Report - s.shouji.360tpcdn.com/161223/d24b455588e6cefedc67e93af27fe7a5/com.qihoo.paymentmethod_41.apk?en=curpage=&exp=1712266431&from=obgo_channel_getPlugInfoByPnames&m2=1bd649f9fb45502620a709cfa5061eb7&tok=79c218b03e38acd73d879e114f5b031c&ts=1711661631&v=5.2.50&f=z.apk

Report Overview

Submitted URL
s.shouji.360tpcdn.com/161223/d24b455588e6cefedc67e93af27fe7a5/com.qihoo.paymentmethod_41.apk?en=curpage=&exp=1712266431&from=obgo_channel_getPlugInfoByPnames&m2=1bd649f9fb45502620a709cfa5061eb7&tok=79c218b03e38acd73d879e114f5b031c&ts=1711661631&v=5.2.50&f=z.apk
IP
104.192.108.20
ASN
#55992 Beijing Qihu Technology Company Limited
Submitted
2024-03-28 21:54:35
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s.shouji.360tpcdn.com	unknown	2013-02-18	2023-09-12	2024-03-27	715 B	1.2 MB	104.192.108.17

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
s.shouji.360tpcdn.com/161223/d24b455588e6cefedc67e93af27fe7a5/com.qihoo.paymentmethod_41.apk?en=curpage=&exp=1712266431&from=obgo_channel_getPlugInfoByPnames&m2=1bd649f9fb45502620a709cfa5061eb7&tok=79c218b03e38acd73d879e114f5b031c&ts=1711661631&v=5.2.50&f=z.apk
IP
104.192.108.17
ASN
#55992 Beijing Qihu Technology Company Limited

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.2 MB (1192295 bytes)
Hash
d24b455588e6cefedc67e93af27fe7a5
4c1b41e4324c681a5b982e288f5fb58c49b4a260
fc24c8c656665e6ea40221dca93d9c36d5d2484edbaedc77776c9175b0533c85

Archive (25)

Filename

Md5

File type

MANIFEST.MF

2323338200d78f642f793bb230ce744a

JAR Manifest, ASCII text, with CRLF line terminators

GYZ_APPS.SF

aca1baca88fc4b1beefc5d3f3bb3ae19

JAR Signature File, ASCII text, with CRLF line terminators

GYZ_APPS.RSA

74767ec8e7972e33844047bad2c6d59e

DER Encoded PKCS#7 Signed Data

AndroidManifest.xml

913f76e35d060a0580fa0f2c323bef9e

Android binary XML

conf

13f4d4ef06abf07d4faa3aae6667e443

ASCII text, with CRLF line terminators

ic_launcher.png

b6c8d734a48aeb5aa49d5851303135d1

PNG image data, 72 x 72, 8-bit colormap, non-interlaced

resources.arsc

88a36677067658a07f1bf7ca5573665c

Android package resource table (ARSC), 53 string(s), utf8

classes.dex

5c23d7f0ae59b1289c93adf669b55f67

Dalvik dex file version 035

alipaySDK.jar

98a1dde5a0230b5f35cecaa76624f281

Java archive data (JAR)

WalletLoader_dex.jar

701e344e44b4c7ebfd51242d83b7f955

Java archive data (JAR)

WalletPlugin.apk

d6b56aef38396a137ae670d0213db1d2

Android package (APK), with AndroidManifest.xml Java archive data (JAR)

apk2jar_button_bg.xml

2ed5c24088fe1eb96e83f7fb2920ab59

Android binary XML

tips.xml

10cadf1f94d80a8186122cd41093f3c6

Android binary XML

apk2jar_button_bg_normal.png

f3f718c830fb83a4f06395b49b1029b5

PNG image data, 120 x 120, 8-bit colormap, non-interlaced

apk2jar_button_bg_pressed.png

6d6f189ed622e174af1062162053120c

PNG image data, 120 x 120, 8-bit colormap, non-interlaced

apk2jar_ic_launcher.png

f01fde27d6bbb3742c9e6c0b46b3db40

PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced

payment_ali_icon.png

5e1b621720d20a8c084115dc04c88e35

PNG image data, 72 x 72, 8-bit colormap, non-interlaced

payment_nfc_icon.png

3f2ddebc1d471d456cfe901a927e16ac

PNG image data, 70 x 51, 8-bit colormap, non-interlaced

payment_qihoo_icon.png

48611a81b77b38fef6e60bb6d2b53674

PNG image data, 70 x 70, 8-bit colormap, non-interlaced

payment_weixin_icon.png

baf9fec6b645cbe1d6358044296e80fd

PNG image data, 72 x 72, 8-bit colormap, non-interlaced

title_back_normal.png

cef471a97c07cb3c04ce5268d6020fed

PNG image data, 56 x 56, 8-bit colormap, non-interlaced

payment_activity_main.xml

7c82c1f46595aab56104c195143342a9

Android binary XML

payment_list_item.xml

6dcce29f45d82cc3abd2a0bab92a8498

Android binary XML

payment_activity_main.xml

a0dc68e34dd1c5bfafd43bf1f736b34e

Android binary XML

payment_list_item.xml

e7e1bb70cdd3da12543eaf158e159fde

Android binary XML

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 14/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

s.shouji.360tpcdn.com/161223/d24b455588e6cefedc67e93af27fe7a5/com.qihoo.paymentmethod_41.apk?en=curpage=&exp=1712266431&from=obgo_channel_getPlugInfoByPnames&m2=1bd649f9fb45502620a709cfa5061eb7&tok=79c218b03e38acd73d879e114f5b031c&ts=1711661631&v=5.2.50&f=z.apk

104.192.108.17

200 OK

1.2 MB

URL User Request GET HTTP/1.1
s.shouji.360tpcdn.com/161223/d24b455588e6cefedc67e93af27fe7a5/com.qihoo.paymentmethod_41.apk?en=curpage=&exp=1712266431&from=obgo_channel_getPlugInfoByPnames&m2=1bd649f9fb45502620a709cfa5061eb7&tok=79c218b03e38acd73d879e114f5b031c&ts=1711661631&v=5.2.50&f=z.apk
IP
104.192.108.17:443
ASN
#55992 Beijing Qihu Technology Company Limited

Certificate
IssuerWoTrus CA Limited
Subject*.shouji.360tpcdn.com
FingerprintB3:0C:6C:65:C8:1A:74:48:EA:CB:93:29:04:89:94:06:CC:6F:C1:E7
ValidityWed, 18 Oct 2023 00:00:00 GMT - Thu, 17 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.2 MB (1192295 bytes)
Hash
d24b455588e6cefedc67e93af27fe7a5
4c1b41e4324c681a5b982e288f5fb58c49b4a260
fc24c8c656665e6ea40221dca93d9c36d5d2484edbaedc77776c9175b0533c85

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 14/65

HTTP Headers

GET /161223/d24b455588e6cefedc67e93af27fe7a5/com.qihoo.paymentmethod_41.apk?en=curpage=&exp=1712266431&from=obgo_channel_getPlugInfoByPnames&m2=1bd649f9fb45502620a709cfa5061eb7&tok=79c218b03e38acd73d879e114f5b031c&ts=1711661631&v=5.2.50&f=z.apk HTTP/1.1
Host: s.shouji.360tpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 21:54:10 GMT
Content-Type: application/vnd.android.package-archive
Content-Length: 1192295
Connection: keep-alive
Expires: Wed, 22 Jan 2025 21:54:10 GMT
Last-Modified: Fri, 23 Dec 2016 06:59:12 GMT
Cache-Control: s-maxage=25920000, max-age=25920000
KCS-Via: HIT from w-f01.lato;HIT from back-f01.dl.lato;MISS from w-subsrc01.lato
K-Cache-status: HIT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers