0/47

Threat

in.startv.hotstar

Hotstar

Analyzed on 2022-08-12T08:24:30.221039

20

permissions

51

activities

39

services

27

receivers

86

domains

File sums

MD5 6c2b06ed6060de5b25456348108cd6e3
SHA1 6061d55ea153cc14afc66225a5c18135c81810df
SHA256 5b60313a47edf3619c656c138e0a893e5ef8c64e8877b1549d7b979802cd439c
Size 20.44MB

APKiD

Information computed with APKiD.

/tmp/tmpc0oaih_y!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.BOARD check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • subscriber ID check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8
/tmp/tmpc0oaih_y!classes2.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • possible Build.SERIAL check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • device ID check
compiler
  • r8 without marker (suspicious)
/tmp/tmpc0oaih_y!classes3.dex
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 393216:IYB4UNJoru7Pwj+BfNzxKn48zGMXeorvMyC39C+3w2kPcbc:Z4uGrCwj6VzxK4eXe4Er9C+IP/
Manifest 768:OzT6iKT1EgRxcKE6XiAScSbqUQtu1TYo9Oe9i3KCb7y/CvQpcKV17CMq+TtrTFub:…
classes.dex 98304:K97IFgzc4aXLLUhg27CybR2CMRmcZogCBFeMtQue50A9BWx1j0R6A:KQCAbLUh7…
classes2.dex 98304:uK+au7HWe9/eIdpqjAhSFwD26WQHtR4NL/CVMdR:vu68ojvA8NiMz
classes3.dex 3072:6/H7G8p6RFrN8ch35o0CsXRMDVrigqptXx5t/7riV4x3v/AgmlSgEXT3Gff5huFj…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 12288:PmsHfAqPaqptBHCs+6ghgrvM0rHA4kQKXYDro6Dk3f7NF0+IPuj:+sHfPTpPiqf…
classes.dex 6144:2h291CJmWS/T/DyQf6prFbGrBqGRDgqrBYK32dH2tBHb3n6g63GQg1d+kZNatp1R…
classes2.dex 6144:bVaYqjAHLNqLIk4OvHi2TlGbnxNk7jnro6WKfXkHXO4x7jBFTYwD2ZS1aryqqt/b…
classes3.dex 384:Te9lxVWv3NIIXw//w+m+30AJGoZBtVDUNTJVQHqvcjd2:Telx78s/H3XFZBt1UNTJ…

APK details

Information computed with AndroGuard and Pithus.

Package in.startv.hotstar
App name Hotstar
Version name 8.8.7
Version code 701
SDK 16 - 28
UAID e78567ce4cb2a98d6069b47f6b20d0f2ccfb91a9
Signature Signature V1 Signature V2
Frosting Frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding
  • 0x2146444e: Google metadata

Certificate details

Information computed with AndroGuard.

MD5 1a7c20753b0a08fe78bf4d994924f988
SHA1 9e8c284a16378f251841875c558948e8f3b7fb61
SHA256 b2e6bc0c730b88aaffbd5bf522f792dda5c82f5fb814e5c3688c32670c28681e
Issuer Common Name: Star India (P) Ltd., Organization: Star India (P) Ltd., State/Province: Hindi, Country: IN
Not before 2014-11-14T09:20:33+00:00
Not after 2039-11-08T09:20:33+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/public.der
com/clevertap/android/sdk/certificates/DigiCertGlobalRootCA.crt
com/clevertap/android/sdk/certificates/DigiCertSHA2SecureServerCA.crt

Manifest analysis

Information computed with MobSF.

Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Launch Mode of Activity (in.startv.hotstar.rocky.home.HomeActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (in.startv.hotstar.rocky.chromecast.HSCastExpandActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (in.startv.hotstar.rocky.watchpage.HSWatchPageActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (in.startv.hotstar.rocky.launch.splash.SplashActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (in.startv.hotstar.rocky.launch.deeplink.DeeplinkActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (in.startv.hotstar.rocky.analytics.GoogleInstallReferrerReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.facebook.CustomTabActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.hotstar.android.downloads.ExoDownloadService) is not Protected.An intent-filter exists.
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported.
High Service (com.google.android.exoplayer2.scheduler.PlatformScheduler$PlatformSchedulerService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.clevertap.android.sdk.InstallReferrerBroadcastReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.firebase.messaging.FirebaseMessagingService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INSTALL_PACKAGES [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.firebase.iid.FirebaseInstanceIdService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.facebook.CampaignTrackingReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.INSTALL_PACKAGES [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Launch Mode of Activity (com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.

Browsable activities

Information computed with MobSF.

in.startv.hotstar.rocky.launch.deeplink.DeeplinkActivity

Hosts: www.hotstar.com us.hotstar.com uk.hotstar.com ca.hotstar.com hotstar.onelink.me

Schemes: hotstar:// http:// https://

com.facebook.CustomTabActivity

Schemes: @string/fb_login_protocol_scheme://

Main Activity

Information computed with AndroGuard.

in.startv.hotstar.rocky.launch.splash.SplashActivity

Activities

Information computed with AndroGuard.

in.startv.hotstar.rocky.personalization.ContinueWatchingActivity
in.startv.hotstar.rocky.home.gridpage.GridActivity
in.startv.hotstar.rocky.home.HomeActivity
in.startv.hotstar.rocky.auth.HSAuthActivity
in.startv.hotstar.rocky.chromecast.HSCastExpandActivity
in.startv.hotstar.rocky.detailpage.HSDetailPageActivity
in.startv.hotstar.rocky.sports.landing.HSSportsLandingActivity
in.startv.hotstar.rocky.previews.HSPreviewsActivity
in.startv.hotstar.rocky.sports.landing.tournaments.landing.HSTournamentLandingActivity
in.startv.hotstar.rocky.sports.scores.HsCricketScoreDetailsActivity
in.startv.hotstar.rocky.subscription.cancellation.HSCancelSubsActivity
in.startv.hotstar.rocky.subscription.cancellation.web.HSCancelSubsWebActivity
in.startv.hotstar.rocky.location.LocationScreenActivity
in.startv.hotstar.rocky.ads.leadgen.LeadGenActivity
in.startv.hotstar.rocky.auth.v2.LoginActivity
in.startv.hotstar.rocky.nointernet.NoInternetActivity
in.startv.hotstar.rocky.onboarding.OnBoardingActivity
in.startv.hotstar.rocky.subscription.myaccount.HSMyAccountActivity
in.startv.hotstar.rocky.mydownloads.MyDownloadsActivity
in.startv.hotstar.rocky.watchpage.HSWatchPageActivity
in.startv.hotstar.rocky.subscription.payment.HSPaymentActivity
in.startv.hotstar.rocky.privacy.consent.PreferenceCenterActivity
in.startv.hotstar.rocky.privacy.consent.PrivacyPolicyActivity
in.startv.hotstar.rocky.home.search.SearchActivity
in.startv.hotstar.rocky.launch.splash.SplashActivity
in.startv.hotstar.rocky.launch.deeplink.DeeplinkActivity
in.startv.hotstar.rocky.applink.InternalDeeplinkActivity
in.startv.hotstar.rocky.subscription.manager.SubscriptionActivity
in.startv.hotstar.rocky.subscription.subscriptionpage.SubscriptionDetailActivity
in.startv.hotstar.rocky.subscription.upgrade.SubsUpgradeActivity
in.startv.hotstar.rocky.launch.restore.RestoreLoaderActivity
in.startv.hotstar.rocky.home.TrayListActivity
in.startv.hotstar.rocky.social.hotshot.sticker.TextStickerEditorActivity
in.startv.hotstar.rocky.launch.unsupportedcountry.LocationErrorActivity
in.startv.hotstar.rocky.home.watchlist.WatchlistActivity
in.startv.hotstar.rocky.webview.WebViewActivity
in.startv.hotstar.rocky.home.news.grid.NewsGridActivity
in.startv.hotstar.rocky.report.UserReportActivity
in.startv.hotstar.rocky.easteregg.EasterEggActivity
in.startv.hotstar.rocky.social.hotshot.HotshotActivity
com.facebook.CustomTabActivity
com.facebook.react.devsupport.DevSettingsActivity
com.facebook.FacebookActivity
com.facebook.CustomTabMainActivity
com.facebook.ads.AudienceNetworkActivity
com.clevertap.android.sdk.InAppNotificationActivity
com.clevertap.android.sdk.CTInboxActivity
com.google.android.gms.auth.api.signin.internal.SignInHubActivity
com.google.android.gms.common.api.GoogleApiActivity
com.google.android.gms.ads.AdActivity
com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity

Receivers

Information computed with AndroGuard.

in.startv.hotstar.rocky.analytics.GoogleInstallReferrerReceiver
in.startv.hotstar.rocky.sports.live.notification.ScorecardNotificationReceiver
in.startv.hotstar.rocky.social.notification.StickyNotificationActionReceiver
in.startv.hotstar.rocky.download.DownloadIntentReceiver
com.appsflyer.MultipleInstallBroadcastReceiver
com.hotstar.transform.datasdk.receivers.StartServiceReceiver
com.hotstar.transform.datasdk.receivers.PriorityReceiver
com.hotstar.transform.datasdk.receivers.FPReceiver
com.google.android.gms.cast.framework.media.MediaIntentReceiver
com.televideocom.downloadmanager.services.DownloadReceiver
com.clevertap.android.sdk.InstallReferrerBroadcastReceiver
com.clevertap.android.sdk.CTPushNotificationReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
com.google.android.gms.analytics.AnalyticsReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.evernote.android.job.v14.PlatformAlarmReceiver
com.evernote.android.job.JobBootReceiver
com.facebook.CurrentAccessTokenExpirationBroadcastReceiver
com.facebook.CampaignTrackingReceiver

Services

Information computed with AndroGuard.

com.google.android.gms.analytics.CampaignTrackingService
in.startv.hotstar.rocky.notification.HotstarFcmTokenListenerService
in.startv.hotstar.rocky.notification.NotificationCTAService
in.startv.hotstar.rocky.notification.UndoIntentService
in.startv.hotstar.rocky.notification.pnactions.watchlater.WatchLaterIntentService
in.startv.hotstar.rocky.sports.live.notification.ScorecardNotificationService
in.startv.hotstar.rocky.social.notification.StickyNotificationService
com.clevertap.android.sdk.CTBackgroundIntentService
com.clevertap.android.sdk.CTBackgroundJobService
com.televideocom.downloadmanager.services.DownloadService
in.startv.hotstar.rocky.report.UploadFeedbackIntentService
com.amazonaws.mobileconnectors.s3.transferutility.TransferService
com.hotstar.transform.datasdk.services.SyncService
com.hotstar.transform.datasdk.services.Ariel
com.hotstar.transform.datasdk.services.PriorityService
com.hotstar.transform.datasdk.services.ConfigUpdateService
com.hotstar.transform.datasdk.jobSchedulers.SyncJobService
com.hotstar.transform.datasdk.jobSchedulers.ArielJobService
com.hotstar.transform.datasdk.jobSchedulers.ConfigJobService
com.hotstar.transform.datasdk.services.ForegroundRecordingService
in.startv.hotstar.rocky.ads.poi.activity.ActivityIntentService
com.google.android.gms.cast.framework.media.MediaNotificationService
com.google.android.gms.cast.framework.ReconnectionService
com.hotstar.android.downloads.ExoDownloadService
com.google.android.exoplayer2.scheduler.PlatformScheduler$PlatformSchedulerService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
com.google.android.gms.analytics.AnalyticsService
com.google.android.gms.analytics.AnalyticsJobService
com.google.android.gms.auth.api.signin.RevocationBoundService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.messaging.FirebaseMessagingService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.firebase.iid.FirebaseInstanceIdService
com.evernote.android.job.v21.PlatformJobService
com.evernote.android.job.v14.PlatformAlarmService
com.evernote.android.job.v14.PlatformAlarmServiceExact
com.evernote.android.job.JobRescheduleService

Sample timeline

Certificate valid not before Nov. 14, 2014, 9:20 a.m.
First submission on VT Nov. 21, 2019, 9:04 p.m.
Last submission on VT July 14, 2020, 1:21 p.m.
Upload on Pithus Aug. 12, 2022, 8:24 a.m.
Certificate valid not after Nov. 8, 2039, 9:20 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['microphone', 'location', 'camera', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(1) The application generate asymmetric cryptographic keys not in accordance with FCS_CKM.1.1(1) using key generation algorithm RSA schemes and cryptographic key sizes of 1024-bit or lower.
Cryptographic Asymmetric Key Generation
FCS_COP.1.1(1) The application perform encryption/decryption not in accordance with FCS_COP.1.1(1), AES-ECB mode is being used.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(4) The application perform keyed-hash message authentication with cryptographic algorithm ['HMAC-SHA-256'] .
Cryptographic Operation - Keyed-Hash Message Authentication
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 defpackage/yc.java
defpackage/ba.java
defpackage/kl5.java
com/qualcomm/msdc/transport/local/MSDCConnectionRootHelper.java
defpackage/oy0.java
com/qualcomm/msdc/transport/local/GroupCallServiceConnection.java
defpackage/ji5.java
defpackage/lh.java
defpackage/fi5.java
defpackage/fze.java
defpackage/ck3.java
com/hotstar/transform/datasdk/util/Utility.java
defpackage/u9.java
defpackage/b20.java
defpackage/j61.java
defpackage/qw5.java
defpackage/bze.java
defpackage/rze.java
com/qualcomm/msdc/MSDCAppManager.java
defpackage/un0.java
com/hotstar/transform/datasdk/receivers/PriorityReceiver.java
com/hotstar/transform/datasdk/jobSchedulers/SyncJobService.java
defpackage/en0.java
defpackage/lt1.java
defpackage/rv0.java
defpackage/o04.java
com/amazonaws/mobile/client/AWSMobileClient.java
defpackage/d30.java
com/qualcomm/msdc/filedownload/HTTPFileDownloadCallbackImpl.java
defpackage/xh.java
defpackage/pj5.java
defpackage/k04.java
defpackage/q60.java
defpackage/kt0.java
com/qualcomm/msdc/logger/MSDCLog.java
com/hotstar/transform/basesdk/Log.java
defpackage/c74.java
defpackage/qh.java
defpackage/rw6.java
defpackage/y43.java
defpackage/j70.java
defpackage/jv4.java
defpackage/nv4.java
defpackage/my.java
com/qualcomm/msdc/transport/tcp/MSITCPConnection.java
defpackage/l30.java
com/qualcomm/msdc/transport/tcp/MSIDiscovery.java
com/televideocom/downloadmanager/services/DownloadService.java
defpackage/hj5.java
defpackage/hy1.java
defpackage/x30.java
defpackage/y72.java
defpackage/ou2.java
defpackage/or0.java
defpackage/nu1.java
defpackage/xu0.java
defpackage/rs4.java
com/qualcomm/msdc/transport/MSDCTransportController.java
defpackage/c41.java
defpackage/c86.java
com/qualcomm/msdc/comm/ROWMSDCMessageHandler.java
defpackage/q10.java
com/hotstar/transform/datasdk/BaseTransform.java
defpackage/b9.java
defpackage/pu0.java
defpackage/fm3.java
defpackage/ix.java
defpackage/n40.java
defpackage/hz0.java
defpackage/jx1.java
defpackage/ep4.java
defpackage/vh.java
com/hotstar/transform/datasdk/jobSchedulers/JobUtils.java
defpackage/es4.java
defpackage/ov4.java
defpackage/f12.java
defpackage/aye.java
defpackage/mg3.java
com/qualcomm/msdc/comm/MSDCRequestQueue.java
com/hotstar/transform/datasdk/handlers/FingerPrintHandler.java
defpackage/f2.java
defpackage/zl0.java
defpackage/go1.java
defpackage/si.java
defpackage/th5.java
defpackage/vze.java
com/hotstar/transform/datasdk/receivers/StartServiceReceiver.java
defpackage/kj5.java
defpackage/gh3.java
defpackage/h60.java
defpackage/ft0.java
defpackage/vi5.java
defpackage/kj0.java
defpackage/hw0.java
defpackage/pj.java
defpackage/mz0.java
defpackage/bs4.java
defpackage/nxe.java
defpackage/oj.java
defpackage/vg.java
defpackage/pv1.java
defpackage/hk0.java
defpackage/be4.java
defpackage/ld0.java
com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java
defpackage/k50.java
defpackage/ah5.java
defpackage/m61.java
com/mixpanel/android/mpmetrics/InAppButton.java
defpackage/kv0.java
defpackage/y64.java
defpackage/yh5.java
defpackage/u80.java
defpackage/bd.java
defpackage/za6.java
defpackage/ai5.java
defpackage/b50.java
defpackage/b02.java
defpackage/mi5.java
defpackage/ci5.java
com/hotstar/transform/basesdk/InAppBrowser.java
defpackage/s30.java
defpackage/uh.java
defpackage/l50.java
defpackage/zf.java
com/qualcomm/msdc/transport/MSDCDiscoveryFactory.java
defpackage/bq1.java
defpackage/kq0.java
defpackage/ty0.java
com/hotstar/transform/datasdk/db/FingerPrintDBHelper.java
defpackage/ky1.java
defpackage/gy1.java
defpackage/t64.java
defpackage/lw1.java
defpackage/oq0.java
defpackage/q30.java
defpackage/w30.java
defpackage/xv.java
com/qualcomm/msdc/model/MSDCStreamingModelImpl.java
defpackage/d64.java
defpackage/bt4.java
defpackage/p04.java
defpackage/pwe.java
defpackage/tl1.java
defpackage/c30.java
defpackage/yze.java
defpackage/nk3.java
defpackage/s20.java
defpackage/c4.java
com/qualcomm/msdc/transport/local/MSDCConnectionGroupCallHelper.java
defpackage/dt0.java
defpackage/g9.java
defpackage/kg.java
defpackage/t21.java
defpackage/yw0.java
defpackage/p21.java
defpackage/tz0.java
defpackage/je3.java
defpackage/dh.java
defpackage/n00.java
defpackage/pe.java
defpackage/ize.java
defpackage/fv1.java
defpackage/rg.java
defpackage/jx0.java
defpackage/c20.java
com/qualcomm/msdc/transport/MSDCTcpRetryTimer.java
defpackage/cq4.java
com/hotstar/transform/datasdk/handlers/AlarmsHandler.java
defpackage/lg.java
com/hotstar/transform/datasdk/jobSchedulers/ConfigJobService.java
defpackage/rh5.java
defpackage/q85.java
defpackage/me5.java
defpackage/i41.java
defpackage/u54.java
com/hotstar/transform/datasdk/audiomatch/AudioMatchHelper.java
com/qualcomm/msdc/transport/local/NetworkServiceConnection.java
com/qualcomm/msdc/controller/MSDCFileDeliveryController.java
defpackage/j41.java
defpackage/m10.java
defpackage/sv4.java
com/hotstar/transform/datasdk/db/ConfigDbHelper.java
defpackage/ao0.java
defpackage/c10.java
defpackage/vh4.java
defpackage/h9.java
defpackage/bm3.java
defpackage/hj3.java
defpackage/qx1.java
defpackage/m40.java
defpackage/a90.java
defpackage/vo0.java
com/hotstar/transform/datasdk/constants/ExtendedConst.java
com/hotstar/transform/datasdk/audiomatch/PassiveAudioMatcher.java
defpackage/ay.java
defpackage/ll0.java
defpackage/mv4.java
defpackage/mg.java
com/hotstar/transform/datasdk/handlers/ArielHandler.java
defpackage/b12.java
com/qualcomm/msdc/Version.java
defpackage/o41.java
defpackage/rk5.java
defpackage/cv4.java
defpackage/ix0.java
defpackage/md0.java
com/qualcomm/msdc/transport/local/FDServiceConnection.java
in/startv/hotstar/player/core/exo/cronet/CronetDataSource.java
defpackage/ia0.java
com/hotstar/transform/basesdk/adsettings/BaseSettingsManager.java
defpackage/gd.java
defpackage/p5.java
defpackage/ng.java
com/hotstar/transform/datasdk/services/Ariel.java
com/qualcomm/msdc/transport/local/MSDCConnectionNetworkHelper.java
defpackage/o21.java
defpackage/py3.java
defpackage/d66.java
com/qualcomm/msdc/comm/MSDCServicesResultsCache.java
com/amazonaws/logging/LogFactory.java
com/qualcomm/msdc/controller/MSDCGroupCallController.java
defpackage/h35.java
defpackage/ax1.java
defpackage/d51.java
com/hotstar/transform/datasdk/services/SyncService.java
com/qualcomm/msdc/transport/tcp/MSIConnectionData.java
defpackage/ri5.java
defpackage/e01.java
defpackage/jxe.java
defpackage/gk5.java
defpackage/uy3.java
defpackage/bn3.java
defpackage/w50.java
defpackage/us0.java
defpackage/qw1.java
defpackage/if3.java
defpackage/o0.java
defpackage/c53.java
defpackage/ct4.java
defpackage/fn0.java
defpackage/uwe.java
defpackage/k2.java
defpackage/ho1.java
defpackage/il5.java
defpackage/a95.java
defpackage/wn0.java
defpackage/qy0.java
defpackage/k02.java
com/amazonaws/auth/CognitoCachingCredentialsProvider.java
defpackage/s31.java
com/hotstar/transform/basesdk/event/EventsManager.java
defpackage/hi5.java
defpackage/em.java
defpackage/li5.java
com/hotstar/transform/basesdk/net/NetworkRequestWorker.java
defpackage/m00.java
defpackage/nt1.java
defpackage/bc.java
defpackage/o76.java
com/qualcomm/msdc/ROWAppManagerHelper.java
defpackage/e00.java
defpackage/ik3.java
defpackage/lq4.java
com/qualcomm/msdc/controller/MSDCControllerEventDispatcher.java
com/hotstar/transform/datasdk/receivers/FPReceiver.java
in/startv/hotstar/fangraph/Plot.java
defpackage/l61.java
com/qualcomm/msdc/transport/local/MSDCConnectionFileDeliveryHelper.java
defpackage/j80.java
defpackage/ex9.java
defpackage/hh3.java
defpackage/tze.java
defpackage/mx5.java
com/qualcomm/msdc/model/MSDCGroupCallModelImpl.java
defpackage/dh3.java
com/qualcomm/msdc/controller/MSDCStreamingController.java
defpackage/m12.java
defpackage/ti5.java
defpackage/oz0.java
defpackage/ke3.java
defpackage/eb9.java
defpackage/pi5.java
defpackage/fd0.java
com/moat/analytics/mobile/hot/m.java
defpackage/ya.java
defpackage/x36.java
defpackage/s10.java
defpackage/gc.java
com/qualcomm/msdc/comm/MSDCMessageHandler.java
defpackage/wwe.java
defpackage/u50.java
defpackage/e91.java
defpackage/cw1.java
defpackage/i50.java
defpackage/swe.java
com/hotstar/transform/datasdk/handlers/WiFiDetailsHandler.java
defpackage/wh5.java
defpackage/ba1.java
defpackage/h41.java
defpackage/vu0.java
defpackage/do0.java
defpackage/zh4.java
com/hotstar/transform/datasdk/db/ConfigContentProvider.java
com/qualcomm/msdc/transport/tcp/MSISender.java
defpackage/vr0.java
defpackage/cu1.java
com/hotstar/transform/datasdk/handlers/ConfigHandler.java
defpackage/jf.java
defpackage/xi8.java
defpackage/uz.java
defpackage/jz0.java
com/qualcomm/msdc/model/MSDCFileDeliveryModelImpl.java
defpackage/ta.java
defpackage/uh3.java
defpackage/pl0.java
defpackage/m70.java
com/hotstar/transform/datasdk/handlers/SyncServerHandler.java
com/qualcomm/msdc/transport/local/MSDCDiscovery.java
defpackage/md.java
defpackage/hk5.java
defpackage/kx0.java
com/qualcomm/msdc/transport/tcp/MSIReceiver.java
com/hotstar/transform/basesdk/event/eventutils/EventAlarmReceiver.java
com/qualcomm/msdc/filedownload/HttpGetThread.java
com/hotstar/transform/datasdk/TransformHelper.java
defpackage/uy.java
com/amazonaws/mobile/client/internal/InternalCallback.java
defpackage/nj5.java
defpackage/ug.java
defpackage/axe.java
defpackage/c9.java
defpackage/uv1.java
defpackage/th.java
defpackage/k60.java
defpackage/ak.java
defpackage/x12.java
defpackage/cu0.java
defpackage/ixe.java
defpackage/wj3.java
defpackage/he3.java
com/qualcomm/msdc/model/MSDCNetworkModelImpl.java
defpackage/ry1.java
com/qualcomm/msdc/transport/MSDCTransportReceiver.java
in/startv/hotstar/rocky/home/HomeActivity.java
defpackage/iz3.java
defpackage/lx.java
defpackage/xu1.java
defpackage/mb5.java
defpackage/lv4.java
defpackage/apb.java
com/hotstar/transform/datasdk/jobSchedulers/ArielJobService.java
defpackage/uy0.java
defpackage/jy1.java
com/hotstar/transform/datasdk/handlers/UploadFingerPrintHandler.java
com/amazonaws/cognito/clientcontext/data/UserContextDataProvider.java
com/qualcomm/msdc/transport/MSDCTransportManager.java
defpackage/xxe.java
defpackage/ni4.java
defpackage/li4.java
defpackage/n02.java
defpackage/m01.java
defpackage/r9.java
defpackage/ki5.java
defpackage/ih.java
com/qualcomm/msdc/controller/MSDCNetworkController.java
defpackage/oi5.java
defpackage/sq0.java
defpackage/ns0.java
defpackage/p50.java
defpackage/yj5.java
defpackage/ct5.java
defpackage/z02.java
defpackage/yy1.java
defpackage/my1.java
defpackage/zi0.java
defpackage/bf3.java
defpackage/xs0.java
defpackage/k1.java
com/hotstar/transform/basesdk/Util.java
com/amazonaws/cognito/clientcontext/util/SignatureGenerator.java
defpackage/au0.java
defpackage/c70.java
defpackage/z12.java
defpackage/h04.java
defpackage/dq5.java
defpackage/xz.java
defpackage/mw0.java
defpackage/xg.java
com/qualcomm/msdc/object/FDFileId.java
com/qualcomm/msdc/transport/local/MSDCConnectionStreamingHelper.java
defpackage/ol0.java
defpackage/n95.java
com/qualcomm/msdc/transport/local/RootServiceConnection.java
defpackage/lxe.java
com/hotstar/transform/datasdk/audiomatch/ActiveAudioMatcher.java
com/moat/analytics/mobile/hot/p.java
defpackage/r41.java
defpackage/a5.java
defpackage/dn0.java
defpackage/s9.java
defpackage/qze.java
defpackage/et1.java
defpackage/k10.java
defpackage/v9.java
com/amazonaws/logging/AndroidLog.java
defpackage/w2.java
com/qualcomm/msdc/MSDCInternalApplication.java
com/qualcomm/msdc/MSDCAppManagerImpl.java
defpackage/hr0.java
defpackage/y85.java
com/segment/analytics/integrations/Logger.java
com/hotstar/transform/datasdk/services/ForegroundRecordingService.java
in/startv/hotstar/sdk/utils/akamai/AkamaiHelper.java
defpackage/yj0.java
defpackage/om3.java
defpackage/rr0.java
com/mixpanel/android/mpmetrics/InAppNotification.java
defpackage/x7.java
com/qualcomm/msdc/transport/MSDCTransportSenderFactory.java
defpackage/g5.java
defpackage/cr0.java
defpackage/zm3.java
defpackage/i70.java
defpackage/w41.java
defpackage/u4.java
com/hotstar/transform/basesdk/LocationManager.java
defpackage/kd0.java
defpackage/gx0.java
defpackage/g3.java
defpackage/kv.java
defpackage/r4.java
defpackage/qm.java
defpackage/y7.java
defpackage/ee.java
defpackage/n04.java
defpackage/vl1.java
com/hotstar/transform/datasdk/jni/JNIConnectorCommon.java
defpackage/bu0.java
defpackage/ep1.java
defpackage/n90.java
defpackage/ui5.java
defpackage/d70.java
defpackage/nb6.java
defpackage/nh.java
defpackage/ot1.java
defpackage/so0.java
com/qualcomm/msdc/transport/local/StreamingServiceConnection.java
defpackage/zj5.java
defpackage/bye.java
defpackage/e20.java
defpackage/pv4.java
defpackage/z30.java
defpackage/va0.java
com/qualcomm/msdc/transport/MSDCConnectionFactory.java
defpackage/vj8.java
defpackage/p00.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/qualcomm/msdc/transport/MSDCTransportReceiver.java
com/hotstar/transform/basesdk/event/eventutils/EventConstants.java
com/hotstar/transform/datasdk/constants/Const.java
com/razorpay/BaseConstants.java
com/segment/analytics/Options.java
com/segment/analytics/integrations/TrackPayload.java
defpackage/j20.java
com/hotstar/transform/datasdk/db/ConfigContentProvider.java
com/razorpay/AnalyticsConstants.java
io/jsonwebtoken/JwsHeader.java
com/segment/analytics/ProjectSettings.java
com/hotstar/transform/basesdk/Constants.java
com/segment/analytics/integrations/AliasPayload.java
com/segment/analytics/integrations/GroupPayload.java
com/segment/analytics/SegmentIntegration.java
com/segment/analytics/integrations/ScreenPayload.java
com/segment/analytics/Properties.java
com/segment/analytics/integrations/IdentifyPayload.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 defpackage/uhf.java
defpackage/fte.java
defpackage/sqe.java
defpackage/cre.java
defpackage/ng0.java
defpackage/wpe.java
defpackage/nre.java
defpackage/rsd.java
defpackage/zmf.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 defpackage/hu0.java
defpackage/pf0.java
defpackage/ju0.java
defpackage/q75.java
defpackage/gu0.java
defpackage/oj.java
defpackage/xq4.java
defpackage/qp0.java
defpackage/yq4.java
defpackage/cx.java
com/hotstar/transform/datasdk/db/ConfigDbHelper.java
defpackage/kk0.java
defpackage/yy1.java
in/startv/hotstar/rocky/jobs/apphealthmonitor/AppHealthMonitorWorker.java
com/amazonaws/mobileconnectors/s3/transferutility/TransferDatabaseHelper.java
com/hotstar/transform/datasdk/db/FingerPrintDBHelper.java
defpackage/xg.java
defpackage/d35.java
defpackage/k85.java
com/hotstar/transform/basesdk/event/eventutils/DatabaseManager.java
defpackage/eb9.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 defpackage/fa2.java
com/amazonaws/retry/PredefinedRetryPolicies.java
defpackage/wb3.java
defpackage/kl5.java
defpackage/eff.java
defpackage/w2e.java
defpackage/v7c.java
defpackage/lxb.java
in/startv/hotstar/rocky/ads/nonlinear/NonLinearAdLifeCycleObserver.java
defpackage/td9.java
defpackage/d8c.java
defpackage/li4.java
defpackage/hr0.java
defpackage/z75.java
defpackage/e3d.java
defpackage/bt3.java
defpackage/nh0.java
defpackage/fff.java
defpackage/e16.java
defpackage/gm0.java
defpackage/bt4.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 defpackage/fob.java
defpackage/cw0.java
defpackage/nxe.java
defpackage/dj9.java
defpackage/yf0.java
defpackage/fpb.java
defpackage/pk5.java
com/hotstar/transform/basesdk/Util.java
defpackage/zx0.java
defpackage/enf.java
defpackage/xg.java
defpackage/nh0.java
defpackage/pz.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 com/qualcomm/msdc/transport/tcp/MSIConnectionData.java
defpackage/g9c.java
defpackage/axe.java
defpackage/ll0.java
in/startv/hotstar/rocky/watchpage/localserver/NanoHTTPD.java
com/qualcomm/msdc/transport/local/MSDCConnectionGroupCallHelper.java
com/qualcomm/msdc/Version.java
defpackage/gx0.java
defpackage/il0.java
defpackage/rz.java
defpackage/swe.java
defpackage/un0.java
defpackage/en0.java
defpackage/rm0.java
com/qualcomm/msdc/transport/local/MSDCConnectionFileDeliveryHelper.java
com/qualcomm/msdc/transport/local/MSDCConnectionStreamingHelper.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 defpackage/fb3.java
defpackage/fq4.java
defpackage/tr2.java
com/amazonaws/services/s3/AmazonS3Client.java
defpackage/jp3.java
com/amazonaws/services/s3/internal/MD5DigestCalculatingInputStream.java
com/hotstar/transform/basesdk/Util.java
com/amazonaws/util/Md5Utils.java
defpackage/z75.java
defpackage/bt3.java
defpackage/xg.java
defpackage/zw0.java
defpackage/pz.java
defpackage/mqb.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/hotstar/transform/datasdk/util/Utility.java
defpackage/mx5.java
defpackage/mq3.java
com/hotstar/transform/basesdk/Util.java
com/qualcomm/ltebc/aidl/FileDownloadUtils.java
defpackage/nob.java
defpackage/dq5.java
defpackage/gx0.java
defpackage/mt5.java
defpackage/h9.java
com/hotstar/transform/basesdk/Log.java
defpackage/twe.java
in/startv/hotstar/rocky/report/UploadFeedbackIntentService.java
defpackage/qv3.java
defpackage/x32.java
High
CVSS:7.4
Insecure WebView Implementation. WebView ignores SSL Certificate errors and accept any SSL Certificate. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 defpackage/h5b.java
defpackage/y8b.java
High
CVSS:7.4
The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.
MASVS: MSTG-CRYPTO-3
CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
M5: Insufficient Cryptography
Files:
 defpackage/qw5.java
com/razorpay/O_$B_.java
defpackage/dc3.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files:
 defpackage/lx2.java
in/startv/hotstar/rocky/watchpage/HSWatchPageActivity.java
com/razorpay/BaseUtils.java
in/startv/hotstar/rocky/subscription/cancellation/web/HSCancelSubsWebActivity.java
defpackage/ty2.java
defpackage/vd0.java
in/startv/hotstar/rocky/subscription/payment/HSPaymentActivity.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 com/hotstar/transform/basesdk/event/EventsManager.java
defpackage/nxe.java
defpackage/zx0.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 defpackage/o0.java
com/razorpay/RzpAssist.java
defpackage/ue0.java
defpackage/wma.java
High
CVSS:5.9
The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.
MASVS: MSTG-CRYPTO-2
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 defpackage/u33.java
defpackage/dj9.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 defpackage/nob.java
defpackage/xh.java
in/startv/hotstar/rocky/watchpage/localserver/NanoHTTPD.java
High
CVSS:5.4
Remote WebView debugging is enabled.
MASVS: MSTG-RESILIENCE-2
CWE-919 - Weaknesses in Mobile Applications
M1: Improper Platform Usage
Files:
 com/hotstar/transform/basesdk/Log.java
Pygal Germany: 800 Spain: 100 United Kingdom: 100 India: 300 Netherlands: 700 United States: 5200

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Domains analysis

Information computed with MobSF.

acs.amazonaws.com
US hb-analytics.hotstar.com 23.35.236.131
US www.google-analytics.com 142.250.186.46
.facebook.com
US cdn-settings.segment.com 18.66.138.112
DE secure-media.hotstar.com 184.24.77.208
IN api.razorpay.com 3.7.186.68
US pagead2.googlesyndication.com 172.217.16.194
US csi.gstatic.com 142.250.207.195
US vs.hotstar.com 23.35.236.131
DE img1.hotstarext.com 184.24.77.203
NL service.hotstar.com 23.36.162.71
DE hesads.akamaized.net 184.24.77.186
US in-starlive-preroll.videoplaza.tv 34.107.223.103
DE social.akamaized.net 184.24.77.209
DE social-images.hotstarext.com 184.24.77.203
US www.google.com 142.250.185.196
US cdn.razorpay.com 18.66.112.7
US facebook.com 185.60.216.35
www.s.facebook.com
US app-measurement.com 142.250.185.142
US www.example.com 93.184.216.34
US www.facebook.com 185.60.216.35
US api.segment.io 52.10.170.125
US bifrost.hotstar.com 23.35.236.131
US events-analytics.hotstar.com 23.35.236.131
DE support.roku.com 13.225.78.55
US imasdk.googleapis.com 172.217.168.234
US tyrion.hotstar.com 23.35.236.131
US support.apple.com 96.16.133.197
US z.moatads.com 23.35.237.151
NL geoip.hotstar.com 23.36.162.83
US us.hotstar.com 23.35.236.131
graph.s.facebook.com
US gcache.hotstar.com 23.35.236.131
US firebaseremoteconfig.googleapis.com 142.250.181.234
uatdedscc52.blob.core.cloudapi.de
US xmlpull.org 74.50.61.58
US service-intl.hotstar.com 23.35.236.131
hotstar-sin.gravityrd-services.com
US in-star.videoplaza.tv 34.107.223.103
US tools.ietf.org 50.223.129.194
US support.google.com 142.250.186.78
US xml.org 104.239.240.11
IN s3.ap-south-1.amazonaws.com 52.219.66.37
ES ma312-r.analytics.edgesuite.net 2.21.20.144
US www.w3.org 128.30.52.100
DE api.hotstar.com 95.101.27.108
US googleads.g.doubleclick.net 172.217.16.130
vendorlist.consensu.org
NL sports.hotstar.com 23.36.163.26
US fp-analytics.hotstar.com 23.35.236.131
US geolocation.onetrust.com 172.64.146.158
US cws-hotstar.conviva.com 52.27.206.159
US adserver.adtech.de 152.199.21.32
NL persona.hotstar.com 23.36.162.132
US cws.conviva.com 44.235.128.212
US goo.gl 142.250.184.206
schemas.android.com
NL bifrost-api.hotstar.com 23.36.163.4
DE sportzsdk.hotstar.com 184.24.77.184
e.crashlytics.com
US cape.hotstar.com 69.192.160.130
US pings.conviva.com 54.163.123.216
US plus.google.com 142.250.185.142
services.hotstar.com
mobile-service.segment.com
NL segment.hotstar.com 23.36.162.154
US picsum.photos 172.67.74.163
US api-8193049075321183840-974228.firebaseio.com 34.120.160.131
US play.google.com 142.250.186.46
US github.com 140.82.121.3
US developers.facebook.com 185.60.216.15
US graph.facebook.com 185.60.216.15
US privacyportaluatde.onetrust.com 172.64.146.158
US www.abc.com 18.66.139.37
US settings-analytics.hotstar.com 23.35.236.131
hotstar-ev-sin.gravityrd-services.com
settings.crashlytics.com
hotstaramerica-sjc.gravityrd-services.com
US ssl.google-analytics.com 172.217.23.104
US s3-us-west-1.amazonaws.com 52.219.116.112
NL www.hotstar.com 23.36.162.146
IN api.jio.com 45.123.16.12
US ca.hotstar.com 23.35.236.131
GB static.wizrocket.com 52.222.236.10

URL analysis

Information computed with MobSF.

https://tools.ietf.org/html/rfc7518#section-3.2
https://tools.ietf.org/html/rfc7518#section-3.4
https://tools.ietf.org/html/rfc7518#section-
https://tools.ietf.org/html/rfc7518#section-3.3
Defined in io/jsonwebtoken/SignatureAlgorithm.java
https://tools.ietf.org/html/rfc7518#section-3.2
https://tools.ietf.org/html/rfc7518#section-3.4
https://tools.ietf.org/html/rfc7518#section-
https://tools.ietf.org/html/rfc7518#sectio