaws.com.

Has anyone else seen this? Why is c:\android\android_sdk\build-tools\23.0.1\zipalign.exe using Opera browser to try and access amazonaws.com? This is happening in the background without me requesting any updates to any software. I was watching a youtube video when I got the alert from my firewall. I was also debugging a B4A application at the time and the app does not use the Internet and it has never done this before that I'm aware of.

Here is info on the IP address it was trying to go to.
c:\android\android_sdk\build-tools\23.0.1\zipalign.exe
zipalign.exe is attempting to access the network through the following application: C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
If this application is not related to any current user activity, select the 'Deny access' button and investigate the issue further.

9/30/2017 4:16:35 PM PF has blocked outgoing TCP (6)​
packet from 192.168.1.*** to 34.205.104.156:443 (https)?


Can someone shed some light on this?

TIA
 
Last edited:

udg

Expert
Licensed User
Longtime User
Since W10 there are alot of services trying to call "home".
To list a few I can see on my recent blocked list:
Systems
Windows Operating Systems
Microsoft.Photos
taskhostw
UNPCampaignManager
MRT
SIHClient
CompatTelRunner
PowerDVD14Agent

Once you realize that nowadays you are simply "the buyer" and not "the owner" of your own PC, everything is clearer: gone are the "personal" computing days..
 
Upvote 0

Widget

Well-Known Member
Licensed User
Longtime User
Since W10 there are alot of services trying to call "home".

Once you realize that nowadays you are simply "the buyer" and not "the owner" of your own PC, everything is clearer: gone are the "personal" computing days..

Yeah, but I thought ZipAlign.exe was an Android product or at least currently maintained by Google and I didn't think they would use amazon aws to host their files. I thought that was odd. I'm pretty sure Google has space on their servers for their files and don't need to use a 3rd party hosting site like Amazon. :rolleyes:

My copy of ADB.exe is also going out on the Internet, hopefully looking just for updates. I don't recall which website it was trying to connect to. I would have thought the Android SDK Manager would have handled all of the updates so all of the program versions are all in sync instead of each application going out on their own trying to update themselves whenever they feel like it. Anyways, I'll keep and eye on the wandering apps.

Thanks for your response.
 
Upvote 0

Widget

Well-Known Member
Licensed User
Longtime User
This is getting weirder. I was using B4A earlier yesterday and then at 5PM I closed down B4A and left adb.exe running as a service in the background. Then at 8:35 PM, without me using B4A, ADB.exe tries to use Opera (which I had open on youtube) to get out to IP address 67.227.218.133, which is liquidweb.com that happens to the hosting service for b4x.com.

Why is adb.exe trying to connect to b4x.com?

TIA


2017-10-03 22:35
c:\android\android_sdk\platform-tools\adb.exe
adb.exe is attempting to access the network through the following application: C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
If this application is not related to any current user activity,

10/3/2017 10:34:57 PM PF has blocked outgoing TCP (6)
(S) packet from 192.168.1.22:8489 to 67.227.218.133:443 (https)

https://whois.domaintools.com/67.227.218.133

NetRange: 67.227.128.0 - 67.227.255.255
CIDR: 67.227.128.0/17
NetName: LIQUIDWEB
NetHandle: NET-67-227-128-0-1
Parent: NET67 (NET-67-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS32244
Organization: Liquid Web, L.L.C (LQWB)
RegDate: 2008-01-23
Updated: 2016-12-19
Ref: https://whois.arin.net/rest/net/NET-67-227-128-0-1

OrgName: Liquid Web, L.L.C
OrgId: LQWB
Address: 4210 Creyts Rd.
City: Lansing
StateProv: MI
PostalCode: 48917
Country: US
RegDate: 2001-07-20
Updated: 2016-10-21
Ref: https://whois.arin.net/rest/org/LQWB

ReferralServer: rwhois://rwhois.liquidweb.com:4321

OrgAbuseHandle: ABUSE551-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-800-580-4985
OrgAbuseEmail:
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE551-ARIN

OrgTechHandle: IPADM47-ARIN
OrgTechName: IP Administrator
OrgTechPhone: +1-800-580-4985
OrgTechEmail:
OrgTechRef: https://whois.arin.net/rest/poc/IPADM47-ARIN

RTechHandle: IPADM47-ARIN
RTechName: IP Administrator
RTechPhone: +1-800-580-4985
RTechEmail:
RTechRef: https://whois.arin.net/rest/poc/IPADM47-ARIN

== Additional Information From rwhois://rwhois.liquidweb.com:4321 ==

%rwhois V-1.5:003eef:00 rwhois.z.int.liquidweb.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOURCEDNS.67.227.128.0/17
network:Auth-Area:67.227.128.0/17
network:Network-Name:SOURCEDNS-67.227.128.0
network:IP-Network:67.227.128.0/17
network:IP-Network-Block:67.227.128.0 - 67.227.255.255
network:Organization;I:SOURCEDNS
network:Org-Name:SourceDNS
network:Street-Address:4210 Creyts Rd.
network:City:Lansing
network:State:MI
network:postal-Code:48917
network:Country-Code:US
network:Tech-Contact;I:
network:Created:20071126
network:Updated:20090226
network:Updated-By:
network:Abuse:
 
Last edited:
Upvote 0
Top