0/62

Threat

com.datbraincompany.hudiwallet

HUDI Wallet

Analyzed on 2021-09-13T17:53:39.890113

5

permissions

5

activities

7

services

3

receivers

83

domains

File sums

MD5 f3a862887f475df71cf5d4dd8440f8e2
SHA1 fb3355072cd7628186d6d4ccffd34dd5b2d317f2
SHA256 c897b901b070bcdf9842ca2dfbcf8215f6bd27e413130fcaad27def115fe3856
Size 5.2MB

APKiD

Information computed with APKiD.

/tmp/tmpkof944bx!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
  • Build.TAGS check
compiler
  • r8
/tmp/tmpkof944bx!classes2.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.BOARD check
  • Build.TAGS check
  • network operator name check
  • possible VM check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 98304:5BR3FdKuCayBY5T7CjyyMNZjsGoJUhtGdIiLIWB6Ptmm/ZXB7k0fr0f:FF85vkayyMNZg1aGd5tB6PtBRi
Manifest 384:JIPiVeDzRvyTtrXFZr6K4J8MnNWJ0p3aPRbhSNSvZMeCQ6z8tcG9:JAiVeDzRvyTt…
classes.dex 49152:C7KDGPX/VIvPUYw2NTntFBC7l6oS+aNpnZQyxlOK62224sFsym/1AWK9V3ZbQQd…
classes2.dex 49152:1opTwF0nEIJ4LAfICHKrzsjPWHHhBHQ6n:ay7Ba6n

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:U9SfpnumpWAXsCINODbbbblLePytDRCSYw/ncugn/uBi+qHHZL/4j1rD7qqqqVt2…
classes.dex 6144:U9SfpnumpWAXsCINODbbbblLePytDRCSYw/ncugn/uBi+qHHZL/4j1rD7qqqqVth…
classes2.dex 3072:zaa482UcBGAVvONLLydnjejrlLLLLLLLVPnHyqzoyU9HXMMzxMZHt6v:WWcvq22/…

APK details

Information computed with AndroGuard and Pithus.

Package com.datbraincompany.hudiwallet
App name HUDI Wallet
Version name 0.3.2
Version code 6
SDK 26 - 30
UAID eccf3b1405a8738275088c32763c2af70d8631f6
Signature Signature V2 Signature V3
Frosting Frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x6dff800d: Source stamp V2 X509 cert
  • 0x2146444e: Google metadata
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 6f91dd55374eee91857c417c401eda88
SHA1 57135bc37e13849b60e410547345f9c013fb778a
SHA256 603b9d522219e6335fafc326d7e98c786b5c9e9ac29d7c1b416667a793a1ee7f
Issuer Common Name: Android, Organizational Unit: Android, Organization: Google Inc., Locality: Mountain View, State/Province: California, Country: US
Not before 2021-01-13T10:23:12+00:00
Not after 2051-01-13T10:23:12+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. okhttp3/internal/publicsuffix/NOTICE
stamp-cert-sha256

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Main Activity

Information computed with AndroGuard. 

com.datbraincompany.hudiwallet.activities.MainActivity

Activities

Information computed with AndroGuard. 

com.datbraincompany.hudiwallet.activities.MainActivity
theoremreach.com.theoremreach.RewardCenterActivity
theoremreach.com.theoremreach.MomentSurveyActivity
com.google.android.gms.common.api.GoogleApiActivity
com.pollfish.activities.PollfishOverlayActivity

Receivers

Information computed with AndroGuard. 

com.google.android.gms.measurement.AppMeasurementReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Services

Information computed with AndroGuard. 

com.datbraincompany.hudiwallet.services.MessagingService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.messaging.FirebaseMessagingService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

Sample timeline

Certificate valid not before Jan. 13, 2021, 10:23 a.m.
First submission on VT Sept. 13, 2021, 5:52 p.m.
Last submission on VT Sept. 13, 2021, 5:52 p.m.
Upload on Pithus Sept. 13, 2021, 5:53 p.m.
Certificate valid not after Jan. 13, 2051, 10:23 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2		 The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_COP.1.1(4) The application perform keyed-hash message authentication with cryptographic algorithm ['HMAC-SHA-256'] .
Cryptographic Operation - Keyed-Hash Message Authentication
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files: 
 com/pollfish/a/a.java
 com/pollfish/b/a.java
 com/pollfish/c/a.java
 com/pollfish/d/a.java
 com/pollfish/main/PollFish.java
 timber/log/Timber.java
 com/pollfish/constants/UserProperties.java
 kotlin/io/ConsoleKt.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files: 
 kotlin/collections/EmptyList.java
 kotlin/random/AbstractPlatformRandom.java
 kotlin/collections/unsigned/UArraysKt___UArraysJvmKt$asList$4.java
 kotlin/collections/unsigned/UArraysKt___UArraysJvmKt$asList$1.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$6.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$3.java
 kotlin/random/KotlinRandom.java
 kotlin/collections/AbstractList.java
 kotlin/collections/RingBuffer.java
 kotlin/random/PlatformRandomKt.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$7.java
 kotlin/collections/CollectionsKt__CollectionsJVMKt.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$1.java
 kotlin/collections/unsigned/UArraysKt___UArraysJvmKt$asList$2.java
 kotlin/random/jdk8/PlatformThreadLocalRandom.java
 okio/Options.java
 com/fasterxml/jackson/databind/ser/BasicSerializerFactory.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$4.java
 kotlin/collections/builders/ListBuilder.java
 kotlin/collections/CollectionsKt___CollectionsKt.java
 kotlin/random/FallbackThreadLocalRandom.java
 kotlin/collections/MovingSubList.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$2.java
 kotlin/collections/unsigned/UArraysKt___UArraysJvmKt$asList$3.java
 kotlin/collections/CollectionsKt__MutableCollectionsJVMKt.java
 kotlin/random/FallbackThreadLocalRandom$implStorage$1.java
 kotlin/random/PlatformRandom.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$5.java
 com/github/scribejava/core/services/TimestampServiceImpl.java
 kotlin/collections/ArraysKt___ArraysJvmKt$asList$8.java
 kotlin/collections/CollectionsKt__MutableCollectionsKt.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files: 
 com/datbraincompany/hudiwallet/model/api/identity/PasswordRecoveryViewModel.java
 com/datbraincompany/hudiwallet/model/api/identity/LoginVM.java
 com/github/scribejava/core/model/OAuthConstants.java
 com/datbraincompany/hudiwallet/model/api/identity/UserUpdateViewModel.java
 com/datbraincompany/hudiwallet/model/api/identity/CreateUserViewModel.java
 com/datbraincompany/hudiwallet/support/AppPreferences.java
High
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files: 
 com/github/scribejava/apis/mailru/MailruOAuthService.java
 com/github/scribejava/apis/odnoklassniki/OdnoklassnikiOAuthService.java
 theoremreach/com/theoremreach/AppuserConnection.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files: 
 com/github/scribejava/core/services/RSASha1SignatureService.java
 com/github/scribejava/core/services/HMACSha1SignatureService.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files: 
 com/datbraincompany/hudiwallet/networking/rest/RestClient.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files: 
 com/pollfish/e/b.java
High
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files: 
 kotlin/io/FilesKt__UtilsKt.java
High
CVSS:7.4
Insecure WebView Implementation. WebView ignores SSL Certificate errors and accept any SSL Certificate. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files: 
 theoremreach/com/theoremreach/RewardCenterActivity.java
Pygal Belarus: 100 China: 200 Germany: 1200 Finland: 200 France: 200 United Kingdom: 100 Hong Kong: 200 Ireland: 300 Korea, Republic of: 100 Netherlands: 500 Norway: 100 Russian Federation: 700 United States: 4000

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']
Medium Base config is configured to trust system certificates.
Scope: ['*']

Domains analysis

Information computed with MobSF.

accounts.automatic.com
DE account.box.com 185.235.236.197
DE api.500px.com 13.225.78.3
US api.dropbox.com 162.125.66.19
CN api.kaixin001.com 140.143.114.22
US accounts.google.com 142.250.186.77
US www.fitbit.com 104.16.65.50
RU oauth.vk.com 87.240.129.135
US oauth2.googleapis.com 142.250.181.234
US www.etsy.com 151.101.13.224
US mandalorianws.pollfish.com 34.69.70.102
KR kauth.kakao.com 203.133.166.32
NL api.xing.com 109.233.159.203
DE identity.xero.com 104.75.88.211
US api.linkedin.com 108.174.11.68
NL account.thethingsnetwork.org 104.40.216.89
FR secure.viadeo.com 195.248.251.103
US api.freelancer.com 35.153.220.227
NL preview.account.thethingsnetwork.org 104.40.216.89
US s3.amazonaws.com 52.216.138.85
DE www.flickr.com 13.224.190.234
US www.dropbox.com 162.125.66.18
US app.asana.com 52.70.61.173
US api.meetup.com 151.101.14.217
DE openapi.etsy.com 104.111.236.57
HK api.t.sina.com.cn 114.134.80.166
US wss.pollfish.com 34.69.135.100
US meta.wikimedia.beta.wmflabs.org 185.15.56.36
IE login.live.com 20.190.159.132
www.sandbox.freelancer.com
DE login.xero.com 23.37.60.132
US discordapp.com 162.159.130.233
US api.twitter.com 104.244.42.194
US hudi-32d43.firebaseio.com 35.201.97.85
US services.digg.com 172.67.33.204
US github.com 140.82.121.3
US graph.facebook.com 185.60.216.15
US foursquare.com 151.101.2.132
US secure.meetup.com 151.101.14.217
DE nid.naver.com 203.104.163.42
IE api.login.yahoo.com 212.82.100.140
FI polarremote.com 62.165.171.211
US www.pollfish.com 34.69.135.100
RU api.ok.ru 217.20.147.5
RU connect.ok.ru 217.20.147.3
IE login.microsoftonline.com 20.190.159.138
DE api.box.com 185.235.236.197
US digg.com 104.20.9.174
RU auth.doktornarabote.ru 62.76.103.159
www.wunderlist.com
RU hh.ru 94.124.200.0
NO auth.dataporten.no 158.36.100.3
DE slack.com 3.123.248.34
US stackexchange.com 151.101.193.69
FR api.skyrock.com 91.203.187.40
FI flow.polar.com 62.165.171.210
US s.aolcdn.com 192.229.221.24
CN graph.renren.com 120.133.2.243
US play.google.com 142.250.185.174
NL trello.com 185.166.143.1
US apache.org 151.101.2.132
US www.tumblr.com 192.0.77.40
BY profile.tut.by 178.172.160.8
US auth.aweber.com 204.194.222.27
US www.freelancer.com 151.101.14.114
US api.misfitwearables.com 52.203.252.201
HK api.weibo.com 114.134.80.166
RU uapi.ucoz.com 193.109.247.218
US api.genius.com 104.18.19.96
DE www.hiorg-server.de 109.75.219.210
DE www.facebook.com 157.240.20.35
US api.fitbit.com 104.16.65.50
US www.meetup.com 151.101.14.217
US api.imgur.com 151.101.12.193
GB www.linkedin.com 13.107.42.14
api.sandbox.freelancer.com
US theoremreach.com 50.19.196.239
RU connect.mail.ru 94.100.180.54
NL meta.wikimedia.org 91.198.174.192
DE api.pinterest.com 104.75.88.209
US www.reddit.com 151.101.13.140
US id.twitch.tv 52.39.235.32
US developer.android.com 142.250.181.238

URL analysis

Information computed with MobSF.

http://mandalorianws.pollfish.com/?device_id=vourkos9222
https://s.aolcdn.com/hss/storage/midas/b386937631a1f03665c1d57289070898/203417456/simpsons.jpg')
https://s3.amazonaws.com/pf.survey.video.production/840761498858360158dde8a963-3db9-4d2a-89a0-ed61bb19a163.mp4
Defined in com/pollfish/d/a.java
http://mandalorianws.pollfish.com/?device_id=vourkos9222
https://s.aolcdn.com/hss/storage/midas/b386937631a1f03665c1d57289070898/203417456/simpsons.jpg')
https://s3.amazonaws.com/pf.survey.video.production/840761498858360158dde8a963-3db9-4d2a-89a0-ed61bb19a163.mp4
Defined in com/pollfish/d/a.java
http://mandalorianws.pollfish.com/?device_id=vourkos9222
https://s.aolcdn.com/hss/storage/midas/b386937631a1f03665c1d57289070898/203417456/simpsons.jpg')
https://s3.amazonaws.com/pf.survey.video.production/840761498858360158dde8a963-3db9-4d2a-89a0-ed61bb19a163.mp4
Defined in com/pollfish/d/a.java
https://www.pollfish.com
Defined in com/pollfish/e/a.java
https://developer.android.com/google/play-services/setup.html#ensure
https://play.google.com/about/developer-content-policy.html
Defined in com/pollfish/a/a.java
https://developer.android.com/google/play-services/setup.html#ensure
https://play.google.com/about/developer-content-policy.html
Defined in com/pollfish/a/a.java
https://wss.pollfish.com
Defined in com/pollfish/main/PollFish.java
http://javax.xml.XMLConstants/feature/secure-processing
http://apache.org/xml/features/disallow-doctype-decl
http://apache.org/xml/features/nonvalidating/load-external-dtd
Defined in com/fasterxml/jackson/databind/ext/DOMDeserializer.java
http://javax.xml.XMLConstants/feature/secure-processing
http://apache.org/xml/features/disallow-doctype-decl
http://apache.org/xml/features/nonvalidating/load-external-dtd
Defined in com/fasterxml/jackson/databind/ext/DOMDeserializer.java
https://api.skyrock.com/v2
https://api.skyrock.com/v2/oauth/token
https://api.skyrock.com/v2/oauth/authorize
https://api.skyrock.com/v2/oauth/initiate
Defined in com/github/scribejava/apis/SkyrockApi.java
https://api.skyrock.com/v2
https://api.skyrock.com/v2/oauth/token
https://api.skyrock.com/v2/oauth/authorize
https://api.skyrock.com/v2/oauth/initiate
Defined in com/github/scribejava/apis/SkyrockApi.java
https://api.skyrock.com/v2
https://api.skyrock.com/v2/oauth/token
https://api.skyrock.com/v2/oauth/authorize
https://api.skyrock.com/v2/oauth/initiate
Defined in com/github/scribejava/apis/SkyrockApi.java
https://api.skyrock.com/v2
https://api.skyrock.com/v2/oauth/token
https://api.skyrock.com/v2/oauth/authorize
https://api.skyrock.com/v2/oauth/initiate
Defined in com/github/scribejava/apis/SkyrockApi.java
https://hh.ru/oauth/token
https://hh.ru/oauth/authorize
Defined in com/github/scribejava/apis/HHApi.java
https://hh.ru/oauth/token
https://hh.ru/oauth/authorize
Defined in com/github/scribejava/apis/HHApi.java
https://auth.aweber.com/1.0/oauth/access_token
https://auth.aweber.com/1.0/oauth/authorize
https://auth.aweber.com/1.0/oauth/request_token
Defined in com/github/scribejava/apis/AWeberApi.java
https://auth.aweber.com/1.0/oauth/access_token
https://auth.aweber.com/1.0/oauth/authorize
https://auth.aweber.com/1.0/oauth/request_token
Defined in com/github/scribejava/apis/AWeberApi.java
https://auth.aweber.com/1.0/oauth/access_token
https://auth.aweber.com/1.0/oauth/authorize
https://auth.aweber.com/1.0/oauth/request_token
Defined in com/github/scribejava/apis/AWeberApi.java
http://api.t.sina.com.cn/oauth/access_token
http://api.t.sina.com.cn/oauth/authorize
http://api.t.sina.com.cn/oauth/request_token
Defined in com/github/scribejava/apis/SinaWeiboApi.java
http://api.t.sina.com.cn/oauth/access_token
http://api.t.sina.com.cn/oauth/authorize
http://api.t.sina.com.cn/oauth/request_token
Defined in com/github/scribejava/apis/SinaWeiboApi.java
http://api.t.sina.com.cn/oauth/access_token
http://api.t.sina.com.cn/oauth/authorize
http://api.t.sina.com.cn/oauth/request_token
Defined in com/github/scribejava/apis/SinaWeiboApi.java
https://auth.doktornarabote.ru/OAuth/Token
https://auth.doktornarabote.ru/OAuth/Authorize
Defined in com/github/scribejava/apis/DoktornaraboteApi.java
https://auth.doktornarabote.ru/OAuth/Token
https://auth.doktornarabote.ru/OAuth/Authorize
Defined in com/github/scribejava/apis/DoktornaraboteApi.java
https://nid.naver.com/oauth2.0/token?grant_type=authorization_code
https://nid.naver.com/oauth2.0/authorize
Defined in com/github/scribejava/apis/NaverApi.java
https://nid.naver.com/oauth2.0/token?grant_type=authorization_code
https://nid.naver.com/oauth2.0/authorize
Defined in com/github/scribejava/apis/NaverApi.java
https://secure.meetup.com/oauth2/access
https://secure.meetup.com/oauth2/authorize
Defined in com/github/scribejava/apis/MeetupApi20.java
https://secure.meetup.com/oauth2/access
https://secure.meetup.com/oauth2/authorize
Defined in com/github/scribejava/apis/MeetupApi20.java
https://api.misfitwearables.com/auth/tokens/exchange
https://api.misfitwearables.com/auth/dialog/authorize
Defined in com/github/scribejava/apis/MisfitApi.java
https://api.misfitwearables.com/auth/tokens/exchange
https://api.misfitwearables.com/auth/dialog/authorize
Defined in com/github/scribejava/apis/MisfitApi.java
https://api.login.yahoo.com/oauth/v2/request_auth
https://api.login.yahoo.com/oauth/v2/get_token
https://api.login.yahoo.com/oauth/v2/get_request_token
Defined in com/github/scribejava/apis/YahooApi.java
https://api.login.yahoo.com/oauth/v2/request_auth
https://api.login.yahoo.com/oauth/v2/get_token
https://api.login.yahoo.com/oauth/v2/get_request_token
Defined in com/github/scribejava/apis/YahooApi.java
https://api.login.yahoo.com/oauth/v2/request_auth
https://api.login.yahoo.com/oauth/v2/get_token
https://api.login.yahoo.com/oauth/v2/get_request_token
Defined in com/github/scribejava/apis/YahooApi.java
https://accounts.automatic.com/oauth/access_token
https://accounts.automatic.com/oauth/authorize
https://accounts.automatic.com/oauth/refresh_token
Defined in com/github/scribejava/apis/AutomaticAPI.java
https://accounts.automatic.com/oauth/access_token
https://accounts.automatic.com/oauth/authorize
https://accounts.automatic.com/oauth/refresh_token
Defined in com/github/scribejava/apis/AutomaticAPI.java
https://accounts.automatic.com/oauth/access_token
https://accounts.automatic.com/oauth/authorize
https://accounts.automatic.com/oauth/refresh_token
Defined in com/github/scribejava/apis/AutomaticAPI.java
https://api.dropbox.com/oauth2/token
https://www.dropbox.com/oauth2/authorize
Defined in com/github/scribejava/apis/DropboxApi.java
https://api.dropbox.com/oauth2/token
https://www.dropbox.com/oauth2/authorize
Defined in com/github/scribejava/apis/DropboxApi.java
https://api.linkedin.com/uas/oauth/authenticate
https://api.linkedin.com/uas/oauth/requestToken
https://api.linkedin.com/uas/oauth/accessToken
Defined in com/github/scribejava/apis/LinkedInApi.java
https://api.linkedin.com/uas/oauth/authenticate
https://api.linkedin.com/uas/oauth/requestToken
https://api.linkedin.com/uas/oauth/accessToken
Defined in com/github/scribejava/apis/LinkedInApi.java
https://api.linkedin.com/uas/oauth/authenticate
https://api.linkedin.com/uas/oauth/requestToken
https://api.linkedin.com/uas/oauth/accessToken
Defined in com/github/scribejava/apis/LinkedInApi.java
https://api.genius.com/oauth/token
https://api.genius.com/oauth/authorize
Defined in com/github/scribejava/apis/GeniusApi.java
https://api.genius.com/oauth/token
https://api.genius.com/oauth/authorize
Defined in com/github/scribejava/apis/GeniusApi.java
https://api.kaixin001.com/oauth2/access_token
http://api.kaixin001.com/oauth2/authorize
Defined in com/github/scribejava/apis/KaixinApi20.java
https://api.kaixin001.com/oauth2/access_token
http://api.kaixin001.com/oauth2/authorize
Defined in com/github/scribejava/apis/KaixinApi20.java
https://www.tumblr.com/oauth/access_token
https://www.tumblr.com/oauth/authorize
https://www.tumblr.com/oauth/request_token
Defined in com/github/scribejava/apis/TumblrApi.java
https://www.tumblr.com/oauth/access_token
https://www.tumblr.com/oauth/authorize
https://www.tumblr.com/oauth/request_token
Defined in com/github/scribejava/apis/TumblrApi.java
https://www.tumblr.com/oauth/access_token
https://www.tumblr.com/oauth/authorize
https://www.tumblr.com/oauth/request_token
Defined in com/github/scribejava/apis/TumblrApi.java
https://api.box.com/oauth2/token
https://account.box.com/api/oauth2/authorize
Defined in com/github/scribejava/apis/BoxApi20.java
https://api.box.com/oauth2/token
https://account.box.com/api/oauth2/authorize
Defined in com/github/scribejava/apis/BoxApi20.java
http://digg.com/oauth/authorize
http://services.digg.com/oauth/
http://services.digg.com/oauth/access_token
http://services.digg.com/oauth/request_token
Defined in com/github/scribejava/apis/DiggApi.java
http://digg.com/oauth/authorize
http://services.digg.com/oauth/
http://services.digg.com/oauth/access_token
http://services.digg.com/oauth/request_token
Defined in com/github/scribejava/apis/DiggApi.java
http://digg.com/oauth/authorize
http://services.digg.com/oauth/
http://services.digg.com/oauth/access_token
http://services.digg.com/oauth/request_token
Defined in com/github/scribejava/apis/DiggApi.java
http://digg.com/oauth/authorize
http://services.digg.com/oauth/
http://services.digg.com/oauth/access_token
http://services.digg.com/oauth/request_token
Defined in com/github/scribejava/apis/DiggApi.java