What's up with the Zidoo pinging the domain "alog.umeng.com?" A google of this is not encouraging..

Discussion in 'HDD Media player(RTD 1619DR)' started by Jimbo Randy, Feb 17, 2023.

  1. Jimbo Randy

    Jimbo Randy Active Member

    Yea, so I saw that the Zidoo pings the below domains:

    - alog.umeng.com
    - alog.umengcloud.com

    Does anyone know what these are? They'r clearly Chinese domains but I am not sure what the Zidoo is using it for. A google search shows that this domain was apparently responsible for some SMS malware in Asia a little while back. I can't post links here but you can just google "alog.umeng.com malware" and you'll see what I mean. I'm a little sketched out so any information would be helpful..

    It looks like umeng.com could be owned by Alibaba, which would just mean it's just an analytics/telemetry domain used by the developers. I'm just curious since I monitor all traffic that goes in and out of my network. I can just block these domains to be safe but was wondering if anyone had any info.
     
    Last edited: Feb 17, 2023
    Jimbo Randy, Feb 17, 2023
    #1
  2. Jimbo Randy

    Jimbo Randy Active Member

    Also wondering about the domain: whois.pconline.com.cn
     
    Jimbo Randy, Feb 17, 2023
    #2
  3. toshu

    toshu Member

    Which player are you talking about thats doing this? Also, is the software as new out of the box??
     
    toshu, Feb 17, 2023
    #3
  4. Markswift2003

    Markswift2003 Well-Known Member SUPER Administrator Beta test group Contributor

    Just shark it and you'll soon see there's nothing untoward going on.
     
    Markswift2003, Feb 17, 2023
    #4
  5. Jimbo Randy

    Jimbo Randy Active Member

    What do you mean shark it? And yea, sorry, my intent wasn't to claim that there's anything shady going on. I just like to analyze all domains that my devices try to contact.
     
    Jimbo Randy, Feb 17, 2023
    #5
  6. Jimbo Randy

    Jimbo Randy Active Member

    Software new out of the box. Only non-stock software I installed was ZDMC. I think these domains are being contacted by the Zidoo itself, not HT4.0 or anything but I'm not 100% sure.
     
    Jimbo Randy, Feb 17, 2023
    #6
  7. rozel

    rozel Well-Known Member

    rozel, Feb 17, 2023
    #7
    xskip likes this.
  8. Jimbo Randy

    Jimbo Randy Active Member

    Thanks man. I'll look into it. From what I can find, the umeng domains are probably just like analytics. Not sure what the whois domain is for. Could be for automatic time setting, or the weather app. I'll just block all of them. I only need the metadata scraper domains and the update domain to work. The rest can be blocked.
     
    Jimbo Randy, Feb 17, 2023
    #8
  9. rozel

    rozel Well-Known Member

    @Jimbo Randy - if Mark says there's nothing untoward going on, you can bet your bottom dollar nothing is.
     
    rozel, Feb 17, 2023
    #9
  10. Markswift2003

    Markswift2003 Well-Known Member SUPER Administrator Beta test group Contributor

    Wireshark - you can see everything the box is doing either on the WAN or LAN.
     
    Markswift2003, Feb 17, 2023
    #10
    Netmask likes this.
  11. Jimbo Randy

    Jimbo Randy Active Member

    Thank you sir.
     
    Jimbo Randy, Feb 17, 2023
    #11
  12. Markswift2003

    Markswift2003 Well-Known Member SUPER Administrator Beta test group Contributor

    You're very welcome.
     
    Markswift2003, Feb 17, 2023
    #12

Share This Page