radar-covid-android icon indicating copy to clipboard operation
radar-covid-android copied to clipboard

Published 20 hours ago verified publisher icon RadarCOVID

Traffic analysis: strange calls to URLs

Open oyale opened this issue 3 years ago • 3 comments

Hello!

Monitoring the application traffic, I have found calls to servers for which I find no justification. Specifically, I have detected requests on port 443 to the following URLs:

  • apps|launches.appsflyer.com
  • outcome-ssp.supersonicads.com
  • embeds.driftcdn.com
  • js.stripe.com
  • firefox.setting.services.mozilla.com

Is this normal application behavior? I have logged traffic with an application that creates a VPN to monitor requests from each application on the phone and it seems to be working fine.

oyale avatar Jan 13 '21 14:01 oyale

@iCesofT could we get any insight? Is this residual code from a template? I don't see why you'd need to send requests to Stripe or Super Sonic Ads... The app has no advertisements and no payments...

codingneko avatar Sep 03 '21 13:09 codingneko

Hello @oyale

What tool did you use to detect thouse urls? Can you share the actual log where they did appear?

We don't use them anywhere in the code, so we are trying to trace them by ourselves

Regards

alopezh avatar Sep 06 '21 10:09 alopezh

Hi! I'd got those logs with Netguard's Pro features.

It's been a long time since January: I'm afraid I only have this screenshot:

imagen

oyale avatar Dec 13 '21 18:12 oyale