URL:

mxl-iptv.tv

Full analysis: https://app.any.run/tasks/85657c66-e2da-478b-8483-2da26ee4fbfc
Verdict: Malicious activity
Analysis date: February 19, 2026, 20:52:11
OS: Android 14
Indicators:
MD5:

B05C04FEDCAF2225887C0147BA4A7B81

SHA1:

18A07F09E9920E16C7492A158D8A39CF3288A1DE

SHA256:

78DD301E6291F18D32CE9630652E7D93C955DB4BA4FF6765511312CB47AD3BB4

SSDEEP:

3:gJxZ:gl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executes system commands or scripts

      • app_process64 (PID: 4165)

    • Detects root access on device

      • app_process64 (PID: 4165)

  • SUSPICIOUS

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 4165)

    • Accesses system-level resources

      • app_process64 (PID: 4165)

    • Gets data of saved accounts

      • app_process64 (PID: 4165)

    • Retrieves Android OS build information

      • app_process64 (PID: 4165)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 4165)

    • Accesses external device storage files

      • app_process64 (PID: 4165)

    • Uses encryption API functions

      • app_process64 (PID: 4165)

    • Returns the name of the current network operator

      • app_process64 (PID: 4165)

    • Retrieves the ISO country code of the current network

      • app_process64 (PID: 4165)

    • Starts a service

      • app_process64 (PID: 4165)

  • INFO

    • Stores data using SQLite database

      • app_process64 (PID: 4165)

    • Returns elapsed time since boot

      • app_process64 (PID: 4165)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 4165)

    • Retrieves the value of a secure system setting

      • app_process64 (PID: 4165)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 4165)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 4165)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 4165)

    • Dynamically loads a class in Java

      • app_process64 (PID: 4165)

    • Initiates a connection and sends an HTTP request

      • app_process64 (PID: 4165)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
218
Monitored processes
93
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs dmesgd no specs toybox no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs artd no specs dex2oat32 no specs app_process64 app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs trigger_perfetto no specs

Process information

PID
CMD
Path
Indicators
Parent process
2783org.chromium.chrome /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2837org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2860org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
9
2874org.chromium.chrome:privileged_process0 /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2901com.android.adservices.api /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2953org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
9
2978com.android.providers.partnerbookmarks /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2997org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
9
3057org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
9
3086/system/bin/dmesgd/system/bin/dmesgdinit
User:
dmesgd
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
396
Text files
135
Unknown types
2

Dropped files

PID
Process
Filename
Type
3163app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.CbK2af/list.pbbinary
MD5:
SHA256:
3163app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.CbK2af/manifest.jsontext
MD5:
SHA256:
3163app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.CbK2af/LICENSEtext
MD5:
SHA256:
3163app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.CbK2af/_metadata/verified_contents.jsontext
MD5:
SHA256:
3163app_process64/data/data/org.chromium.chrome/app_chrome/component_crx_cache/cab4d1f0a6a2a1afecae808a520f6690dd2b9d58bf54762877f2dc9715d55461binary
MD5:
SHA256:
3183app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.lRYziu/privacy-sandbox-attestations.datbinary
MD5:
SHA256:
3183app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.lRYziu/manifest.jsontext
MD5:
SHA256:
3183app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.lRYziu/_metadata/verified_contents.jsontext
MD5:
SHA256:
3183app_process64/data/data/org.chromium.chrome/app_chrome/component_crx_cache/38c89b12bb20a8f2751c9c7cd2e31c173a47af08c115e1ecccc2f5151a2cf2c6binary
MD5:
SHA256:
3201app_process64/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.xDlzQt/decoded_xzbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
68
TCP/UDP connections
584
DNS requests
649
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
822
app_process64
GET
204
142.251.155.119:443
https://www.google.com/generate_204
US
whitelisted
2783
app_process64
GET
200
142.251.143.110:80
http://clients2.google.com/time/1/current?cup2key=9:1QsCHQxem9p4zlVsDK3VUqNosFAQkzd-FvSzo6OzJts&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
106 b
whitelisted
2783
app_process64
GET
200
172.233.219.123:80
http://mxl-iptv.tv/
SG
text
2.25 Kb
unknown
2783
app_process64
GET
172.233.219.123:80
http://mxl-iptv.tv/favicon.ico
SG
unknown
2783
app_process64
GET
172.233.219.123:80
http://mxl-iptv.tv/favicon.ico
SG
unknown
2783
app_process64
GET
302
198.134.116.17:80
http://click-v4.exppxxclck.com/click2?i=CtDXCmb3s-M_0&ci=2954378572565990987&j=rv%3Db%26ss%3D1024x576%26ws%3D1024x427%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D3829%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D1%26rf%3Dmxl-iptv.tv%26lo%3Dfilter.explorads.com%26mb%3Do%26hb%3D0%26pl%3DLinux%2Barmv81%26ua%3DMozilla%252F5.0%2B%28Linux%253B%2BAndroid%2B10%253B%2BK%29%2BAppleWebKit%252F537.36%2B%28KHTML%252C%2Blike%2BGecko%29%2BChrome%252F137.0.0.0%2BMobile%2BSafari%252F537.36%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%26lnl%3D1%26hsc%3D1%26frc%3D1%26dbt%3D0%26prb%3D20030107%26tz%3D0%26hid%3D0%26mq%3D1%26my%3D4%26geo%3D1%26thx%3D1%26the%3D1%26ths%3D1%26cpc%3D%26ocp%3D%26hwc%3D2%26hrl%3D%26acd%3Dpppnn%26vcd%3Dnnp%26pal%3D0%26pai%3D1%26pli%3D%26win%3D1024x427%26wout%3D1024x427%26wpof%3D0x0%26bcld%3D1008x19%26scrp%3D0x0%26scrad%3D1024x576%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D50%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DGoogle%2BInc.%2B%28Google%2BInc.%2B%28Google%29%29%26vrd%3DANGLE%2B%28Google%2BInc.%2B%28Google%29%252C%2BANGLE%2B%28Google%2BVulkan%2B1.3.0%2B%28SwiftShader%2BDevice%2B%28LLVM%2B10.0.0%29%2B%280x0000C0DE%29%29%2BSwiftShader%2Bdriver-5.0.0%29%252C%2BOpenGL%2BES%2B3.2.0%29%26pnt%3Dprompt%26bch%3D1%26blv%3D0.85%26mmd_ao%3D1%26mmd_ai%3D1%26mmd_vi%3D1%26cnvs%3D80808080
US
unknown
2783
app_process64
GET
200
198.134.116.30:80
http://filter.explorads.com/filter?q=mxl+tv+android+tv&i=CtDXCmb3s-M_0&ci=2954378572565990987&t=1888270223&h=37
US
html
12.7 Kb
unknown
2783
app_process64
GET
302
173.239.53.32:80
http://xml-v4.pushub.net/click2?i=9xh-0r0*ws0_0&ci=-4335947158473719268&j=rv%3Db%26ss%3D1024x576%26ws%3D1024x427%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5005%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3Dfilter.explorads.com%26lo%3Dpush.newsvot.com%26mb%3Do%26hb%3D0%26pl%3DLinux%2Barmv81%26ua%3DMozilla%252F5.0%2B%28Linux%253B%2BAndroid%2B10%253B%2BK%29%2BAppleWebKit%252F537.36%2B%28KHTML%252C%2Blike%2BGecko%29%2BChrome%252F137.0.0.0%2BMobile%2BSafari%252F537.36%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%26lnl%3D1%26hsc%3D1%26frc%3D1%26dbt%3D0%26prb%3D20030107%26tz%3D0%26hid%3D0%26mq%3D1%26my%3D4%26geo%3D1%26thx%3D1%26the%3D1%26ths%3D1%26cpc%3D%26ocp%3D%26hwc%3D2%26hrl%3D%26acd%3Dpppnn%26vcd%3Dnnp%26pal%3D0%26pai%3D1%26pli%3D%26win%3D1024x427%26wout%3D1024x427%26wpof%3D0x0%26bcld%3D1008x19%26scrp%3D0x0%26scrad%3D1024x576%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D53%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DGoogle%2BInc.%2B%28Google%2BInc.%2B%28Google%29%29%26vrd%3DANGLE%2B%28Google%2BInc.%2B%28Google%29%252C%2BANGLE%2B%28Google%2BVulkan%2B1.3.0%2B%28SwiftShader%2BDevice%2B%28LLVM%2B10.0.0%29%2B%280x0000C0DE%29%29%2BSwiftShader%2Bdriver-5.0.0%29%252C%2BOpenGL%2BES%2B3.2.0%29%26pnt%3Dprompt%26bch%3D1%26blv%3D0.85%26cnvs%3D80808080%26mmd_ao%3D1%26mmd_ai%3D1%26mmd_vi%3D1
US
unknown
2783
app_process64
GET
200
173.239.53.32:80
http://push.newsvot.com/filter?q=mxl+tv+android+tv&i=9xh-0r0*ws0_0&ci=-4335947158473719268&t=400440472&h=2
US
html
12.6 Kb
unknown
822
app_process64
GET
204
142.251.127.94:80
http://connectivitycheck.gstatic.com/generate_204
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
443
mdnsd
224.0.0.251:5353
whitelisted
142.251.157.119:80
www.google.com
GOOGLE
US
whitelisted
142.251.127.94:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.251.152.119:443
www.google.com
GOOGLE
US
whitelisted
2783
app_process64
142.251.143.110:80
clients2.google.com
GOOGLE
US
whitelisted
2783
app_process64
172.233.219.123:80
mxl-iptv.tv
AKAMAI-LINODE-AP Akamai Connected Cloud
SG
whitelisted
2783
app_process64
142.251.153.119:443
www.google.com
GOOGLE
US
whitelisted
2783
app_process64
142.251.127.84:443
accounts.google.com
GOOGLE
US
whitelisted
2783
app_process64
172.234.216.100:443
router.parklogic.com
AKAMAI-LINODE-AP Akamai Connected Cloud
SG
whitelisted
2783
app_process64
198.134.116.17:80
click-v4.exppxxclck.com
WEBAIR-INTERNET
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
www.google.com
  • 142.251.155.119
  • 142.251.150.119
  • 142.251.156.119
  • 142.251.152.119
  • 142.251.154.119
  • 142.251.157.119
  • 142.251.151.119
  • 142.251.153.119
  • 216.239.32.36
  • 216.239.34.36
  • 172.217.168.68
whitelisted
clients2.google.com
  • 142.251.143.110
whitelisted
mxl-iptv.tv
  • 172.233.219.123
  • 172.233.219.49
  • 172.233.219.78
  • 172.237.146.38
  • 172.237.146.8
  • 172.237.146.25
unknown
accounts.google.com
  • 142.251.127.84
whitelisted
router.parklogic.com
  • 172.234.216.100
whitelisted
click-v4.exppxxclck.com
  • 198.134.116.17
whitelisted
filter.explorads.com
  • 198.134.116.30
  • 173.239.53.20
whitelisted
push.newsvot.com
  • 173.239.53.32
unknown
xml-v4.pushub.net
  • 173.239.53.32
unknown

Threats

PID
Process
Class
Message
2783
app_process64
Potentially Bad Traffic
ET INFO Referrer-Policy set to unsafe-url
2783
app_process64
Potentially Bad Traffic
ET INFO Referrer-Policy set to unsafe-url
2783
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2783
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
822
app_process64
Misc activity
ET INFO Android Device Connectivity Check
2783
app_process64
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
2783
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
2783
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
2783
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] PX-Cloud CDN (px-cloud .net)
2783
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] PX-Cloud CDN (px-cloud .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mxl-iptv.tv