Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/eac4inflb7kpkme/ready.apk/file was found to be: Known bad.
Malicious Activity Summary
Spynote
Declares services with permission to bind to the system
Requests dangerous framework permissions
Declares broadcast receivers with permission to handle system events
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-25 17:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-25 17:58
Reported
2024-03-25 18:02
Platform
android-x64-arm64-20240221-en
Max time kernel
192s
Max time network
212s
Command Line
Signatures
Spynote
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by VPN services to bind with the system. Allows apps to provision VPN services. | android.permission.BIND_VPN_SERVICE | N/A | N/A |
| Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). | android.permission.BIND_INPUT_METHOD | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Processes
com.android.chrome
com.android.chrome
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | udp | |
| GB | 172.217.169.46:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.16.234:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | the.gatekeeperconsent.com | udp |
| US | 172.64.135.21:443 | the.gatekeeperconsent.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 1.1.1.1:53 | privacy.gatekeeperconsent.com | udp |
| US | 1.1.1.1:53 | www.ezojs.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.64.135.21:443 | privacy.gatekeeperconsent.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| US | 172.64.97.6:443 | www.ezojs.com | tcp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 1.1.1.1:53 | cdn.amplitude.com | udp |
| US | 1.1.1.1:53 | static.mediafire.com | udp |
| GB | 142.250.179.238:443 | translate.google.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| FR | 13.224.57.60:443 | cdn.amplitude.com | tcp |
| US | 1.1.1.1:53 | cdn.otnolatrnup.com | udp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.200.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 1.1.1.1:53 | ad-delivery.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 1.1.1.1:53 | api.amplitude.com | udp |
| US | 1.1.1.1:53 | translate.googleapis.com | udp |
| US | 54.191.91.13:443 | api.amplitude.com | tcp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | cdn.otnolatrnup.com | udp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 1.1.1.1:53 | go.ezodn.com | udp |
| US | 172.64.175.21:443 | go.ezodn.com | tcp |
| US | 172.64.175.21:443 | go.ezodn.com | tcp |
| US | 172.64.175.21:443 | go.ezodn.com | tcp |
| US | 1.1.1.1:53 | g.ezodn.com | udp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | ads.pubmatic.com | udp |
| GB | 216.58.212.226:443 | securepubads.g.doubleclick.net | tcp |
| GB | 2.23.160.192:443 | ads.pubmatic.com | tcp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | otnolatrnup.com | udp |
| US | 1.1.1.1:53 | translate-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | bshr.ezodn.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | analytics.google.com | udp |
| US | 1.1.1.1:53 | tags.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | ad.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | bcp.crwdcntrl.net | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| IE | 52.211.99.1:443 | bcp.crwdcntrl.net | tcp |
| IE | 99.80.254.97:443 | bcp.crwdcntrl.net | tcp |
| US | 1.1.1.1:53 | bshr.ezodn.com | udp |
| US | 172.64.174.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | nruhpoyqhwat | udp |
| US | 1.1.1.1:53 | kqnyofiklsbpyg | udp |
| US | 1.1.1.1:53 | rbeqhlggseyux | udp |
| GB | 142.250.187.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| US | 1.1.1.1:53 | htlb.casalemedia.com | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | 2c694d299d3082a124fe4c05c3f33e0e.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | cdn.ampproject.org | udp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| US | 1.1.1.1:53 | 2c694d299d3082a124fe4c05c3f33e0e.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.1:443 | 2c694d299d3082a124fe4c05c3f33e0e.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| US | 1.1.1.1:53 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigl6nzl.gvt1.com | udp |
| GB | 74.125.168.169:443 | r4---sn-aigl6nzl.gvt1.com | tcp |
| US | 1.1.1.1:53 | download1514.mediafire.com | udp |
| US | 205.196.123.202:443 | download1514.mediafire.com | tcp |
| US | 205.196.123.202:443 | download1514.mediafire.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.39:443 | r2---sn-aigl6nsd.gvt1.com | tcp |
| US | 1.1.1.1:53 | xml-v4.trafficmoose.com | udp |
| US | 174.137.133.16:80 | xml-v4.trafficmoose.com | tcp |
| US | 174.137.133.16:80 | xml-v4.trafficmoose.com | tcp |
| US | 1.1.1.1:53 | 92274df4b6c58a86fc25e15b21894cdd.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 92274df4b6c58a86fc25e15b21894cdd.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7l.gvt1.com | udp |
| GB | 173.194.5.234:443 | r5---sn-aigzrn7l.gvt1.com | tcp |
| US | 1.1.1.1:53 | adserving.unibet.com | udp |
| US | 13.107.246.64:443 | adserving.unibet.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| US | 1.1.1.1:53 | r4---sn-aigl6nzk.gvt1.com | udp |
| US | 1.1.1.1:53 | www.unibet.co.uk | udp |
| MT | 85.184.96.0:443 | www.unibet.co.uk | tcp |
| US | 1.1.1.1:53 | welcome.unibet.co.uk | udp |
| US | 104.18.43.104:443 | welcome.unibet.co.uk | tcp |
| US | 1.1.1.1:53 | a1s-cdn.unibet.com | udp |
| US | 1.1.1.1:53 | ajax.googleapis.com | udp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| MT | 85.184.96.5:443 | a1s-cdn.unibet.com | tcp |
| US | 1.1.1.1:53 | a1s.unibet.com | udp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| GB | 74.125.175.105:443 | r4---sn-aigl6nzk.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigl6nzs.gvt1.com | udp |
| GB | 74.125.175.73:443 | r4---sn-aigl6nzs.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigl6ns6.gvt1.com | udp |
| GB | 74.125.105.7:443 | r2---sn-aigl6ns6.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigl6nzr.gvt1.com | udp |
| GB | 74.125.175.138:443 | r5---sn-aigl6nzr.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6nzl.gvt1.com | udp |
| GB | 74.125.168.166:443 | r1---sn-aigl6nzl.gvt1.com | tcp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| US | 1.1.1.1:53 | connect.facebook.net | udp |
| US | 1.1.1.1:53 | secure.adnxs.com | udp |
| GB | 157.240.221.16:443 | connect.facebook.net | tcp |
| DE | 37.252.172.123:443 | secure.adnxs.com | tcp |
| US | 1.1.1.1:53 | unibet.co.uk | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| US | 1.1.1.1:53 | use.fontawesome.com | udp |
| US | 172.64.207.38:443 | use.fontawesome.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | api.amplitude.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.162.174.19:443 | api.amplitude.com | tcp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 1.1.1.1:53 | download1514.mediafire.com | udp |
| US | 205.196.123.202:443 | download1514.mediafire.com | tcp |
| US | 205.196.123.202:443 | download1514.mediafire.com | tcp |
| US | 35.162.174.19:443 | api.amplitude.com | tcp |
| US | 1.1.1.1:53 | otnolatrnup.com | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | bshr.ezodn.com | udp |
| US | 172.64.174.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | ad.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| IE | 52.50.52.56:443 | ad.crwdcntrl.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 172.64.174.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | translate-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| US | 1.1.1.1:53 | analytics.google.com | udp |
| GB | 142.250.180.14:443 | analytics.google.com | tcp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| US | 1.1.1.1:53 | htlb.casalemedia.com | udp |
| US | 1.1.1.1:53 | btlr.sharethrough.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 18.192.77.154:443 | btlr.sharethrough.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 1.1.1.1:53 | vxpnhpfrmz | udp |
| US | 1.1.1.1:53 | cdmlngnv | udp |
| US | 1.1.1.1:53 | zggapjbsqbts | udp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 172.64.174.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | fa32312d00b2f3004605bed60a90ec70.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.1:443 | fa32312d00b2f3004605bed60a90ec70.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | 4b7ceb86d69df0f4296c901cb18d485c.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | 4b7ceb86d69df0f4296c901cb18d485c.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | 4b7ceb86d69df0f4296c901cb18d485c.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | bcp.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| JP | 216.58.220.131:443 | csi.gstatic.com | tcp |
| JP | 216.58.220.131:443 | csi.gstatic.com | tcp |
| US | 1.1.1.1:53 | translate.googleapis.com | udp |
| PL | 83.30.40.183:7771 | tcp | |
| US | 1.1.1.1:53 | temp-mail.org | udp |
| US | 172.67.73.98:443 | temp-mail.org | tcp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 1.1.1.1:53 | cdn.paddle.com | udp |
| US | 1.1.1.1:53 | cdn4.buysellads.net | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.66.43.196:443 | cdn.paddle.com | tcp |
| GB | 46.101.85.187:443 | cdn4.buysellads.net | tcp |
| US | 1.1.1.1:53 | web2.temp-mail.org | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| US | 104.26.7.95:443 | web2.temp-mail.org | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 1.1.1.1:53 | c.amazon-adsystem.com | udp |
| IE | 18.66.167.55:443 | c.amazon-adsystem.com | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| IE | 18.66.167.55:443 | c.amazon-adsystem.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 1.1.1.1:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| IE | 18.66.167.55:443 | c.amazon-adsystem.com | tcp |
| US | 1.1.1.1:53 | config.aps.amazon-adsystem.com | udp |
| DE | 18.245.31.65:443 | config.aps.amazon-adsystem.com | tcp |
| US | 1.1.1.1:53 | tags.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | secure.cdn.fastclick.net | udp |
| US | 1.1.1.1:53 | srv.buysellads.com | udp |
| GB | 64.227.34.52:443 | srv.buysellads.com | tcp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| US | 1.1.1.1:53 | hb-api.omnitagjs.com | udp |
| US | 1.1.1.1:53 | pbjs.e-planning.net | udp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 1.1.1.1:53 | prg.smartadserver.com | udp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| US | 1.1.1.1:53 | onetag-sys.com | udp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 1.1.1.1:53 | 408613d7b63041852ed4b2446f97bafc.safeframe.googlesyndication.com | udp |
| NL | 18.239.18.118:443 | tags.crwdcntrl.net | tcp |
| US | 1.1.1.1:53 | hb.yellowblue.io | udp |
| NL | 52.222.139.33:443 | hb.yellowblue.io | tcp |
| US | 1.1.1.1:53 | mp.4dex.io | udp |
| GB | 142.250.187.193:443 | 408613d7b63041852ed4b2446f97bafc.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | bidder.criteo.com | udp |
| GB | 142.250.187.193:443 | 408613d7b63041852ed4b2446f97bafc.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 1.1.1.1:53 | rt.marphezis.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 1.1.1.1:53 | prebid.media.net | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 1.1.1.1:53 | ib.adnxs.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| US | 1.1.1.1:53 | aax.amazon-adsystem.com | udp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| US | 1.1.1.1:53 | c.4dex.io | udp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 18.245.185.228:443 | aax.amazon-adsystem.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 1.1.1.1:53 | bcp.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | cdn.hadronid.net | udp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | cdn.id5-sync.com | udp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| IE | 52.215.126.161:443 | bcp.crwdcntrl.net | tcp |
| US | 1.1.1.1:53 | script.4dex.io | udp |
| US | 1.1.1.1:53 | qsearch-a.akamaihd.net | udp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 1.1.1.1:53 | static.criteo.net | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | id.hadron.ad.gt | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | eus.rubiconproject.com | udp |
| US | 1.1.1.1:53 | visitor.omnitagjs.com | udp |
| US | 1.1.1.1:53 | acdn.adnxs.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 1.1.1.1:53 | ads.pubmatic.com | udp |
| GB | 23.219.196.188:443 | ads.pubmatic.com | tcp |
| US | 1.1.1.1:53 | eb2.3lift.com | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 1.1.1.1:53 | secure.adnxs.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | tcp | |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 1.1.1.1:53 | secure-assets.rubiconproject.com | udp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| US | 1.1.1.1:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 1.1.1.1:53 | cadmus.script.ac | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 1.1.1.1:53 | onetag-sys.com | udp |
| US | 1.1.1.1:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 1.1.1.1:53 | a.ad.gt | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| GB | 92.123.242.2:443 | eus.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 1.1.1.1:53 | dis.criteo.com | udp |
| US | 1.1.1.1:53 | api-2-0.spot.im | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 18.239.50.70:443 | api-2-0.spot.im | tcp |
| US | 1.1.1.1:53 | gum.criteo.com | udp |
| US | 1.1.1.1:53 | x.bidswitch.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 1.1.1.1:53 | creativecdn.com | udp |
| US | 1.1.1.1:53 | match.prod.bidr.io | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| IE | 52.17.199.188:443 | match.prod.bidr.io | tcp |
| US | 1.1.1.1:53 | a4e19bffc88a00e5628fdeeca6ebd76d.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | token.rubiconproject.com | udp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| GB | 216.58.212.225:443 | a4e19bffc88a00e5628fdeeca6ebd76d.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | fra1-ib.adnxs.com | udp |
| US | 1.1.1.1:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 216.58.212.225:443 | a4e19bffc88a00e5628fdeeca6ebd76d.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | csync.loopme.me | udp |
| NL | 35.214.160.3:443 | csync.loopme.me | tcp |
| US | 1.1.1.1:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 1.1.1.1:53 | id5-sync.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 1.1.1.1:53 | b1sync.zemanta.com | udp |
| US | 70.42.32.223:443 | b1sync.zemanta.com | tcp |
| US | 1.1.1.1:53 | image8.pubmatic.com | udp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 70.42.32.223:443 | b1sync.zemanta.com | tcp |
Files
/storage/emulated/0/Download/.pending-1711994362-ready.apk (deleted)
| MD5 | 59071590099d21dd439896592338bf95 |
| SHA1 | 6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c |
| SHA256 | 07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541 |
| SHA512 | eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668 |
/storage/emulated/0/Download/.pending-1711994362-ready.apk
| MD5 | 69c2e1516b03c0dfc7e47d8a431915db |
| SHA1 | 6674c6caf412ce7abbb90da7044c83298e9daadc |
| SHA256 | 2a98b192d1a3cd835293b145d406b115994336732770fc22d26c78208887c1bd |
| SHA512 | f2106886d3c3e29ced73c9891b4ce604fb8b67c6a08c63af98d66b0825d54e9516e68531ad1b24fa4d5c761c3ba8e42880d0adcdfbc2486244107e0260b559b6 |
files/dom-0.html
| MD5 | 136d3274fb2e3b959ef9a9b8b758df92 |
| SHA1 | 6633f7c2cacbc4c9de15358932301337a08bdfce |
| SHA256 | 80168da3fdecb1239cecbe1812f4bbdefd4477bd92c90c081355d857f725ba77 |
| SHA512 | b1f758d349fc4b6281188697587b4e01b8c0442ff979326c1dc6b062ec9f80b1035ea0c1c57b089ba8d67f4d05831813f4ec6296a1579770239bad9d4a3b81a4 |
files/dom-1.html
| MD5 | aba238a158f9f4a238ff0365d9bd0f27 |
| SHA1 | 87f104286ea19d5a92969d9276339704fcd83a03 |
| SHA256 | 294ce1689bdf905c5cc7ff7f14e033be7de51c6d1a298cf0ed4d310fecc80c40 |
| SHA512 | 7fe9ef7be668a8bd5e9b439adfc311d61e06ce64b4ac58b3e219ba4d3467a96e5290729f33a79d383a5db38f1617d39c85147afde7d81cd60cef48c0c3da631f |
/storage/emulated/0/Download/.com.google.Chrome.I8qQN4
| MD5 | 1d5e4dae1a357fd48bfc8ce59397856c |
| SHA1 | b9d0bd6b837bbc08da26999a0bc64d994747f21a |
| SHA256 | 192f00ef10d9e611d06deff0350b8f1ac08ba939657e74c1cb068adcdcc7372d |
| SHA512 | a16b3d5becb9d032ab3a80d4436f16d177462cbae8e87fdbdd6fa8796f8200898b0c51f3c01f5d217da3f56e76b29aae67f50d094cba1a482eb3e7a518602ff1 |