Malware analysis quickads.one Malicious activity | ANY.RUN

Add for printing

URL:	quickads.one
Full analysis:	https://app.any.run/tasks/dbde3d19-a4cc-449e-ac9f-7b9e6f5ada75
Verdict:	Malicious activity
Analysis date:	April 03, 2026, 22:52:30
OS:	Android 14
Tags:	phishing
Indicators:
MD5:	9F63F8B5F3654F4C81D6B259EFAEE985
SHA1:	4C693F7308F5154E448F98A2558C04EF42F0DAA0
SHA256:	054B8E4AE210EFA35C93875ED8A31B6BE57DAF5B5B9F79ADDDFA7315C84A822C
SSDEEP:	3:JMZL+0:0L5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: off
Network:: on

Software preset

android (14)
android.cuttlefish.overlay (14)
android.cuttlefish.phone.overlay (14)
android.ext.services (2019-09)
android.ext.shared (1)
com.android.adservices.api (14)
com.android.apps.tag (1.1)
com.android.backupconfirm (14)
com.android.bips (14)
com.android.bluetoothmidiservice (14)
com.android.bookmarkprovider (14)
com.android.calendar (14)
com.android.calllogbackup (14)
com.android.camera2 (2.0.002)
com.android.cameraextensions (14)
com.android.captiveportallogin (14)
com.android.carrierconfig (1.0.0)
com.android.carrierdefaultapp (14)
com.android.cellbroadcastreceiver (R-initial)
com.android.cellbroadcastreceiver.module (R-initial)
com.android.cellbroadcastservice (R-initial)
com.android.certinstaller (14)
com.android.companiondevicemanager (14)
com.android.compos.payload (14)
com.android.connectivity.resources (S-initial)
com.android.connectivity.resources.cuttlefish.overlay (14)
com.android.contacts (1.7.34)
com.android.credentialmanager (14)
com.android.cts.ctsshim (14-10093150)
com.android.cts.priv.ctsshim (14-10093150)
com.android.deskclock (14)
com.android.devicelockcontroller (14)
com.android.dialer (23.0)
com.android.documentsui (14)
com.android.dreams.basic (14)
com.android.dreams.phototable (14)
com.android.dynsystem (14)
com.android.egg (1.0)
com.android.emergency (14)
com.android.ext.adservices.api (14)
com.android.externalstorage (14)
com.android.federatedcompute.services (T-initial)
com.android.gallery3d (1.1.40030)
com.android.google.gce.gceservice (14)
com.android.health.connect.backuprestore (14)
com.android.healthconnect.controller (14)
com.android.hotspot2.osulogin (14)
com.android.htmlviewer (14)
com.android.imsserviceentitlement (14)
com.android.inputdevices (14)
com.android.inputmethod.latin (14)
com.android.intentresolver (2021-11)
com.android.internal.display.cutout.emulation.corner (1.0)
com.android.internal.display.cutout.emulation.double (1.0)
com.android.internal.display.cutout.emulation.hole (1.0)
com.android.internal.display.cutout.emulation.tall (1.0)
com.android.internal.display.cutout.emulation.waterfall (1.0)
com.android.internal.systemui.navbar.gestural (1.0)
com.android.internal.systemui.navbar.gestural_extra_wide_back (1.0)
com.android.internal.systemui.navbar.gestural_narrow_back (1.0)
com.android.internal.systemui.navbar.gestural_wide_back (1.0)
com.android.internal.systemui.navbar.threebutton (1.0)
com.android.internal.systemui.navbar.transparent (1.0)
com.android.keychain (14)
com.android.launcher3 (14)
com.android.localtransport (14)
com.android.location.fused (14)
com.android.managedprovisioning (14)
com.android.messaging (1.0.001)
com.android.microdroid.empty_payload (14)
com.android.mms.service (14)
com.android.modulemetadata (14)
com.android.mtp (14)
com.android.music (14)
com.android.musicfx (1.4)
com.android.nearby.halfsheet (14)
com.android.networkstack (14)
com.android.networkstack.tethering (14)
com.android.networkstack.tethering.cuttlefishoverlay (1.0)
com.android.nfc (14)
com.android.ondevicepersonalization.services (T-initial)
com.android.ons (14)
com.android.packageinstaller (14)
com.android.pacprocessor (14)
com.android.permissioncontroller (33 system image)
com.android.phone (14)
com.android.printservice.recommendation (1.3.0)
com.android.printspooler (14)
com.android.providers.blockednumber (14)
com.android.providers.calendar (14)
com.android.providers.contacts (14)
com.android.providers.downloads (14)
com.android.providers.downloads.ui (14)
com.android.providers.media (14)
com.android.providers.media.module (14)
com.android.providers.partnerbookmarks (14)
com.android.providers.settings (14)
com.android.providers.settings.cuttlefish.overlay (14)
com.android.providers.telephony (14)
com.android.providers.userdictionary (14)
com.android.provision (14)
com.android.proxyhandler (14)
com.android.quicksearchbox (14)
com.android.rkpdapp (14)
com.android.role.notes.enabled (1.0)
com.android.safetycenter.resources (33 system image)
com.android.sdksandbox (T-initial)
com.android.se (14)
com.android.server.telecom (14)
com.android.settings (14)
com.android.settings.intelligence (14)
com.android.sharedstoragebackup (14)
com.android.shell (14)
com.android.simappdialog (14)
com.android.soundpicker (14)
com.android.statementservice (1.0)
com.android.stk (14)
com.android.storagemanager (14)
com.android.systemui (14)
com.android.systemui.accessibility.accessibilitymenu (14)
com.android.telephony.qns (14)
com.android.theme.font.notoserifsource (1.0)
com.android.traceur (1.0)
com.android.uwb.resources (T-initial)
com.android.virtualmachine.res (14)
com.android.vpndialogs (14)
com.android.wallpaper.livepicker (14)
com.android.wallpaperbackup (14)
com.android.wallpapercropper (14)
com.android.wallpaperpicker (1.0)
com.android.webview (137.0.7122.0)
com.android.wifi.dialog (14)
com.android.wifi.resources (R-initial)
com.android.wifi.resources.cf (1.0)
com.google.android.telephony.satellite (14)
org.chromium.chrome (137.0.7122.0)

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

147

Monitored processes

19

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
3966	org.chromium.chrome	/system/bin/app_process64		app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4029	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4047	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4063	zygote64	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4068	com.android.adservices.api	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4141	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4155	com.android.providers.partnerbookmarks	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4247	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4268	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4292	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

11

Text files

10

Unknown types

0

Dropped files

PID	Process	Filename		Type
4412	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y1Xa3i/list.pb		binary
		MD5:—	SHA256:—
4412	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y1Xa3i/manifest.json		text
		MD5:—	SHA256:—
4412	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y1Xa3i/LICENSE		text
		MD5:—	SHA256:—
4412	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y1Xa3i/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
4412	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/cab4d1f0a6a2a1afecae808a520f6690dd2b9d58bf54762877f2dc9715d55461		binary
		MD5:—	SHA256:—
4432	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.gYHgeH/privacy-sandbox-attestations.dat		binary
		MD5:—	SHA256:—
4432	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.gYHgeH/manifest.json		text
		MD5:—	SHA256:—
4432	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.gYHgeH/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
4432	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/38c89b12bb20a8f2751c9c7cd2e31c173a47af08c115e1ecccc2f5151a2cf2c6		binary
		MD5:—	SHA256:—
4453	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.93TgNJ/decoded_xz		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

137

TCP/UDP connections

99

DNS requests

122

Threats

11

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1921	app_process64	GET	204	142.251.153.119:443	https://www.google.com/generate_204	US	—	—	whitelisted
3966	app_process64	OPTIONS	200	35.190.80.1:443	https://a.nel.cloudflare.com/report/v4?s=ZYP7dPgVyphIPe0jdf9m75EDE3GkPrDSvgh%2BsKeXUM3E3wiEw0q6w7pSrFecveRrCrcbadXI02BVXlENwQJwKS9EnwQP869UuD9DnPfdEBMV0m5DrSFV%2Babkd2s85Bs%3D	US	—	—	unknown
3966	app_process64	POST	200	142.251.127.84:443	https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&laf=b64bin&json=standard	US	—	—	whitelisted
3966	app_process64	GET	200	142.251.110.94:443	https://www.gstatic.com/recaptcha/releases/kUYUkUlSyqkjTSMaN2w3RaOh/recaptcha__en.js	US	text	850 Kb	whitelisted
3966	app_process64	GET	200	142.251.37.3:443	https://www.recaptcha.net/recaptcha/api2/webworker.js?hl=en&v=kUYUkUlSyqkjTSMaN2w3RaOh	US	text	102 b	whitelisted
3966	app_process64	GET	200	142.251.37.3:443	https://www.recaptcha.net/recaptcha/api2/bframe?hl=en&v=kUYUkUlSyqkjTSMaN2w3RaOh&k=6LewU34UAAAAAHvXqFOcQlm8z1MP1xpGAZCYEeZY&bft=0dAFcWeA70HA43htIrbXPpQYD9sxFkl8d_cnPR3aAcSGTAFAM_18iDBzisThVZ41MywS95DjmolGfXXs963liRo7vDwF7I9nqC-A	US	—	16.7 Kb	whitelisted
3966	app_process64	GET	400	142.251.20.95:443	https://content-autofill.googleapis.com/v1/pages/ChNDaHJvbWUvMTM3LjAuNzEyMi4wEhkJ6i_z5C62fSASBQ1TWkfFIcZXdOIfvVJu?alt=proto	US	binary	275 b	whitelisted
3966	app_process64	GET	200	142.251.110.94:443	https://www.gstatic.com/recaptcha/releases/kUYUkUlSyqkjTSMaN2w3RaOh/styles__ltr.css	US	text	81.4 Kb	whitelisted
1921	app_process64	GET	204	192.178.183.94:80	http://connectivitycheck.gstatic.com/generate_204	US	—	—	whitelisted
3966	app_process64	GET	200	142.251.110.94:443	https://www.gstatic.com/recaptcha/releases/kUYUkUlSyqkjTSMaN2w3RaOh/recaptcha__en.js	US	text	850 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
452	mdnsd	224.0.0.251:5353	—	—	—	whitelisted
—	—	142.251.155.119:80	www.google.com	GOOGLE	US	whitelisted
—	—	142.251.156.119:443	www.google.com	GOOGLE	US	whitelisted
—	—	192.178.183.94:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
3966	app_process64	142.251.14.102:80	clients2.google.com	GOOGLE	US	whitelisted
3966	app_process64	142.251.127.84:443	accounts.google.com	GOOGLE	US	whitelisted
3966	app_process64	188.114.97.3:443	quickads.one	CLOUDFLARENET	US	whitelisted
3966	app_process64	142.251.156.119:443	www.google.com	GOOGLE	US	whitelisted
3966	app_process64	142.251.37.3:443	www.recaptcha.net	GOOGLE	US	whitelisted
3966	app_process64	142.251.110.94:443	www.gstatic.com	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
www.google.com	142.251.152.119 142.251.157.119 142.251.153.119 142.251.155.119 142.251.154.119 142.251.151.119 142.251.150.119 142.251.156.119	whitelisted
google.com	142.251.20.138 142.251.20.100 142.251.20.101 142.251.20.113 142.251.20.139 142.251.20.102	whitelisted
clients2.google.com	142.251.14.102 142.251.14.138 142.251.14.113 142.251.14.101 142.251.14.100 142.251.14.139	whitelisted
quickads.one	188.114.96.3 188.114.97.3	unknown
accounts.google.com	142.251.127.84	whitelisted
www.recaptcha.net	142.251.37.3	whitelisted
www.gstatic.com	142.251.110.94 142.251.13.94	whitelisted
content-autofill.googleapis.com	142.251.20.95 142.251.14.95 192.178.183.95 142.251.127.95 142.250.154.95 142.251.110.95 142.251.13.95 142.250.201.170	whitelisted
fonts.gstatic.com	216.58.206.35 142.251.110.94	whitelisted
a.nel.cloudflare.com	35.190.80.1	whitelisted

Threats

PID	Process	Class	Message
3966	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
3966	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1921	app_process64	Misc activity	ET INFO Android Device Connectivity Check
3966	app_process64	Misc activity	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
3966	app_process64	Misc activity	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
3966	app_process64	Misc activity	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
3966	app_process64	Potentially Bad Traffic	ET DNS Query to a *.top domain - Likely Hostile
3966	app_process64	Potentially Bad Traffic	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
3966	app_process64	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Domain by CrossDomain (wbidder04112024 .com)
3966	app_process64	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Domain by CrossDomain (wbidder04112024 .com)

Add for printing

No debug info

General Info

quickads.one

9F63F8B5F3654F4C81D6B259EFAEE985

4C693F7308F5154E448F98A2558C04EF42F0DAA0

054B8E4AE210EFA35C93875ED8A31B6BE57DAF5B5B9F79ADDDFA7315C84A822C

3:JMZL+0:0L5

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings