frankblob
commented
3 years ago Thanks, titus.
Great work.
I have added the domains, as requested.
/Frank
Den ons. 1. sep. 2021 kl. 10.38 skrev titus @.***>:
These are fresh 5 month old domains, obfuscated to not appear associated with kochava, and very little info on them, but I dug deep and found they are all related to kochava analytics.
"Kochava is the industry leader for mobile app attribution and mobile app analytics. Kochava provides an industry leading Analytics and Reporting system which clearly displays insights into users’ behavior, habits, and traffic patterns. Kochava sorts through vast amounts of data and using predictive analysis techniques can identify actionable insights into business."
Please add the following kochava domains to your block list:
co.akisinn.info co.dewrain.life co.vaicore.site co.vaicore.xyz int.akisinn.info int.akisinn.me int.akisinn.site int.dewrain.life int.dewrain.site int.dewrain.world int.vaicore.site int.vaicore.store int.vaicore.xyz int.vlancaa.site int.vlancaa.fun tok.vaicore.xyz vaicore.xyz web.ab-salute.com smart.link (kochava uses this as its own form of "bit.ly" intermediary for opening links)
Most of the above were calling out from my mobile. https://threatcrowd.org/domain.php?domain=int.vaicore.xyz
Note "URL analysis, under "network analysis" on this page https://beta.pithus.org/report/844aa271ef47f7807ab3ccc63952e2215298701a6851857c22456317927f08fd
This one particular app uses tracker querys Defined in com/kochava/base/m.java
https://kvinit-prod.api.kochava.com/track/kvinit https://int.dewrain.life/track/kvinit https://int.vaicore.site/track/kvinit https://int.akisinn.info/track/kvinit https://int.dewrain.site/track/kvinit https://int.akisinn.site/track/kvinit https://int.vaicore.xyz/track/kvinit https://int.vaicore.store/track/kvinit https://int.dewrain.world/track/kvinit
It should be noted that some of the apk files associated with these domains are high risk; https://www.virustotal.com/gui/domain/int.vaicore.site/relations
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/frankblob/adb/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6SNUKFCYRIA7TYPIJCULTT7XQSBANCNFSM5DF5ZZSA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
These are fresh 5 month old domains, obfuscated to not appear associated with kochava, and very little info on them, but I dug deep and found they are all related to kochava analytics.
"Kochava is the industry leader for mobile app attribution and mobile app analytics. Kochava provides an industry leading Analytics and Reporting system which clearly displays insights into users’ behavior, habits, and traffic patterns. Kochava sorts through vast amounts of data and using predictive analysis techniques can identify actionable insights into business."
Please add the following kochava domains to your block list:
co.akisinn.info co.dewrain.life co.vaicore.site co.vaicore.xyz int.akisinn.info int.akisinn.me int.akisinn.site int.dewrain.life int.dewrain.site int.dewrain.world int.vaicore.site int.vaicore.store int.vaicore.xyz int.vlancaa.site int.vlancaa.fun tok.vaicore.xyz vaicore.xyz web.ab-salute.com smart.link (kochava uses this as its own form of "bit.ly" intermediary for opening links)
Most of the above were calling out from my mobile. https://threatcrowd.org/domain.php?domain=int.vaicore.xyz
Note "URL analysis, under "network analysis" on this page https://beta.pithus.org/report/844aa271ef47f7807ab3ccc63952e2215298701a6851857c22456317927f08fd
This one particular app uses tracker querys Defined in com/kochava/base/m.java
https://kvinit-prod.api.kochava.com/track/kvinit https://int.dewrain.life/track/kvinit https://int.vaicore.site/track/kvinit https://int.akisinn.info/track/kvinit https://int.dewrain.site/track/kvinit https://int.akisinn.site/track/kvinit https://int.vaicore.xyz/track/kvinit https://int.vaicore.store/track/kvinit https://int.dewrain.world/track/kvinit
It should be noted that some of the apk files associated with these domains are high risk; https://www.virustotal.com/gui/domain/int.vaicore.site/relations