trickmo | cfa37c111d5d86aa348a8411c39fe1c54034c437a5c15777a42638c6a9d03eb0

Resubmissions

27/03/2025, 13:56 UTC

250327-q86ddavmz5 10

27/03/2025, 13:16 UTC

250327-qjakeasvct 10

27/03/2025, 13:14 UTC

250327-qg4qgavjy4 10

07/03/2025, 10:37 UTC

250307-mntbjazlt8 10

Analysis

max time kernel
42s
max time network
44s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
27/03/2025, 13:16 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfa37c111d5d86aa348a8411c39fe1c54034c437a5c15777a42638c6a9d03eb0_2025-01-31.apk
Size

8.1MB
MD5

c889e75eb26de5a53531ca1d799a777e
SHA1

4c9ae2c8bc9a2bc02926ee2a9a49730881907a69
SHA256

cfa37c111d5d86aa348a8411c39fe1c54034c437a5c15777a42638c6a9d03eb0
SHA512

cbe94441f6ea06b1c9c9de0933e9755d3ac7deb3197d795570cde4d0680c87f25c8c3e34c189a8b8d898b8afa9140093dfbf731852cbc6bf02cfc03c00bd5941
SSDEEP

196608:5erveQWOfAMidD+traG/iYVS9MEY2HWv7ecSb5xW:47eQqMidD+hjpVSe/2Uu2

Score

10^/10

trickmo banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Extracted

Family

trickmo

http://mainworkapp.com/c

Signatures

TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
trojan infostealer banker trickmo
Trickmo family
trickmo

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/aner.fos540.ex/app_fragile/py.json	4788	aner.fos540.ex
/data/user/0/aner.fos540.ex/app_fragile/py.json!classes2.dex	4788	aner.fos540.ex
/data/user/0/aner.fos540.ex/app_fragile/py.json!classes3.dex	4788	aner.fos540.ex
/data/user/0/aner.fos540.ex/app_fragile/py.json!classes4.dex	4788	aner.fos540.ex

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	aner.fos540.ex

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	aner.fos540.ex

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	aner.fos540.ex

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	aner.fos540.ex

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	aner.fos540.ex

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	aner.fos540.ex

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	aner.fos540.ex

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	aner.fos540.ex

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	aner.fos540.ex

aner.fos540.ex
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4788

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.180.14
DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

142.250.200.14
DNS

appassets.androidplatform.net

Remote address:

1.1.1.1:53

Request

appassets.androidplatform.net

IN A

Response
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

216.58.212.232
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

xxxtik.com

Remote address:

1.1.1.1:53

Request

xxxtik.com

IN A

Response

xxxtik.com

IN A

164.92.225.151
GET

https://xxxtik.com/

Remote address:

164.92.225.151:443

Request

GET / HTTP/2.0
host: xxxtik.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://appassets.androidplatform.net/assets/www/index.html
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:19 GMT
content-type: text/html; charset=UTF-8
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:30 GMT
etag: W/"35bc-19594f3f2c0"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/assets/images/loading.svg

Remote address:

164.92.225.151:443

Request

GET /assets/images/loading.svg HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:19 GMT
content-type: image/svg+xml
content-length: 1013
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"3f5-19594f3f034"
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/polyfills-es2015.js

Remote address:

164.92.225.151:443

Request

GET /polyfills-es2015.js HTTP/2.0
host: xxxtik.com
origin: https://xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:19 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:56:26 GMT
etag: W/"9074-19594f123e9"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/main-es2015.js

Remote address:

164.92.225.151:443

Request

GET /main-es2015.js HTTP/2.0
host: xxxtik.com
origin: https://xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:19 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:56:25 GMT
etag: W/"d27-19594f1225d"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/runtime-es2015.js

Remote address:

164.92.225.151:443

Request

GET /runtime-es2015.js HTTP/2.0
host: xxxtik.com
origin: https://xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:19 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:56:22 GMT
etag: W/"2d0a-19594f114d5"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/styles.css

Remote address:

164.92.225.151:443

Request

GET /styles.css HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/css,*/*;q=0.1
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:19 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"13c72f-19594f3ef18"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/636-es2015.js

Remote address:

164.92.225.151:443

Request

GET /636-es2015.js HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:20 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:57:05 GMT
etag: W/"71f4-19594f1be76"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/assets/images/feather-sprite.svg

Remote address:

164.92.225.151:443

Request

GET /assets/images/feather-sprite.svg HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:20 GMT
content-type: image/svg+xml
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"eaf2-19594f3f018"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/assets/icons/ai-logo.png

Remote address:

164.92.225.151:443

Request

GET /assets/icons/ai-logo.png HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:20 GMT
content-type: image/png
content-length: 1087
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"43f-19594f3eff8"
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/assets/images/pc-camera.svg

Remote address:

164.92.225.151:443

Request

GET /assets/images/pc-camera.svg HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:20 GMT
content-type: image/svg+xml
content-length: 462
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"1ce-19594f3f038"
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/assets/icons/porndude.png

Remote address:

164.92.225.151:443

Request

GET /assets/icons/porndude.png HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:20 GMT
content-type: image/png
content-length: 2363
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"93b-19594f3f008"
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/assets/images/collapse.svg

Remote address:

164.92.225.151:443

Request

GET /assets/images/collapse.svg HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:20 GMT
content-type: image/svg+xml
content-length: 188
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"bc-19594f3f018"
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubdomains
GET

https://xxxtik.com/favicon.ico

Remote address:

164.92.225.151:443

Request

GET /favicon.ico HTTP/2.0
host: xxxtik.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.1.2085247806.1743081439
cookie: _ga_5QBTTR6TGX=GS1.1.1743081439.1.0.1743081439.0.0.0

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:25 GMT
content-type: image/x-icon
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 14 Mar 2025 13:59:29 GMT
etag: W/"3aee-19594f3ef84"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubdomains
DNS

mainworkapp.com

Remote address:

1.1.1.1:53

Request

mainworkapp.com

IN A

Response

mainworkapp.com

IN A

104.131.68.180

mainworkapp.com

IN A

178.62.201.34

mainworkapp.com

IN A

45.77.249.79
DNS

a.pemsrv.com

Remote address:

1.1.1.1:53

Request

a.pemsrv.com

IN A

Response

a.pemsrv.com

IN CNAME

1108595013.rsc.cdn77.org

1108595013.rsc.cdn77.org

IN A

84.17.50.8

1108595013.rsc.cdn77.org

IN A

89.187.167.39

1108595013.rsc.cdn77.org

IN A

89.187.167.42
DNS

a.pemsrv.com

Remote address:

1.1.1.1:53

Request

a.pemsrv.com

IN A
DNS

turbulent-divide.com

Remote address:

1.1.1.1:53

Request

turbulent-divide.com

IN A

Response

turbulent-divide.com

IN A

188.72.219.35
GET

https://turbulent-divide.com/cEDz9.6qbd2z5cleSAWtQB9ENuDnQgz/OsTYkhx/Nzy/0-0iN-DkMy5jO/TREp4z

Remote address:

188.72.219.35:443

Request

GET /cEDz9.6qbd2z5cleSAWtQB9ENuDnQgz/OsTYkhx/Nzy/0-0iN-DkMy5jO/TREp4z HTTP/2.0
host: turbulent-divide.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Thu, 27 Mar 2025 13:17:20 GMT
content-type: application/javascript
content-length: 0
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
x-content-type-options: nosniff
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: multipart/form-data; boundary=00content0boundary00
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1460

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:20 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: multipart/form-data; boundary=00content0boundary00
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 3312

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:22 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1272

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:22 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1271

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:25 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1270

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:27 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: multipart/form-data; boundary=00content0boundary00
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 5987

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:28 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1394

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:29 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1394

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:32 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1394

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:34 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1395

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:36 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1393

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:38 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1394

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:41 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1395

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:43 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1394

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:45 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1395

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:47 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1395

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:50 GMT
Content-Length: 0
POST

http://mainworkapp.com/c

Remote address:

104.131.68.180:80

Request

POST /c HTTP/1.1
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: mainworkapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1272

Response

HTTP/1.1 200 OK

Date: Thu, 27 Mar 2025 13:17:20 GMT
Content-Length: 0
DNS

firebase.googleapis.com

Remote address:

1.1.1.1:53

Request

firebase.googleapis.com

IN A

Response

firebase.googleapis.com

IN A

142.250.180.10

firebase.googleapis.com

IN A

216.58.212.202

firebase.googleapis.com

IN A

142.250.187.202

firebase.googleapis.com

IN A

172.217.16.234

firebase.googleapis.com

IN A

216.58.212.234

firebase.googleapis.com

IN A

172.217.169.42

firebase.googleapis.com

IN A

142.250.178.10

firebase.googleapis.com

IN A

142.250.187.234

firebase.googleapis.com

IN A

142.250.179.234

firebase.googleapis.com

IN A

172.217.169.74

firebase.googleapis.com

IN A

142.250.200.42

firebase.googleapis.com

IN A

142.250.200.10

firebase.googleapis.com

IN A

216.58.204.74

firebase.googleapis.com

IN A

216.58.201.106

firebase.googleapis.com

IN A

216.58.213.10
OPTIONS

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig

Remote address:

142.250.180.10:443

Request

OPTIONS /v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig HTTP/2.0
host: firebase.googleapis.com
accept: */*
access-control-request-method: GET
access-control-request-headers: x-goog-api-key
origin: https://xxxtik.com
sec-fetch-mode: cors
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://xxxtik.com/
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9
GET

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig

Remote address:

142.250.180.10:443

Request

GET /v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig HTTP/2.0
host: firebase.googleapis.com
accept: application/json
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
x-goog-api-key: AIzaSyAm9k1Y1GRbET-w1Z9joYMp63x1EHwZ5fY
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9
DNS

api.xxxtik.com

Remote address:

1.1.1.1:53

Request

api.xxxtik.com

IN A

Response

api.xxxtik.com

IN CNAME

xxxtik-api-iw98m.ondigitalocean.app

xxxtik-api-iw98m.ondigitalocean.app

IN A

172.66.0.96

xxxtik-api-iw98m.ondigitalocean.app

IN A

162.159.140.98
DNS

xxxtik-apix-s2l6l.ondigitalocean.app

Remote address:

1.1.1.1:53

Request

xxxtik-apix-s2l6l.ondigitalocean.app

IN A

Response

xxxtik-apix-s2l6l.ondigitalocean.app

IN A

162.159.140.98

xxxtik-apix-s2l6l.ondigitalocean.app

IN A

172.66.0.96
OPTIONS

https://api.xxxtik.com/tag/all

Remote address:

172.66.0.96:443

Request

OPTIONS /tag/all HTTP/2.0
host: api.xxxtik.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://xxxtik.com
sec-fetch-mode: cors
x-requested-with: aner.fos540.ex
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://xxxtik.com/
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Thu, 27 Mar 2025 13:17:21 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: authorization
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 204
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=A1BQK09f4AyUX5TdOkPrwsC7gLTVp.QdNC7kt6iLSzQ-1743081441-1.0.1.1-dGxfxeHxYowlsqDqmhAkgjKUjDuVIcjS85gGGlRtzOCOIVsNa0QXkXRKG4J_P01gbaO_TiCy7pzRAjfgG67V0Zzq2V7a_9DrGHkIzJVKP9M; path=/; expires=Thu, 27-Mar-25 13:47:21 GMT; domain=.api.xxxtik.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 926f2adeeea1d857-LHR
alt-svc: h3=":443"; ma=86400
OPTIONS

https://api.xxxtik.com/user/explore

Remote address:

172.66.0.96:443

Request

OPTIONS /user/explore HTTP/2.0
host: api.xxxtik.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://xxxtik.com
sec-fetch-mode: cors
x-requested-with: aner.fos540.ex
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://xxxtik.com/
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Thu, 27 Mar 2025 13:17:21 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: authorization
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 204
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=VVk4yQZGbhKs.dKyrpcQy5Hcbh3QOZV.OfQ6Wa8D1wU-1743081441-1.0.1.1-.s8aH8a4i1A6HMbHeu.4x7O5TWS3RKeSe3LxLMoiIuXPcZ3dqbhqoGYmO42O4ndAux.timTmRk4a6_25LeiHsMYYfO6CPBptEjH8GDe26UY; path=/; expires=Thu, 27-Mar-25 13:47:21 GMT; domain=.api.xxxtik.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 926f2adeeea4d857-LHR
alt-svc: h3=":443"; ma=86400
GET

https://api.xxxtik.com/tag/all

Remote address:

172.66.0.96:443

Request

GET /tag/all HTTP/2.0
host: api.xxxtik.com
accept: application/json, text/plain, */*
authorization: Bearer null
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"1e0d2-rVfC7YNvcFjPqwIIryAkJjhE2wE"
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
set-cookie: __cf_bm=kP4gRS2GVdxvBF0fuW.vvVmpiu9dtBzqlQ_sOML1Pcc-1743081441-1.0.1.1-6lWc.8_ajfuNLoCpC27s_9rPHfMMcJ43b6PnnNW..iwmaxYfYWz0bhA70AXhGyfcc0efagluV4d_fVavSrujqRVAPWMYlXjo4QXUpg4Nu1M; path=/; expires=Thu, 27-Mar-25 13:47:21 GMT; domain=.api.xxxtik.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 926f2adf6ff9d857-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://api.xxxtik.com/user/explore

Remote address:

172.66.0.96:443

Request

GET /user/explore HTTP/2.0
host: api.xxxtik.com
accept: application/json, text/plain, */*
authorization: Bearer null
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"9b338-JeY5lgy4OnmFJxO/Yxg/45yazAU"
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
set-cookie: __cf_bm=gnHq7BHipMFvJDRkO6dx5ei3ET09SKGYIPRRR1vckuQ-1743081441-1.0.1.1-qyKobsIhkNUZJ2Sa3Aw6usSE0akgxzKLAFqXo3txCOeB2MzvARoKFTDC6MOuMWISWIH60YSUooHPX0fpXrSO7phrwyoNyiy95DCt_nCfEuU; path=/; expires=Thu, 27-Mar-25 13:47:21 GMT; domain=.api.xxxtik.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 926f2adf6feed857-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
OPTIONS

https://xxxtik-apix-s2l6l.ondigitalocean.app/post/feed/by-key?cursor=0

Remote address:

162.159.140.98:443

Request

OPTIONS /post/feed/by-key?cursor=0 HTTP/2.0
host: xxxtik-apix-s2l6l.ondigitalocean.app
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://xxxtik.com
sec-fetch-mode: cors
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://xxxtik.com/
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Thu, 27 Mar 2025 13:17:21 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: authorization
x-do-app-origin: ea066e11-e5f1-49f8-8d34-e1b7333bb654
cache-control: private
x-do-orig-status: 204
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=9wnwVZrTai8ljKW3mU1731cwcBkEKf6zsGfo2Id06.Q-1743081441-1.0.1.1-.mbefIlx4OOYECicU14kaPYLAiYx2_TRtTm1Tn_3czWqN1DxF_X6j48KgDWXJwev1lW36xTsIsJSl68F5w3gS.1EkoktCx7vNkNMCZJtwTM; path=/; expires=Thu, 27-Mar-25 13:47:21 GMT; domain=.ondigitalocean.app; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 926f2adeefa9bea6-LHR
alt-svc: h3=":443"; ma=86400
GET

https://xxxtik-apix-s2l6l.ondigitalocean.app/post/feed/by-key?cursor=0

Remote address:

162.159.140.98:443

Request

GET /post/feed/by-key?cursor=0 HTTP/2.0
host: xxxtik-apix-s2l6l.ondigitalocean.app
accept: application/json, text/plain, */*
authorization: Bearer null
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"fdf0-dXZw7RWY/la8z/NDxMXDR4Jtpcs"
x-do-app-origin: ea066e11-e5f1-49f8-8d34-e1b7333bb654
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
set-cookie: __cf_bm=Kjk30acHhaGJpLiQASX6qxdHVkplhGXHOQ0UvkLZ91c-1743081441-1.0.1.1-ONIqtyQvk6.V7rRskqKfLDfdN6YvPIkvz6eeoYbM0JzjuIKd4cagkoZdnVRTJWdVSqoy7N8KAvXJkOrPNfryCpPobT4.TwVvUYq867oq.EU; path=/; expires=Thu, 27-Mar-25 13:47:21 GMT; domain=.ondigitalocean.app; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 926f2adf6825bea6-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

region1.google-analytics.com

Remote address:

1.1.1.1:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-5QBTTR6TGX&gtm=45je53p4v879146347za200&_p=1743081439242&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062&_fid=ceMPUCRHcux-Jcna1SMbCG&cid=2085247806.1743081439&ul=en-us&sr=320x640&frm=0&pscdl=noapi&_s=1&sid=1743081439&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2F&dr=https%3A%2F%2Fappassets.androidplatform.net%2Fassets%2Fwww%2Findex.html&dt=xxxtik%20-%20XXX%20TikTok%20Porn%20Videos.&en=page_view&_fv=2&_nsi=1&_ss=1&_ee=1&ep.origin=firebase&tfd=1763

Remote address:

216.239.32.36:443

Request

POST /g/collect?v=2&tid=G-5QBTTR6TGX&gtm=45je53p4v879146347za200&_p=1743081439242&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062&_fid=ceMPUCRHcux-Jcna1SMbCG&cid=2085247806.1743081439&ul=en-us&sr=320x640&frm=0&pscdl=noapi&_s=1&sid=1743081439&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2F&dr=https%3A%2F%2Fappassets.androidplatform.net%2Fassets%2Fwww%2Findex.html&dt=xxxtik%20-%20XXX%20TikTok%20Porn%20Videos.&en=page_view&_fv=2&_nsi=1&_ss=1&_ee=1&ep.origin=firebase&tfd=1763 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-5QBTTR6TGX&gtm=45je53p4v879146347za200&_p=1743081439242&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062&_fid=ceMPUCRHcux-Jcna1SMbCG&cid=2085247806.1743081439&ul=en-us&sr=320x640&frm=0&pscdl=noapi&_s=2&dp=%2F&dt=xxxtik%20-%20XXX%20TikTok%20Porn%20Videos.&sid=1743081439&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2F&dr=https%3A%2F%2Fappassets.androidplatform.net%2Fassets%2Fwww%2Findex.html&en=screen_view&_ee=1&ep.origin=firebase&ep.firebase_screen_class=app-root&epn.firebase_screen_id=1880518840&ep.screen_name=%2F&ep.firebase_event_origin=auto&ep.firebase_screen=%2F&ep.outlet=primary&ep.screen_class=app-root&tfd=6771

Remote address:

216.239.32.36:443

Request

POST /g/collect?v=2&tid=G-5QBTTR6TGX&gtm=45je53p4v879146347za200&_p=1743081439242&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062&_fid=ceMPUCRHcux-Jcna1SMbCG&cid=2085247806.1743081439&ul=en-us&sr=320x640&frm=0&pscdl=noapi&_s=2&dp=%2F&dt=xxxtik%20-%20XXX%20TikTok%20Porn%20Videos.&sid=1743081439&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2F&dr=https%3A%2F%2Fappassets.androidplatform.net%2Fassets%2Fwww%2Findex.html&en=screen_view&_ee=1&ep.origin=firebase&ep.firebase_screen_class=app-root&epn.firebase_screen_id=1880518840&ep.screen_name=%2F&ep.firebase_event_origin=auto&ep.firebase_screen=%2F&ep.outlet=primary&ep.screen_class=app-root&tfd=6771 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9
DNS

xcdn.tv

Remote address:

1.1.1.1:53

Request

xcdn.tv

IN A

Response

xcdn.tv

IN A

104.21.16.1

xcdn.tv

IN A

104.21.112.1

xcdn.tv

IN A

104.21.96.1

xcdn.tv

IN A

104.21.64.1

xcdn.tv

IN A

104.21.80.1

xcdn.tv

IN A

104.21.48.1

xcdn.tv

IN A

104.21.32.1
GET

https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/master.m3u8

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/C5jQNrT3/master.m3u8 HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/octet-stream
content-length: 364
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pu0GA3eWPjjEainFv4YORwqa%2FZZfhXVzJRQgjcf4qGWWPejJp6Z58SMyQzoQddRrewbZJH8eLNMPmvgxd9awKehl0sY7l9j6INMpsCj%2FS6HoFGFmG2DzZdsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926f2ae15b2e15c9-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20701&min_rtt=20477&rtt_var=3590&sent=6&recv=12&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1150&delivery_rate=129544&cwnd=253&unsent_bytes=0&cid=202d3dccc5bffaca&ts=108&x=0"
GET

https://xcdn.tv/cdn/production/media/0312/5GtqCX/master.m3u8

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/5GtqCX/master.m3u8 HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/octet-stream
content-length: 230
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=94Nm7yc7twH3D%2BU8ujDMQd9Ki02QB1v4VtnLvaT8q2Gkm%2Fo0Y3Ky4j1g6dMD7m6%2BPSZ8CV7IG%2Fcdn12vc79bxyG%2FIATPxC1IovtcWxyR3CyxShiUz%2B2sQasd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926f2ae15b3015c9-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20701&min_rtt=20477&rtt_var=3590&sent=9&recv=12&lost=0&retrans=0&sent_bytes=3874&recv_bytes=1150&delivery_rate=129544&cwnd=253&unsent_bytes=0&cid=202d3dccc5bffaca&ts=113&x=0"
GET

https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/360-380K.m3u8

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/C5jQNrT3/360-380K.m3u8 HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/octet-stream
content-length: 206
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxHS8HG2oV%2BomTwyHbiu%2B5CbpinbEeH4oh0tmVaV2g4oHL%2BTsVhleFoK7%2FRjemujyH1LEVZLK2nZUqSqbSkA6B5rPUR4RZ%2BjolXypvbj6t1i4goEQ8UbZKNB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926f2ae1dc8115c9-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20670&min_rtt=20460&rtt_var=926&sent=12&recv=19&lost=0&retrans=0&sent_bytes=4583&recv_bytes=1332&delivery_rate=258624&cwnd=257&unsent_bytes=0&cid=202d3dccc5bffaca&ts=157&x=0"
GET

https://xcdn.tv/cdn/production/media/0312/5GtqCX/480-500K.m3u8

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/5GtqCX/480-500K.m3u8 HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/octet-stream
content-length: 925
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F8rmw8qQyhPE%2FntBLm%2F7mb4ROP4OgnEK8HJoZlnHqFfFJtP2I2ldd%2FJjMe906hHlyu0NszHctAbtvlzrqbp5XxRZST65kK5TTWKIP8wfaNeePY0YfKLcJz4p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926f2ae1dc8815c9-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20670&min_rtt=20460&rtt_var=926&sent=15&recv=19&lost=0&retrans=0&sent_bytes=5267&recv_bytes=1332&delivery_rate=258624&cwnd=257&unsent_bytes=0&cid=202d3dccc5bffaca&ts=160&x=0"
GET

https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/360-380K0.ts

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/C5jQNrT3/360-380K0.ts HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: video/mp2t
content-length: 549712
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2TuudmG96SvO0KFns8uK69PF7aRZtQ1ux4oB5TRAyNtUySBvEDtMLi4HXnvhQlkT6HV7jYjR5OTYieWQsZBRqsPIheNKaj7SWP5T8RC5Zzq3VlA0UQe%2BrYnf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926f2ae22d3c15c9-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21496&min_rtt=20460&rtt_var=1988&sent=19&recv=23&lost=0&retrans=0&sent_bytes=6670&recv_bytes=1512&delivery_rate=290496&cwnd=257&unsent_bytes=0&cid=202d3dccc5bffaca&ts=206&x=0"
GET

https://xcdn.tv/cdn/production/media/0312/5GtqCX/480-500K0.ts

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/5GtqCX/480-500K0.ts HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: video/mp2t
content-length: 819304
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=933rMZ12eWhDhAHM3%2F8tEaBbPUXJbPefJZ9wULYC3n0uJ3bgYo8sLE3oC8JZkJ5jq7uwSHxbjdvyK%2ByHUt%2ByS1op0coYXyvIl4%2FQTlw9QdxtWBskTZu7JBga"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926f2ae22d4a15c9-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22041&min_rtt=20460&rtt_var=949&sent=154&recv=39&lost=0&retrans=0&sent_bytes=168047&recv_bytes=1512&delivery_rate=1329379&cwnd=257&unsent_bytes=8245&cid=202d3dccc5bffaca&ts=244&x=0"
GET

https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/1080-3M.m3u8

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/C5jQNrT3/1080-3M.m3u8 HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/octet-stream
content-length: 173
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
cf-ray: 926f2ae34ff115c9-LHR
alt-svc: h3=":443"; ma=86400
GET

https://xcdn.tv/cdn/production/media/0312/5GtqCX/720-1M.m3u8

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/5GtqCX/720-1M.m3u8 HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://xxxtik.com
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: application/octet-stream
content-length: 875
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTTDTu8pvHClFXIKKS703oDGQmO6tkUgy7NjBF2ev2GhG1Q3SBWn52Ykb1sloHtTUfEpk6T0ozyAGR6fKISSmcVm%2BauNhcYzNIHDNFeFNpf7LebNLq9YP8mw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926f2ae3a90315c9-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22118&min_rtt=20460&rtt_var=658&sent=1131&recv=219&lost=0&retrans=58&sent_bytes=1459712&recv_bytes=1692&delivery_rate=1250792&cwnd=746&unsent_bytes=0&cid=202d3dccc5bffaca&ts=449&x=0"
GET

https://xcdn.tv/cdn/production/images/72x72-b821e6c9-41eb-4e75-a584-3fbef416780f.webp

Remote address:

104.21.16.1:443

Request

GET /cdn/production/images/72x72-b821e6c9-41eb-4e75-a584-3fbef416780f.webp HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: image/webp
content-length: 11318
server: cloudflare
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: HIT
age: 638412
last-modified: Thu, 20 Mar 2025 03:57:09 GMT
cf-ray: 926f2ae15999eefd-LHR
alt-svc: h3=":443"; ma=86400
GET

https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/thumbnail.webp

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/C5jQNrT3/thumbnail.webp HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: image/webp
content-length: 2292
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
age: 1787924
cf-cache-status: HIT
last-modified: Thu, 06 Mar 2025 20:38:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pPf26MKLoNQBdidUisQBPJv9SkO7uUfssqsMaCF9IwnC5xi0dU%2B46wmAZ3wbxjfRatPozzSAPtegv0N223svhmC3v1J4vhYSqZeKs2%2FPyf2judJAV2b8QF45"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 926f2ae15995eefd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20410&min_rtt=20109&rtt_var=4794&sent=23&recv=12&lost=0&retrans=0&sent_bytes=14617&recv_bytes=1266&delivery_rate=131508&cwnd=252&unsent_bytes=0&cid=fc02e6aa454caed1&ts=75&x=0"
GET

https://xcdn.tv/cdn/production/media/0312/5GtqCX/thumbnail.webp

Remote address:

104.21.16.1:443

Request

GET /cdn/production/media/0312/5GtqCX/thumbnail.webp HTTP/2.0
host: xcdn.tv
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:21 GMT
content-type: image/webp
content-length: 3810
access-control-allow-origin: *
cache-control: public, max-age=3628800
strict-transport-security: max-age=15724800; includeSubdomains
age: 11052
cf-cache-status: HIT
last-modified: Thu, 27 Mar 2025 10:13:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HngMZBQHCqjGftO8MXRdag4LRtahSqKD0rggKGs%2BKfQi7L12j7Jhz00Ln2TtSCT6UXPTVGTFlhUMgPmaSgve3fxQnhpkBaD4yblRrTmpyhvC7lw27qLuqThA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 926f2ae15997eefd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20397&min_rtt=20109&rtt_var=3621&sent=28&recv=13&lost=0&retrans=0&sent_bytes=17520&recv_bytes=1266&delivery_rate=131508&cwnd=253&unsent_bytes=0&cid=fc02e6aa454caed1&ts=82&x=0"
GET

https://a.pemsrv.com/ad-provider.js

Remote address:

84.17.50.8:443

Request

GET /ad-provider.js HTTP/2.0
host: a.pemsrv.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:25 GMT
content-type: application/javascript
etag: W/"f82ddfee310cc4767ad2e313642"
expires: Tue, 25 Mar 2025 15:07:37 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBVBEyBwH3TBAAAAwBuUwKCQH37wIAAAwBnJIhJwG3CgAAAA
x-77-nzt-ray: 66f31c26aba5f3b1e54fe5677051d301
x-77-cache: HIT
x-77-age: 4172
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: londonGB
DNS

s.pemsrv.com

Remote address:

1.1.1.1:53

Request

s.pemsrv.com

IN A

Response

s.pemsrv.com

IN CNAME

tk6if76q.ab1n.net

tk6if76q.ab1n.net

IN A

95.211.229.245

tk6if76q.ab1n.net

IN A

95.211.229.246
POST

https://s.pemsrv.com/v1/api.php

Remote address:

95.211.229.245:443

Request

POST /v1/api.php HTTP/1.1
Host: s.pemsrv.com
Connection: keep-alive
Content-Length: 490
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://xxxtik.com
X-Requested-With: aner.fos540.ex
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://xxxtik.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Thu, 27 Mar 2025 13:17:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxtik.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Set-Cookie: __uvt=s%3A32%3A%221376fc14dc323df95472a85242b72b1f%22%3B; expires=Sat, 27-Mar-2027 13:17:25 GMT; Max-Age=63072000; path=/; domain=pemsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
DNS

s3t3d2y8.afcdn.net

Remote address:

1.1.1.1:53

Request

s3t3d2y8.afcdn.net

IN A

Response

s3t3d2y8.afcdn.net

IN CNAME

1208818836.rsc.cdn77.org

1208818836.rsc.cdn77.org

IN A

89.187.167.39

1208818836.rsc.cdn77.org

IN A

89.187.167.41

1208818836.rsc.cdn77.org

IN A

84.17.50.9
GET

https://s3t3d2y8.afcdn.net/images/close-icon-circle.png

Remote address:

89.187.167.39:443

Request

GET /images/close-icon-circle.png HTTP/2.0
host: s3t3d2y8.afcdn.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
x-requested-with: aner.fos540.ex
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://xxxtik.com/
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Thu, 27 Mar 2025 13:17:25 GMT
content-type: image/png
content-length: 405
last-modified: Thu, 09 Jan 2025 17:09:18 GMT
etag: "678002be-195"
expires: Mon, 12 Jan 2026 20:00:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-served-by: hap01-sec01-prg1-1
x-77-nzt: EwwBWbunJQH3gDBhAAgBuUwKEwFBDAElE8IxAbcAAAAA
x-77-nzt-ray: 84cb522fc8e8eacee54fe5674c0d7b1e
x-77-cache: HIT
x-77-age: 6369408
server: CDN77-Turbo
x-77-pop: londonGB
accept-ranges: bytes

172.217.169.14:443

tls, https

1.4kB
40 B
1
1
142.250.180.14:443

android.apis.google.com

tls

2.6kB
6.0kB
13
11
216.58.204.78:443

www.youtube.com

tls

2.1kB
8.4kB
17
15
142.250.180.14:443

android.apis.google.com

tls

2.6kB
5.9kB
12
10
216.239.32.223:443

tls, https

128 B
40 B
2
1
216.58.212.232:443

ssl.google-analytics.com

tls

1.4kB
6.3kB
10
9
164.92.225.151:443

https://xxxtik.com/favicon.ico

tls, http2

15.5kB
442.2kB
229
290

HTTP Request

GET https://xxxtik.com/

HTTP Response

200

HTTP Request

GET https://xxxtik.com/assets/images/loading.svg

HTTP Request

GET https://xxxtik.com/polyfills-es2015.js

HTTP Request

GET https://xxxtik.com/main-es2015.js

HTTP Request

GET https://xxxtik.com/runtime-es2015.js

HTTP Request

GET https://xxxtik.com/styles.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://xxxtik.com/636-es2015.js

HTTP Response

200

HTTP Request

GET https://xxxtik.com/assets/images/feather-sprite.svg

HTTP Request

GET https://xxxtik.com/assets/icons/ai-logo.png

HTTP Request

GET https://xxxtik.com/assets/images/pc-camera.svg

HTTP Request

GET https://xxxtik.com/assets/icons/porndude.png

HTTP Request

GET https://xxxtik.com/assets/images/collapse.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://xxxtik.com/favicon.ico

HTTP Response

200
188.72.219.35:443

turbulent-divide.com

tls, http2

1.0kB
479 B
9
5
188.72.219.35:443

https://turbulent-divide.com/cEDz9.6qbd2z5cleSAWtQB9ENuDnQgz/OsTYkhx/Nzy/0-0iN-DkMy5jO/TREp4z

tls, http2

1.8kB
3.7kB
13
8

HTTP Request

GET https://turbulent-divide.com/cEDz9.6qbd2z5cleSAWtQB9ENuDnQgz/OsTYkhx/Nzy/0-0iN-DkMy5jO/TREp4z

HTTP Response

200
104.131.68.180:80

http://mainworkapp.com/c

http

34.5kB
3.0kB
38
35

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200
104.131.68.180:80

http://mainworkapp.com/c

http

1.8kB
343 B
5
5

HTTP Request

POST http://mainworkapp.com/c

HTTP Response

200
142.250.180.10:443

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig

tls, http2

2.6kB
7.1kB
23
21

HTTP Request

OPTIONS https://firebase.googleapis.com/v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig

HTTP Request

GET https://firebase.googleapis.com/v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig
172.66.0.96:443

https://api.xxxtik.com/user/explore

tls, http2

3.9kB
91.5kB
49
75

HTTP Request

OPTIONS https://api.xxxtik.com/tag/all

HTTP Request

OPTIONS https://api.xxxtik.com/user/explore

HTTP Response

204

HTTP Request

GET https://api.xxxtik.com/tag/all

HTTP Response

204

HTTP Request

GET https://api.xxxtik.com/user/explore

HTTP Response

200

HTTP Response

200
172.66.0.96:443

api.xxxtik.com

tls, http2

1.0kB
3.3kB
9
6
162.159.140.98:443

https://xxxtik-apix-s2l6l.ondigitalocean.app/post/feed/by-key?cursor=0

tls, http2

2.4kB
18.5kB
21
21

HTTP Request

OPTIONS https://xxxtik-apix-s2l6l.ondigitalocean.app/post/feed/by-key?cursor=0

HTTP Response

204

HTTP Request

GET https://xxxtik-apix-s2l6l.ondigitalocean.app/post/feed/by-key?cursor=0

HTTP Response

200
216.239.32.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-5QBTTR6TGX&gtm=45je53p4v879146347za200&_p=1743081439242&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062&_fid=ceMPUCRHcux-Jcna1SMbCG&cid=2085247806.1743081439&ul=en-us&sr=320x640&frm=0&pscdl=noapi&_s=2&dp=%2F&dt=xxxtik%20-%20XXX%20TikTok%20Porn%20Videos.&sid=1743081439&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2F&dr=https%3A%2F%2Fappassets.androidplatform.net%2Fassets%2Fwww%2Findex.html&en=screen_view&_ee=1&ep.origin=firebase&ep.firebase_screen_class=app-root&epn.firebase_screen_id=1880518840&ep.screen_name=%2F&ep.firebase_event_origin=auto&ep.firebase_screen=%2F&ep.outlet=primary&ep.screen_class=app-root&tfd=6771

tls, http2

3.3kB
7.1kB
24
18

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-5QBTTR6TGX&gtm=45je53p4v879146347za200&_p=1743081439242&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062&_fid=ceMPUCRHcux-Jcna1SMbCG&cid=2085247806.1743081439&ul=en-us&sr=320x640&frm=0&pscdl=noapi&_s=1&sid=1743081439&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2F&dr=https%3A%2F%2Fappassets.androidplatform.net%2Fassets%2Fwww%2Findex.html&dt=xxxtik%20-%20XXX%20TikTok%20Porn%20Videos.&en=page_view&_fv=2&_nsi=1&_ss=1&_ee=1&ep.origin=firebase&tfd=1763

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-5QBTTR6TGX&gtm=45je53p4v879146347za200&_p=1743081439242&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062&_fid=ceMPUCRHcux-Jcna1SMbCG&cid=2085247806.1743081439&ul=en-us&sr=320x640&frm=0&pscdl=noapi&_s=2&dp=%2F&dt=xxxtik%20-%20XXX%20TikTok%20Porn%20Videos.&sid=1743081439&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2F&dr=https%3A%2F%2Fappassets.androidplatform.net%2Fassets%2Fwww%2Findex.html&en=screen_view&_ee=1&ep.origin=firebase&ep.firebase_screen_class=app-root&epn.firebase_screen_id=1880518840&ep.screen_name=%2F&ep.firebase_event_origin=auto&ep.firebase_screen=%2F&ep.outlet=primary&ep.screen_class=app-root&tfd=6771
104.21.16.1:443

xcdn.tv

tls, http2

1.0kB
3.1kB
9
6
104.21.16.1:443

https://xcdn.tv/cdn/production/media/0312/5GtqCX/720-1M.m3u8

tls, http2

14.8kB
1.4MB
223
725

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/master.m3u8

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/5GtqCX/master.m3u8

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/360-380K.m3u8

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/5GtqCX/480-500K.m3u8

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/360-380K0.ts

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/5GtqCX/480-500K0.ts

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/1080-3M.m3u8

HTTP Response

200

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/5GtqCX/720-1M.m3u8

HTTP Response

200
104.21.16.1:443

xcdn.tv

tls, http2

1.0kB
3.1kB
9
6
104.21.16.1:443

xcdn.tv

tls, http2

1.0kB
3.1kB
9
6
104.21.16.1:443

https://xcdn.tv/cdn/production/media/0312/5GtqCX/thumbnail.webp

tls, http2

3.3kB
23.8kB
38
36

HTTP Request

GET https://xcdn.tv/cdn/production/images/72x72-b821e6c9-41eb-4e75-a584-3fbef416780f.webp

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/C5jQNrT3/thumbnail.webp

HTTP Request

GET https://xcdn.tv/cdn/production/media/0312/5GtqCX/thumbnail.webp

HTTP Response

200

HTTP Response

200

HTTP Response

200
84.17.50.8:443

https://a.pemsrv.com/ad-provider.js

tls, http2

3.7kB
55.1kB
52
51

HTTP Request

GET https://a.pemsrv.com/ad-provider.js

HTTP Response

200
95.211.229.245:443

https://s.pemsrv.com/v1/api.php

tls, http

2.5kB
8.2kB
17
13

HTTP Request

POST https://s.pemsrv.com/v1/api.php

HTTP Response

200
89.187.167.39:443

https://s3t3d2y8.afcdn.net/images/close-icon-circle.png

tls, http2

2.0kB
4.9kB
17
11

HTTP Request

GET https://s3t3d2y8.afcdn.net/images/close-icon-circle.png

HTTP Response

200

224.0.0.251:5353

3.0kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.180.14
1.1.1.1:53

www.youtube.com

dns

61 B
335 B
1
1

DNS Request

www.youtube.com

DNS Response

216.58.204.78

216.58.212.238

142.250.178.14

142.250.200.46

142.250.180.14

172.217.169.14

216.58.201.110

172.217.16.238

142.250.187.238

172.217.169.78

142.250.187.206

142.250.179.238

216.58.213.14

172.217.169.46

142.250.200.14
1.1.1.1:53

appassets.androidplatform.net

dns

75 B
135 B
1
1

DNS Request

appassets.androidplatform.net
1.1.1.1:53

ssl.google-analytics.com

dns

140 B
86 B
2
1

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com

DNS Response

216.58.212.232
1.1.1.1:53

xxxtik.com

dns

56 B
72 B
1
1

DNS Request

xxxtik.com

DNS Response

164.92.225.151
1.1.1.1:53

mainworkapp.com

dns

61 B
109 B
1
1

DNS Request

mainworkapp.com

DNS Response

104.131.68.180

178.62.201.34

45.77.249.79
1.1.1.1:53

a.pemsrv.com

dns

116 B
144 B
2
1

DNS Request

a.pemsrv.com

DNS Request

a.pemsrv.com

DNS Response

84.17.50.8

89.187.167.39

89.187.167.42
1.1.1.1:53

turbulent-divide.com

dns

66 B
82 B
1
1

DNS Request

turbulent-divide.com

DNS Response

188.72.219.35
1.1.1.1:53

firebase.googleapis.com

dns

69 B
309 B
1
1

DNS Request

firebase.googleapis.com

DNS Response

142.250.180.10

216.58.212.202

142.250.187.202

172.217.16.234

216.58.212.234

172.217.169.42

142.250.178.10

142.250.187.234

142.250.179.234

172.217.169.74

142.250.200.42

142.250.200.10

216.58.204.74

216.58.201.106

216.58.213.10
1.1.1.1:53

api.xxxtik.com

dns

60 B
141 B
1
1

DNS Request

api.xxxtik.com

DNS Response

172.66.0.96

162.159.140.98
1.1.1.1:53

xxxtik-apix-s2l6l.ondigitalocean.app

dns

82 B
114 B
1
1

DNS Request

xxxtik-apix-s2l6l.ondigitalocean.app

DNS Response

162.159.140.98

172.66.0.96
1.1.1.1:53

region1.google-analytics.com

dns

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.32.36

216.239.34.36
1.1.1.1:53

xcdn.tv

dns

53 B
165 B
1
1

DNS Request

xcdn.tv

DNS Response

104.21.16.1

104.21.112.1

104.21.96.1

104.21.64.1

104.21.80.1

104.21.48.1

104.21.32.1
1.1.1.1:53

s.pemsrv.com

dns

58 B
121 B
1
1

DNS Request

s.pemsrv.com

DNS Response

95.211.229.245

95.211.229.246
1.1.1.1:53

s3t3d2y8.afcdn.net

dns

64 B
150 B
1
1

DNS Request

s3t3d2y8.afcdn.net

DNS Response

89.187.167.39

89.187.167.41

84.17.50.9

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/aner.fos540.ex/app_fragile/py.json

Filesize
4.9MB

MD5
aae2fff1e66e2ed7098e6a244c9fafc9

SHA1
cb45aa08a26f26d57e4ff2c38c87445baddd88bf

SHA256
1f4ecd2ff4e128f1ff3da8e59d77d3b64eda9ba8514d76abae1f786bbe65420b

SHA512
757310e3bb6855040b4b2a631f221e806721f5666257add6bf834c29b37a19fb953c42d3d04bbeedcd53d1ae1a2337bc61e36db046e46f1de18103e324fefb73

Download Submit
/data/data/aner.fos540.ex/app_fragile/py.json

Filesize
4.9MB

MD5
ad4a8dddb4b956662516a5353912f97c

SHA1
52b4eee991f8eac17572bc57f2b06dba9a6fddce

SHA256
19fd2538eb94df4e5713d9bca304527c08f27a84118ee583fc263cda1ef3b10d

SHA512
37ce05314e1e2a0edbe07f91208265e3c35a63142da54f60732736aa9cb8201dc78025682cb489e0e607826a21df38932ddbaa199fc86d246a91f42a614b2dd4

Download Submit
/data/data/aner.fos540.ex/cache/clicker.json

Filesize
17KB

MD5
d780f836fe54e51872bf31220a4dcb77

SHA1
5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

SHA256
32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

SHA512
62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

Download Submit
/data/data/aner.fos540.ex/databases/a

Filesize
20KB

MD5
57baf3e42a94e8dd82e267b2f0619330

SHA1
76512dd29fbaf3cfd2efeae0ac2ab5108b81af19

SHA256
49a98902c1ffb97354f0e8f0f9208b84dfabaa826635f6ade1fc782169a3ec7c

SHA512
227f9d10a39fb0d8ae0a562e3b983fde44de62b3dbcd577172451e0e1f669e5721ba653c324af7c4d022032edd951cc417805a4eeafd5e84f28d378b9126a690

Download Submit
/data/data/aner.fos540.ex/databases/a

Filesize
20KB

MD5
0965a42102ece17cc114a6db757567ae

SHA1
e4d55c839f48e72b860999eb1cc4196383e40123

SHA256
26dd50faae92eb56eca8280c2b2e19ca6c7c35394b23ab1a9a160b32274993a1

SHA512
d4562cddb4e1cafca3a92dd55625d25de61937fa1295131bce4bfd7ccbab72f5d59ba69750f7c186e09ecef5ad9c2aa957545f39493d570c9232aae50b56ec73

Download Submit
/data/data/aner.fos540.ex/databases/a

Filesize
20KB

MD5
6611aecd83960dac821f57b448cd3e75

SHA1
82cb42892134a932c41067099d0c0778ed756527

SHA256
461f9bf58e7c9c71f5dbe0c41ee6b3ad134cec8de65f0aece10eb0ee4b0ec173

SHA512
7f10e5e328ec11bbf83be2268e0f741dbec13692f3854f85138387d2e0879e79fae21b31dd30596aedc46875054a6457db1a5c4b07850f7d235dd867a3183d70

Download Submit
/data/data/aner.fos540.ex/databases/a-journal

Filesize
512B

MD5
b4a4317aee70e5d5333436ffbb8cd919

SHA1
5c87fa747e6d6733a1bfc4fe4658af1092a44d99

SHA256
ad67cf0661cf4ab7a6ea3a34f7279ea32ba8430425e9d22aa02f42ac46f80cf6

SHA512
14b4df0212f3fb96e32193f924d86b2bceb4b6d00273373d6ab9138f39d7d1e532e545eed76583df7e802ac9ead976e995ed2237f9e40c5e710d9136ec3bfeb1

Download Submit
/data/data/aner.fos540.ex/databases/a-journal

Filesize
8KB

MD5
587dbad9aa2fc35195a46ba5a17f1879

SHA1
074a8781d8c0f8fb2666f0b05200fb620da8937d

SHA256
89c89e15f63b28913cfccbf6f5c11c4c175ef376908c31e2eaf3caf46a6478f8

SHA512
47cdaf1457990ef7668769b871f368b9922a0fbfa82acf7695b70307efd6bd0f9e19abe958216980bbabe48ec342d74c55d054a8f41cc77ecc16adc06da87b01

Download Submit
/data/data/aner.fos540.ex/databases/a-journal

Filesize
8KB

MD5
9d6105b2c12dd39b4539fb2b88443049

SHA1
f306b02c260ce77e2fba84e21dd74c07402faa48

SHA256
526307066af84d2aa6af756f2ce1996b71834b5cc08c7ccfb76bce433d04a1e7

SHA512
dd533e373b231a467949103b7b53a6edabee486e88032629842e2b1afa67f35bbabf8b71fe3eddc15eeda058793645cfd8b809b288a3d3ae8fb780c18108d968

Download Submit
/data/data/aner.fos540.ex/databases/a-journal

Filesize
12KB

MD5
293ee1ffabaa79858acf591b472a714d

SHA1
e69a1ad3a353f7e2d186c84e5cdbd25487ad2db1

SHA256
4b0c1f9c0ff715ab2223b0453e94aba61905047b0e34e1adde7dee73c00cd8cf

SHA512
c5f43ebe19d6b5b3588de14ad86f2e47e5d6d642838dddf89578d135970f6570891d111892f8f2d435514fb1ccaaa32441dc8c0f90004f2e19ec0f17f73823a2

Download Submit
/data/data/aner.fos540.ex/databases/a-journal

Filesize
12KB

MD5
26a9effb2dac87800f2d3f913964bacc

SHA1
acfb6fdecc72a3e61a11b3b80ea60394e1c0ce75

SHA256
7174723cce5028f138f6de8b48edc58cd46383e9cb691eac9ac5213124c7ba8b

SHA512
69c90614893a628e00c59193b32b18106c0af07d4b2d5cbaa88ee9887782398e3b1b33e82014ce2f6a8b5e7cc39ef36ef8586df6e07eb993ede8111cfc72a611

Download Submit
/data/data/aner.fos540.ex/files/aner.fos540.ex

Filesize
256B

MD5
7ab23a511ed8b56f926ac80ecb991711

SHA1
9e6872ebc47293405de079b91cc2b490033b35ac

SHA256
5994ff2060b317036749fa91d40a920f56c9bcadb9cf3daa232613a0bb29ce77

SHA512
d8bc986d98c9e8a4f9616e99a44791dfd751e244651aab907c96b19a9bcfa42e8f557ffc30ce739d7b0cf7d73afe3a089b1d5cb18b8aa159eef59bcef6553c3a

Download Submit
/data/data/aner.fos540.ex/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/aner.fos540.ex/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
3a9c741e1755483a71e2349f1fc38653

SHA1
92aa5f7281b4be439d1d70af7d31b2c0f0853664

SHA256
815f9e9a9943418d7784a3d5c3704b97532f2acfd08ecef266f211c0cbeacfc7

SHA512
47148e3fb83ed82e30d9d1580111b0f53f087ef7fabfe2bd7a2ce1a892e3ddc20261d513c1a249a181f98c62b5dc11e24c0b321af75fb4414b0eb82f0a984066

Download Submit
/data/data/aner.fos540.ex/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/aner.fos540.ex/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
12739b83faff4beb51c0960f3d757368

SHA1
8c070bb3f80aede8ff96dd673e9c11711fe0a1e7

SHA256
83459da342166920905e8a9a7b40591afb3cec0dc9de97350d887d7fe755cf3f

SHA512
4c11af63aae55a1d672bf5dad5c0ac4b71e221603b882d285c8d9b31eccc7cdef3d9e8b29ae7520f2dfcbae9900c22a9e478b9e7c93402e76b0c9fee28f288b8

Download Submit
/data/data/aner.fos540.ex/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7da0d958931fe446a3e17c3c1001324b

SHA1
85c90da9e0c1054d664184e1fde20a3bf2a4b7e0

SHA256
013978c3cb676e6729ec73537a88a43feba191baed1bba0efa624ac4dc2781c7

SHA512
9d5707d2b37083fdef979e6ca068f9d0aa4bfaad4d61787dd0a8124335665d14c8e198060c6af21c016c772cf64e5f17f7813f7b8bcf0426a7fcf6c3411b81be

Download Submit
/data/data/aner.fos540.ex/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
ff5a9edfd2d97ef4038aab0e045989f0

SHA1
60181fed083aa88eb77c7509f420c5c01eab4729

SHA256
bd4bcad2146dd2d2c1bfcc9cb32e1e504717335ced6fcf3f59e33b26c69e96b9

SHA512
a455735e531af809ce13c5c27c5af8e72b4ab98263d4e1a0f20d47edfb9590c01635b4415352aceeab27dddf7930af2300e980ad29de59d9c9fd2fa60cadf480

Download Submit
/data/user/0/aner.fos540.ex/app_fragile/py.json

Filesize
10.9MB

MD5
35d4cda95e19e9be467673c78e1e2fa2

SHA1
3868d4dda794c360f57ba650c332b39ce5c68d8e

SHA256
6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

SHA512
577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

Download Submit
/data/user/0/aner.fos540.ex/app_fragile/py.json!classes2.dex

Filesize
308KB

MD5
87fbf4277c7b1354b07ab66e7841e5fc

SHA1
f171167c1e22209bfe6f8e826763fbba7e2dd195

SHA256
d604f9e58075636656da343d9efe1c1af4f225def49e4d288fc8a7442cb07555

SHA512
c74f9f44d6b8d4b3c78b79a2710b66ebf851c6401b8e01926f910e44e4be7ce911286b385558797802eba7ae26b0d0ed06faee79e9e8bbe8ca798f7ce4e4f9fa

Download Submit
/data/user/0/aner.fos540.ex/app_fragile/py.json!classes3.dex

Filesize
264KB

MD5
336b36c9bac9108ef167e46ecd780cf8

SHA1
2f2053b4858cbc16a7fd71634187b829e816e3ec

SHA256
f144ad2da806b72948617d8d35426c21fb682d58c20c5002b3d41eefd80a07b2

SHA512
faaee8913953353783666ec7917e9cbb6774c024369e069de530904a3664cd96ddf7bb0a4b261f7aa8458b33028b39c3af7d66fb62bd3885e7f7fde001c67401

Download Submit
/data/user/0/aner.fos540.ex/app_fragile/py.json!classes4.dex

Filesize
1.7MB

MD5
30465152db261852e3a226a666ec4304

SHA1
442a188e07db85653022734d0a8537d4312aef38

SHA256
c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

SHA512
3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/logs/log.txt

Filesize
83B

MD5
26743452be128f57f236063803a626a6

SHA1
6e218a036a8b489446b42d8ce002d00ea5c8ae33

SHA256
322c5d3e8edddf0deb4aa81e3ae487de563e148f40bc4e216f2e07582d5b37c1

SHA512
9d0d49d7e38fdb20390bb9c5ca6a429659d74301814aa4b1b223884fb07123ba58c7888161aeceeb343a63f598b27c860437ecfc2b798a9c9ad23e0c84a0d743

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-18.txt

Filesize
67KB

MD5
5305bc81f5f972426830e6cdb97943b4

SHA1
69027b844d885cee398f69df928ff05a707a39f1

SHA256
4622984beb5dd25323932fa4a896747a4394684fbb959033e0f99c0ce192ecdf

SHA512
c552752e735f7d9a210333aec6066b3fbace75915c1b2b984cb5c149fb231f6e27d6e2314d1a373dbd4ae97c6c0fd9e4eacc12617bc59930eff867b65eefdff9

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-18.txt (deleted)

Filesize
4KB

MD5
16cd19fc593b3b23d832bc7478c17bee

SHA1
7369feadaa972d7ecae30b9ea7133ab0613c5397

SHA256
97d8e301ff05388629ce4cd84ca22e10fae51a22f81dc5c9fd6a4aac885fecfa

SHA512
eea473b6b98555fad4accb9d8eddf25895efab8655edfabdfacf1e8948649aa04896ea605e23c9c2905e1d3461226625f5c99f975619511ac3697d726b308fe0

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-18.txt.zip (deleted)

Filesize
826B

MD5
03a8c5b4e77e5877c1ad91e48b2c4a38

SHA1
0ce743f1d44d3719a96159c4b6f04c40e19c3b24

SHA256
668618bb8ddc4817b747b1cb644777ea7fcaf298932eca6614026dccba446ceb

SHA512
d2910cbed099a29b67609386e71c224a1d3cd29a0d9c560a8f39415ba5a7c294d8525e046a877af40462c09e1a377216b1e935da7d119233148426966037a128

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-18.txt.zip (deleted)

Filesize
2KB

MD5
1d39a0a2ef34e227534a71947acd8f30

SHA1
a6ffb0fefd930d848af737066bc4b90278d2d0b2

SHA256
5e9fe2b8becdbdec28617090b68628b7a696e531ec9f538e3e6d75220d656e60

SHA512
b4c64c2279093824b1c4f3dd3674941eebf1a3a8c06879c06922f60b156810858fd1dd4f8a9f2af28cd199c127d8bbf70fe2e93395ff2e6c7763f6d76b980b05

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-24.txt

Filesize
72KB

MD5
8afc7f21f44b2791604926d4fa69f82d

SHA1
9e310a3781ea124ec5db6803924e0796eb2f4d36

SHA256
3be81ffbd22bc40d04672013c959cf2d4de15488a7a16933abd23eedb3ec59c4

SHA512
36bb7f73447bd4a5c6668127a67f43ca39f053c961059cf0202fdeddcc3ee1978496537e2c4b264cb2b3e26fad08779b12a02de49b9f630d3aa0ef6472f915bf

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-24.txt

Filesize
143KB

MD5
3a88e98627b013d3e79cd6f479d350a0

SHA1
28a5725fd0784a09e8c84b88560a31d063a09944

SHA256
53bcd744766079ec201f8f1800324910426bd1f63400e47d50d1a617d94b78d0

SHA512
56a9372380b771d4f6fd068ba032730a13328314ebbd31755f4d830bc38af707b50eec898cf37092671e744329dcd1d1ccd8257d3433446f4340ca7f9e395831

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-24.txt (deleted)

Filesize
1001B

MD5
1c56b419f043be564ccf85c040ba4758

SHA1
28c97c81599d098b2034aa18abfc72c6c26ea956

SHA256
e37f82553044557524cb0b7d2de8623384e03ba01d61cf1de79b2335577c00e5

SHA512
ccdc36a1535485c1b62c64ed3ab1f1ae630494e4590506147468bbf0cddd5f5aad538a576a124da28637cd6e138c25ef91433d048ae8422b0d40772d6ae6fd24

Download Submit
/storage/emulated/0/Android/data/aner.fos540.ex/cache/records/com.android.settings_2025-03-27-13-17-24.txt.zip (deleted)

Filesize
5KB

MD5
39df1ac976f745088c7e4340a756bdb8

SHA1
01d46d506a0397cf976f5f97bcb15198cf6e9bbc

SHA256
092ae87bdaed2fc13941b581fc91b900e91af37f2fe1cb9f3ad009e18ba145a1

SHA512
fafe43d6c378fd62557e79fa720f8028d7f12f31d067a0b29b854957744a053e091cbabdad9473c065b2dbf15bdf2dd4ccf1688d830f408a3e2f16645319e258

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response