I'm having an issue with my wife's Android device where it is reaching out to a Chinese domain name every 5 minutes, specifically ebjvu DOT cn. I have detected this via a pi-hole I installed recently on my home network. Her device seems to be running fine and I have run Malwarebytes, Norton and AVG mobile apps on the device which all say it is clean.
Right now I'm blocking that domain at a network level via the pi-hole but I would like to figure out what is phoning home on her device. Any ideas what might be going on?
The domain is marked as malicious by Hybrid Analysis: https://www.hybrid-analysis.com/sample/7e97412a3dd7dddbe18d155439741cfa97a477a7351172b5762ae529d6451db6