Jump to content

Android phone keeps reaching out to Chinese domain every 5 minutes

Recommended Posts


I'm having an issue with my wife's Android device where it is reaching out to a Chinese domain name every 5 minutes, specifically ebjvu DOT cn.  I have detected this via a pi-hole I installed recently on my home network.  Her device seems to be running fine and I have run Malwarebytes, Norton and AVG mobile apps on the device which all say it is clean.

Right now I'm blocking that domain at a network level via the pi-hole but I would like to figure out what is phoning home on her device.  Any ideas what might be going on?

The domain is marked as malicious by Hybrid Analysis: https://www.hybrid-analysis.com/sample/7e97412a3dd7dddbe18d155439741cfa97a477a7351172b5762ae529d6451db6


Share this post

Link to post
Share on other sites

Hi @BMR777,

Well, that's interesting.  I wonder if WireShark could help tie it back to the app causing the issue.  I can certainly look at the apps on your Wife's mobile device if you like to send me an Apps Report.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included.

At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum.  This allows our support staff to know where to direct it.

By sending the Apps Report, you will create a ticket in our support system.

Private Message (PM) me the email used and/or the ticket number assigned.


Share this post

Link to post
Share on other sites

Thanks Nathan.  I have sent you the ticket ID via private message.

Also attached is a screenshot of what I am seeing via my pi-hole.  It seems that the contact occurs approx every 5 minutes give or take about 30 seconds.


Share this post

Link to post
Share on other sites

Has anyone found the source of this? We are seeing similar activity from a Galaxy phone connected to our open WiFi and I would like to help the user identify the cause. Looking back at our logs, the activity started around November 18th, 2019. 

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.