Technical information
Malicious functions:
Removes app icon from the screen.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) js.omg.neodata####.com:80
- TCP(HTTP/1.1) p####.adverti####.com:80
- TCP(HTTP/1.1) tpc.googles####.com:80
- TCP(HTTP/1.1) p####.rubicon####.com:80
- TCP(HTTP/1.1) m####.ad####.org:80
- TCP(HTTP/1.1) vis####.omnit####.com:80
- TCP(HTTP/1.1) beacon-####.lb.k####.net:80
- TCP(HTTP/1.1) cd####.imrworl####.com:80
- TCP(HTTP/1.1) lo####.exel####.com:80
- TCP(HTTP/1.1) eu-####.l####.exel####.com:80
- TCP(HTTP/1.1) uip.sem####.net:80
- TCP(HTTP/1.1) ad.360y####.com:80
- TCP(HTTP/1.1) pi####.com:80
- TCP(HTTP/1.1) t####.adfor####.ak####.net:80
- TCP(HTTP/1.1) on####.mgr.cons####.org:80
- TCP(HTTP/1.1) id####.r####.com:80
- TCP(HTTP/1.1) 2-01-27####.cdx.ced####.net:80
- TCP(HTTP/1.1) t####.blu####.com.####.net:80
- TCP(HTTP/1.1) s####.go.so####.com:80
- TCP(HTTP/1.1) adadv####.net:80
- TCP(HTTP/1.1) px.powerl####.com:80
- TCP(HTTP/1.1) ce.l####.com:80
- TCP(HTTP/1.1) im####.google####.com:80
- TCP(HTTP/1.1) aa.a####.com:80
- TCP(HTTP/1.1) d####.addthis####.com.####.net:80
- TCP(HTTP/1.1) de5zarw####.cloudf####.net:80
- TCP(HTTP/1.1) p####.mat####.com.####.net:80
- TCP(HTTP/1.1) g####.n####.com:80
- TCP(HTTP/1.1) g.geo####.com:80
- TCP(HTTP/1.1) cm.g.doublec####.net:80
- TCP(HTTP/1.1) pug2200####.pubm####.com:80
- TCP(HTTP/1.1) p####.t####.com:80
- TCP(HTTP/1.1) d####.casalem####.com.####.net:80
- TCP(HTTP/1.1) td.crwdc####.net:80
- TCP(HTTP/1.1) i.l####.com:80
- TCP(HTTP/1.1) d.omg.neodata####.com:80
- TCP(HTTP/1.1) stickya####.com.edg####.net:80
- TCP(HTTP/1.1) optimiz####.4wnet####.com:80
- TCP(HTTP/1.1) tra####.neodata####.com:80
- TCP(HTTP/1.1) js.a####.com:80
- TCP(HTTP/1.1) d####.a####.com:80
- TCP(HTTP/1.1) s####.search####.spotxch####.####.net:80
- TCP(HTTP/1.1) cdn.elast####.net:80
- TCP(HTTP/1.1) st####.a####.com:80
- TCP(HTTP/1.1) media####.dig####.st:80
- TCP(HTTP/1.1) 94.1####.63.251:80
- TCP(HTTP/1.1) san.ads####.de.####.net:80
- TCP(HTTP/1.1) www.a####.it:80
- TCP(HTTP/1.1) s####.mat####.com:80
- TCP(HTTP/1.1) x.bidsw####.net:80
- TCP(HTTP/1.1) e####.o####.net:80
- TCP(HTTP/1.1) www.game####.xyz:80
- TCP(HTTP/1.1) secure-####.imrworl####.com:80
- TCP(HTTP/1.1) t####.ad####.net:80
- TCP(HTTP/1.1) p####.net.edg####.net:80
- TCP(HTTP/1.1) i####.de####.net:80
- TCP(HTTP/1.1) d2lcoyv####.cloudf####.net:80
- TCP(HTTP/1.1) onetag####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) i####.de####.net:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) cm.g.doublec####.net:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) s0.2####.net:443
- TCP(TLS/1.0) s####.mat####.com:443
- TCP(TLS/1.0) t####.adfor####.ak####.net:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) adser####.go####.nl:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) adser####.go####.com:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP(TLS/1.0) onetag####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) m####.ad####.org:443
- TCP(TLS/1.0) on####.mgr.cons####.org:443
- TCP(TLS/1.0) secure-####.imrworl####.com:443
- TCP(TLS/1.0) tra####.neodata####.com:443
- TCP(TLS/1.0) js.omg.neodata####.com:443
DNS requests:
- 4####.nu####.net
- a####.vi####.com
- aa.a####.com
- ad.360y####.com
- adadv####.net
- ads.stickya####.com
- adser####.go####.com
- adser####.go####.nl
- be####.k####.net
- c1.ad####.net
- cd####.imrworl####.com
- cdn.elast####.net
- ce.l####.com
- cm.g.doublec####.net
- co####.ads####.de
- d####.casalem####.com
- d.a####.com
- d.omg.neodata####.com
- d2lcoyv####.cloudf####.net
- de5zarw####.cloudf####.net
- dmp.ad####.net
- dpm.de####.net
- e####.o####.net
- e.n####.com
- i.l####.com
- ib.a####.com
- id####.r####.com
- ih.ads####.de
- im####.google####.com
- im####.pubm####.com
- js.a####.com
- js.omg.neodata####.com
- l####.exel####.com
- lo####.exel####.com
- m####.ad####.org
- media####.dig####.st
- on####.mgr.cons####.org
- onetag####.com
- onetag####.com
- optimiz####.4wnet####.com
- p####.adverti####.com
- p####.mat####.com
- p####.rubicon####.com
- p####.t####.com
- pag####.googles####.com
- pi####.com
- pixe####.rubicon####.com
- px.powerl####.com
- ren####.de####.net
- rtb-c####.smartad####.com
- s####.crwdc####.net
- s####.g.doublec####.net
- s####.go.so####.com
- s####.mat####.com
- s####.se####.spotxch####.com
- s0.2####.net
- secur####.imrworl####.com
- securep####.g.doublec####.net
- st####.a####.com
- su.add####.com
- t####.ad####.net
- t####.blu####.com
- t.share####.com
- tape####.t####.com
- tpc.googles####.com
- tra####.neodata####.com
- uip####.sem####.net
- uip.sem####.net
- vis####.omnit####.com
- www.a####.it
- www.face####.com
- www.game####.xyz
- www.go####.com
- www.go####.nl
- www.google-####.com
- www.googlet####.com
- x.bidsw####.net
- x.dlx.add####.com
HTTP GET requests:
- 2-01-27####.cdx.ced####.net/redir/?partnerid=####&partneruserid=####
- 2-01-27####.cdx.ced####.net/redir/?partnerid=####&partneruserid=####&red...
- aa.a####.com/adscores/g.pixel?sid=####
- aa.a####.com/adscores/g.pixel?sid=####&gdpr=####&gdpr_consent=####
- aa.a####.com/adscores/g.pixel?sid=####&mt=####
- aa.a####.com/adscores/g.pixel?sid=####&tdid=####&&bounced=####
- ad.360y####.com/match?publisher_dsp_id=####&external_user_id=####
- ad.360y####.com/ul_cb/match?publisher_dsp_id=####&external_user_id=####
- adadv####.net/adscores/g.pixel?sid=####&tdid=####
- beacon-####.lb.k####.net/usermatch.gif?partner=####&_kdpid=####&mmuuid=#...
- cd####.imrworl####.com/ci/ansa-it.json
- cd####.imrworl####.com/conf/config250.js
- cd####.imrworl####.com/novms/html/ls.html
- cd####.imrworl####.com/novms/js/2/nlsSDK600.bundle.min.js
- cdn.elast####.net/native/serve/js/nativeEmbed.gz.js
- cdn.elast####.net/native/serve/js/quantx/nativeEmbed.gz.js
- ce.l####.com/merge?pid=####&3pid=####
- cm.g.doublec####.net/pixel?google_nid=####&googl####
- cm.g.doublec####.net/pixel?google_nid=####&googl####&google_hm=####
- cm.g.doublec####.net/pixel?google_nid=####&googl####&no_r=####
- cm.g.doublec####.net/pixel?google_nid=####&google_cm=####&google_hm=####...
- cm.g.doublec####.net/pixel?google_nid=####&google_cm=####&google_tc=####
- cm.g.doublec####.net/pixel?google_nid=####&google_cm=####&no_r=####&goog...
- d####.a####.com/iframe/8613/?che=####&gdpr=####&gdpr_consent=####&url=##...
- d####.a####.com/pixel/2610/?sk=####&pd=####&puid=####&ex=####&exc=####&a...
- d####.addthis####.com.####.net/red/usync?pid=####&puid=####
- d####.casalem####.com.####.net/rum?cm_dsp_id=####&external_user_id=####
- d####.casalem####.com.####.net/rum?cm_dsp_id=####&external_user_id=####&...
- d.omg.neodata####.com/cm?eid=####&pv=####&sid=####&rt=####
- d.omg.neodata####.com/pv?sid=####&rnd=####&pv=####&id=####&ad=####&rs=##...
- d2lcoyv####.cloudf####.net/native/placements/ansa.it/pconfig?r=####
- de5zarw####.cloudf####.net/native/placements/ansa.it/pconfig?r=####
- e####.o####.net/w/1.0/sd?cc=####&id=####&val=####
- e####.o####.net/w/1.0/sd?id=####&val=####
- eu-####.l####.exel####.com/load/?p=####&g=####&buid=####&j=####
- g####.n####.com/e/media_math_sync.xgi?na_exid=####
- g.geo####.com/bounce?/getuid?https://sync.mathtag.com/sync/img?mt_exid=#...
- g.geo####.com/getuid?https://sync.mathtag.com/sync/img?mt_exid=####&mt_m...
- i####.de####.net/ibs:dpid=269&dpuuid=e7595c29-6aa9-4600-b7f1-43efda84eb19
- i.l####.com/s/37464?bidder_id=####&bidder_uuid=####
- i.l####.com/s/37464?bidder_id=####&bidder_uuid=####&_li_chk=####&previou...
- id####.r####.com/1000.gif?memo=####
- id####.r####.com/361087.gif?partner_uid=####
- im####.google####.com/js/core/bridge3.266.0_en.html
- im####.google####.com/js/sdkloader/ima3.js
- js.a####.com/prod/v0/tag.js
- js.omg.neodata####.com/omg.js
- lo####.exel####.com/pixel.gif
- m####.ad####.org/track/cmf/generic?ttd_pid=####&ttd_tpi=####
- m####.ad####.org/track/cmf/generic?ttd_pid=####&ttd_tpi=####&gdpr=####&g...
- m####.ad####.org/track/cmf/generic?ttd_pid=####&ttd_tpi=####&gpdr=####&g...
- media####.dig####.st/sync/img?mt_exid=####&mt_exuid=####&foreign####&mt#...
- on####.mgr.cons####.org/sync/i,1/e7595c29-6aa9-4600-b7f1-43efda84eb19
- on####.mgr.cons####.org/sync/i,13/5753207868334712343
- on####.mgr.cons####.org/sync/i,29/?tdid=####&ttl=####
- on####.mgr.cons####.org/sync/i,30/c1f877f6-45f7-40f2-9a98-30c85d81db9c
- onetag####.com/main.js
- onetag####.com/new_local/?1546099####
- onetag####.com/res/new_onetag.js?1546099####
- onetag####.com/sync/i,1/e7595c29-6aa9-4600-b7f1-43efda84eb19
- onetag####.com/sync/i,19/?no_r=####&google_error=####
- onetag####.com/sync/i,3/?UID=####&dp-1313=####&sessionId=####
- optimiz####.4wnet####.com/_ot.php?code=####
- optimiz####.4wnet####.com/asset/css/vidIMA.min.css
- optimiz####.4wnet####.com/asset/js/allscriptIMA.min.js
- optimiz####.4wnet####.com/hit.php?sid=####&pid=####&did=####
- optimiz####.4wnet####.com/impression.php?code=####&$4wOTkey=####&GDPR=##...
- optimiz####.4wnet####.com/js/as_loader_video.js
- optimiz####.4wnet####.com/js/neustar.js
- optimiz####.4wnet####.com/js/nmc.js
- optimiz####.4wnet####.com/js/nuggad.js
- optimiz####.4wnet####.com/js/sdk.min.js
- optimiz####.4wnet####.com/js/video_impression.js?v=####
- optimiz####.4wnet####.com/js/video_loader_new.min.js
- optimiz####.4wnet####.com/nug.php?data=####&d10=####&d11=####&d12=####&d...
- optimiz####.4wnet####.com/simply_loader.js?4wvideo=####
- p####.adverti####.com/ups/55938/sync?uid=####&_origin=####
- p####.adverti####.com/ups/55938/sync?uid=####&_origin=####&verify=####
- p####.mat####.com.####.net/misc/img?mm####&bcdv=####
- p####.mat####.com.####.net/misc/img?mop_seq=####&mt_cb=####&check=####&m...
- p####.mat####.com.####.net/misc/img?mop_seq=####&mt_cb=####&mop_top=####
- p####.mat####.com.####.net/sync/iframe?mt_uuid=e7595c29-6aa9-4600-b7f1-4...
- p####.mat####.com.####.net/sync/img/?mt_exid=####&mt_exuid=####
- p####.mat####.com.####.net/sync/img?mt_exid=####&google_error=####
- p####.mat####.com.####.net/sync/img?redir=/aa.agkn.com/adscores/g.pixel?...
- p####.mat####.com.####.net/sync/js?sync=auto&mt_exid=10082&exsync=http:/...
- p####.net.edg####.net/1/d/r?cid=c010&et=pn_semasio&ru=//uip.semasio.net/...
- p####.rubicon####.com/exchange/sync.php?p=####
- p####.rubicon####.com/tap.php?v=####&nid=####&put=####
- p####.t####.com/idsync/ex/receive/check?partner_id=####&partner_device_i...
- p####.t####.com/idsync/ex/receive?partner_id=####&partner_device_id=####
- p####.t####.com/tapestry/1?ta_partner_id=1991&ta_partner_did=B27307D4B41...
- pag####.googles####.com/pagead/gen_204?request_type=####&admob=####&lid=...
- pag####.googles####.com/pagead/gen_204?rt=####&lid=####&sdkv=####&e=####...
- pi####.com/api/sync?pid=####&it=####&iv=####&_=####
- pug2200####.pubm####.com/AdServer/Pug?vcode=b####&piggybackCookie=####
- px.powerl####.com/user/sync/dsps?userId=####&sourceId=####
- s####.go.so####.com/us.gif?nw=####&nuid=####
- s####.mat####.com/sync/img?mt_exid=####&redir=####
- s####.search####.spotxch####.####.net/partner?adv_id=####&uid=####
- s####.search####.spotxch####.####.net/partner?adv_id=####&uid=####&__use...
- san.ads####.de.####.net/ads/pixel/1by1.png
- san.ads####.de.####.net/adscale-ih/tpui?tpid=####&tpuid=####&cburl=####
- san.ads####.de.####.net/adscale-ih/tpui?tpid=####&tpuid=####&cburl=####&...
- secure-####.imrworl####.com/cgi-bin/m?rnd=####&ci=####&js=####&cg=####&t...
- secure-####.imrworl####.com/storageframe.html
- secure-####.imrworl####.com/v60.js
- st####.a####.com/spacer.gif?fc=####
- stickya####.com.edg####.net/cookie-forwarding?id=####
- stickya####.com.edg####.net/data-registering?dataProviderId=####&d1=####...
- stickya####.com.edg####.net/vast/vpaid-adapter/6375361
- t####.ad####.net/serving/cookie/match/?party=####
- t####.adfor####.ak####.net/serving/cookie/match/?party=####&bidswitch_ss...
- t####.adfor####.ak####.net/serving/cookie/match?CC=####&party=####&rt=##...
- t####.adfor####.ak####.net/serving/cookie/match?party=####&rt=####&rnd=#...
- t####.blu####.com.####.net/site/11490?dt=####&r=####&sig=####&bkca=KJ####
- t####.blu####.com.####.net/site/4448?id=####
- td.crwdc####.net/map/c=4735/tp=MDMA/tpid=e7595c29-6aa9-4600-b7f1-43efda8...
- td.crwdc####.net/map/ct=y/c=4735/tp=MDMA/tpid=e7595c29-6aa9-4600-b7f1-43...
- tpc.googles####.com/safeframe/1-0-31/html/container.html
- tra####.neodata####.com/cm?sid=####&pv=####&eid=####&rt=####&rnd=####
- uip.sem####.net/adform/1/info?sType=####&sExtCookieId=####&sInitiator=####
- uip.sem####.net/dbm/1/info?sType=####&sExtCookieId=####&sInitiator=####&...
- uip.sem####.net/mediamath/1/info2?sType=####&sExtCookieId=####&sInitiato...
- uip.sem####.net/mediamath/1/info?sType=####&sExtCookieId=####&sInitiator...
- uip.sem####.net/sharethis/1/info?sType=####&sExtCoo####&sInitiator=####
- uip.sem####.net/tapad/1/info?sType=####
- uip.sem####.net/tradedesk/1/info?sType=####&sInitiator=####&sExtCookieId...
- vis####.omnit####.com/visitor/sync?uid=####&visitor####&name=####
- www.a####.it/
- www.a####.it/ads.js
- www.a####.it/meteo/img/icone_meteo/small_png/nevischio.png
- www.a####.it/meteo/img/icone_meteo/small_png/parzialmente_nuvoloso.png
- www.a####.it/meteo/img/icone_meteo/small_png/pioggia_neve.png
- www.a####.it/meteo/img/icone_meteo/small_png/poco_nuvoloso.png
- www.a####.it/meteo/img/icone_meteo/small_png/var_neve.png
- www.a####.it/meteo/img/icone_meteo/small_png/var_no_prec.png
- www.a####.it/meteo/img/icone_meteo/small_png/var_rovesci_30.png
- www.a####.it/meteo/img/icone_meteo/small_png/velato.png
- www.a####.it/sito/css/1010144354_css-head.css
- www.a####.it/sito/img/bk_bot_menu.png
- www.a####.it/sito/img/bk_header.png
- www.a####.it/sito/img/bk_label_special.png
- www.a####.it/sito/img/black_gradient.png
- www.a####.it/sito/img/bt_header_ultimaora.png
- www.a####.it/sito/img/dot_1x4_gray.png
- www.a####.it/sito/img/dot_4x1_gray.png
- www.a####.it/sito/img/dot_5x1_gray.png
- www.a####.it/sito/img/ico/ansa-57-precomposed.png
- www.a####.it/sito/img/ico/favicon.ico
- www.a####.it/sito/img/ico_services_footer.png
- www.a####.it/sito/img/ico_spread_dwn.png
- www.a####.it/sito/img/ico_stock_up.png
- www.a####.it/sito/img/icone_top_mobile.png
- www.a####.it/sito/img/lazy.png
- www.a####.it/sito/img/sep_green.png
- www.a####.it/sito/img/sep_mm_content.png
- www.a####.it/sito/img/sprite.png?2016####
- www.a####.it/sito/img/sprite_mobile.png?2015####
- www.a####.it/sito/img/sprite_mobile.png?2016####
- www.a####.it/sito/js/1010144354_js-head-pack.js
- www.a####.it/sito/js/adv_pathDecode.js?0####
- www.a####.it/sito/js/jquery-1.10.2.min.js
- www.a####.it/undefined
- www.a####.it/webimages/img_135x76/2018/12/30/17d28662fbb67133886a641b010...
- www.a####.it/webimages/img_135x76/2018/12/30/1809fc7107a4e5f5009f0f80016...
- www.a####.it/webimages/img_135x76/2018/12/30/2e1f5a34b6f92c31bc59da22b6a...
- www.a####.it/webimages/img_135x76/2018/12/30/6b2fbcc15ef6479322d0e09ae27...
- www.a####.it/webimages/img_135x76/2018/12/30/7c57df4d317ec2519762528fe39...
- www.a####.it/webimages/img_135x76/2018/12/30/d8d03c599338b495e293a27200b...
- www.a####.it/webimages/img_141x127/2018/12/30/5408c7b8bae55175a1d674d8c7...
- www.a####.it/webimages/img_141x127/2018/12/30/7c5b1ad42124a6d2a4ccf28bf6...
- www.a####.it/webimages/img_141x127/2018/12/30/b4a129941167607a8a4a897f3a...
- www.a####.it/webimages/img_141x127/2018/7/18/54bf61760f86aa4f3d2bb628665...
- www.a####.it/webimages/img_285x190/2018/12/17/53d1f2efc8ca56ed725a5fe96c...
- www.a####.it/webimages/img_285x190/2018/12/23/14ec570b37d6d3eb2bd1fb4746...
- www.a####.it/webimages/img_300x200/2014/3/19/b3fe30f4fff6e14cfa4f57191b4...
- www.a####.it/webimages/img_300x200/2015/9/25/b90520d2c68316ef8291118d1b7...
- www.a####.it/webimages/img_300x200/2017/9/8/f8818fbf953bdbd77ca3053ef4a2...
- www.a####.it/webimages/img_300x200/2018/11/18/66546f0c2d81a475a3db376c9d...
- www.a####.it/webimages/img_300x200/2018/11/24/1ab213a0a775f8aa6725d4f81d...
- www.a####.it/webimages/img_300x200/2018/12/17/cefff3b22384e37018d0285d08...
- www.a####.it/webimages/img_300x200/2018/12/28/05252b3893d526e14b4914cee3...
- www.a####.it/webimages/img_300x200/2018/12/28/0625c22c44777d87b93784fa31...
- www.a####.it/webimages/img_300x200/2018/12/29/6570eb85650e29c5a1aca9d153...
- www.a####.it/webimages/img_300x200/2018/12/29/ef5214c55d01ce7840159f0d5c...
- www.a####.it/webimages/img_300x200/2018/3/23/fd41892c683f9e3892b32682245...
- www.a####.it/webimages/img_300x200/2018/9/27/876c06a72b3015384fe44881aac...
- www.a####.it/webimages/img_395x275/2013/12/31/fdd1a6213d14e72eae1f829c09...
- www.a####.it/webimages/img_395x275/2015/8/25/69a38a9b5beef7a3434faf2c680...
- www.a####.it/webimages/img_395x275/2018/11/20/6080eefe3f2a175dd19e5e8c25...
- www.a####.it/webimages/img_395x275/2018/11/29/510bb2016a0ab90791603b9219...
- www.a####.it/webimages/img_395x275/2018/12/29/67febce7f153d43ae2b5f36b14...
- www.a####.it/webimages/img_395x275/2018/12/29/68734f37912166fc3f6235a2a3...
- www.a####.it/webimages/img_395x275/2018/12/30/28454d323b67ddd4484c3c976e...
- www.a####.it/webimages/img_395x275/2018/12/30/bb3f9036965d4fc4dda1377de1...
- www.a####.it/webimages/img_395x275/2018/12/30/e3906e8278ad129fd63b1331be...
- www.a####.it/webimages/img_395x275/2018/12/30/ed26a0fc4e34fad54d8d8a6d17...
- www.a####.it/webimages/img_395x275/2018/12/30/f9a81ef825e4ef69b3e433bd25...
- www.a####.it/webimages/img_395x275/2018/8/27/86a7649afdd29366d60a13bb610...
- www.a####.it/webimages/img_395x275/2018/9/17/dcce2caee916d8b3e0052991741...
- www.a####.it/webimages/img_395x275/2018/9/9/7e1da8239f4dbf56e9f1df96a360...
- www.a####.it/webimages/img_457x260/2018/12/30/3e7bd1bc77921632817f722a46...
- www.a####.it/webimages/img_457x260/2018/12/30/e2b02a7d17043d1cdd90b1c89a...
- www.a####.it/webimages/img_620x438/2018/12/30/fb64fa7905e5051347605c7ab6...
- www.game####.xyz/wp-content/uploads/2018/12/1545923587105-560x390.jpg
- x.bidsw####.net/sync?dsp_id=####&user_id=####&expires=####
- x.bidsw####.net/sync?dsp_id=####&user_id=####&ssp=####
- x.bidsw####.net/sync?ssp=####
- x.bidsw####.net/ul_cb/sync?dsp_id=####&user_id=####&expires=####
HTTP POST requests:
- on####.mgr.cons####.org/pong/
- onetag####.com/pong/
HTTP OPTIONS requests:
- onetag####.com/pong/
File system changes:
Creates the following files:
- /data/data/####/COM_V4_V4_DB
- /data/data/####/COM_V4_V4_DB-journal
- /data/data/####/SQLiteSimpleDatabaseApplication.xml
- /data/data/####/SQLiteSimpleDatabaseHelper.xml
Miscellaneous:
Uses the following algorithms to decrypt data:
- DES