Report - gp-app.chujingapp.com/apks/com.flytaxi.hktaxi-145.zip

Report Overview

Submitted URL
gp-app.chujingapp.com/apks/com.flytaxi.hktaxi-145.zip
IP
54.230.111.117
ASN
#16509 AMAZON-02
Submitted
2024-04-19 16:31:03
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gp-app.chujingapp.com	unknown	2022-11-14	2023-10-09	2024-04-11	507 B	14 MB	54.230.111.117

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gp-app.chujingapp.com/apks/com.flytaxi.hktaxi-145.zip
IP
54.230.111.117
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
14 MB (14409442 bytes)
Hash
299c3e38a190bfe8b16a4040b1f370af
553b48ac21eef13ae029f01253dc2004226c9e71
149e8b9ff64d7acd7a2b3857f8978d04da62c2669c0d7e94981e58647e919afd

Archive (3)

Filename

Md5

File type

com.flytaxi.hktaxi.apk

8a805b064dff46b25b8543549d40abe8

Android package (APK), with AndroidManifest.xml Zip archive data, at least v0.0 to extract, compression method=deflate

config.xxhdpi.apk

86533b67f87d829ecd525b8b491f8647

Android package (APK), with AndroidManifest.xml Zip archive data, at least v0.0 to extract, compression method=deflate

config.arm64_v8a.apk

cb71b9ff5f5c6983e7646d588ee2ac86

Android package (APK), with AndroidManifest.xml Zip archive data, at least v0.0 to extract, compression method=deflate

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	gp-app.chujingapp.com/apks/com.flytaxi.hktaxi-145.zip	54.230.111.117	200 OK	14 MB
URL User Request GET HTTP/2 gp-app.chujingapp.com/apks/com.flytaxi.hktaxi-145.zip IP 54.230.111.117:443 ASN #16509 AMAZON-02 Certificate IssuerDigiCert Inc Subject.chujingapp.com Fingerprint65:A8:7A:BD:97:FD:55:07:A6:8D:75:6B:63:40:BA:13:87:1A:7F:D3 ValidityWed, 20 Dec 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 14 MB (14409442 bytes) Hash 299c3e38a190bfe8b16a4040b1f370af 553b48ac21eef13ae029f01253dc2004226c9e71 149e8b9ff64d7acd7a2b3857f8978d04da62c2669c0d7e94981e58647e919afd HTTP Headers `GET /apks/com.flytaxi.hktaxi-145.zip HTTP/1.1 Host: gp-app.chujingapp.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/zip content-length: 14409442 server: AliyunOSS date: Fri, 19 Apr 2024 16:30:35 GMT x-oss-request-id: 66229C2BC7F0593030710D2F accept-ranges: bytes etag: "299C3E38A190BFE8B16A4040B1F370AF" last-modified: Tue, 09 Jan 2024 03:26:58 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 15830161276809604839 x-oss-storage-class: Standard content-md5: KZw+OKGQv+ixakBAsfNwrw== x-oss-server-time: 11 x-cache: Miss from cloudfront via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: eTEZVPsNuOiGZZOh0jbm6N4Ct2hEJ94y3KGD1FscFkvKSMWh7PU-xQ== X-Firefox-Spdy: h2

gp-app.chujingapp.com/apks/com.flytaxi.hktaxi-145.zip

54.230.111.117

200 OK

14 MB

URL User Request GET HTTP/2
gp-app.chujingapp.com/apks/com.flytaxi.hktaxi-145.zip
IP
54.230.111.117:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subject*.chujingapp.com
Fingerprint65:A8:7A:BD:97:FD:55:07:A6:8D:75:6B:63:40:BA:13:87:1A:7F:D3
ValidityWed, 20 Dec 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
14 MB (14409442 bytes)
Hash
299c3e38a190bfe8b16a4040b1f370af
553b48ac21eef13ae029f01253dc2004226c9e71
149e8b9ff64d7acd7a2b3857f8978d04da62c2669c0d7e94981e58647e919afd

HTTP Headers

GET /apks/com.flytaxi.hktaxi-145.zip HTTP/1.1
Host: gp-app.chujingapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
content-length: 14409442
server: AliyunOSS
date: Fri, 19 Apr 2024 16:30:35 GMT
x-oss-request-id: 66229C2BC7F0593030710D2F
accept-ranges: bytes
etag: "299C3E38A190BFE8B16A4040B1F370AF"
last-modified: Tue, 09 Jan 2024 03:26:58 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15830161276809604839
x-oss-storage-class: Standard
content-md5: KZw+OKGQv+ixakBAsfNwrw==
x-oss-server-time: 11
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eTEZVPsNuOiGZZOh0jbm6N4Ct2hEJ94y3KGD1FscFkvKSMWh7PU-xQ==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers