Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

20/09/2023, 15:26 UTC

230920-svpvksha9x 7

19/09/2023, 21:51 UTC

230919-1qy7fscb8y 7

Analysis

  • max time kernel
    2943282s
  • max time network
    75s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    19/09/2023, 21:51 UTC

General

  • Target

    xManager.apk

  • Size

    9.1MB

  • MD5

    15e16125c1cd2e4eda8058dc1b957362

  • SHA1

    4649e99fccb758e34be68ccaed63db1053c8337a

  • SHA256

    05ec45735db9d58d3991941cff56d25ba6ae26dd300b2c1250aca093e68843d1

  • SHA512

    e1cfcde3ef453045aa267cdf2ea48ffc6e80cfd054c9dfc5ed0edddfedae61d8bfb12389e248ae44ee4f6cbd408b97befcae368d8e23a0ea3ad2985e9bac219a

  • SSDEEP

    98304:1g4OD3plY2bl11NHC77QE7j01xkgnk3Jx+V0L0QUllb/JGxBbSg64kA/32d2ZrC6:1cD3p5l1zC7D01xXnaxjLalmBR6yxrOm

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • com.xc3fff0e.xmanager
    1⤵
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5092
    • logcat -c
      2⤵
        PID:5173

    Network

    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      infinitedata-pa.googleapis.com
      Remote address:
      1.1.1.1:53
      Request
      infinitedata-pa.googleapis.com
      IN A
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      gist.githubusercontent.com
      Remote address:
      1.1.1.1:53
      Request
      gist.githubusercontent.com
      IN A
      Response
      gist.githubusercontent.com
      IN A
      185.199.109.133
      gist.githubusercontent.com
      IN A
      185.199.110.133
      gist.githubusercontent.com
      IN A
      185.199.108.133
      gist.githubusercontent.com
      IN A
      185.199.111.133
    • flag-us
      GET
      https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw
      Remote address:
      185.199.109.133:443
      Request
      GET /xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw HTTP/2.0
      host: gist.githubusercontent.com
      accept-encoding: gzip
      user-agent: okhttp/3.9.1
      Response
      HTTP/2.0 200
      cache-control: max-age=300
      content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
      content-type: text/plain; charset=utf-8
      etag: W/"dc784efb5a37d790f2a72f88f4c44987c9d13f6f4d248c07c25b90c8f9b78683"
      strict-transport-security: max-age=31536000
      x-content-type-options: nosniff
      x-frame-options: deny
      x-xss-protection: 1; mode=block
      x-github-request-id: 0CF6:EBB6:BD9392:C60BE9:650153AC
      accept-ranges: bytes
      date: Tue, 19 Sep 2023 21:52:22 GMT
      via: 1.1 varnish
      x-served-by: cache-ams21073-AMS
      x-cache: HIT
      x-cache-hits: 1
      x-timer: S1695160342.239887,VS0,VE1
      vary: Authorization,Accept-Encoding,Origin
      access-control-allow-origin: *
      cross-origin-resource-policy: cross-origin
      x-fastly-request-id: c193151212d140f737e98de6deade3960657f8b8
      expires: Tue, 19 Sep 2023 21:57:22 GMT
      source-age: 2
      content-length: 19130
    • flag-us
      GET
      https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw
      Remote address:
      185.199.109.133:443
      Request
      GET /xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw HTTP/2.0
      host: gist.githubusercontent.com
      accept-encoding: gzip
      user-agent: okhttp/3.9.1
      Response
      HTTP/2.0 200
      cache-control: max-age=300
      content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
      content-type: text/plain; charset=utf-8
      etag: W/"dc784efb5a37d790f2a72f88f4c44987c9d13f6f4d248c07c25b90c8f9b78683"
      strict-transport-security: max-age=31536000
      x-content-type-options: nosniff
      x-frame-options: deny
      x-xss-protection: 1; mode=block
      x-github-request-id: 0CF6:EBB6:BD9392:C60BE9:650153AC
      accept-ranges: bytes
      date: Tue, 19 Sep 2023 21:52:26 GMT
      via: 1.1 varnish
      x-served-by: cache-ams21073-AMS
      x-cache: HIT
      x-cache-hits: 2
      x-timer: S1695160347.702002,VS0,VE0
      vary: Authorization,Accept-Encoding,Origin
      access-control-allow-origin: *
      cross-origin-resource-policy: cross-origin
      x-fastly-request-id: d18b40a5990959da1dbfe9f8de82c566a69b68bc
      expires: Tue, 19 Sep 2023 21:57:26 GMT
      source-age: 6
      content-length: 19130
    • flag-us
      GET
      https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw
      Remote address:
      185.199.109.133:443
      Request
      GET /xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw HTTP/2.0
      host: gist.githubusercontent.com
      accept-encoding: gzip
      user-agent: okhttp/3.9.1
      Response
      HTTP/2.0 200
      cache-control: max-age=300
      content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
      content-type: text/plain; charset=utf-8
      etag: W/"dc784efb5a37d790f2a72f88f4c44987c9d13f6f4d248c07c25b90c8f9b78683"
      strict-transport-security: max-age=31536000
      x-content-type-options: nosniff
      x-frame-options: deny
      x-xss-protection: 1; mode=block
      x-github-request-id: 0CF6:EBB6:BD9392:C60BE9:650153AC
      accept-ranges: bytes
      date: Tue, 19 Sep 2023 21:52:41 GMT
      via: 1.1 varnish
      x-served-by: cache-ams21073-AMS
      x-cache: HIT
      x-cache-hits: 3
      x-timer: S1695160361.279584,VS0,VE0
      vary: Authorization,Accept-Encoding,Origin
      access-control-allow-origin: *
      cross-origin-resource-policy: cross-origin
      x-fastly-request-id: 8e7d645fa83a86da60a7e638cb0053be0e2c9e56
      expires: Tue, 19 Sep 2023 21:57:41 GMT
      source-age: 21
      content-length: 19130
    • flag-us
      DNS
      infinitedata-pa.googleapis.com
      Remote address:
      1.1.1.1:53
      Request
      infinitedata-pa.googleapis.com
      IN A
      Response
      infinitedata-pa.googleapis.com
      IN A
      142.251.36.10
      infinitedata-pa.googleapis.com
      IN A
      216.58.214.10
      infinitedata-pa.googleapis.com
      IN A
      142.250.179.202
      infinitedata-pa.googleapis.com
      IN A
      172.217.23.202
      infinitedata-pa.googleapis.com
      IN A
      142.250.179.170
      infinitedata-pa.googleapis.com
      IN A
      172.217.168.202
      infinitedata-pa.googleapis.com
      IN A
      172.217.168.234
      infinitedata-pa.googleapis.com
      IN A
      142.250.179.138
      infinitedata-pa.googleapis.com
      IN A
      142.251.36.42
      infinitedata-pa.googleapis.com
      IN A
      142.251.39.106
    • flag-us
      DNS
      googleads.g.doubleclick.net
      Remote address:
      1.1.1.1:53
      Request
      googleads.g.doubleclick.net
      IN A
    • flag-us
      DNS
      googleads.g.doubleclick.net
      Remote address:
      1.1.1.1:53
      Request
      googleads.g.doubleclick.net
      IN A
    • flag-us
      DNS
      ssl.google-analytics.com
      Remote address:
      1.1.1.1:53
      Request
      ssl.google-analytics.com
      IN A
      Response
      ssl.google-analytics.com
      IN A
      142.251.39.104
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
      Response
      android.apis.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      142.251.36.46
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      googleads.g.doubleclick.net
      Remote address:
      1.1.1.1:53
      Request
      googleads.g.doubleclick.net
      IN A
      Response
      googleads.g.doubleclick.net
      IN A
      142.251.36.34
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      www.googletagservices.com
      Remote address:
      1.1.1.1:53
      Request
      www.googletagservices.com
      IN A
    • flag-us
      DNS
      www.googletagservices.com
      Remote address:
      1.1.1.1:53
      Request
      www.googletagservices.com
      IN A
    • flag-us
      DNS
      lh3.googleusercontent.com
      Remote address:
      1.1.1.1:53
      Request
      lh3.googleusercontent.com
      IN A
      Response
      lh3.googleusercontent.com
      IN CNAME
      googlehosted.l.googleusercontent.com
      googlehosted.l.googleusercontent.com
      IN A
      142.250.179.129
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      www.googletagservices.com
      Remote address:
      1.1.1.1:53
      Request
      www.googletagservices.com
      IN A
    • flag-us
      DNS
      www.googletagservices.com
      Remote address:
      1.1.1.1:53
      Request
      www.googletagservices.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      www.googletagservices.com
      Remote address:
      1.1.1.1:53
      Request
      www.googletagservices.com
      IN A
      Response
      www.googletagservices.com
      IN A
      172.217.23.194
    • flag-us
      DNS
      www.googletagservices.com
      Remote address:
      1.1.1.1:53
      Request
      www.googletagservices.com
      IN A
    • flag-us
      DNS
      www.googletagservices.com
      Remote address:
      1.1.1.1:53
      Request
      www.googletagservices.com
      IN A
    • flag-us
      DNS
      csi.gstatic.com
      Remote address:
      1.1.1.1:53
      Request
      csi.gstatic.com
      IN A
      Response
      csi.gstatic.com
      IN A
      142.250.75.3
    • flag-us
      DNS
      rr5---sn-5hnekn76.googlevideo.com
      Remote address:
      1.1.1.1:53
      Request
      rr5---sn-5hnekn76.googlevideo.com
      IN A
    • flag-us
      DNS
      rr5---sn-5hnekn76.googlevideo.com
      Remote address:
      1.1.1.1:53
      Request
      rr5---sn-5hnekn76.googlevideo.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
    • flag-us
      DNS
      tpc.googlesyndication.com
      Remote address:
      1.1.1.1:53
      Request
      tpc.googlesyndication.com
      IN A
      Response
      tpc.googlesyndication.com
      IN A
      142.250.179.129
    • flag-us
      DNS
      rr5---sn-5hnekn76.googlevideo.com
      Remote address:
      1.1.1.1:53
      Request
      rr5---sn-5hnekn76.googlevideo.com
      IN A
      Response
      rr5---sn-5hnekn76.googlevideo.com
      IN CNAME
      rr5.sn-5hnekn76.googlevideo.com
      rr5.sn-5hnekn76.googlevideo.com
      IN A
      209.85.226.10
    • flag-us
      DNS
      rr5---sn-5hnekn76.googlevideo.com
      Remote address:
      1.1.1.1:53
      Request
      rr5---sn-5hnekn76.googlevideo.com
      IN A
    • flag-us
      DNS
      rr5---sn-5hnekn76.googlevideo.com
      Remote address:
      1.1.1.1:53
      Request
      rr5---sn-5hnekn76.googlevideo.com
      IN A
    • flag-nl
      GET
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdk
      Remote address:
      209.85.226.10:443
      Request
      GET /videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdk HTTP/1.1
      User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
      Accept-Encoding: identity
      Host: rr5---sn-5hnekn76.googlevideo.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Last-Modified: Mon, 24 Jul 2023 23:14:28 GMT
      Content-Type: video/webm
      Date: Tue, 19 Sep 2023 21:53:08 GMT
      Expires: Tue, 19 Sep 2023 21:53:08 GMT
      Cache-Control: private, max-age=28468
      Accept-Ranges: bytes
      Content-Length: 421821
      Connection: close
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
      Vary: Origin
      Cross-Origin-Resource-Policy: cross-origin
      X-Content-Type-Options: nosniff
      Server: gvs 1.0
    • flag-nl
      GET
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdk
      Remote address:
      209.85.226.10:443
      Request
      GET /videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdk HTTP/1.1
      User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
      Accept-Encoding: identity
      Host: rr5---sn-5hnekn76.googlevideo.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Last-Modified: Mon, 24 Jul 2023 23:06:05 GMT
      Content-Type: audio/mp4
      Date: Tue, 19 Sep 2023 21:53:08 GMT
      Expires: Tue, 19 Sep 2023 21:53:08 GMT
      Cache-Control: private, max-age=28468
      Accept-Ranges: bytes
      Content-Length: 163871
      Connection: close
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
      Vary: Origin
      Cross-Origin-Resource-Policy: cross-origin
      X-Content-Type-Options: nosniff
      Server: gvs 1.0
    • flag-nl
      GET
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdk
      Remote address:
      209.85.226.10:443
      Request
      GET /videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdk HTTP/1.1
      User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
      Accept-Encoding: identity
      Host: rr5---sn-5hnekn76.googlevideo.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Last-Modified: Mon, 24 Jul 2023 23:06:05 GMT
      Content-Type: audio/mp4
      Date: Tue, 19 Sep 2023 21:53:08 GMT
      Expires: Tue, 19 Sep 2023 21:53:08 GMT
      Cache-Control: private, max-age=28474
      Accept-Ranges: bytes
      Content-Length: 163871
      Connection: close
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
      Vary: Origin
      Cross-Origin-Resource-Policy: cross-origin
      X-Content-Type-Options: nosniff
      Server: gvs 1.0
    • flag-nl
      GET
      https://googleads.g.doubleclick.net/pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0
      Remote address:
      142.251.36.34:443
      Request
      GET /pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0 HTTP/1.1
      User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
      Host: googleads.g.doubleclick.net
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Response
      HTTP/1.1 200 OK
      P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
      Timing-Allow-Origin: *
      Cross-Origin-Resource-Policy: cross-origin
      Date: Tue, 19 Sep 2023 21:53:11 GMT
      Pragma: no-cache
      Expires: Fri, 01 Jan 1990 00:00:00 GMT
      Cache-Control: no-cache, must-revalidate
      Content-Type: image/gif
      Access-Control-Allow-Origin: *
      X-Content-Type-Options: nosniff
      Server: cafe
      Content-Length: 42
      X-XSS-Protection: 0
      Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Sep-2023 22:08:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    • flag-nl
      GET
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdk
      Remote address:
      209.85.226.10:443
      Request
      GET /videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdk HTTP/1.1
      User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
      Accept-Encoding: identity
      Host: rr5---sn-5hnekn76.googlevideo.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Last-Modified: Mon, 24 Jul 2023 23:14:28 GMT
      Content-Type: video/webm
      Date: Tue, 19 Sep 2023 21:53:18 GMT
      Expires: Tue, 19 Sep 2023 21:53:18 GMT
      Cache-Control: private, max-age=28464
      Accept-Ranges: bytes
      Content-Length: 421821
      Connection: close
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
      Vary: Origin
      Cross-Origin-Resource-Policy: cross-origin
      X-Content-Type-Options: nosniff
      Server: gvs 1.0
    • flag-nl
      GET
      https://googleads.g.doubleclick.net/pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0
      Remote address:
      142.251.36.34:443
      Request
      GET /pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0 HTTP/1.1
      User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36 (Mobile; afma-sdk-a-v210890000.210890000.0)
      Host: googleads.g.doubleclick.net
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Response
      HTTP/1.1 200 OK
      P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
      Timing-Allow-Origin: *
      Cross-Origin-Resource-Policy: cross-origin
      Date: Tue, 19 Sep 2023 21:53:20 GMT
      Pragma: no-cache
      Expires: Fri, 01 Jan 1990 00:00:00 GMT
      Cache-Control: no-cache, must-revalidate
      Content-Type: image/gif
      Access-Control-Allow-Origin: *
      X-Content-Type-Options: nosniff
      Server: cafe
      Content-Length: 42
      X-XSS-Protection: 0
      Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Sep-2023 22:08:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    • 185.199.109.133:443
      https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw
      tls, http2
      2.2kB
      65.6kB
      24
      27

      HTTP Request

      GET https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw

      HTTP Response

      200

      HTTP Request

      GET https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw

      HTTP Response

      200

      HTTP Request

      GET https://gist.githubusercontent.com/xC3FFF0E/5268182b9bc89832a9cfbe2eb0568c3c/raw

      HTTP Response

      200
    • 142.251.39.104:443
      ssl.google-analytics.com
      tls
      1.2kB
      5.6kB
      7
      5
    • 142.251.36.46:443
      android.apis.google.com
      tls
      11.9kB
      18.5kB
      63
      64
    • 142.251.36.46:443
      android.apis.google.com
      tls
      9.3kB
      16.2kB
      40
      54
    • 142.251.36.34:443
      googleads.g.doubleclick.net
      tls
      4.6kB
      182.6kB
      55
      72
    • 142.251.36.34:443
      googleads.g.doubleclick.net
      tls
      8.1kB
      98.1kB
      35
      55
    • 142.251.36.34:443
      googleads.g.doubleclick.net
      tls
      7.8kB
      146.7kB
      63
      80
    • 142.250.179.129:443
      lh3.googleusercontent.com
      tls
      4.1kB
      63.8kB
      37
      54
    • 142.251.36.46:443
      android.apis.google.com
      tls
      1.5kB
      1.9kB
      8
      8
    • 172.217.23.194:443
      www.googletagservices.com
      tls
      2.5kB
      39.8kB
      21
      27
    • 142.250.75.3:443
      csi.gstatic.com
      tls
      14.9kB
      10.5kB
      46
      69
    • 142.250.75.3:443
      csi.gstatic.com
      tls
      1.0kB
      5.3kB
      9
      6
    • 209.85.226.10:443
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdk
      tls, http
      4.5kB
      433.3kB
      54
      81

      HTTP Request

      GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAOjUMDciVfu6LtJyJ4W9ZblvIfeOYx3CCuj4XvLWgiwMAiAG3OK4moV6G3AFPfF1uk4FsnkU1jQ1WPb2C4HjfKlItA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgC1mRHDnAUlHo6BCo4H1LZ0svnVLCXMjgJqfGkwUox2wCIQCoHRl8SJvOrGWTVRTbLPgKD__9addVkClKLjbAhYcxsA%3D%3D&ic=gmasdk

      HTTP Response

      200
    • 209.85.226.10:443
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdk
      tls, http
      3.6kB
      171.9kB
      36
      39

      HTTP Request

      GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189156&ei=JBgKZdu4Od-hx_APv4yFmAU&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=5_XCfnCpJiOoNFsv&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgNuy9otbhuh0Dh3GcX2bHzBA-AKdKvPeSQA1NBRfgYxcCIFbmsToSB-OdYCcDOssqsoCmz7Mj39Z7H05G5Ajy6Rvn&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIhAK2dUJP6lS2HtCfDyaFwchB3XnqkOFz4lYt8K4bNMPBWAiApXuA0a1TELZG7h9QkJK0sDiTgdkNWbtD0IBmTInt7xg%3D%3D&ic=gmasdk

      HTTP Response

      200
    • 209.85.226.10:443
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdk
      tls, http
      3.7kB
      172.0kB
      39
      42

      HTTP Request

      GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=140&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=audio%2Fmp4&vprv=1&gir=yes&clen=163871&dur=10.077&lmt=1690239965230579&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgG3L2QtPAt7ceFEPkYF3v0BiTdgyAPSpq5ya4oeQLdVUCIDYYzhP0eOIgkiz4VlLkf_bE6kkyiIPlGoZgLIcZD4HD&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgGyhsFxHZBqb88hwJQbXVHOuw5Nxa-_7Q0XsS8pHxWQ8CIQCJPqtwVa5f5aJaQQoxaIzjmDT-H6lkObahkmiq9mSLBw%3D%3D&ic=gmasdk

      HTTP Response

      200
    • 142.251.36.34:443
      https://googleads.g.doubleclick.net/pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0
      tls, http
      2.8kB
      6.3kB
      11
      8

      HTTP Request

      GET https://googleads.g.doubleclick.net/pagead/interaction/?ai=CvgbNIxgKZaH5NKSPjuwP88-asALb1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoE0AFP0JtRVZWa8Nvcg1uhzow8-b1gqyBGLL1jWs0FtBG7BC0Db5u7vSD5V6ZX8JSK-dMwxubRhyCrecstm3ohR4K-qTAHo4PAowGlbxkRwsnT27CIQe61P4epDUGCnh_I9kOzCBDymVDolO9ZEuBk5Gkwmx0tpmyRS5mPNUG8DtZtFLbKp8f3w4fgsakn8fRl8jLWQDnvDDnxJiKs8og5wnrtunEJKD9ElIr1kKC4WkfkMJd19I2KOZ_hCOPXMzw66AB3v3dXooHYO9n6WY6uVxThwATCuK_EmQSIBdDEuf9KwAVxkAYBoAYcsAYBgAeE0r6MAZgHAagHzZuxAqgHmZ2xAqgHpr4bqAfVyRuoB6EBqAetyhuoB67NG6gH_p6xAqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB47cG6gHyZyxArgHvNjJouzOivoCwAf11APYBwH6Bxhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHmYCAGgCKCipwSoCAGwCAK4CAHSCBQIgGEQARhfMgKKAjoCgEBIvf3BOrEJCB5ar1KsPjOACgKQCwWYDMqZ2J6xBKoNAlVTuBOxA4IUJBoibW9iaWxlYXBwOjoyLWNvbS54YzNmZmYwZS54bWFuYWdlcogUEdAVAdgVAZgWAcoWUwoYY29tLnpoaWxpYW9hcHAubXVzaWNhbGx5GjEI6Y6Clfeop_8OEOPLmdWEkt_WIxgBIAEqFWNvbS54YzNmZmYwZS54bWFuYWdlcjAEIOn8AygB-BYBgBcBshcaChgIABIUcHViLTMzMTk1NDg0ODMzNDY0MzQ&sigh=P_FacPO_vIY&cid=CAQShgEAaQJSVtXeCZJjsXJEX3BdHFmEaz44NTMbmYmkSwl0eKcsHdUG49arhsMCOEQ4376PTXn43qnjCEL0PC8a0rZOnHdOxlNNsqawfBWJgAG0FkDiD98aToICsvBBbtqnfF_66TPK5M_13Ny2601lSfA4EdoMYSr4wc0sQRVBnWSWBp08IrZVAw&label=admob_mediation_request_fill_result&mediation_fill_status=.0.33742&smc_index=0

      HTTP Response

      200
    • 209.85.226.10:443
      https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdk
      tls, http
      8.4kB
      434.0kB
      99
      113

      HTTP Request

      GET https://rr5---sn-5hnekn76.googlevideo.com/videoplayback?expire=1695189162&ei=KhgKZeG7Dbi66dsPmKuC-AQ&ip=154.61.71.13&id=8717c5ccab3fabb0&itag=247&source=youtube&requiressl=yes&mh=Dn&mm=31&mn=sn-5hnekn76&ms=au&mv=u&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video%2Fwebm&vprv=1&gir=yes&clen=421821&dur=10.000&lmt=1690240468128085&mt=1695158753&cpn=UlVSAsbmOfs550c5&txp=553D434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csusc%2Cacao%2Cctier%2Cmime%2Cvprv%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAJfPS1zDcb1Qfyltjc9z4FQMinzbXHN88MliKeOLfPSEAiEAvF7Kerx17cm9pgiDQuJZNHH2BSw4L3B_VZftzg8UTVI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRQIgH7ImRSNqcNx6_7GhHYLbtmKpmI09SIojsPmhf_1hhdUCIQCy-wGnX28W-H4YOOMP8fVdMqT0v0-x-RRB3zuXhjpXNg%3D%3D&ic=gmasdk

      HTTP Response

      200
    • 142.251.36.34:443
      https://googleads.g.doubleclick.net/pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0
      tls, http
      2.8kB
      2.0kB
      10
      7

      HTTP Request

      GET https://googleads.g.doubleclick.net/pagead/interaction/?ai=CqEeGKRgKZZL2N9-PjuwPjdKXsA7b1pvncrSk5PT9EcCNtwEQASCL5_9KYMmGgICAgKAZoAGc38mJA6gDAcgDCKoEzwFP0AJx8Kx63d1Xi49IYdi3inTOzEVSm_0OxEAbQ45F380TnmKO2nMGWj0lrjwJdxctehYht_wtvhLS5hCxl-QLE8vfqtb9JG6KM1FnO0WdSQCUgD-jP5Irsei4s2yM3Ldlg9-ZsDmdjiW6e0ERLAJ49vYgF1SZ2C7VN-ezNGS7j4Frikr-WWVDL5Jeaw9f_d_HSRzFoaV-mZ9Oj2FoRE3lu5GcqQ83EA-eMwDNs6NALQSahf0U4afDpsS2qhpsKAtxazOq4Z25xA43TUj1WTjABMK4r8SZBIgF0MS5_0rABXGQBgGgBhywBgGAB4TSvowBmAcBqAfNm7ECqAeZnbECqAemvhuoB9XJG6gHoQGoB63KG6gHrs0bqAf-nrECqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHjtwbqAfJnLECuAe82Mmi7M6K-gLAB_XUA9gHAfoHGGNvbS56aGlsaWFvYXBwLm11c2ljYWxseZgIAaAIoKKnBKgIAbAIArgIAdIIFAiAYRABGF8yAooCOgKAQEi9_cE6sQkIHlqvUqw-M4AKApALBZgMypnYnrEEqg0CVVO4E7EDghQkGiJtb2JpbGVhcHA6OjItY29tLnhjM2ZmZjBlLnhtYW5hZ2VyiBQR0BUB2BUBmBYByhZTChhjb20uemhpbGlhb2FwcC5tdXNpY2FsbHkaMQjpjoKV96in_w4Q48uZ1YSS39YjGAEgASoVY29tLnhjM2ZmZjBlLnhtYW5hZ2VyMAQg6fwDKAH4FgGAFwGyFxoKGAgAEhRwdWItMzMxOTU0ODQ4MzM0NjQzNA&sigh=Q5MIIrBbAz8&cid=CAQShgEAaQJSVh4L5gUQw6s5OdzBS2CKM25f5fBE97uLs0MeZ0iFo_TvxlBb0JQU6ThWalYmtvq4ByMnL0tPk-ZtYr-_B1Fh6d78qM9RTqeWtijzo4QWOzEgf_xCrQQadJJOqD2ire-iXOMbWbE-0g_RRyMzj6PX8irgdRhbK-gMH3aSbiOJp5DX8g&label=admob_mediation_request_fill_result&mediation_fill_status=.0.38118&smc_index=0

      HTTP Response

      200
    • 224.0.0.251:5353
      3.3kB
      10
    • 1.1.1.1:53
      android.apis.google.com
      dns
      69 B
      1

      DNS Request

      android.apis.google.com

    • 1.1.1.1:53
      infinitedata-pa.googleapis.com
      dns
      76 B
      1

      DNS Request

      infinitedata-pa.googleapis.com

    • 1.1.1.1:53
      android.apis.google.com
      dns
      138 B
      2

      DNS Request

      android.apis.google.com

      DNS Request

      android.apis.google.com

    • 1.1.1.1:53
      gist.githubusercontent.com
      dns
      72 B
      136 B
      1
      1

      DNS Request

      gist.githubusercontent.com

      DNS Response

      185.199.109.133
      185.199.110.133
      185.199.108.133
      185.199.111.133

    • 1.1.1.1:53
      infinitedata-pa.googleapis.com
      dns
      76 B
      236 B
      1
      1

      DNS Request

      infinitedata-pa.googleapis.com

      DNS Response

      142.251.36.10
      216.58.214.10
      142.250.179.202
      172.217.23.202
      142.250.179.170
      172.217.168.202
      172.217.168.234
      142.250.179.138
      142.251.36.42
      142.251.39.106

    • 1.1.1.1:53
      googleads.g.doubleclick.net
      dns
      146 B
      2

      DNS Request

      googleads.g.doubleclick.net

      DNS Request

      googleads.g.doubleclick.net

    • 1.1.1.1:53
      ssl.google-analytics.com
      dns
      70 B
      86 B
      1
      1

      DNS Request

      ssl.google-analytics.com

      DNS Response

      142.251.39.104

    • 1.1.1.1:53
      android.apis.google.com
      dns
      69 B
      109 B
      1
      1

      DNS Request

      android.apis.google.com

      DNS Response

      142.251.36.46

    • 1.1.1.1:53
      android.apis.google.com
      dns
      138 B
      2

      DNS Request

      android.apis.google.com

      DNS Request

      android.apis.google.com

    • 1.1.1.1:53
      android.apis.google.com
      dns
      138 B
      2

      DNS Request

      android.apis.google.com

      DNS Request

      android.apis.google.com

    • 1.1.1.1:53
      googleads.g.doubleclick.net
      dns
      73 B
      89 B
      1
      1

      DNS Request

      googleads.g.doubleclick.net

      DNS Response

      142.251.36.34

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      142 B
      2

      DNS Request

      tpc.googlesyndication.com

      DNS Request

      tpc.googlesyndication.com

    • 1.1.1.1:53
      www.googletagservices.com
      dns
      142 B
      2

      DNS Request

      www.googletagservices.com

      DNS Request

      www.googletagservices.com

    • 1.1.1.1:53
      lh3.googleusercontent.com
      dns
      71 B
      116 B
      1
      1

      DNS Request

      lh3.googleusercontent.com

      DNS Response

      142.250.179.129

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      142 B
      2

      DNS Request

      tpc.googlesyndication.com

      DNS Request

      tpc.googlesyndication.com

    • 1.1.1.1:53
      www.googletagservices.com
      dns
      142 B
      2

      DNS Request

      www.googletagservices.com

      DNS Request

      www.googletagservices.com

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      142 B
      2

      DNS Request

      tpc.googlesyndication.com

      DNS Request

      tpc.googlesyndication.com

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      142 B
      2

      DNS Request

      tpc.googlesyndication.com

      DNS Request

      tpc.googlesyndication.com

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      142 B
      2

      DNS Request

      tpc.googlesyndication.com

      DNS Request

      tpc.googlesyndication.com

    • 1.1.1.1:53
      www.googletagservices.com
      dns
      71 B
      87 B
      1
      1

      DNS Request

      www.googletagservices.com

      DNS Response

      172.217.23.194

    • 1.1.1.1:53
      www.googletagservices.com
      dns
      142 B
      2

      DNS Request

      www.googletagservices.com

      DNS Request

      www.googletagservices.com

    • 1.1.1.1:53
      csi.gstatic.com
      dns
      61 B
      77 B
      1
      1

      DNS Request

      csi.gstatic.com

      DNS Response

      142.250.75.3

    • 1.1.1.1:53
      rr5---sn-5hnekn76.googlevideo.com
      dns
      158 B
      2

      DNS Request

      rr5---sn-5hnekn76.googlevideo.com

      DNS Request

      rr5---sn-5hnekn76.googlevideo.com

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      142 B
      2

      DNS Request

      tpc.googlesyndication.com

      DNS Request

      tpc.googlesyndication.com

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      142 B
      2

      DNS Request

      tpc.googlesyndication.com

      DNS Request

      tpc.googlesyndication.com

    • 1.1.1.1:53
      tpc.googlesyndication.com
      dns
      71 B
      87 B
      1
      1

      DNS Request

      tpc.googlesyndication.com

      DNS Response

      142.250.179.129

    • 1.1.1.1:53
      rr5---sn-5hnekn76.googlevideo.com
      dns
      79 B
      125 B
      1
      1

      DNS Request

      rr5---sn-5hnekn76.googlevideo.com

      DNS Response

      209.85.226.10

    • 1.1.1.1:53
      rr5---sn-5hnekn76.googlevideo.com
      dns
      158 B
      2

      DNS Request

      rr5---sn-5hnekn76.googlevideo.com

      DNS Request

      rr5---sn-5hnekn76.googlevideo.com

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.xc3fff0e.xmanager/cache/1613498354782.jar

      Filesize

      9KB

      MD5

      2c84bc0c28d4ac333d267f7a152b4039

      SHA1

      49e67f04004587ae351d5aba4da5f18644746864

      SHA256

      1eea5584eb2332554753b4beec7fe8e972bfb3eeadbe0c05dba33de267f25a00

      SHA512

      44ab6c390cac8b11bf43097293ef73bb620b1466fd671a945639198ea10dea425a0c9443b47752cc0a6689a6f5a7661b35f7a8a350ffcba30a72be60d5f18abd

    • /data/data/com.xc3fff0e.xmanager/cache/image_manager_disk_cache/journal.tmp

      Filesize

      31B

      MD5

      8c92de9ce46d41a22f3b20f77404cc1d

      SHA1

      8671a6dca00edb72be47363a7071be65cf270373

      SHA256

      68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

      SHA512

      30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

    • /data/data/com.xc3fff0e.xmanager/cache/oat/1613498354782.jar.cur.prof

      Filesize

      156B

      MD5

      c064af9c3111621a531c9aed816a83db

      SHA1

      d9cf4c8500c328bf40dfd196b1eaec1e4dfab526

      SHA256

      49f018e34ebf079675b1de71e802881bbd9971db7fa941fad1b12dd8abb604a9

      SHA512

      dd0d303d6b7ad280ff22a0fc1626228f7686c39e37e85ec69dec232b00c56088fa855fc4e66b4cc93f411b243462322e4fd6513c666981659ad774be793af89d

    • /data/user/0/com.xc3fff0e.xmanager/cache/1613498354782.jar

      Filesize

      21KB

      MD5

      86ce3683020b3f28f4110aac9c769ff7

      SHA1

      876e0686440524927639a4797b2f13b12a26ce4a

      SHA256

      be852340e03b169a28811d1ff41582d19638d9fc0540f237ecb960c45bd07071

      SHA512

      04d03a9963ba49adf5d0d26a21b57e85e21416fcc3d479ce7522149d45f5ab630ff78e590e724695fe29850b08b4dccfa5051daf5d4e4afd9384f7183f887ddc

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.