Chinese Xunlei (PikPak) tracker

[c2xusnpq6]

https://play.google.com/store/apps/details?id=com.pikcloud.pikpak

https://apkpure.com/pikpak-private-cloud-video-saver/com.pikcloud.pikpak

Xunlei (Thunder) official SDK doc: https://open.thunderurl.com/

PikPak is most likely the official overseas version of Xunlei.

Some domains even share an IP address while other apps that use Xunlei SDK do not...

Related Reports:

• https://www.virustotal.com/gui/file/4ec5ad0adde59e9849264ffc255be9e9bad89c6e72fe88aa7e2764c010088aaa/relations
• https://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=AXzmKBwCxyHYZ1u31y__
• https://bbs.itzmx.com/thread-98536-1-1.html

Tracker:

||res.res.res.res^$app=com.pikcloud.pikpak (1)

/api/stat/rt^

||api-drive.mypikpak.com/drive/v1/events^
or
||api-drive.*/drive/v1/events^$app=com.pikcloud.pikpak (3)

Please download the apk file and try it yourself. 😅

• They don't own the domain res.res.res.res, but they put their tracking IP in using HTTP instead of HTTPS to try to evade the filter. (1)
• /api/stat/rt^ a Xunlei classic tracking path.
• They also often use IPs to connect directly to the tracking backend. (2)
• They use multiple domains in the same tracking backend. (3)
• Their main service target is Southeast Asia, India and other Asian places.

Domains related to this: (3)

xunlei.com
n0808.com
n0909.com
sandai.net
mypikpak.com

Ref:

• https://www.google.com/search?q=%22hubciddata%22+OR+%22hub5pnc%22&lr=lang_zh-CN%7Clang_zh-TW&tbs=lr:lang_1zh-CN%7Clang_1zh-TW ✰
• https://bbs.itzmx.com/thread-98536-1-1.html ✰

Classic Xunlei tracking domains: (3):

• https://www.livelu.com/201710274.html
• http://machbbs.com/hostloc/25972
• https://www.shykx.com/notepad/429.html
• https://zhidao.baidu.com/question/130038875
• https://www.javlibrary.com/cn/publictopic.php?id=90720 Some tracking domains have even been in use since 2009.

Just watched a good show in the group of the app, also the reason I post this.

(2): I will post pictures later.

[c2xusnpq6]

Please don't close this issue easily.😃🤝

[c2xusnpq6]

https://www.mypikpak.com/

https://indonesia-rcv5.n0909.com/v2/xla.min.js

/api/stat/rt^
/v2/xla.min.js

As I said before, they have multiple domains pointing to the same backend server.

And Xunlei is a notoriously nasty company, just like other early Chinese network companies. This is probably with no competition from other foreign companies in China caused by it ...

So we have to take these companies seriously...

[c2xusnpq6]

Screenshot

xbase.cloud is owned by Xunlei

[c2xusnpq6]

Screenshot

Look at the value of the ip it points to.

www.virustotal.com

[c2xusnpq6]

Screenshot

Another common "fallback method" (or "escape method") for Chinese apps/sdk

Directly connect to the backend server with ip

www.virustotal.com

[c2xusnpq6]

They will use a lot of ip to connect to the back-end server, probably because the early Chinese Internet instability, dns problems, etc., and there are a variety of restrictions, so the idea of using this method, but later became a network tracker to escape the method.

So I hope you can address this and develop new features to fill the gap.

What if I want to block all direct IP traffic to an app?

[c2xusnpq6]

They claim to be a purely Singaporean company called FUNI. PTE. LTD., and it supports backup telegram data...

[c2xusnpq6]

The above is a little messy, I will check it out later if I have time.

[c2xusnpq6]

Screenshot

Screenshot

[Alex-302]

Don't know what we can block.