Were you connected to WiFi at the time? (Or the mobile carrier’s network, instead?)
If you install the whois command line application (sudo apt install whois), you can then run the following command (replace 111.111.11.11 with the actual IP address):
Did you install it as a flatpak? If so, I wonder whether the information is even valid.
I would sanity check the IP address by using a regular browser and going to http://whatismyipaddress.com (although I personally use my own “version” of this that is hosted on one of my VPSs).
Winston: ‘I think I exist’ … ‘I am conscious of my own identity. I was born and I shall die. I have arms and legs. I occupy a particular point in space. No other solid object can occupy the same point simultaneously. In that sense, does Big Brother exist?’
I don’t know. It’s not installed on my phone (fairly recently reflashed, and I have no record of uninstalling that app). So I think it is fair to ask how and in what form it was installed on the OP’s phone.
The package (whatip) does not seem to exist in my desktop’s distro (not running PureOS) so I am not familiar with the app or how it works or what it is supposed to do. All it says to me in the description from the phone is “Info on your IP”, which kind of points me in the right direction but without giving any detail.
Looking at the Python source (disclaimer: I don’t speak Python), it doesn’t look as if it is the sort of app that I would want on my phone as it relies on an external server and leaks information from your phone to that server. (However it is little to no worse than using the URL that I suggested above for sanity checking.)
If Purism wants to continue packaging this app then I believe it ought to make the external server(s) configurable and provide the service itself for those that want that and default to their own service.
If nothing else, the package doco should disclose the external parties that information is being shared with (leaked to) i.e. ifconfig.co and geoip.fedoraproject.org
In some sense, the geoip information should be packaged internally but that is difficult to keep up to date, difficult for the package maintainer and difficult for everyone who has the package installed. So I think that I would be wondering about the cost/benefit of even having the geoip information.
(The package information says that the geoip information is so that you can verify what country / location your VPN has landed you in, which is of some use.)
Of course it suffers from the usual problem of geoip i.e. not being very accurate anyway.
Most connections from the wild I notice are “unknown”.
Take for example my telnet game server. When I periodically put IP ranges in my inetdsec file for “deny” I glean connections from my inetd log file. Here is a snippet (truncated right and left for brevity):
Connection from unknown (123.179.93.208) at Mon Jan 29 22:05:14 2024
Access denied for unknown (117.202.46.253) at Mon Jan 29 22:08:25 2024
Connection from unknown (116.172.184.41) at Mon Jan 29 22:13:11 2024
Connection from unknown (101.67.136.52) at Mon Jan 29 22:13:13 2024
Access denied for unknown (120.39.36.105) at Mon Jan 29 22:13:21 2024
Connection from unknown (144.255.17.153) at Mon Jan 29 22:13:28 2024
Access denied for unknown (182.138.158.225) at Mon Jan 29 22:13:30 2024
Connection from h88-129-112-88.cust.bredband2.com (88.129.112.88)
Connection from h88-129-112-88.cust.bredband2.com (88.129.112.88)
Access denied for unknown (58.208.219.85) at Mon Jan 29 22:23:46 2024
Access denied for unknown (58.208.219.85) at Mon Jan 29 22:23:47 2024
Access denied for unknown (117.235.3.181) at Mon Jan 29 22:24:07 2024
Access denied for unknown (111.61.243.98) at Mon Jan 29 22:28:49 2024
Access denied for unknown (111.61.243.98) at Mon Jan 29 22:28:55 2024
Access denied for unknown (5.58.108.191) at Mon Jan 29 22:32:31 2024
Access denied for host-5-58-108-191.bitternet.ua (5.58.108.191) at Mon
Access denied for host-5-58-108-191.bitternet.ua (5.58.108.191) at Mon
Access denied for host-5-58-108-191.bitternet.ua (5.58.108.191) at Mon
Access denied for host-5-58-108-191.bitternet.ua (5.58.108.191) at Mon
Access denied for host-5-58-108-191.bitternet.ua (5.58.108.191) at Mon
Access denied for host-5-58-108-191.bitternet.ua (5.58.108.191) at Mon
I only bother blocking endless repeats to connect. It’s a game server after all, I want them to try and connect. If those who repeat are too frequent may invoke a telnet bug that crashes my machine because it is too old for the telnet patch that fixes it (It takes hundreds of attempts at the same time to make it crash). But there are a few “knowns” like the Ukraine domain at the bottom only tried 6 times and gave up. I had blocked them earlier, hence the “denied prefix”. That “known” cust.bredband2.com domain is from Sweden (Bork, bork, bork!).
Funny thing though, they never actually try and make a log on. Or if they do, they use Windows or Linux logon commands, my machine’s logons are neither, it has a different log on format mentioned elswhere this forum, passim. Neiter does my machine take SSH, which is what I suspect what they’re also doing.
It’s not from the wild. It is recognized as a local device. Disconnected from modem, it’s still there. Turn L5 mobile off, still there. Turn L5 off - still there.
Thanks for the reminder. I’d forgotten about it. L5 took back seat to a Samsung Galaxy 23, I’m debugging it. The kind of bugs like stalkers and such. Waiting for reply from support@puri.sm on sending it back for repairs & asking how much it would cost. It’s only been 5 days so I’ll remain patient.
Sorry I was referring to my “unknowns” in my log file snippet that was underneath my post, not your active reference. All mine were telnet connection logs on my garage based mainframe.
I don’t keep such records. I don’t know where WhatIP came from or how it was installed.
When I use WhatIP, it produces
country US
org AS6128 Cablevision Systems Corp.
timezone America/New_York
ip ###.###.###.###
region New York
postal 10458
hostname ool-182ded1c.dyn.optonline.net
city Fordham
loc 40.8593,-73.8985
That is most likely the mobile ISP.
The unknown IP has since disappeared. Originally, the modem GUI showed the unknown as being a mobile device. I have a recently unboxed Samsung Galaxy A23. All I did was plug in the adapter to charge battery. It’s the only other wireless/mobile around.
Well, if the UK Ministry is that interested in me, they’re going to be very bored. Had I know they were peeping, I’d have set up something juicy for them.
I’ll just keep checking again now and then. Maybe block it and see what happens.
