737d2b04fa28348e86879d971364e09513c69ba6c0d1a29de1d22edbe4af5814

Analysis

max time kernel
2682033s
max time network
148s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 19:11 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

737d2b04fa28348e86879d971364e09513c69ba6c0d1a29de1d22edbe4af5814.apk
Size

6.0MB
MD5

82a750766dea3812c5971266e65870c2
SHA1

3dc42e3c8c6dad2b451adcca229002af270bc5c7
SHA256

737d2b04fa28348e86879d971364e09513c69ba6c0d1a29de1d22edbe4af5814
SHA512

c3b88c91016d872f90816b233d07341d028ae1e6a6a816ca30f17c623dfc88b9b9f250199079643687822f2aaf5ef41b998d461c73a67fcbbc275ef32b9e237b
SSDEEP

98304:w5VBnzsFbmtU/4XNSJYUCmpZ3NZ6RiXfueq9ULB3+ETMqSnCnTaItL2bbK3unwTs:SsxmtfSJFQRveq9ULt+EZONbO3RKBrV

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.wandongli.youfangou

com.wandongli.youfangou
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4268

Network

DNS

a.apicloud.com

Remote address:

1.1.1.1:53

Request

a.apicloud.com

IN A

Response

a.apicloud.com

IN A

47.93.90.46
DNS

at.alicdn.com

Remote address:

1.1.1.1:53

Request

at.alicdn.com

IN A

Response

at.alicdn.com

IN CNAME

at.alicdn.com.danuoyi.alicdn.com

at.alicdn.com.danuoyi.alicdn.com

IN A

79.133.176.251

at.alicdn.com.danuoyi.alicdn.com

IN A

79.133.176.252
GET

http://at.alicdn.com/t/font_946343_7k3atxr2rtp.css

Remote address:

79.133.176.251:80

Request

GET /t/font_946343_7k3atxr2rtp.css HTTP/1.1
Host: at.alicdn.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US
X-Requested-With: com.wandongli.youfangou

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Mon, 25 Dec 2023 07:24:15 GMT
Vary: Accept-Encoding
Vary: Accept-Encoding
x-oss-request-id: 65892E1FE84D243134922A3E
Vary: Origin
ETag: W/"9611804AD526A60115277CE2A4A141CB"
Last-Modified: Sat, 25 Dec 2021 05:21:10 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7773287221037595930
x-oss-storage-class: Standard
Cache-Control: max-age=63072000
Content-MD5: lhGAStUmpgEVJ3zipKFByw==
x-oss-server-time: 100
Ali-Swift-Global-Savetime: 1703489055
Via: cache15.l2de2[326,325,200-0,M], cache2.l2de2[329,0], cache7.gb1[341,340,200-0,M], cache7.gb1[345,0]
Age: 0
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Mon, 25 Dec 2023 07:24:15 GMT
X-Swift-CacheTime: 63072000
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 4f85b09b17034890554764808e
Content-Encoding: gzip
DNS

www.yofungou.com

Remote address:

1.1.1.1:53

Request

www.yofungou.com

IN A

Response

www.yofungou.com

IN A

154.215.126.66
GET

http://www.yofungou.com/api/V/chnet

Remote address:

154.215.126.66:80

Request

GET /api/V/chnet HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Accept: */*
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:17 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/V/chnet
GET

http://www.yofungou.com/api/index/cateList

Remote address:

154.215.126.66:80

Request

GET /api/index/cateList HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Accept: */*
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/index/cateList
GET

http://www.yofungou.com/api/index/rexiao

Remote address:

154.215.126.66:80

Request

GET /api/index/rexiao HTTP/1.1
Cookie: PHPSESSID=7s3c5cl33os88i93b2bjo14of7
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/index/rexiao
GET

http://www.yofungou.com/api/index/haohuo?page=1

Remote address:

154.215.126.66:80

Request

GET /api/index/haohuo?page=1 HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/index/haohuo?page=1
GET

http://www.yofungou.com/api/v/getOrder

Remote address:

154.215.126.66:80

Request

GET /api/v/getOrder HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/v/getOrder
GET

http://www.yofungou.com/api/v/getUser

Remote address:

154.215.126.66:80

Request

GET /api/v/getUser HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/v/getUser
GET

http://www.yofungou.com/api/goods/cate

Remote address:

154.215.126.66:80

Request

GET /api/goods/cate HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:22 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/goods/cate
GET

https://www.yofungou.com/api/V/chnet

Remote address:

154.215.126.66:443

Request

GET /api/V/chnet HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Accept: */*
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:20 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=7s3c5cl33os88i93b2bjo14of7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
GET

https://www.yofungou.com/api/index/rexiao

Remote address:

154.215.126.66:443

Request

GET /api/index/rexiao HTTP/1.1
Cookie: PHPSESSID=7s3c5cl33os88i93b2bjo14of7; PHPSESSID=7s3c5cl33os88i93b2bjo14of7
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:20 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
GET

https://www.yofungou.com/api/v/getOrder

Remote address:

154.215.126.66:443

Request

GET /api/v/getOrder HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:21 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
GET

https://www.yofungou.com/api/v/getUser

Remote address:

154.215.126.66:443

Request

GET /api/v/getUser HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:21 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
POST

https://www.yofungou.com/api/index/goods

Remote address:

154.215.126.66:443

Request

POST /api/index/goods HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded
Host: www.yofungou.com
Content-Length: 12
GET

http://www.yofungou.com/api/v/guanggao

Remote address:

154.215.126.66:80

Request

GET /api/v/guanggao HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Accept: */*
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/v/guanggao
GET

http://www.yofungou.com/api/V/baobiao

Remote address:

154.215.126.66:80

Request

GET /api/V/baobiao HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/V/baobiao
POST

http://www.yofungou.com/api/index/goods

Remote address:

154.215.126.66:80

Request

POST /api/index/goods HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded
Host: www.yofungou.com
Content-Length: 12

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 25 Dec 2023 07:24:22 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.yofungou.com/api/index/goods
GET

https://www.yofungou.com/api/index/cateList

Remote address:

154.215.126.66:443

Request

GET /api/index/cateList HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Accept: */*
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:20 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
GET

https://www.yofungou.com/api/index/haohuo?page=1

Remote address:

154.215.126.66:443

Request

GET /api/index/haohuo?page=1 HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:20 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
GET

https://www.yofungou.com/api/V/baobiao

Remote address:

154.215.126.66:443

Request

GET /api/V/baobiao HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:22 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
POST

https://www.yofungou.com/api/index/goods

Remote address:

154.215.126.66:443

Request

POST /api/index/goods HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded
Host: www.yofungou.com
Content-Length: 12
GET

https://www.yofungou.com/api/v/guanggao

Remote address:

154.215.126.66:443

Request

GET /api/v/guanggao HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Accept: */*
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:22 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=drttpr23h6ovlj1egr0hurcnl4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
GET

https://www.yofungou.com/api/goods/cate

Remote address:

154.215.126.66:443

Request

GET /api/goods/cate HTTP/1.1
Cookie: PHPSESSID=drttpr23h6ovlj1egr0hurcnl4; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Host: www.yofungou.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 25 Dec 2023 07:24:22 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
POST

https://www.yofungou.com/api/index/goods

Remote address:

154.215.126.66:443

Request

POST /api/index/goods HTTP/1.1
Cookie: PHPSESSID=p2m949gcak69kqvug3lf4icvq2; PHPSESSID=p2m949gcak69kqvug3lf4icvq2
Accept: */*
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
Connection: Keep-Alive
Charset: UTF-8
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded
Host: www.yofungou.com
Content-Length: 12
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238

47.93.90.46:443

a.apicloud.com

300 B
5
79.133.176.251:80

http://at.alicdn.com/t/font_946343_7k3atxr2rtp.css

http

663 B
3.8kB
6
6

HTTP Request

GET http://at.alicdn.com/t/font_946343_7k3atxr2rtp.css

HTTP Response

200
154.215.126.66:80

http://www.yofungou.com/api/goods/cate

http

4.5kB
4.7kB
24
15

HTTP Request

GET http://www.yofungou.com/api/V/chnet

HTTP Response

301

HTTP Request

GET http://www.yofungou.com/api/index/cateList

HTTP Response

301

HTTP Request

GET http://www.yofungou.com/api/index/rexiao

HTTP Response

301

HTTP Request

GET http://www.yofungou.com/api/index/haohuo?page=1

HTTP Response

301

HTTP Request

GET http://www.yofungou.com/api/v/getOrder

HTTP Response

301

HTTP Request

GET http://www.yofungou.com/api/v/getUser

HTTP Response

301

HTTP Request

GET http://www.yofungou.com/api/goods/cate

HTTP Response

301
154.215.126.66:443

https://www.yofungou.com/api/index/goods

tls, http

4.0kB
14.3kB
23
21

HTTP Request

GET https://www.yofungou.com/api/V/chnet

HTTP Response

200

HTTP Request

GET https://www.yofungou.com/api/index/rexiao

HTTP Response

200

HTTP Request

GET https://www.yofungou.com/api/v/getOrder

HTTP Response

200

HTTP Request

GET https://www.yofungou.com/api/v/getUser

HTTP Response

200

HTTP Request

POST https://www.yofungou.com/api/index/goods
154.215.126.66:80

http://www.yofungou.com/api/index/goods

http

2.0kB
1.4kB
10
6

HTTP Request

GET http://www.yofungou.com/api/v/guanggao

HTTP Response

301

HTTP Request

GET http://www.yofungou.com/api/V/baobiao

HTTP Response

301

HTTP Request

POST http://www.yofungou.com/api/index/goods

HTTP Response

301
154.215.126.66:443

https://www.yofungou.com/api/index/goods

tls, http

3.1kB
5.7kB
14
15

HTTP Request

GET https://www.yofungou.com/api/index/cateList

HTTP Response

200

HTTP Request

GET https://www.yofungou.com/api/index/haohuo?page=1

HTTP Response

200

HTTP Request

GET https://www.yofungou.com/api/V/baobiao

HTTP Response

200

HTTP Request

POST https://www.yofungou.com/api/index/goods
154.215.126.66:443

https://www.yofungou.com/api/goods/cate

tls, http

2.9kB
4.4kB
16
13

HTTP Request

GET https://www.yofungou.com/api/v/guanggao

HTTP Response

200

HTTP Request

GET https://www.yofungou.com/api/goods/cate

HTTP Response

200
154.215.126.66:443

https://www.yofungou.com/api/index/goods

tls, http

1.5kB
556 B
8
8

HTTP Request

POST https://www.yofungou.com/api/index/goods
142.250.200.46:443

tls, https

858 B
40 B
1
1
172.217.16.238:443

android.apis.google.com

tls

4.8kB
8.9kB
16
22

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

a.apicloud.com

dns

60 B
76 B
1
1

DNS Request

a.apicloud.com

DNS Response

47.93.90.46
1.1.1.1:53

at.alicdn.com

dns

59 B
127 B
1
1

DNS Request

at.alicdn.com

DNS Response

79.133.176.251

79.133.176.252
1.1.1.1:53

www.yofungou.com

dns

62 B
78 B
1
1

DNS Request

www.yofungou.com

DNS Response

154.215.126.66
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.16.238

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.