Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file was found to be: Known bad.
Malicious Activity Summary
Spynote
Reads the content of photos stored on the user's device.
Declares broadcast receivers with permission to handle system events
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-25 18:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-25 18:10
Reported
2024-03-25 18:16
Platform
android-x64-20240221-en
Max time kernel
366s
Max time network
382s
Command Line
Signatures
Spynote
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by VPN services to bind with the system. Allows apps to provision VPN services. | android.permission.BIND_VPN_SERVICE | N/A | N/A |
| Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). | android.permission.BIND_INPUT_METHOD | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Processes
com.android.chrome
com.android.chrome
com.android.chrome
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | the.gatekeeperconsent.com | udp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | the.gatekeeperconsent.com | udp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 172.64.135.21:443 | the.gatekeeperconsent.com | tcp |
| US | 1.1.1.1:53 | privacy.gatekeeperconsent.com | udp |
| US | 1.1.1.1:53 | www.ezojs.com | udp |
| US | 172.64.134.21:443 | privacy.gatekeeperconsent.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 1.1.1.1:53 | cdn.amplitude.com | udp |
| US | 172.64.97.6:443 | www.ezojs.com | tcp |
| US | 1.1.1.1:53 | static.mediafire.com | udp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| GB | 52.85.142.123:443 | cdn.amplitude.com | tcp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| GB | 52.85.142.123:443 | cdn.amplitude.com | tcp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | translate.googleapis.com | udp |
| US | 1.1.1.1:53 | api.amplitude.com | udp |
| US | 52.88.83.173:443 | api.amplitude.com | tcp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 172.217.169.46:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| GB | 172.217.169.46:443 | clients1.google.com | tcp |
| DE | 3.67.181.148:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | translate.googleapis.com | udp |
| US | 1.1.1.1:53 | go.ezodn.com | udp |
| US | 172.64.174.21:443 | go.ezodn.com | tcp |
| US | 172.64.174.21:443 | go.ezodn.com | tcp |
| US | 172.64.174.21:443 | go.ezodn.com | tcp |
| US | 1.1.1.1:53 | analytics.google.com | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 66.102.1.154:443 | stats.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| BE | 66.102.1.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | g.ezodn.com | udp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | ads.pubmatic.com | udp |
| GB | 23.219.196.188:443 | ads.pubmatic.com | tcp |
| US | 1.1.1.1:53 | bshr.ezodn.com | udp |
| US | 172.64.174.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | sptnatggonkqw | udp |
| US | 1.1.1.1:53 | smjusego | udp |
| US | 1.1.1.1:53 | vgudgpcivw | udp |
| US | 1.1.1.1:53 | translate.googleapis.com | udp |
| GB | 216.58.201.106:443 | translate.googleapis.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.179.234:443 | safebrowsing.googleapis.com | tcp |
| GB | 142.250.200.42:443 | tcp | |
| GB | 216.58.201.106:443 | translate.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | download1479.mediafire.com | udp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| GB | 216.58.212.206:443 | translate.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | api.amplitude.com | udp |
| US | 54.69.165.92:443 | api.amplitude.com | tcp |
| US | 1.1.1.1:53 | download1479.mediafire.com | udp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | bshr.ezodn.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 172.64.175.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | analytics.google.com | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| US | 1.1.1.1:53 | bwyaviozbccxzar | udp |
| US | 1.1.1.1:53 | tvejhybxwuzswo | udp |
| US | 1.1.1.1:53 | ecvlwngfeqlf | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| GB | 142.250.187.206:443 | translate.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | api.amplitude.com | udp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | translate.googleapis.com | udp |
| US | 1.1.1.1:53 | download1479.mediafire.com | udp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| US | 1.1.1.1:53 | api.amplitude.com | udp |
| US | 35.166.206.7:443 | api.amplitude.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | bshr.ezodn.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 172.64.175.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | translate.googleapis.com | udp |
| GB | 142.250.200.10:443 | translate.googleapis.com | tcp |
| GB | 142.250.200.10:443 | translate.googleapis.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| IN | 142.250.192.99:443 | csi.gstatic.com | tcp |
| IN | 142.250.192.99:443 | csi.gstatic.com | tcp |
| US | 1.1.1.1:53 | mikucdrgm | udp |
| US | 1.1.1.1:53 | wrpyubakoxfwja | udp |
| US | 1.1.1.1:53 | uxapuhpeocypiqf | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| GB | 216.58.204.78:443 | translate.google.com | tcp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 1.1.1.1:53 | api.amplitude.com | udp |
| US | 1.1.1.1:53 | g.ezoic.net | udp |
| US | 35.162.174.19:443 | api.amplitude.com | tcp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 1.1.1.1:53 | download1479.mediafire.com | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | www.mediafiredls.com | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | bshr.ezodn.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 172.64.174.21:443 | bshr.ezodn.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.212.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | download1479.mediafire.com | udp |
| GB | 216.58.212.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | analytics.google.com | udp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| US | 205.196.123.167:443 | download1479.mediafire.com | tcp |
| GB | 142.250.180.14:443 | analytics.google.com | tcp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| GB | 216.58.212.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | qmytlfrfh | udp |
| US | 1.1.1.1:53 | gynkmfdsxxuusk | udp |
| US | 1.1.1.1:53 | ppeeggldx | udp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| GB | 216.58.212.226:443 | tcp | |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| PL | 83.30.40.183:6666 | tcp | |
| US | 1.1.1.1:53 | temp-mail.org | udp |
| US | 104.26.7.95:443 | temp-mail.org | tcp |
| US | 1.1.1.1:53 | web2.temp-mail.org | udp |
| US | 104.26.7.95:443 | web2.temp-mail.org | tcp |
| US | 1.1.1.1:53 | cdn.paddle.com | udp |
| US | 172.66.43.196:443 | cdn.paddle.com | tcp |
| US | 172.66.43.196:443 | cdn.paddle.com | tcp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 1.1.1.1:53 | cdn4.buysellads.net | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 159.65.16.11:443 | cdn4.buysellads.net | tcp |
| GB | 159.65.16.11:443 | cdn4.buysellads.net | tcp |
| GB | 142.250.200.35:443 | tcp | |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 216.58.201.98:443 | securepubads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | securepubads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | c.amazon-adsystem.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 1.1.1.1:53 | config.aps.amazon-adsystem.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| DE | 18.245.31.9:443 | config.aps.amazon-adsystem.com | tcp |
| US | 1.1.1.1:53 | secure.cdn.fastclick.net | udp |
| US | 1.1.1.1:53 | tags.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | cdn.hadronid.net | udp |
| US | 1.1.1.1:53 | cdn.id5-sync.com | udp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| FR | 18.155.129.56:443 | tags.crwdcntrl.net | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| US | 1.1.1.1:53 | bcp.crwdcntrl.net | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 1.1.1.1:53 | id.hadron.ad.gt | udp |
| IE | 54.72.51.53:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.72.51.53:443 | bcp.crwdcntrl.net | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 1.1.1.1:53 | a.ad.gt | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 1.1.1.1:53 | lb.eu-1-id5-sync.com | udp |
| US | 1.1.1.1:53 | srv.buysellads.com | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| GB | 167.172.55.208:443 | srv.buysellads.com | tcp |
| US | 1.1.1.1:53 | script.4dex.io | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 1.1.1.1:53 | hb-api.omnitagjs.com | udp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| US | 1.1.1.1:53 | prg.smartadserver.com | udp |
| US | 1.1.1.1:53 | rt.marphezis.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| US | 1.1.1.1:53 | pbjs.e-planning.net | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| US | 1.1.1.1:53 | mp.4dex.io | udp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 1.1.1.1:53 | hb.yellowblue.io | udp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| US | 1.1.1.1:53 | bidder.criteo.com | udp |
| US | 1.1.1.1:53 | prebid.media.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 1.1.1.1:53 | ib.adnxs.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | onetag-sys.com | udp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 1.1.1.1:53 | aax.amazon-adsystem.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| GB | 18.244.134.43:443 | aax.amazon-adsystem.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| GB | 18.244.134.43:443 | aax.amazon-adsystem.com | tcp |
| US | 1.1.1.1:53 | c.4dex.io | udp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 1.1.1.1:53 | cadmus.script.ac | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 1.1.1.1:53 | c94337d57e9c490bc6093a5f66478e36.safeframe.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | c94337d57e9c490bc6093a5f66478e36.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | static.criteo.net | udp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 1.1.1.1:53 | d4550e1758f8dd17b31ff3abe3875c1b.safeframe.googlesyndication.com | udp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.187.225:443 | d4550e1758f8dd17b31ff3abe3875c1b.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | eb2.3lift.com | udp |
| GB | 142.250.187.225:443 | d4550e1758f8dd17b31ff3abe3875c1b.safeframe.googlesyndication.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 1.1.1.1:53 | ads.pubmatic.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 2.23.160.192:443 | ads.pubmatic.com | tcp |
| US | 1.1.1.1:53 | visitor.omnitagjs.com | udp |
| GB | 2.23.160.192:443 | ads.pubmatic.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 1.1.1.1:53 | contextual.media.net | udp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| US | 1.1.1.1:53 | acdn.adnxs.com | udp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| US | 1.1.1.1:53 | eus.rubiconproject.com | udp |
| GB | 104.115.32.26:443 | contextual.media.net | tcp |
| GB | 104.115.32.26:443 | contextual.media.net | tcp |
| US | 1.1.1.1:53 | warp.media.net | udp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| GB | 104.115.33.62:443 | eus.rubiconproject.com | tcp |
| US | 1.1.1.1:53 | secure.adnxs.com | udp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| US | 1.1.1.1:53 | id5-sync.com | udp |
| GB | 23.39.224.21:443 | warp.media.net | tcp |
| US | 1.1.1.1:53 | qsearch-a.akamaihd.net | udp |
| US | 1.1.1.1:53 | hblg.media.net | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| GB | 2.19.117.36:443 | qsearch-a.akamaihd.net | tcp |
| US | 1.1.1.1:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 1.1.1.1:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 1.1.1.1:53 | lg3.media.net | udp |
| GB | 92.122.196.27:443 | lg3.media.net | tcp |
| GB | 92.122.196.27:443 | lg3.media.net | tcp |
| US | 1.1.1.1:53 | token.rubiconproject.com | udp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| GB | 216.58.201.98:443 | securepubads.g.doubleclick.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 216.58.201.98:443 | securepubads.g.doubleclick.net | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 1.1.1.1:53 | dis.criteo.com | udp |
| US | 1.1.1.1:53 | api-2-0.spot.im | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| FR | 99.86.91.26:443 | api-2-0.spot.im | tcp |
| US | 1.1.1.1:53 | ssc-cms.33across.com | udp |
| US | 1.1.1.1:53 | creativecdn.com | udp |
| US | 1.1.1.1:53 | x.bidswitch.net | udp |
| US | 1.1.1.1:53 | secure-assets.rubiconproject.com | udp |
| US | 1.1.1.1:53 | match.prod.bidr.io | udp |
| US | 1.1.1.1:53 | match.adsrvr.org | udp |
| GB | 104.82.143.163:443 | secure-assets.rubiconproject.com | tcp |
| US | 1.1.1.1:53 | image8.pubmatic.com | udp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| IE | 52.215.86.157:443 | match.prod.bidr.io | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| FR | 99.86.91.26:443 | api-2-0.spot.im | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| FR | 99.86.91.26:443 | api-2-0.spot.im | tcp |
| US | 1.1.1.1:53 | csync.loopme.me | udp |
| US | 1.1.1.1:53 | b1sync.zemanta.com | udp |
| US | 1.1.1.1:53 | sync.srv.stackadapt.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 1.1.1.1:53 | ap.lijit.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 1.1.1.1:53 | jadserve.postrelease.com | udp |
| IE | 52.49.50.56:443 | ap.lijit.com | tcp |
| US | 1.1.1.1:53 | cs-server-s2s.yellowblue.io | udp |
| US | 1.1.1.1:53 | bttrack.com | udp |
| IE | 54.74.219.194:443 | jadserve.postrelease.com | tcp |
| US | 50.19.121.137:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 1.1.1.1:53 | id.rlcdn.com | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 50.19.121.137:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| IE | 52.49.50.56:443 | ap.lijit.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 54.74.219.194:443 | jadserve.postrelease.com | tcp |
| NL | 35.214.238.211:443 | csync.loopme.me | tcp |
| US | 50.31.142.95:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.95:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 50.31.142.95:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.95:443 | b1sync.zemanta.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 1.1.1.1:53 | 8513035d51d5b3e0f81472701d295f34.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 92.122.196.27:443 | lg3.media.net | tcp |
| US | 1.1.1.1:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 1.1.1.1:53 | sync.srv.stackadapt.com | udp |
| US | 52.73.237.27:443 | sync.srv.stackadapt.com | tcp |
| US | 52.73.237.27:443 | sync.srv.stackadapt.com | tcp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| GB | 167.172.55.208:443 | srv.buysellads.com | tcp |
| US | 1.1.1.1:53 | fra1-ib.adnxs.com | udp |
| PL | 83.30.40.183:6666 | tcp | |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 37.252.173.215:443 | fra1-ib.adnxs.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| DE | 37.252.173.215:443 | fra1-ib.adnxs.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| DE | 37.252.173.215:443 | fra1-ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| US | 1.1.1.1:53 | pbjs.e-planning.net | udp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
Files
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 351779.crdownload
| MD5 | 1f87977b94c51f7b8ab6a954ea1f7620 |
| SHA1 | 83902a250bdc4856dc4fe7d2b4a29d0f85977484 |
| SHA256 | 9b95854d18f7cf0b9bceb3b63d39df88bd322499de4a222d5f0ef218c6e62e79 |
| SHA512 | 61694cf63c1b316c56d93425134cffed78e1af857b07d46b2d6179f5d019e240a1b4cf6a725cba0af688411a6ec684d6c2bcbd111663cfb44a173381cc3091f4 |
files/dom-0.html
| MD5 | 6d9c5883a6c159f108455b19037c359e |
| SHA1 | 81a9340f7302921b26bce4e08e53cd0c1bdbd11c |
| SHA256 | bc58995e340b450774576d19f7b5764c8a5296b306c99e513302e8e318cd2784 |
| SHA512 | 305aa7daae5ee3dbdb0149e26f5e0dc2c317a2aaf8b28406f375d1a13b4733aa5d4d301561112ab59eae13157337d32816081c9237560662b46947d2388e2502 |
files/dom-1.html
| MD5 | 2dd6b09fd0bb963824f60cd1829e72ab |
| SHA1 | 63d6d1e72589c1c81e3f812662a7ef4525a30f3a |
| SHA256 | 29a4f193936b58ded597b2cc914a5a2aa41598eb679267e068134593fe6b0af6 |
| SHA512 | a15ddfec3e7d1e03285dc16f700ef94db45e5cd3ac34221cdb9fb2c29cabd8936c64420f22c8c18081c7d51fd054193a8827dbe7441b99a8a177d62b12c6c972 |
/storage/emulated/0/Download/ready (1).apk
| MD5 | 668bf1092550455df61108228ebc2d50 |
| SHA1 | eaae1fe1f8b3f71fabf632929add4461dcec505a |
| SHA256 | accb0cdb8ea7370e5ab75f2277cd5d302f1ddce36850c1018e124a8d4196d97d |
| SHA512 | 34f183762725260aba52f0ab3456727d4bacbc5b19e057df12351e00eafd009025d4a672ef75857ed841c601b7123a089005c2f6f1b625a455c17afaa72184d6 |
/storage/emulated/0/Download/ready (1).apk
| MD5 | dcee97a590fedde0ce60944d7fd62477 |
| SHA1 | 82664a4d6870087385ef598bf1fa2f58f4d74269 |
| SHA256 | ca564818231e1175d73519b6af9b2413864c81fe756767f5871cf166e3104f44 |
| SHA512 | db00b42688cfb09f15d4fc4df2a5298224b5ae02a3c22321274fbab0d22ad5deb294c56a7cce7983d668951b267bc267fffcd0b0c8e05a0899f92964ba3b7528 |