Possible malware? strange DNS queries

logs
blacklisting

#1

My android phone has many queries to this domain:
z.moatads.com

Currently, since my pi-hole is on “steroids” (2,3M blocked domains from many blocklists)
it is on these three blocklists
[0]:https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
[1]:http://sysctl.org/cameleon/hosts
[5]:https://hosts-file.net/ad_servers.txt

Problem is that these queries are of unkown origin to me. Is that malware, tracker?
The fact is that these queries are happening all the time my phone is not used but connected to Wi-Fi.
I have started tcpdump to my phone, I would like to know more about the traffic around these queries.

On the internet when i google motoadz there are informations about malware. So I am taking this issue very seriously.

Second part:
Do you guys have some sugestions about tracking this internaly in android OS. Without chance to have this overview we cannot say that android is secure. …


What Really Happens On Your Network? Part Seven
#2

Hi,

you are talking of z.moatads.com !

Found in: Cameleon.txt
Found in: EladKarako.txt
Found in: HPHosts-ads.txt
Found in: JoeyLane.txt
Found in: Kowabit.txt
Found in: Mahakala.txt
Found in: HostsFileOrg.txt
Found in: SomeoneWC.txt
Found in: Vokins.txt
Found in: Winhelp2002.txt

Nothing really to be afraid of, a little bit GOOGLE leads us to https://moat.com

You can also block tracking when you are not at home using an android ad-blocker!

regards, Frank


#3

I saw things like this https://community.webroot.com/t5/Introduce-yourself-to-the/What-is-z-moatads-com/td-p/239026 while googling. So that is why I am afraid of that site.


#4

I don’t think it’s a malware, it’s just an advert domain. It’s related to www.moat.com which is a data analytics site.

It’s also mentioned in Google’s third party ad serving companies


#5

Thanks sir. I think you are right.


#6

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.