Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2943282s -
max time network
75s -
platform
android_x64 -
resource
android-x64-20230831-en -
resource tags
androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system -
submitted
19/09/2023, 21:51 UTC
Static task
static1
Behavioral task
behavioral1
Sample
xManager.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral2
Sample
xManager.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral3
Sample
xManager.apk
Resource
android-x86-arm-20230831-en
General
-
Target
xManager.apk
-
Size
9.1MB
-
MD5
15e16125c1cd2e4eda8058dc1b957362
-
SHA1
4649e99fccb758e34be68ccaed63db1053c8337a
-
SHA256
05ec45735db9d58d3991941cff56d25ba6ae26dd300b2c1250aca093e68843d1
-
SHA512
e1cfcde3ef453045aa267cdf2ea48ffc6e80cfd054c9dfc5ed0edddfedae61d8bfb12389e248ae44ee4f6cbd408b97befcae368d8e23a0ea3ad2985e9bac219a
-
SSDEEP
98304:1g4OD3plY2bl11NHC77QE7j01xkgnk3Jx+V0L0QUllb/JGxBbSg64kA/32d2ZrC6:1cD3p5l1zC7D01xXnaxjLalmBR6yxrOm
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.xc3fff0e.xmanager/cache/1613498354782.jar 5092 com.xc3fff0e.xmanager -
Reads information about phone network operator.
-
Removes a system notification. 1 IoCs
description ioc Process Framework service call android.app.INotificationManager.cancelNotificationWithTag com.xc3fff0e.xmanager -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.xc3fff0e.xmanager
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestgist.githubusercontent.comIN AResponsegist.githubusercontent.comIN A185.199.109.133gist.githubusercontent.comIN A185.199.110.133gist.githubusercontent.comIN A185.199.108.133gist.githubusercontent.comIN A185.199.111.133
-
Remote address:185.199.109.133:443RequestGET /xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw HTTP/2.0
host: gist.githubusercontent.com
accept-encoding: gzip
user-agent: okhttp/3.9.1
ResponseHTTP/2.0 200
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: W/"dc784efb5a37d790f2a72f88f4c44987c9d13f6f4d248c07c25b90c8f9b78683"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 0CF6:EBB6:BD9392:C60BE9:650153AC
accept-ranges: bytes
date: Tue, 19 Sep 2023 21:52:22 GMT
via: 1.1 varnish
x-served-by: cache-ams21073-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1695160342.239887,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: c193151212d140f737e98de6deade3960657f8b8
expires: Tue, 19 Sep 2023 21:57:22 GMT
source-age: 2
content-length: 19130
-
Remote address:185.199.109.133:443RequestGET /xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw HTTP/2.0
host: gist.githubusercontent.com
accept-encoding: gzip
user-agent: okhttp/3.9.1
ResponseHTTP/2.0 200
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: W/"dc784efb5a37d790f2a72f88f4c44987c9d13f6f4d248c07c25b90c8f9b78683"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 0CF6:EBB6:BD9392:C60BE9:650153AC
accept-ranges: bytes
date: Tue, 19 Sep 2023 21:52:26 GMT
via: 1.1 varnish
x-served-by: cache-ams21073-AMS
x-cache: HIT
x-cache-hits: 2
x-timer: S1695160347.702002,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: d18b40a5990959da1dbfe9f8de82c566a69b68bc
expires: Tue, 19 Sep 2023 21:57:26 GMT
source-age: 6
content-length: 19130
-
Remote address:185.199.109.133:443RequestGET /xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw HTTP/2.0
host: gist.githubusercontent.com
accept-encoding: gzip
user-agent: okhttp/3.9.1
ResponseHTTP/2.0 200
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: W/"dc784efb5a37d790f2a72f88f4c44987c9d13f6f4d248c07c25b90c8f9b78683"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 0CF6:EBB6:BD9392:C60BE9:650153AC
accept-ranges: bytes
date: Tue, 19 Sep 2023 21:52:41 GMT
via: 1.1 varnish
x-served-by: cache-ams21073-AMS
x-cache: HIT
x-cache-hits: 3
x-timer: S1695160361.279584,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 8e7d645fa83a86da60a7e638cb0053be0e2c9e56
expires: Tue, 19 Sep 2023 21:57:41 GMT
source-age: 21
content-length: 19130
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN AResponseinfinitedata-pa.googleapis.comIN A142.251.36.10infinitedata-pa.googleapis.comIN A216.58.214.10infinitedata-pa.googleapis.comIN A142.250.179.202infinitedata-pa.googleapis.comIN A172.217.23.202infinitedata-pa.googleapis.comIN A142.250.179.170infinitedata-pa.googleapis.comIN A172.217.168.202infinitedata-pa.googleapis.comIN A172.217.168.234infinitedata-pa.googleapis.comIN A142.250.179.138infinitedata-pa.googleapis.comIN A142.251.36.42infinitedata-pa.googleapis.comIN A142.251.39.106
-
Remote address:1.1.1.1:53Requestgoogleads.g.doubleclick.netIN A
-
Remote address:1.1.1.1:53Requestgoogleads.g.doubleclick.netIN A
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A142.251.39.104
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.251.36.46
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestgoogleads.g.doubleclick.netIN AResponsegoogleads.g.doubleclick.netIN A142.251.36.34
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requestwww.googletagservices.comIN A
-
Remote address:1.1.1.1:53Requestwww.googletagservices.comIN A
-
Remote address:1.1.1.1:53Requestlh3.googleusercontent.comIN AResponselh3.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A142.250.179.129
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requestwww.googletagservices.comIN A
-
Remote address:1.1.1.1:53Requestwww.googletagservices.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requestwww.googletagservices.comIN AResponsewww.googletagservices.comIN A172.217.23.194
-
Remote address:1.1.1.1:53Requestwww.googletagservices.comIN A
-
Remote address:1.1.1.1:53Requestwww.googletagservices.comIN A
-
Remote address:1.1.1.1:53Requestcsi.gstatic.comIN AResponsecsi.gstatic.comIN A142.250.75.3
-
Remote address:1.1.1.1:53Requestrr5---sn-5hnekn76.googlevideo.comIN A
-
Remote address:1.1.1.1:53Requestrr5---sn-5hnekn76.googlevideo.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN A
-
Remote address:1.1.1.1:53Requesttpc.googlesyndication.comIN AResponsetpc.googlesyndication.comIN A142.250.179.129
-
Remote address:1.1.1.1:53Requestrr5---sn-5hnekn76.googlevideo.comIN AResponserr5---sn-5hnekn76.googlevideo.comIN CNAMErr5.sn-5hnekn76.googlevideo.comrr5.sn-5hnekn76.googlevideo.comIN A209.85.226.10
-
Remote address:1.1.1.1:53Requestrr5---sn-5hnekn76.googlevideo.comIN A
-
Remote address:1.1.1.1:53Requestrr5---sn-5hnekn76.googlevideo.comIN A
-
GEThttps://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdkRemote address:209.85.226.10:443RequestGET /videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdk HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
Accept-Encoding: identity
Host: rr5---sn-5hnekn76.googlevideo.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: video/webm
Date: Tue, 19 Sep 2023 21:53:08 GMT
Expires: Tue, 19 Sep 2023 21:53:08 GMT
Cache-Control: private, max-age=28468
Accept-Ranges: bytes
Content-Length: 421821
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
-
GEThttps://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdkRemote address:209.85.226.10:443RequestGET /videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdk HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
Accept-Encoding: identity
Host: rr5---sn-5hnekn76.googlevideo.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: audio/mp4
Date: Tue, 19 Sep 2023 21:53:08 GMT
Expires: Tue, 19 Sep 2023 21:53:08 GMT
Cache-Control: private, max-age=28468
Accept-Ranges: bytes
Content-Length: 163871
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
-
GEThttps://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdkRemote address:209.85.226.10:443RequestGET /videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdk HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
Accept-Encoding: identity
Host: rr5---sn-5hnekn76.googlevideo.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: audio/mp4
Date: Tue, 19 Sep 2023 21:53:08 GMT
Expires: Tue, 19 Sep 2023 21:53:08 GMT
Cache-Control: private, max-age=28474
Accept-Ranges: bytes
Content-Length: 163871
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
-
GEThttps://googleads.g.doubleclick.net/pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0Remote address:142.251.36.34:443RequestGET /pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0 HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 19 Sep 2023 21:53:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Sep-2023 22:08:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdkRemote address:209.85.226.10:443RequestGET /videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdk HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
Accept-Encoding: identity
Host: rr5---sn-5hnekn76.googlevideo.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: video/webm
Date: Tue, 19 Sep 2023 21:53:18 GMT
Expires: Tue, 19 Sep 2023 21:53:18 GMT
Cache-Control: private, max-age=28464
Accept-Ranges: bytes
Content-Length: 421821
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
-
GEThttps://googleads.g.doubleclick.net/pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0Remote address:142.251.36.34:443RequestGET /pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0 HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 19 Sep 2023 21:53:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Sep-2023 22:08:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
185.199.109.133:443https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/rawtls, http22.2kB 65.6kB 24 27
HTTP Request
GET https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/rawHTTP Response
200HTTP Request
GET https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/rawHTTP Response
200HTTP Request
GET https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/rawHTTP Response
200 -
1.2kB 5.6kB 7 5
-
11.9kB 18.5kB 63 64
-
9.3kB 16.2kB 40 54
-
4.6kB 182.6kB 55 72
-
8.1kB 98.1kB 35 55
-
7.8kB 146.7kB 63 80
-
4.1kB 63.8kB 37 54
-
1.5kB 1.9kB 8 8
-
2.5kB 39.8kB 21 27
-
14.9kB 10.5kB 46 69
-
1.0kB 5.3kB 9 6
-
209.85.226.10:443https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdktls, http4.5kB 433.3kB 54 81
HTTP Request
GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdkHTTP Response
200 -
209.85.226.10:443https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdktls, http3.6kB 171.9kB 36 39
HTTP Request
GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdkHTTP Response
200 -
209.85.226.10:443https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdktls, http3.7kB 172.0kB 39 42
HTTP Request
GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdkHTTP Response
200 -
142.251.36.34:443https://googleads.g.doubleclick.net/pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0tls, http2.8kB 6.3kB 11 8
HTTP Request
GET https://googleads.g.doubleclick.net/pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0HTTP Response
200 -
209.85.226.10:443https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdktls, http8.4kB 434.0kB 99 113
HTTP Request
GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdkHTTP Response
200 -
142.251.36.34:443https://googleads.g.doubleclick.net/pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0tls, http2.8kB 2.0kB 10 7
HTTP Request
GET https://googleads.g.doubleclick.net/pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0HTTP Response
200
-
3.3kB 10
-
69 B 1
DNS Request
android.apis.google.com
-
76 B 1
DNS Request
infinitedata-pa.googleapis.com
-
138 B 2
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
-
72 B 136 B 1 1
DNS Request
gist.githubusercontent.com
DNS Response
185.199.109.133185.199.110.133185.199.108.133185.199.111.133
-
76 B 236 B 1 1
DNS Request
infinitedata-pa.googleapis.com
DNS Response
142.251.36.10216.58.214.10142.250.179.202172.217.23.202142.250.179.170172.217.168.202172.217.168.234142.250.179.138142.251.36.42142.251.39.106
-
146 B 2
DNS Request
googleads.g.doubleclick.net
DNS Request
googleads.g.doubleclick.net
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
142.251.39.104
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.251.36.46
-
138 B 2
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
-
138 B 2
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
-
73 B 89 B 1 1
DNS Request
googleads.g.doubleclick.net
DNS Response
142.251.36.34
-
142 B 2
DNS Request
tpc.googlesyndication.com
DNS Request
tpc.googlesyndication.com
-
142 B 2
DNS Request
www.googletagservices.com
DNS Request
www.googletagservices.com
-
71 B 116 B 1 1
DNS Request
lh3.googleusercontent.com
DNS Response
142.250.179.129
-
142 B 2
DNS Request
tpc.googlesyndication.com
DNS Request
tpc.googlesyndication.com
-
142 B 2
DNS Request
www.googletagservices.com
DNS Request
www.googletagservices.com
-
142 B 2
DNS Request
tpc.googlesyndication.com
DNS Request
tpc.googlesyndication.com
-
142 B 2
DNS Request
tpc.googlesyndication.com
DNS Request
tpc.googlesyndication.com
-
142 B 2
DNS Request
tpc.googlesyndication.com
DNS Request
tpc.googlesyndication.com
-
71 B 87 B 1 1
DNS Request
www.googletagservices.com
DNS Response
172.217.23.194
-
142 B 2
DNS Request
www.googletagservices.com
DNS Request
www.googletagservices.com
-
61 B 77 B 1 1
DNS Request
csi.gstatic.com
DNS Response
142.250.75.3
-
158 B 2
DNS Request
rr5---sn-5hnekn76.googlevideo.com
DNS Request
rr5---sn-5hnekn76.googlevideo.com
-
142 B 2
DNS Request
tpc.googlesyndication.com
DNS Request
tpc.googlesyndication.com
-
142 B 2
DNS Request
tpc.googlesyndication.com
DNS Request
tpc.googlesyndication.com
-
71 B 87 B 1 1
DNS Request
tpc.googlesyndication.com
DNS Response
142.250.179.129
-
79 B 125 B 1 1
DNS Request
rr5---sn-5hnekn76.googlevideo.com
DNS Response
209.85.226.10
-
158 B 2
DNS Request
rr5---sn-5hnekn76.googlevideo.com
DNS Request
rr5---sn-5hnekn76.googlevideo.com
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD52c84bc0c28d4ac333d267f7a152b4039
SHA149e67f04004587ae351d5aba4da5f18644746864
SHA2561eea5584eb2332554753b4beec7fe8e972bfb3eeadbe0c05dba33de267f25a00
SHA51244ab6c390cac8b11bf43097293ef73bb620b1466fd671a945639198ea10dea425a0c9443b47752cc0a6689a6f5a7661b35f7a8a350ffcba30a72be60d5f18abd
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
156B
MD5c064af9c3111621a531c9aed816a83db
SHA1d9cf4c8500c328bf40dfd196b1eaec1e4dfab526
SHA25649f018e34ebf079675b1de71e802881bbd9971db7fa941fad1b12dd8abb604a9
SHA512dd0d303d6b7ad280ff22a0fc1626228f7686c39e37e85ec69dec232b00c56088fa855fc4e66b4cc93f411b243462322e4fd6513c666981659ad774be793af89d
-
Filesize
21KB
MD586ce3683020b3f28f4110aac9c769ff7
SHA1876e0686440524927639a4797b2f13b12a26ce4a
SHA256be852340e03b169a28811d1ff41582d19638d9fc0540f237ecb960c45bd07071
SHA51204d03a9963ba49adf5d0d26a21b57e85e21416fcc3d479ce7522149d45f5ab630ff78e590e724695fe29850b08b4dccfa5051daf5d4e4afd9384f7183f887ddc