antidot | 400743ebcbb56f4f00a7339cff9b769e1c53788e7276803753dc4eb9f8af5563

Analysis

max time kernel
26s
max time network
160s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
19/03/2025, 22:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

400743ebcbb56f4f00a7339cff9b769e1c53788e7276803753dc4eb9f8af5563.apk
Size

2.7MB
MD5

55d2c5ba2c8b7b9f60ade9873c9930a2
SHA1

9b84ad59e396a134f429eab29c29eefef71e1860
SHA256

400743ebcbb56f4f00a7339cff9b769e1c53788e7276803753dc4eb9f8af5563
SHA512

422c5c54958f273bacef679d463db04f23c890c2ab0a5bebc491068fdf08aee813bd1992cb79118191394b4093e900fab7ff152721365952f0b732dcac5b98e4
SSDEEP

49152:dTtAv5xDCr6U2LaaB6YBuXParrVp4g3oSZUv1SRdcJ73wz6srK0HaCi/yJ5ITQGE:dTtg5La3MDGtSRW73oRPXCyJ5ITQGdW

Score

10^/10

antidot banker collection credential_access evasion impact infostealer trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-1.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/Tm0CDTkFRRXeARz7px6fD0waxOtgB6Zr.dex	4775	dev.decryptapks.downloader.qwertymods
/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/Tm0CDTkFRRXeARz7px6fD0waxOtgB6Zr.dex	4775	dev.decryptapks.downloader.qwertymods
/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/33F1pNxCyVmlxu7Xn16lRFlZjuLUBlJ3.dex	4775	dev.decryptapks.downloader.qwertymods
/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/33F1pNxCyVmlxu7Xn16lRFlZjuLUBlJ3.dex	4775	dev.decryptapks.downloader.qwertymods

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	dev.decryptapks.downloader.qwertymods

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	dev.decryptapks.downloader.qwertymods

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	dev.decryptapks.downloader.qwertymods

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	dev.decryptapks.downloader.qwertymods

dev.decryptapks.downloader.qwertymods
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4775

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.201.110
DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.169.78
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:41 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 88
cf-ray: 923047474f7b63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:41 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 64
cf-ray: 923047474f7e63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:41 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 79
cf-ray: 92304748486e63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:41 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 115
cf-ray: 92304748688e63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAABnN0YXRpYxJjbG91ZGZsYXJlaW5zaWdodHMDY29tAAAcAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAABnN0YXRpYxJjbG91ZGZsYXJlaW5zaWdodHMDY29tAAAcAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 103
cf-ray: 92304749a9ac63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAABnN0YXRpYxJjbG91ZGZsYXJlaW5zaWdodHMDY29tAAABAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAABnN0YXRpYxJjbG91ZGZsYXJlaW5zaWdodHMDY29tAAABAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 79
cf-ray: 92304749c9d463cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 88
cf-ray: 92304749f9f663cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 64
cf-ray: 92304749f9f863cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 88
cf-ray: 9230474afaf563cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 64
cf-ray: 9230474b2b1163cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 115
cf-ray: 9230474c2bff63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 79
cf-ray: 9230474c4c3063cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 64
cf-ray: 9230474d5d1c63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 88
cf-ray: 9230474d8d4863cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 79
cf-ray: 9230474e6e0f63cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ

Remote address:

1.1.1.1:443

Request

GET /dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ HTTP/2.0
host: 1.1.1.1
accept: application/dns-message
accept-encoding: gzip
user-agent: okhttp/5.0.0-alpha.14

Response

HTTP/2.0 200

server: cloudflare
date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/dns-message
access-control-allow-origin: *
content-length: 115
cf-ray: 9230474e8e2963cb-LHR
alt-svc: h3=":443"; ma=86400
GET

https://doujindesu.xxx/

Remote address:

104.21.39.166:443

Request

GET / HTTP/2.0
host: doujindesu.xxx
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
upgrade-insecure-requests: 1
accept-encoding: gzip

Response

HTTP/2.0 301

date: Wed, 19 Mar 2025 22:06:41 GMT
content-type: text/html
content-length: 167
location: https://doujindesu.tv/
cache-control: max-age=3600
expires: Wed, 19 Mar 2025 23:06:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UaczIHAyFPCfE%2Fzg03dE7Plp0GWN468Y4M1Pe6HQjjwAPlkRIuPZIvwXmQAg%2BB%2B%2FbQpvC4DOnH%2BwSZ2fmtGBvpTbMlhmmON3ju%2BJGjc9gGtHNkIkmKVQ3QXFsuKieFh3eg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 923047481d8bfc3b-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22877&min_rtt=22848&rtt_var=6475&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3654&recv_bytes=1003&delivery_rate=175465&cwnd=250&unsent_bytes=0&cid=91cd31759046b052&ts=67&x=0"
GET

https://doujindesu.tv/

Remote address:

172.67.42.79:443

Request

GET / HTTP/2.0
host: doujindesu.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
upgrade-insecure-requests: 1
accept-encoding: gzip

Response

HTTP/2.0 403

date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cf-mitigated: challenge
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server-timing: chlray;desc="923047492d1694a3"
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-chl-out: D2ero1g31pLXqxFOZxlh+NuGEeOVgsGNVo1KktG9TlpIyCyqj8L7nJpIzRZTcz8g9t5LNz9o34FwP4sMOlrJsusQR+TeLr2cyxOmcBYo7hddsxM4OijZAm+5FyMCdwMSJBE37v371Gfp7NLrpEIsMg==$tgSJK4DsVuct8C5UhNlivQ==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 923047492d1694a3-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

172.217.169.40
GET

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Remote address:

104.16.79.73:443

Request

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/2.0
host: static.cloudflareinsights.com
origin: https://doujindesu.xxx
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
accept-encoding: gzip

Response

HTTP/2.0 200

date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 9230474aa9e1946c-LHR
content-encoding: gzip
GET

https://doujindesu.xxx/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=923047492d1694a3

Remote address:

172.67.146.197:443

Request

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=923047492d1694a3 HTTP/2.0
host: doujindesu.xxx
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
referer: https://doujindesu.xxx/?__cf_chl_rt_tk=Vf5mMKBlge5m2N54z8tfzjnqDwrd7nog7cBhibTqIq0-1742422002-1.0.1.1-JAkEythlLswbJa.LM8scL14Wsm.2LH9rJjrvZUFwMC0
accept-encoding: gzip

Response

HTTP/2.0 200

date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5275ANhKxiwcIhCOQITkuo08uxDJCLirc5s9ZDObgWOD0C9%2Fvni8kKXYYm0OJXwHSbvzsT96j02C7wHr7UIJOnIGkGDkDFQc5oQvtUBYqJRXWCIX8oWMrtOFRCTVw389nA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9230474a998bef41-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22928&min_rtt=22574&rtt_var=6943&sent=4&recv=6&lost=0&retrans=0&sent_bytes=755&recv_bytes=1061&delivery_rate=59581&cwnd=251&unsent_bytes=0&cid=bef12b5395d10346&ts=60&x=0"
GET

https://doujindesu.xxx/favicon.ico

Remote address:

104.21.39.166:443

Request

GET /favicon.ico HTTP/2.0
host: doujindesu.xxx
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
referer: https://doujindesu.xxx/
accept-encoding: gzip

Response

HTTP/2.0 301

date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: text/html
content-length: 167
location: https://doujindesu.tv/favicon.ico
cache-control: max-age=3600
expires: Wed, 19 Mar 2025 23:06:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zDUNLiuZ5ycHAlLYYDwjCHFCTGsz3ZyQrnwSi6i61rSoAC80V85%2BwoscLG2SU29eCxcN8rX4F3wUKlVDC5WoQolvt0hQR9DeL1eWrS1cT%2BpQgq%2BzBr2wCaoy%2Fhqj81WUfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9230474bdf8963b2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23097&min_rtt=22813&rtt_var=6740&sent=4&recv=6&lost=0&retrans=0&sent_bytes=755&recv_bytes=948&delivery_rate=58957&cwnd=251&unsent_bytes=0&cid=43e0421cc0d60e83&ts=73&x=0"
GET

https://doujindesu.tv/favicon.ico

Remote address:

104.22.69.191:443

Request

GET /favicon.ico HTTP/2.0
host: doujindesu.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
referer: https://doujindesu.xxx/
accept-encoding: gzip

Response

HTTP/2.0 403

date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cf-mitigated: challenge
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server-timing: chlray;desc="9230474cfbed6548"
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-chl-out: ValtqEDwLuaYnw2lnuYWvXqGVBqBcMe2tZa5/5c3ohrg/wn10TNXgZFoQyaVtXCkdaj9Z/SAbnwABOl+sMLRnWbon+AeJzT0KG2SiASeb7FXxHwjhYjsjQRwOavn8j1PwHfqJJNg2qcKtQLMNQT4QA==$WMKihfT1wT7PEbikPikaxA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 9230474cfbed6548-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

doujindesu.xxx

Remote address:

1.1.1.1:53

Request

doujindesu.xxx

IN A

Response

doujindesu.xxx

IN A

172.67.146.197

doujindesu.xxx

IN A

104.21.39.166
DNS

raw-paste.vercel.app

Remote address:

1.1.1.1:53

Request

raw-paste.vercel.app

IN A

Response

raw-paste.vercel.app

IN A

216.198.79.129

raw-paste.vercel.app

IN A

64.29.17.129
POST

https://doujindesu.xxx/cdn-cgi/rum?

Remote address:

172.67.146.197:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: doujindesu.xxx
content-length: 1350
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
content-type: application/json
accept: */*
origin: https://doujindesu.xxx
x-requested-with: dev.decryptapks.downloader.qwertymods
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://doujindesu.xxx/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 19 Mar 2025 22:06:42 GMT
server: cloudflare
cf-ray: 9230474e2d054167-LHR
x-frame-options: DENY
x-content-type-options: nosniff
GET

https://doujindesu.xxx/favicon.ico

Remote address:

172.67.146.197:443

Request

GET /favicon.ico HTTP/2.0
host: doujindesu.xxx
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
referer: https://doujindesu.xxx/
accept-encoding: gzip

Response

HTTP/2.0 301

date: Wed, 19 Mar 2025 22:06:42 GMT
content-type: text/html
content-length: 167
location: https://doujindesu.tv/favicon.ico
cache-control: max-age=3600
expires: Wed, 19 Mar 2025 23:06:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHOwIXv3KLytHsmp2sfx5vsg8IXC9%2BdSXp0UgcTFpOmlmQd%2F72aoQ5Ejcoyz4%2F9%2FuWpl25BqaAAOYoGuzm8jupL1fo%2BQKvxfqxUzJgclwn2YlNKrVgTKHEPLiwwd0et0DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9230474e2bb43690-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23532&min_rtt=22894&rtt_var=6931&sent=4&recv=6&lost=0&retrans=0&sent_bytes=755&recv_bytes=948&delivery_rate=58749&cwnd=243&unsent_bytes=0&cid=ddbec03be4140313&ts=59&x=0"
GET

https://raw-paste.vercel.app/donate

Remote address:

216.198.79.129:443

Request

GET /donate HTTP/2.0
host: raw-paste.vercel.app
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
x-requested-with: dev.decryptapks.downloader.qwertymods
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 103

server: Vercel
x-vercel-id: fdLoXAHGVBmbjVheWJglN0Q9Xqg69Yy5
DNS

Remote address:

216.198.79.129:443

Response

HTTP/2.0 307

age: 0
cache-control: public, max-age=0, must-revalidate
date: Wed, 19 Mar 2025 22:06:43 GMT
location: https://www.effectiveratecpm.com/sqtt9vsvs?key=4252515e86366e68c28ac57e47ab308a
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch
x-matched-path: /donate
x-vercel-cache: MISS
x-vercel-id: fra1::iad1::ch2vv-1742422002969-eeefb11921c0
content-length: 0
GET

https://doujindesu.tv/favicon.ico

Remote address:

104.22.69.191:443

Request

GET /favicon.ico HTTP/2.0
host: doujindesu.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
referer: https://doujindesu.xxx/
accept-encoding: gzip

Response

HTTP/2.0 403

date: Wed, 19 Mar 2025 22:06:43 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cf-mitigated: challenge
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server-timing: chlray;desc="9230474f3f133856"
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-chl-out: wq8xeX9QTz9XSWeTio7PU3O3MnSCDIEPsHhU/3M3nyf16axm7P0lM2x5BNnvTb1BtdRYfbD959HqJNpqaDGvAF1r9D+WEtKFaTvcNv240HM+njhJJGrC6ZzhIVz/iAn+YaFtzidCzpjmp6QWNecA0g==$wsJra4zNRplSahP9Aqf1zg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 9230474f3f133856-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

www.effectiveratecpm.com

Remote address:

1.1.1.1:53

Request

www.effectiveratecpm.com

IN A

Response

www.effectiveratecpm.com

IN A

192.243.59.13

www.effectiveratecpm.com

IN A

192.243.61.227

www.effectiveratecpm.com

IN A

192.243.59.12

www.effectiveratecpm.com

IN A

172.240.253.132

www.effectiveratecpm.com

IN A

172.240.108.76

www.effectiveratecpm.com

IN A

172.240.108.68

www.effectiveratecpm.com

IN A

192.243.59.20

www.effectiveratecpm.com

IN A

172.240.108.84

www.effectiveratecpm.com

IN A

192.243.61.225

www.effectiveratecpm.com

IN A

172.240.127.234
GET

https://www.effectiveratecpm.com/sqtt9vsvs?key=4252515e86366e68c28ac57e47ab308a

Remote address:

192.243.59.13:443

Request

GET /sqtt9vsvs?key=4252515e86366e68c28ac57e47ab308a HTTP/1.1
Host: www.effectiveratecpm.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
X-Requested-With: dev.decryptapks.downloader.qwertymods
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.19.5
Date: Wed, 19 Mar 2025 22:06:43 GMT
Content-Type: text/html
Content-Length: 118
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: www.effectiveratecpm.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a9dce7f1b28eae49927d180b81114297
Cache-Control: max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET

https://www.effectiveratecpm.com/favicon.ico

Remote address:

192.243.59.13:443

Request

GET /favicon.ico HTTP/1.1
Host: www.effectiveratecpm.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
X-Requested-With: dev.decryptapks.downloader.qwertymods
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.effectiveratecpm.com/sqtt9vsvs?key=4252515e86366e68c28ac57e47ab308a
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.19.5
Date: Wed, 19 Mar 2025 22:06:43 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5909a441948156c14184a26cdf8122d7
Cache-Control: max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

216.58.201.110:443

tls, https

1.4kB
40 B
1
1
216.58.201.110:443

android.apis.google.com

tls

3.6kB
7.0kB
15
16
172.217.169.14:443

www.youtube.com

tls

2.1kB
8.3kB
18
14
216.58.201.110:443

android.apis.google.com

tls

2.6kB
6.1kB
12
11
216.239.32.223:443

tls, https

128 B
40 B
2
1
1.1.1.1:443

tls, http2

857 B
4.6kB
8
7
1.1.1.1:443

https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ

tls, http2

3.8kB
9.3kB
36
41

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAABnN0YXRpYxJjbG91ZGZsYXJlaW5zaWdodHMDY29tAAAcAAE

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAABnN0YXRpYxJjbG91ZGZsYXJlaW5zaWdodHMDY29tAAABAAE

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAABAAE

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UDeHh4AAAcAAE

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAAAEAAQ

HTTP Response

200

HTTP Request

GET https://1.1.1.1/dns-query?dns=AAABAAABAAAAAAAACmRvdWppbmRlc3UCdHYAABwAAQ

HTTP Response

200
104.21.39.166:443

https://doujindesu.xxx/

tls, http2

1.6kB
5.1kB
10
11

HTTP Request

GET https://doujindesu.xxx/

HTTP Response

301
172.67.42.79:443

https://doujindesu.tv/

tls, http2

1.8kB
11.2kB
14
16

HTTP Request

GET https://doujindesu.tv/

HTTP Response

403
172.217.169.40:443

ssl.google-analytics.com

tls

1.3kB
6.3kB
9
9
104.16.79.73:443

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

tls, http2

1.8kB
11.9kB
15
18

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

HTTP Response

200
172.67.146.197:443

https://doujindesu.xxx/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=923047492d1694a3

tls, http2

2.5kB
41.1kB
26
38

HTTP Request

GET https://doujindesu.xxx/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=923047492d1694a3

HTTP Response

200
104.21.39.166:443

https://doujindesu.xxx/favicon.ico

tls, http2

1.5kB
2.1kB
10
10

HTTP Request

GET https://doujindesu.xxx/favicon.ico

HTTP Response

301
104.22.69.191:443

https://doujindesu.tv/favicon.ico

tls, http2

1.7kB
8.1kB
13
14

HTTP Request

GET https://doujindesu.tv/favicon.ico

HTTP Response

403
172.67.146.197:443

https://doujindesu.xxx/cdn-cgi/rum?

tls, http2

3.1kB
3.5kB
13
10

HTTP Request

POST https://doujindesu.xxx/cdn-cgi/rum?

HTTP Response

200
172.67.146.197:443

https://doujindesu.xxx/favicon.ico

tls, http2

1.5kB
2.1kB
10
9

HTTP Request

GET https://doujindesu.xxx/favicon.ico

HTTP Response

301
216.198.79.129:443

https://raw-paste.vercel.app/donate

tls, http2

2.1kB
5.0kB
17
13

HTTP Request

GET https://raw-paste.vercel.app/donate

HTTP Response

103

HTTP Response

307
104.22.69.191:443

https://doujindesu.tv/favicon.ico

tls, http2

1.7kB
8.2kB
13
16

HTTP Request

GET https://doujindesu.tv/favicon.ico

HTTP Response

403
192.243.59.13:443

https://www.effectiveratecpm.com/favicon.ico

tls, http

2.7kB
5.2kB
13
11

HTTP Request

GET https://www.effectiveratecpm.com/sqtt9vsvs?key=4252515e86366e68c28ac57e47ab308a

HTTP Response

200

HTTP Request

GET https://www.effectiveratecpm.com/favicon.ico

HTTP Response

200
172.217.169.78:443

www.youtube.com

tls

519 B
7
172.217.169.33:443

tls

135 B
40 B
2
1
142.250.200.1:443

tls

135 B
40 B
2
1
216.239.32.223:443

tls, https

128 B
40 B
2
1

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

216.58.201.110
1.1.1.1:53

www.youtube.com

dns

61 B
351 B
1
1

DNS Request

www.youtube.com

DNS Response

172.217.169.14

142.250.187.206

142.250.179.238

142.250.180.14

172.217.169.46

216.58.201.110

142.250.187.238

216.58.212.206

142.250.200.14

216.58.213.14

172.217.16.238

216.58.204.78

142.250.200.46

216.58.212.238

142.250.178.14

172.217.169.78
172.217.169.14:443

www.youtube.com

https

1.4kB
54 B
1
1
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

172.217.169.40
1.1.1.1:53

doujindesu.xxx

dns

60 B
92 B
1
1

DNS Request

doujindesu.xxx

DNS Response

172.67.146.197

104.21.39.166
1.1.1.1:53

raw-paste.vercel.app

dns

66 B
98 B
1
1

DNS Request

raw-paste.vercel.app

DNS Response

216.198.79.129

64.29.17.129
1.1.1.1:53

www.effectiveratecpm.com

dns

70 B
230 B
1
1

DNS Request

www.effectiveratecpm.com

DNS Response

192.243.59.13

192.243.61.227

192.243.59.12

172.240.253.132

172.240.108.76

172.240.108.68

192.243.59.20

172.240.108.84

192.243.61.225

172.240.127.234

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/33F1pNxCyVmlxu7Xn16lRFlZjuLUBlJ3.dex

Filesize
96KB

MD5
6c9e4d1af5d241e76116e05b07e8e0e3

SHA1
4a33d452e68e310e36e9ceeb2c7f355b97d82f7d

SHA256
58816ebafa9d2f8893a646e41dc7006612e3abed88f73b022e951d367775d5d3

SHA512
10ec6e2ae11a6db830ae2d2ced1f91e9a18b7ad6b8a67171418888b1bbaeea1492ef04fd15333b75a06d4bf9aa93b1aa2261f5533f2c368b4942ad98d214389f

Download Submit
/data/user/0/dev.decryptapks.downloader.qwertymods/app_ded/Tm0CDTkFRRXeARz7px6fD0waxOtgB6Zr.dex

Filesize
1.7MB

MD5
6cfa2ce4e3329ec470c094110b2bbd50

SHA1
ca5341cc8bb1b52e42c9569b4d3c8897dbd93f1c

SHA256
46eaf8c41981a560d1590bab5a2b4c4cdf11c5f4ec0e0faf07023244262a0be7

SHA512
f19e181e1aac80cf47dac0f819e25c97547c4145361a1dec9a82a405fd78e34aa1858d3c3b193b44cd512066b4e836673801901456e1dcc498d15be4e3450296

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads