Report - www.cydiasubstrate.com/download/com.saurik.substrate.apk

Report Overview

Submitted URL
www.cydiasubstrate.com/download/com.saurik.substrate.apk
IP
74.208.10.32
ASN
#8560 IONOS SE
Submitted
2024-05-10 06:33:06
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cache.saurik.com	unknown	1997-07-13	2012-12-23	2024-04-26	509 B	1.6 MB	163.171.133.124
www.cydiasubstrate.com	unknown	unknown	2017-02-11	2023-05-21	426 B	654 B	74.208.10.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cache.saurik.com/apks/com.saurik.substrate_0.9.4010.apk
IP
163.171.133.124
ASN
#54994 ML-1432-54994

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1551050 bytes)
Hash
9c67c86fa51b47aef4de3303288cfaca
bed7d15e78d2057d45321b181e3a91949722d762
3bbbbbeba94c77c2c4fd2356315129177d4e69411752c8e3fd3d0e76d6050645

Archive (42)

Modified	Filename	Size	Md5	File type
2013-07-24 12:37	MANIFEST.MF	3.2 kB	e431a0f78935185a3de7bb6121f06176	JAR Manifest, ASCII text, with CRLF line terminators
2013-07-24 12:37	CERT.SF	3.3 kB	d1f1a08bb4b48e70f331316ab0d3098d	JAR Signature File, ASCII text, with CRLF line terminators
2013-07-24 12:37	CERT.RSA	1.3 kB	688faacd08cd56b5575eb24d52c1bceb	DER Encoded PKCS#7 Signed Data
2013-07-24 12:37	AndroidManifest.xml	3.9 kB	fef85762e6e6831e77800340bf41155e	Android binary XML
2013-07-24 12:37	resources.arsc	2.1 kB	0eade1b91b6af7070f435e83ee533efb	Android package resource table (ARSC), 16 string(s), utf8
2013-07-24 12:37	launcher.png	7.7 kB	d4e3ad598cdb2233cab79f2ec44f0cfe	PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
2013-07-24 12:37	status.png	1.3 kB	1bcc9ab893b262075daf62e36d169529	PNG image data, 38 x 38, 8-bit colormap, non-interlaced
2013-07-24 12:37	status.png	1.2 kB	c2023bc7e37394b756411c00ed413dbc	PNG image data, 36 x 36, 8-bit colormap, non-interlaced
2013-07-24 12:37	status.png	1.2 kB	fd60d56a311adfb81e33d166dbeb718c	PNG image data, 24 x 38, 8-bit colormap, non-interlaced
2013-07-24 12:37	launcher.png	2.8 kB	0a6ba4b6ba69dbd9c3d99bd2c6fff1e8	PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced
2013-07-24 12:37	status.png	629 B	32122eec3a09f60d978622ac5064015f	PNG image data, 19 x 19, 8-bit colormap, non-interlaced
2013-07-24 12:37	status.png	361 B	1bcdf5424e789a87ecd61c989fcceeac	PNG image data, 18 x 18, 8-bit gray+alpha, non-interlaced
2013-07-24 12:37	status.png	316 B	bf1a6f1e69b3ff73bd4c88a4ec356bd3	PNG image data, 12 x 19, 8-bit gray+alpha, non-interlaced
2013-07-24 12:37	launcher.png	4.2 kB	c14359b09563dee47669281b64d237e3	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
2013-07-24 12:37	status.png	942 B	1aba2c85775a517c7e6489a4235d7472	PNG image data, 25 x 25, 8-bit colormap, non-interlaced
2013-07-24 12:37	status.png	877 B	e1929fdd3429f83678ae1153db2020ab	PNG image data, 24 x 24, 8-bit colormap, non-interlaced
2013-07-24 12:37	status.png	410 B	9ab2eb82decf306aa5569e917b564bcf	PNG image data, 16 x 25, 8-bit gray+alpha, non-interlaced
2013-07-24 12:37	launcher.png	12 kB	b5b8fe77be45835bebb5d9b68a764db2	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
2013-07-24 12:37	status.png	2.0 kB	79d52325ae3db304d82e31bc06bb7562	PNG image data, 50 x 50, 8-bit colormap, non-interlaced
2013-07-24 12:37	status.png	1.4 kB	d5a090ffe6360da7e28584edaff3134e	PNG image data, 48 x 48, 8-bit colormap, non-interlaced
2013-07-24 12:37	status.png	923 B	18093826ede824129d429726bb856a75	PNG image data, 32 x 50, 8-bit gray+alpha, non-interlaced
2013-07-24 12:37	classes.dex	588 kB	da314c6b5ff16cebd4495d84a386d0cd	Dalvik dex file version 035
2013-07-14 00:53	substrate-api.jar	5.5 kB	c42808f1d8f6900b534c548cb2cc544c	Java archive data (JAR)
2013-06-01 09:11	substrate.h	22 kB	e392075dbaad43997e897d0d662ed16f	C++ source, ASCII text, with very long lines (561)
2013-07-24 12:24	libAndroidBootstrap0.so	26 kB	ec6b8a1e0a4374d28b2dde670cea7308	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:15	libAndroidCydia.cy.so	14 kB	e95e7f11a00fe813b6cafd9144753647	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:15	libAndroidLoader.so	13 kB	04904bf4f8dfe9985754e57bbf5213e1	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:35	libDalvikLoader.cy.so	29 kB	26e0912bafe09e1d9288c8eae7f18ba8	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:15	libsubstrate-dvm.so	22 kB	851f8d48e2a7aa8bf4ffa507d2d0b813	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:15	libsubstrate.so	18 kB	bdd066a27e56c3b2e852e709f33d8a21	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:15	libSubstrateJNI.so	399 kB	e9bb9c4b08e365300fda0ec1b3750ea4	ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:15	libSubstrateRun.so	436 kB	35d1dd9fad516f80b89e688ca435ac13	ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV)
2013-07-24 12:15	libUpdateZip.so	206 kB	4edd3309b15f3786c8f0f2be7b8ace09	Zip archive data, at least v1.0 to extract, compression method=store
2013-07-24 12:24	libAndroidBootstrap0.so	22 kB	aee3b86d28cb2e0a19a332c753f31254	ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)
2013-07-24 12:15	libAndroidCydia.cy.so	5.3 kB	a93c5644d2b5796beeeb578a87ad4e9a	ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)
2013-07-24 12:15	libAndroidLoader.so	9.4 kB	162e6fcc4d49593b8afb4ae315257425	ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)
2013-07-24 12:35	libDalvikLoader.cy.so	25 kB	33dc5975b40a4ad5aa6d9bbd082304f3	ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)
2013-07-24 12:15	libsubstrate-dvm.so	18 kB	913b63acf6b1a47770b151b7f1d8b5d2	ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)
2013-07-24 12:15	libsubstrate.so	14 kB	b72b632e0dca729bbdc749105400e45e	ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)
2013-07-24 12:15	libSubstrateJNI.so	514 kB	ec9dd7656bbbc1b2c21726709f1f79a3	ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)
2013-07-24 12:15	libSubstrateRun.so	567 kB	57f2ec580d53cc89206d2072886af1ad	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)
2013-07-24 12:15	libUpdateZip.so	270 kB	023d18da69f78f39bcf861807e3e870a	Zip archive data, at least v1.0 to extract, compression method=store

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 29/65

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

www.cydiasubstrate.com/download/com.saurik.substrate.apk

74.208.10.32

302 Found

269 B

URL User Request GET HTTP/1.1
www.cydiasubstrate.com/download/com.saurik.substrate.apk
IP
74.208.10.32:80
ASN
#8560 IONOS SE

File type
HTML document, ASCII text
Size
269 B (269 bytes)
Hash
ddddb2c73bc1ebbe96b83d265dbdcb03
4caa20bd9823c073769c5ce88aa30a3396df8724
7996cd78b1a34466128c7d65045e9e6227d6e9838300e57cc6c9d8921225846d

HTTP Headers

GET /download/com.saurik.substrate.apk HTTP/1.1
Host: www.cydiasubstrate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 10 May 2024 06:32:40 GMT
Server: Apache/2.2.16 (Debian)
Cache-Control: no-cache, private, proxy-revalidate
Location: https://cache.saurik.com/apks/com.saurik.substrate_0.9.4010.apk
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 269
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

cache.saurik.com/apks/com.saurik.substrate_0.9.4010.apk

163.171.133.124

200 OK

1.6 MB

URL User Request GET HTTP/1.1
cache.saurik.com/apks/com.saurik.substrate_0.9.4010.apk
IP
163.171.133.124:443
ASN
#54994 ML-1432-54994

Certificate
IssuerGlobalSign nv-sa
Subjectssl2.cdngc.net
Fingerprint01:F3:EA:F8:8D:D6:55:00:78:E4:20:C1:08:68:C1:CA:FD:9A:84:86
ValidityTue, 16 May 2023 06:54:02 GMT - Tue, 28 May 2024 02:36:31 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1551050 bytes)
Hash
9c67c86fa51b47aef4de3303288cfaca
bed7d15e78d2057d45321b181e3a91949722d762
3bbbbbeba94c77c2c4fd2356315129177d4e69411752c8e3fd3d0e76d6050645

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 29/65

HTTP Headers

GET /apks/com.saurik.substrate_0.9.4010.apk HTTP/1.1
Host: cache.saurik.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 06:32:41 GMT
Content-Type: application/vnd.android.package-archive
Content-Length: 1551050
Connection: keep-alive
x-amz-id-2: JoxndWRpM2IUBSmUJf3TsvLTecMl+6nsW4I3h4HexQ/qmYT/28eWTXo+IwsRHQWxOE56sNqv0Ho=
x-amz-request-id: TWEBEN57CNRH9E4Y
Last-Modified: Wed, 30 Jul 2014 15:52:16 GMT
ETag: "9c67c86fa51b47aef4de3303288cfaca"
Server: PWS/8.3.1.0.8
Age: 62257
Via: 1.1 PSfgblPAR2gc184:9 (W), 1.1 PSfgblPAR2dz77:18 (W)
X-Px: ht PSfgblPAR2dz77CDG
X-Ws-Request-Id: 663dbf89_PSfgblPAR2cm80_18167-20517
Cache-Control: max-age=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (42)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers