Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

b46619fe85...38.apk

android-9-x86

10

b46619fe85...38.apk

android-10-x64

10

b46619fe85...38.apk

android-11-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    149s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    03/03/2025, 22:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b46619fe854d4f66db90c7da635ed183d8ee509396b4b8eac9feacf5889bcf38.apk

  • Size

    2.6MB

  • MD5

    6e4d35425bfc52ea86d0b0b71ea91d54

  • SHA1

    8120cb33959a3f394f3b770e5a88b663a47f8ad0

  • SHA256

    b46619fe854d4f66db90c7da635ed183d8ee509396b4b8eac9feacf5889bcf38

  • SHA512

    52fdb4cc3530bdb30ef10f0f3710b32223c1bfbc8b625f6dbe84e1a9537eb33698701bfb59ef43591381831347a7511e26fe25c06b34015fb817295bbfa7ad11

  • SSDEEP

    49152:kTEupy8Cp2RRDKdkxdwz6AqrZLNT81d9nccjziV+RK/GtiTw2Gk:kT7yPbdsdwz6JrZFKd9coziV+s/G8T6k

Score
10/10
antidotbankerdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • dev.decryptapks.downloader.qwertymods
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4334
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/qg6MvOjscHZInU0HMItqjodUBvuJm5HG.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/oat/x86/qg6MvOjscHZInU0HMItqjodUBvuJm5HG.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4360
    • rm -r/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/qg6MvOjscHZInU0HMItqjodUBvuJm5HG.dex
      2⤵
        PID:4385
      • rm -r/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/oat/x86/qg6MvOjscHZInU0HMItqjodUBvuJm5HG.vdex
        2⤵
          PID:4399
        • rm -r/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/oat/x86/qg6MvOjscHZInU0HMItqjodUBvuJm5HG.odex
          2⤵
            PID:4419

        Network

        • flag-au
          DNS
          raw-paste.vercel.app
          Remote address:
          1.1.1.1:53
          Request
          raw-paste.vercel.app
          IN A
          Response
          raw-paste.vercel.app
          IN A
          64.29.17.129
          raw-paste.vercel.app
          IN A
          216.198.79.129
        • flag-au
          DNS
          doujindesu.xxx
          Remote address:
          1.1.1.1:53
          Request
          doujindesu.xxx
          IN A
          Response
          doujindesu.xxx
          IN A
          172.67.146.197
          doujindesu.xxx
          IN A
          104.21.39.166
        • flag-au
          DNS
          doujindesu.xxx
          Remote address:
          1.1.1.1:53
          Request
          doujindesu.xxx
          IN A
        • flag-au
          DNS
          www.effectiveratecpm.com
          Remote address:
          1.1.1.1:53
          Request
          www.effectiveratecpm.com
          IN A
          Response
          www.effectiveratecpm.com
          IN A
          172.240.108.84
          www.effectiveratecpm.com
          IN A
          172.240.108.68
          www.effectiveratecpm.com
          IN A
          172.240.108.76
          www.effectiveratecpm.com
          IN A
          192.243.59.13
          www.effectiveratecpm.com
          IN A
          192.243.59.20
          www.effectiveratecpm.com
          IN A
          172.240.127.234
          www.effectiveratecpm.com
          IN A
          192.243.61.227
          www.effectiveratecpm.com
          IN A
          172.240.253.132
          www.effectiveratecpm.com
          IN A
          192.243.59.12
          www.effectiveratecpm.com
          IN A
          192.243.61.225
        • flag-au
          DNS
          doujindesu.tv
          Remote address:
          1.1.1.1:53
          Request
          doujindesu.tv
          IN A
          Response
          doujindesu.tv
          IN A
          104.22.69.191
          doujindesu.tv
          IN A
          104.22.68.191
          doujindesu.tv
          IN A
          172.67.42.79
        • flag-au
          DNS
          safebrowsing.googleapis.com
          Remote address:
          1.1.1.1:53
          Request
          safebrowsing.googleapis.com
          IN A
          Response
          safebrowsing.googleapis.com
          IN A
          142.250.200.10
        • flag-au
          DNS
          static.cloudflareinsights.com
          Remote address:
          1.1.1.1:53
          Request
          static.cloudflareinsights.com
          IN A
          Response
          static.cloudflareinsights.com
          IN A
          104.16.79.73
          static.cloudflareinsights.com
          IN A
          104.16.80.73
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:08:43 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac743cc9fde906"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: Ul3d2Q3nK1EokEdFXLDBihPAO5tJOUHAzy0pIp3HLNhNPTjIFO5LNth+MhjyNEtA4dGgS9zI3Ob1P+3eAPKyKSm0GMpuHHtBLoasOKkwjWMJ6sesapKjreWKuafDQ5xo6tiVL0CIogJVssgwIf18Hg==$uRExbWSlL9b7+N+0KwvrkA==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac743cc9fde906-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-au
          DNS
          android.apis.google.com
          Remote address:
          1.1.1.1:53
          Request
          android.apis.google.com
          IN A
          Response
          android.apis.google.com
          IN CNAME
          clients.l.google.com
          clients.l.google.com
          IN A
          172.217.169.14
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:08:45 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac744dfc57653d"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: Sq6emy//wADvYb3k51uXY6tRRLx2rsmhnxXoaL3S0m9K5fzp9vZGqu4wD3Tu3+vB2AeWPn0FzHUv+d07ZXUggAxMXDaofet7sdwRoSQ/nAcutDMFfpkb7u5fvO6p8H1jJTsFi3IKxJUhzo7TQlp2iA==$KDW2sqdoJ/P4LJ/KZEsN8w==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac744dfc57653d-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:08:50 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac746e080f76e9"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: Qi9w6eXZ5yQyETjIPOr7iuBgjJ/lbPCjZt2oA/HgWpaAu71R+C1fx4BHDB/C8olFBordKshBpeSlgnXlu76+E+Q3rg71MfmBuu697yyX89JVteYBNq31UBS5oniYs3mUpe1HnOekhDEYxI44HQKqHQ==$DTbPiNOprobm3Qy50GZJlg==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac746e080f76e9-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:09:00 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac74a74e88940a"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: G+OqvIQPzkeQGEYjDd5/RRUqPpi+eJmvYG9BGFae8AHGrBm5V935E1qOReiOeRRTTlahKyFPDeShxHWFs3j3PVtDmCii60+jLOVzpDQfqFQ2uOrxSsraIVuc+xrWnnCU2VnavvwaRVu9sV1nYNLIGw==$erGB8s4fBeoIHDjL9LQgTQ==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac74a74e88940a-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:09:20 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac752749d2bf0a"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: OK9unptlhK05SnchJLzi87Nh1n9US3w7Z76cHqve8+fCbnXQRBv6wPLZvroz5n/6EHfBifLpUIywnaSLVclK/SoxnzqI1P5y22Kkb8xctqBcGdtLcG/whx0Ie0vYv3c7pBchIgrfTOTrlpvTXthDzA==$eYj1wHwm5X5/fj4XdAlolA==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac752749d2bf0a-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:09:41 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac75ab1fcae539"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: V/m4ikVmI26ozcxb46XWkaY5Hqfpn9Hpk29ONl+UvKv2aVBafT4ModUwFx2+Je5+GKUcy93iQ9lXnBH/yUeFo8kivng+6+DrmTGg/B5u+Il5CpCKVUn4gz3SvPF6FjJROZZQt1dKHM5Rm5Fb5FCMxg==$dKmdONNmW+PTo08CZ/4M9w==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac75ab1fcae539-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:10:01 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac76299c5d9db6"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: 4vcTTrZlDno1BNAoa04dnqzy/iBbBHzaTMAprus9D4jdee9LzFMk1s0hZx9ekpe43MslBzfrsm0sDZstzdGJk8+INxCPSa5ZZFo6RDoDH7MAwV4NpDMw6veduguZVnWwuHxz6tg6ZunlYwqdZrtIsA==$SOZn8rQPY+K0RSsrv38m6A==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac76299c5d9db6-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:10:22 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac76aabb5663eb"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: 7LnmOB9VQLh9OXH6lAstkiOvVrwyPERn3IlYdzqD+2S0MJhg265R7ktRJz8jMmCsdB+GS7fVzAU2QvMBQpaVAwb6mSBxFjG3IvXJejAwJmFW3B71fAnrjm7kBI4nRFzLPs5J4He/3I67/zaNaSKJ0Q==$DmWsU6017NOxpFyYNOFoMw==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac76aabb5663eb-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://doujindesu.tv/themes/ajax/ch.php
          Remote address:
          104.22.69.191:443
          Request
          POST /themes/ajax/ch.php HTTP/2.0
          host: doujindesu.tv
          referer: https://doujindesu.tv/
          x-requested-with: XMLHttpRequest
          content-type: application/x-www-form-urlencoded
          content-length: 7
          accept-encoding: gzip
          user-agent: okhttp/5.0.0-alpha.14
          Response
          HTTP/2.0 403
          date: Mon, 03 Mar 2025 22:10:43 GMT
          content-type: text/html; charset=UTF-8
          accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cf-mitigated: challenge
          critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          cross-origin-embedder-policy: require-corp
          cross-origin-opener-policy: same-origin
          cross-origin-resource-policy: same-origin
          origin-agent-cluster: ?1
          permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          referrer-policy: same-origin
          server-timing: chlray;desc="91ac772c5d5c0ac6"
          x-content-options: nosniff
          x-frame-options: SAMEORIGIN
          cf-chl-out: M98Vol0OrO5axtOUdcnekiJ6EkL7/AvxEJ6bSMQgYxb3h8xuIvtP7GXasgXvsXe5HllYtbEuI00Oalt4+vLyvkd0j18KnqXWz9ZmqaM+MVRM6XtCgMGGZPuX9dE5YB8xJW28k4i7KBiycYVe/Hf0bQ==$dGhtxKZ3OG1642Y/EZosIQ==
          cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          expires: Thu, 01 Jan 1970 00:00:01 GMT
          vary: Accept-Encoding
          server: cloudflare
          cf-ray: 91ac772c5d5c0ac6-LHR
          content-encoding: gzip
          alt-svc: h3=":443"; ma=86400
        • 64.29.17.129:443
          raw-paste.vercel.app
          276 B
           164 B
           5
          3
        • 64.29.17.129:443
          raw-paste.vercel.app
          tls
          4.3kB
           8.3kB
           48
          53
        • 172.240.108.84:443
          www.effectiveratecpm.com
          tls
          7.4kB
           11.5kB
           28
          20
        • 172.67.146.197:443
          doujindesu.xxx
          tls
          1.6kB
           4.2kB
           13
          12
        • 104.22.69.191:443
          doujindesu.tv
          tls
          101.5kB
           668.2kB
           449
          643
        • 142.250.200.10:443
          safebrowsing.googleapis.com
          tls
          8.5kB
           356.0kB
           144
          244
        • 104.16.79.73:443
          static.cloudflareinsights.com
          tls
          1.5kB
           11.7kB
           15
          19
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.2kB
           10.2kB
           11
          17

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 216.58.201.110:443
          tls, https
          915 B
           40 B
           1
          1
        • 216.58.201.110:443
          tls, https
          915 B
           40 B
           1
          1
        • 216.58.201.110:443
          tls, https
          915 B
           40 B
           1
          1
        • 172.217.169.14:443
          android.apis.google.com
          tls
          5.5kB
           8.6kB
           22
          22
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.3kB
           10.2kB
           12
          16

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.2kB
           10.1kB
           11
          15

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.3kB
           10.1kB
           12
          14

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.2kB
           10.2kB
           11
          17

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 172.240.108.84:443
          www.effectiveratecpm.com
          tls
          2.3kB
           2.0kB
           11
          8
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.8kB
           10.8kB
           15
          18

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 172.240.108.84:443
          www.effectiveratecpm.com
          tls
          2.3kB
           2.0kB
           11
          8
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.2kB
           10.2kB
           11
          17

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 172.240.108.84:443
          www.effectiveratecpm.com
          tls
          2.3kB
           2.0kB
           11
          8
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.3kB
           10.2kB
           12
          16

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 172.240.108.84:443
          www.effectiveratecpm.com
          tls
          2.3kB
           2.0kB
           11
          8
        • 104.22.69.191:443
          https://doujindesu.tv/themes/ajax/ch.php
          tls, http2
          1.2kB
           10.2kB
           10
          16

          HTTP Request

          POST https://doujindesu.tv/themes/ajax/ch.php

          HTTP Response

          403
        • 172.240.108.84:443
          www.effectiveratecpm.com
          tls
          2.3kB
           2.4kB
           11
          9
        • 142.250.179.227:80
          260 B
           5
        • 142.250.179.228:80
          260 B
           5
        • 142.250.179.228:443
          tls
          135 B
           40 B
           2
          1
        • 224.0.0.251:5353
          3.7kB
           11
        • 1.1.1.1:53
          raw-paste.vercel.app
          dns
          66 B
           98 B
           1
          1

          DNS Request

          raw-paste.vercel.app

          DNS Response

          64.29.17.129
          216.198.79.129

        • 1.1.1.1:53
          doujindesu.xxx
          dns
          120 B
           92 B
           2
          1

          DNS Request

          doujindesu.xxx

          DNS Request

          doujindesu.xxx

          DNS Response

          172.67.146.197
          104.21.39.166

        • 1.1.1.1:53
          www.effectiveratecpm.com
          dns
          70 B
           230 B
           1
          1

          DNS Request

          www.effectiveratecpm.com

          DNS Response

          172.240.108.84
          172.240.108.68
          172.240.108.76
          192.243.59.13
          192.243.59.20
          172.240.127.234
          192.243.61.227
          172.240.253.132
          192.243.59.12
          192.243.61.225

        • 1.1.1.1:53
          doujindesu.tv
          dns
          59 B
           107 B
           1
          1

          DNS Request

          doujindesu.tv

          DNS Response

          104.22.69.191
          104.22.68.191
          172.67.42.79

        • 1.1.1.1:53
          safebrowsing.googleapis.com
          dns
          73 B
           89 B
           1
          1

          DNS Request

          safebrowsing.googleapis.com

          DNS Response

          142.250.200.10

        • 1.1.1.1:53
          static.cloudflareinsights.com
          dns
          75 B
           107 B
           1
          1

          DNS Request

          static.cloudflareinsights.com

          DNS Response

          104.16.79.73
          104.16.80.73

        • 1.1.1.1:53
          android.apis.google.com
          dns
          69 B
           109 B
           1
          1

          DNS Request

          android.apis.google.com

          DNS Response

          172.217.169.14

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/dev.decryptapks.downloader.qwertymods/app_ded/qg6MvOjscHZInU0HMItqjodUBvuJm5HG.dex
          Filesize

          2.2MB

          MD5

          4589f70f611f208d125f5218d0efaebe

          SHA1

          e3d1209be603ce04884fba8228a71390958c1db9

          SHA256

          7d081b4f574ff147fc9daf0e20959169bdf57fe0e6005a4483a657261dee6616

          SHA512

          bd7ba483e46e65f24ac7d8657cb02d4541a45ed79a19052fd47f6d9e910189391954232e35ae24c8cf7e198ea1f4f9482903ad868541abd4dbb1788cd36fdfa1

          Download Submit

        • /data/data/dev.decryptapks.downloader.qwertymods/files/profileInstalled
          Filesize

          24B

          MD5

          5cd73addfc5ec6f09240c5956442d37d

          SHA1

          895a1f96a6248c49fa97dc5929f3c8e51a28af89

          SHA256

          857dcb2a1295d8b9a9121e338d546df3143b5206edebe34ae9a323edcf242b0e

          SHA512

          71374d3a8fdaf3246da74bac5e25fef25a72fb680d3f50f3321ad07b7a2e9166bad459e9e8ae41d6435f757c287c6b39aeb2b8034577789ace84e10d19958030

          Download Submit

        • /data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/qg6MvOjscHZInU0HMItqjodUBvuJm5HG.dex
          Filesize

          2.2MB

          MD5

          36d197ff3e02916e9b5806039412e446

          SHA1

          50d6d942bb09632092784b60c28195f14f8edc14

          SHA256

          142a0522fd886af12ce709605cb22bd411c1b22c4bc07369bc9ec803f20311a3

          SHA512

          c93f2e8f69b43ee3692721bcfafa4e18b1cafbf2c356b96b570575484305de888b35b503e2f796b2b6f89a789f5dbb9ca5dedb8278815252bfff5faef02f108e

          Download Submit

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.