SOLVED: What does T212 use azmsoft for?

I run an ad blocker on my home network that blocks some domains based upon whether the domains are in known lists or not. Whenever I have T212 running in a browser, I can see that the ad blocker is blocking calls to the following domain:

stats DOT azmsoft DOT com

The ad blocker shows that the requests are sent every 10 seconds or so and the requests stop when I close T212 down in my browser. I can see that the requests are coming from the device I had T212 open on, they weren’t coming from a different device.

Azmsoft appears to be a company in Kenya and worryingly, the name gets mentioned in some malware reports on joesandbox.com

Is T212 using this domain for some legitimate purpose? It’s definitely T212 making these requests because the Android app makes the same requests as well.

https://www.google.com/amp/sur.ly/i/azmsoft.com/amp

Looks related

@phildawson Thanks, I found that when Googling them and making the ‘Kenya’ link. I am just somewhat apprehensive about T212 making so many requests to that domain and would really like to have some idea as to what is going on, even if a very basic explanation to set my mind at ease.

At the moment Pi-Hole is blocking the requests so it’s no skin off my back, but might be for other people.

I don’t often use the desktop version but I’ll login and take a look.

So this is the section of the main bundle that creates the call to https://stats.azmsoft.com/logs/event/ag2ti1rn2d

Screenshot 2021-06-10 at 13.27.35801×499 42.5 KB

I’m seeing that it makes four calls on load, the first is about these events:

Then it sends a second request with

RESET_NOTIFICATIONS_STATE
CONSUME_NOTIFICATIONS

then a third request with

UPDATE_GEO_IP_COUNTRY

and then a fourth request about the status

UPDATE_CONNECTION_STATUS

where it sends an array of connecting and then connected events.

It just looks like marker points for debugging so they can see where the application is getting stuck. The data being sent with the event is just really your session id / customer uid.

Blocking this does no harm to your experience.

Thanks for all the investigation, going to leave the blacklists as they are

No probs.

Would be great to hear from T212 themselves if they could comment

@David @Wit @B.E

That’s the actual reason, thanks for that. Nothing to worry about - it’s used purely for debugging reasons

Yeah it does look like internal tracking and debugging after watching it for a bit.

It does also send through context too related to what you are doing in the app. eg Typed in AMZN into the search.

However I’m not seeing it every 10 seconds as you describe in the OP, only after specific user actions (and on init load)

In any case its T212 that appears to have purchased azmsoft ages ago and using it for their own tracking.