0/61

Threat

com.alibaba.aliexpresshd

AliExpress

Analyzed on 2022-08-12T20:07:32.825348

16

permissions

106

activities

9

services

8

receivers

56

domains

File sums

MD5 0253d735e7013ed38ed191fbc137315c
SHA1 3f0c8f62f6b67e83d9e376983c9faf05a3fd97dc
SHA256 d7bba66607ea84284c2a410df26a7ab22e5becee5f65643e9bf73122f46f709e
Size 17.12MB

APKiD

Information computed with APKiD.

/tmp/tmpqn40cwyh!classes.dex
anti_vm
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • network operator name check
  • device ID check
  • subscriber ID check
compiler
  • dexlib 2.x
/tmp/tmpqn40cwyh!classes2.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.BOARD check
  • possible Build.SERIAL check
  • Build.TAGS check
  • network operator name check
  • device ID check
  • subscriber ID check
  • ro.product.device check
  • ro.kernel.qemu check
  • emulator file check
  • possible VM check
compiler
  • dexlib 2.x
/tmp/tmpqn40cwyh!com/alipay/android/app/util/ui-engine.jar!classes.dex
compiler
  • dx
/tmp/tmpqn40cwyh!com/alipay/android/app/util/ui-resource.jar!classes.dex
compiler
  • unknown (please file detection issue!)
/tmp/tmpqn40cwyh!lib/armeabi-v7a/libEdgeRiskAnalyzer.so
obfuscator
  • Obfuscator-LLVM version 3.6.1
/tmp/tmpqn40cwyh!lib/armeabi-v7a/libsgmain.so!classes.dex
anti_vm
  • subscriber ID check
compiler
  • dx
/tmp/tmpqn40cwyh!lib/armeabi-v7a/libsgmain.so!lib/armeabi/libsgmainso-6.1.76.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/armeabi-v7a/libsgmisc.so!classes.dex
compiler
  • dx
/tmp/tmpqn40cwyh!lib/armeabi-v7a/libsgmisc.so!lib/armeabi/libsgmiscso-6.1.19.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/armeabi-v7a/libsgsecuritybody.so!classes.dex
compiler
  • dx
/tmp/tmpqn40cwyh!lib/armeabi-v7a/libsgsecuritybody.so!lib/armeabi/libsgsecuritybodyso-6.1.20.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/armeabi/libsgmain.so!classes.dex
anti_vm
  • subscriber ID check
compiler
  • dx
/tmp/tmpqn40cwyh!lib/armeabi/libsgmain.so!lib/armeabi/libsgmainso-6.1.76.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/armeabi/libsgmisc.so!classes.dex
compiler
  • dx
/tmp/tmpqn40cwyh!lib/armeabi/libsgmisc.so!lib/armeabi/libsgmiscso-6.1.19.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/armeabi/libsgsecuritybody.so!classes.dex
compiler
  • dx
/tmp/tmpqn40cwyh!lib/armeabi/libsgsecuritybody.so!lib/armeabi/libsgsecuritybodyso-6.1.20.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/x86/libsgmain.so!classes.dex
anti_vm
  • subscriber ID check
compiler
  • dx
/tmp/tmpqn40cwyh!lib/x86/libsgmain.so!lib/x86/libsgmainso-6.1.76.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/x86/libsgmisc.so!classes.dex
compiler
  • dx
/tmp/tmpqn40cwyh!lib/x86/libsgmisc.so!lib/x86/libsgmiscso-6.1.19.so
obfuscator
  • Obfuscator-LLVM version 3.4
/tmp/tmpqn40cwyh!lib/x86/libsgsecuritybody.so!classes.dex
compiler
  • dx
/tmp/tmpqn40cwyh!lib/x86/libsgsecuritybody.so!lib/x86/libsgsecuritybodyso-6.1.20.so
obfuscator
  • Obfuscator-LLVM version 3.4

SSdeep

Information computed with ssdeep.

APK file 393216:j9w/7255RXCWy3UFepstW9Iq2IiFNf9+Ofc5o3g+BkdZXEaV6mpG2vk:Zw/72cWykFepstW9lHeK557IkdlEaVps
Manifest 768:1dTgSfpXTyOxnE+upmsSKTq3yc3c3vk9BlGKrQgf60FfMazQdl+FNT7PqoL9a7gU:…
classes.dex 98304:4RNYQWaGlFlurMuNCV6mqjhnpDtl36iZi6JTiwIY:4RhWa2burMuNCV6mqjhnpD…
classes2.dex 49152:1B5jKWWmgyJzpdtlLjA7d02sAeNYXsQTS1nF9W4YAA1:1vKW/J9JUq2ENYXscOF…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:Dz6R3E2wwOrFND0RR9RRWtJxAcfJDq8oc94c54tm1ZljILFwFSdgvvw1PQTbDRRY…
classes.dex 6144:Dz6R3E2wwOrFND0RR9RRWtJxAcfJDq8oc94c54tm1ZljILFwFSdgvvw1Pu:X3hrF…
classes2.dex 3072:LwhynbDRRRS9v9FIg8n3EeIIv1XNZPWTyIX2Dxb7dhI972+CC5hxPb:LTbDRRRS9…

APK details

Information computed with AndroGuard and Pithus.

Package com.alibaba.aliexpresshd
App name AliExpress
Version name 5.0.8
Version code 151
SDK 14 - 23
UAID ff20470c68b29708324ba2c07d3842d2542c7958
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 ea12c954cc881dca104e5def55b2e95c
SHA1 3c1e9e8403779280b465c7ba25d1ff2ae45677f1
SHA256 4fc3b267393ea2351c4716b37e6910517f197eb479bc43d9c9a5a46d49dd700e
Issuer Common Name: Pancras Chow, Organizational Unit: AliExpress.com Mobile Team, Organization: Alibaba.com Hong Kong Limited, Locality: HangZhou, State/Province: ZheJiang, Country: CN
Not before 2011-09-21T01:55:00+00:00
Not after 2036-09-14T01:55:00+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/ae2016.cer
assets/aliexpress.cer
assets/verisign3.cer

Manifest analysis

Information computed with MobSF.

High Launch Mode of Activity (com.alibaba.aliexpresshd.module.product.ProductListActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (com.alibaba.aliexpresshd.module.hybrid.DispatcherActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.alibaba.aliexpresshd.module.hybrid.HttpDispatcherActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Launch Mode of Activity (com.alibaba.aliexpresshd.module.order.OrderListActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Broadcast Receiver (com.alibaba.receiver.AliExpressBootReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.alibaba.widget.AliexpressWidget) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.alibaba.aliexpresshd.receiver.ReferrerReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.taobao.accs.ChannelService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.taobao.accs.EventReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.taobao.accs.ServiceReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (org.android.agoo.accs.AgooService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.alibaba.aliexpresshd.TaobaoIntentService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.taobao.agoo.AgooCommondReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Browsable activities

Information computed with MobSF.

com.alibaba.aliexpresshd.module.hybrid.DispatcherActivity

Schemes: aliexpress://

com.alibaba.aliexpresshd.module.hybrid.HttpDispatcherActivity

Hosts: *.aliexpress.com

Schemes: http://

com.alibaba.poplayer.utils.PopLayerDebugActivity

Hosts: tb.cn

Schemes: http://

Main Activity

Information computed with AndroGuard.

com.alibaba.aliexpresshd.module.home.MainActivity

Activities

Information computed with AndroGuard.

com.alibaba.aliexpresshd.module.promotion.FeaturedSlidesActivity
com.alibaba.aliexpresshd.module.home.MainActivity
com.alibaba.aliexpresshd.module.product.ProductListActivity
com.alibaba.aliexpresshd.module.hybrid.DispatcherActivity
com.alibaba.aliexpresshd.module.hybrid.HttpDispatcherActivity
com.alibaba.aliexpresshd.module.product.ProductDetailActivity
com.alibaba.aliexpresshd.module.product.ProductDescActivity
com.alibaba.aliexpresshd.module.wishlist.WishListActivity
com.alibaba.aliexpresshd.module.wishlist.WishListStoreListActivity
com.alibaba.aliexpresshd.module.wishlist.WishListQueryByGroupActivity
com.alibaba.aliexpresshd.module.notification.NotificationListActivity
com.alibaba.aliexpresshd.module.order.OrderListActivity
com.alibaba.aliexpresshd.module.order.OrderDetailActivity
com.alibaba.aliexpresshd.module.shopcart.ShopingCartActivity
com.alibaba.aliexpresshd.module.message.ConversationListActivity
com.alibaba.aliexpresshd.module.message.ConversationDetailActivity
com.alibaba.aliexpresshd.module.message.ConversationProductDetailActivity
com.alibaba.aliexpresshd.module.order.ConfirmOrderActivity
com.soundcloud.android.crop.CropImageActivity
com.alibaba.aliexpresshd.module.product.MobileCategoryNaviActivity
com.alibaba.aliexpresshd.module.product.MobileTagsNaviActivity
com.alibaba.aliexpresshd.module.payment.AECashierDeskActivity
com.alibaba.aliexpresshd.module.order.MyAccountActivity
com.alibaba.aliexpresshd.module.profile.MyCouponActivity
com.alibaba.support.webview.SimpleWebViewActivity
com.alibaba.aliexpresshd.module.order.ShareImageToSocialAppActivity
com.alibaba.aliexpresshd.module.promotion.FlashDealsActivity
com.alibaba.aliexpresshd.module.product.PicViewActivity
com.alibaba.aliexpresshd.module.promotion.FlashDealsDetailActivity
com.alibaba.aliexpresshd.module.groupbuy.GroupBuyActivity
com.alibaba.aliexpresshd.module.product.SkuPicViewActivity
com.alibaba.aliexpresshd.module.product.SearchActivity
com.alibaba.support.zxing.view.CaptureActivity
com.alibaba.aliexpresshd.module.common.SettingsActivity
com.alibaba.aliexpresshd.module.product.AppFeedBackActivity
com.alibaba.aliexpresshd.module.product.FeedbackActivity
com.alibaba.aliexpresshd.module.product.cashvouchers.LBSCashCouponListActivity
com.alibaba.aliexpresshd.module.product.cashvouchers.LBSMapMarkerActivity
com.alibaba.aliexpresshd.module.sellerstore.SellerStoreActivity
com.alibaba.aliexpresshd.module.order.MobileRechargeActivity
com.alibaba.aliexpresshd.module.dispute.DisputeOpenOrModifyActivity
com.alibaba.aliexpresshd.module.dispute.ProofDetailActivity
com.alibaba.aliexpresshd.XNotificationTestActivity
com.alibaba.aliexpresshd.module.order.TrackingInfoActivity
com.alibaba.aliexpresshd.module.giftcard.MyGiftCardActivity
com.alibaba.aliexpresshd.module.dispute.DisputeDetailActivity
com.alibaba.aliexpresshd.module.dispute.DisputeAppealActivity
com.alibaba.aliexpresshd.module.dispute.DisputeHistoryActivity
com.alibaba.aliexpresshd.module.dispute.DisputeReturnGoodActivity
com.alibaba.aliexpresshd.module.sharephotoreview.ShareToPhotoReviewActivity
com.alibaba.aliexpresshd.module.sharephotoreview.CanShareOrderListActivity
com.alibaba.aliexpresshd.module.profile.MyProfileActivity
com.alibaba.aliexpresshd.module.profile.YourProfileActivity
com.alibaba.aliexpresshd.module.profile.MyShippingAddressActivity
com.alibaba.aliexpresshd.module.profile.AutoFindAddressActivity
com.alibaba.support.webview.WebViewTranslateActivity
com.alibaba.aliexpresshd.module.task.MyTaskListActivity
com.alibaba.aliexpresshd.module.sharecomponent.AEShareActivity
com.facebook.FacebookActivity
com.alibaba.aliexpresshd.module.store.StoreRecommendActivity
com.alibaba.aliexpresshd.auth.QRCodeResultActivity
com.alibaba.aliexpresshd.module.hybrid.NotificationDispatcherActivity
com.alibaba.aliexpresshd.module.task.InvitationsDetailActivity
com.alibaba.aliexpresshd.module.order.PhotoPickerActivity
com.alibaba.aliexpresshd.auth.user.ui.AliLoginActivity
com.alibaba.aliexpresshd.module.order.FeedbackShareChooseOrderActivity
com.alibaba.aliexpresshd.module.qa.MyQuestionTabActivity
com.alibaba.aliexpresshd.module.qa.ProductQuestionActivity
com.alibaba.aliexpresshd.module.common.RouteMainActivity
com.alibaba.aliexpresshd.module.qa.QuestionDetailActivity
com.alibaba.aliexpresshd.module.coins.CoinsExchangeActivity
com.alibaba.aliexpresshd.module.channel.ChannelShellActivity
com.alibaba.aliexpresshd.module.suggestion.SuggestionActivity
com.alibaba.aliexpresshd.module.payment.cardManager.CardManagerActivity
com.alibaba.ugc.modules.collection.view.activity.CollectionActivity
com.alibaba.ugc.modules.collection.view.activity.CollectionHashTagActivity
com.alibaba.ugc.modules.report.ReportActivity
com.alibaba.ugc.modules.report.ReportConditionActivity
com.alibaba.ugc.modules.collection.view.activity.CollageDetailActivity
com.alibaba.ugc.modules.comment.view.CommentActivity
com.alibaba.ugc.modules.comment.view.MyCommentActivity
com.alibaba.ugc.modules.follow.view.FollowListActivity
com.alibaba.ugc.modules.like.view.activity.LikeListActivity
com.alibaba.ugc.modules.profile.view.ProfileBioActivity
com.alibaba.ugc.modules.profile.view.UGCProfileActivity
com.alibaba.ugc.modules.collection.view.activity.UGCWishListActivity
com.alibaba.ugc.modules.collection.view.activity.CollagePublishActivity
com.alibaba.ugc.modules.collection.view.CollageBannerEditDialog
com.alibaba.ugc.modules.collection.view.CollageProductDialog
com.alibaba.ugc.modules.collection.view.activity.CollectionBannerLibraryActivity
com.alibaba.ugc.modules.festival.collection.view.CollectionVenueActivity
com.alibaba.ugc.modules.festival.collection.view.CollectionVenueListActivity
com.alibaba.ugc.modules.festival.collection.view.CollectionPreVenueActivity
com.alibaba.ugc.modules.festival.collection.view.CollectionVenueTopActivity
com.alibaba.auth.user.ui.AuthActivity
com.vk.sdk.VKOpenAuthActivity
com.vk.sdk.VKServiceActivity
com.google.android.gms.auth.api.signin.internal.SignInHubActivity
com.alipay.android.app.pay.activity.PayActivity
com.alipay.android.app.pay.activity.LoadingActivity
com.alipay.android.app.pay.activity.CashierWebActivity
com.alibaba.poplayer.utils.PopLayerDebugActivity
com.alibaba.ugc.modules.profile.view.ProfileNickNameActivity
com.alibaba.ugc.modules.block.view.BlockListActivity
com.alibaba.ugc.modules.collection.view.activity.UGCProductListActivity
com.alibaba.ugc.modules.collection.view.activity.UGCSearchActivity

Receivers

Information computed with AndroGuard.

com.alibaba.receiver.AliExpressBootReceiver
com.alibaba.widget.AliexpressWidget
com.alibaba.receiver.AEMsgReceiver
com.alibaba.aliexpresshd.receiver.ReferrerReceiver
com.alibaba.aliexpresshd.bgoo.BgooReceiver
com.taobao.accs.EventReceiver
com.taobao.accs.ServiceReceiver
com.taobao.agoo.AgooCommondReceiver

Services

Information computed with AndroGuard.

com.alibaba.service.SplashService
com.taobao.accs.ChannelService
com.taobao.accs.data.MsgDistributeService
com.taobao.accs.data.MsgDistributeService
com.alibaba.aliexpresshd.tlog.AccsTlogService
org.android.agoo.accs.AgooService
com.alibaba.aliexpresshd.TaobaoIntentService
com.aaf.upload.UploadIntentService
com.alibaba.poplayer.utils.PopLayerConsole

Sample timeline

Certificate valid not before Sept. 21, 2011, 1:55 a.m.
First submission on VT Oct. 25, 2016, 5:04 a.m.
Oldest file found in APK Oct. 25, 2016, 10:17 a.m.
Latest file found in APK Oct. 25, 2016, 10:17 a.m.
Last submission on VT April 18, 2021, 1:16 a.m.
Upload on Pithus Aug. 12, 2022, 8:07 p.m.
Certificate valid not after Sept. 14, 2036, 1:55 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['camera', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(3)
FCS_CKM.1.2(3)
A password/passphrase shall perform [Password-based Key Derivation Functions] in accordance with a specified cryptographic algorithm..
Password Conditioning
FCS_COP.1.1(1) The application perform encryption/decryption in accordance with a specified cryptographic algorithm AES-CBC (as defined in NIST SP 800-38A) mode or AES-GCM (as defined in NIST SP 800-38D) and cryptographic key sizes 256-bit/128-bit.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_COP.1.1(4) The application perform keyed-hash message authentication with cryptographic algorithm ['HMAC-SHA1', 'HMAC-SHA-256'] .
Cryptographic Operation - Keyed-Hash Message Authentication
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update
FCS_CKM.1.1(2) The application shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes 128 bit or 256 bit.
Cryptographic Symmetric Key Generation

Code analysis

Information computed with MobSF.

Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 com/aaf/base/f/h.java
org/android/spdy/SpdyBytePool.java
com/ut/mini/comp/device/PhoneInfoUtils.java
com/alibaba/mtl/a/f/b.java
com/aliexpress/service/io/net/akita/net/io/InternetUtil.java
com/aaf/widget/widget/imageview/RemoteImageView.java
com/alibaba/common/util/am.java
com/alibaba/mtl/a/f/a.java
com/ut/mini/core/esg/strategy/UTMCSimpleEventIDStrategier.java
com/ut/mini/utils/UTMCPhoneInfoUtils.java
com/ta/utdid2/device/UTUtdid.java
com/aliexpress/service/utils/p.java
com/alibaba/aliexpresshd/auth/user/ui/LoginRegisterGuideFragment.java
com/ta/utdid2/device/UTUtdidHelper.java
com/alibaba/aliexpresshd/bgoo/BgooReceiver.java
com/vk/sdk/api/a/g.java
com/ut/mini/core/UTMCLogTransfer.java
com/alibaba/aliexpresshd/TaobaoIntentService.java
com/ta/utdid2/android/utils/PhoneInfoUtils.java
com/alibaba/widget/ColorsRemoteImageView.java
com/vk/sdk/e.java
com/alibaba/mtl/appmonitor/d/m.java
android/taobao/windvane/o/i.java
com/taobao/accs/election/ElectionServiceUtil.java
anet/channel/b/b.java
com/alipay/android/app/util/StringUtil.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/taobao/tao/log/TaskManager.java
com/taobao/tao/log/query/RemoteDebugBusiness.java
com/taobao/accs/ACCSManager.java
com/aliexpress/service/utils/l.java
com/alibaba/akita/snackbar/j.java
com/alibaba/wireless/security/framework/a/d.java
com/bumptech/glide/load/resource/bitmap/q.java
com/bumptech/glide/load/b/i.java
com/ta/utdid2/android/utils/SystemUtils.java
com/taobao/accs/eudemon/EudemonManager.java
com/ta/utdid2/android/utils/NetworkUtils.java
com/alipay/euler/andfix/patch/PatchManager.java
com/taobao/agoo/control/data/AliasDO.java
com/alibaba/auth/user/g/a.java
com/uc/webview/export/internal/setup/a.java
com/soundcloud/android/crop/d.java
com/alibaba/aliexpresshd/receiver/ReferrerReceiver.java
anet/channel/j.java
anet/channel/j/a/b.java
com/taobao/tao/log/file/LogFileManager.java
com/alibaba/support/zxing/b/c.java
com/ut/mini/log/UTMCLogger.java
com/uc/webview/export/internal/utility/d.java
com/ta/utdid2/aid/AidRequester.java
com/taobao/accs/net/BaseConnection.java
android/taobao/windvane/o/a/a.java
com/taobao/accs/client/ClientManager.java
com/taobao/accs/ut/statistics/BindAppStatistic.java
com/alibaba/akita/pulltorefresh/a/f.java
com/bumptech/glide/load/resource/bitmap/b.java
com/taobao/accs/internal/ACCSManagerImpl.java
com/taobao/agoo/TaobaoRegister.java
anet/channel/d/a.java
com/alibaba/app/a/b.java
com/taobao/accs/utl/OrangeAdapter.java
com/aaf/base/d/a/e.java
com/bumptech/glide/load/a/a.java
com/ut/mini/core/UTMCDevice.java
com/taobao/tao/log/file/LogCache.java
com/alibaba/b/a.java
com/alibaba/support/zxing/view/f.java
com/taobao/accs/utl/ALog.java
com/uc/webview/export/internal/setup/n.java
com/uc/webview/export/internal/setup/h.java
com/taobao/agoo/TaobaoMessageIntentReceiverService.java
org/android/agoo/message/MessageReceiverService.java
com/alibaba/aliexpresshd/module/product/ProductListFragment.java
com/uc/webview/export/internal/setup/UCSetupTask.java
com/uc/webview/export/cd/f.java
com/alipay/android/app/transfer/PhoneCashierHttpClient.java
anet/channel/session/TnetSpdySession.java
com/alipay/euler/andfix/security/SecurityChecker.java
com/alibaba/widget/OrderlistSearchView.java
com/bumptech/glide/load/b/b/e.java
org/android/agoo/accs/AgooService.java
com/bumptech/glide/b/d.java
com/taobao/accs/antibrush/CookieMgr.java
com/bumptech/glide/b/a.java
com/alibaba/support/zxing/b/g.java
com/taobao/accs/utl/LoadSoFailUtil.java
com/taobao/accs/common/ThreadPoolExecutorFactory.java
com/aliexpress/service/utils/n.java
com/taobao/update/DefaultDownloader.java
com/alibaba/support/zxing/b/a.java
com/uc/webview/export/internal/c/e.java
com/alibaba/fastjson/c/a.java
com/taobao/accs/update/ACCSClassLoader.java
com/bumptech/glide/load/c/o.java
com/alibaba/widget/GridViewWithHeaderAndFooter.java
com/taobao/tao/log/collect/RealTimeUploadController.java
com/alibaba/fastjson/b/a/a.java
com/alibaba/support/zxing/view/b.java
com/uc/webview/export/internal/setup/UCMPackageInfo.java
com/bumptech/glide/g.java
com/taobao/ju/track/util/LogUtil.java
com/uc/webview/export/internal/setup/e.java
com/alibaba/aliexpresshd/module/qa/QuestionDetailActivity.java
com/taobao/accs/utl/UtilityImpl.java
com/bumptech/glide/g/b/k.java
com/bumptech/glide/g/b.java
com/uc/webview/export/internal/d/a/b.java
com/taobao/tao/log/TLog.java
anet/channel/c.java
org/android/agoo/control/NotifManager.java
com/taobao/tlog/adapter/AdapterForTLog.java
com/aaf/widget/fonticon/b.java
org/android/agoo/intent/IntentUtil.java
anet/channel/i/b.java
anet/channel/util/l.java
com/ut/mini/utils/SystemProperties.java
android/taobao/windvane/extra/uc/a.java
com/ta/utdid2/aid/AidStorageController.java
com/bumptech/glide/load/resource/c/i.java
com/alibaba/akita/materialprogressbar/horizontal/MaterialProgressBar.java
com/bumptech/glide/c/a.java
com/alibaba/akita/gestrueimageview/GestureImageView.java
com/aliexpress/service/component/third/webview/g.java
com/taobao/accs/net/HttpDnsProvider.java
com/alibaba/mtl/a/g/j.java
com/taobao/accs/data/AliyunMsgDistribute.java
com/taobao/accs/ut/statistics/MonitorStatistic.java
com/alibaba/mtl/a/g/d.java
anet/channel/j/l.java
com/taobao/agoo/AliyunRegister.java
com/aliexpress/service/utils/j.java
org/android/agoo/control/BaseIntentService.java
com/uc/webview/export/extension/UCCore.java
com/taobao/ju/track/param/JParamBuilder.java
com/aaf/widget/fonticon/FontIconView.java
com/taobao/accs/net/InAppConnection.java
com/ut/mini/base/UTMCStatConfig.java
com/taobao/tao/log/TLogUtils.java
com/taobao/tao/log/TLogController.java
com/alipay/euler/andfix/log/Log.java
anet/channel/SessionCenter.java
com/alipay/euler/andfix/util/FileUtil.java
com/bumptech/glide/load/resource/c/j.java
com/alibaba/aliexpresshd/tlog/b.java
com/alibaba/widget/AESearchView.java
com/uc/webview/export/internal/interfaces/IWaStat.java
anet/channel/session/c.java
com/taobao/accs/internal/ServiceImpl.java
com/aaf/widget/customfont/a.java
com/alipay/euler/andfix/Compat.java
com/alibaba/support/zxing/b/b.java
com/taobao/accs/data/Message.java
com/alibaba/mtl/a/g/h.java
anet/channel/i.java
com/taobao/accs/data/MsgDistribute.java
anet/channel/util/c.java
com/alibaba/aliexpresshd/module/qa/ProductQuestionFragment.java
com/alibaba/akita/e/a.java
com/aliexpress/service/component/third/webview/a.java
com/taobao/accs/data/MsgDistributeService.java
com/uploader/a/c.java
com/taobao/accs/antibrush/AntiBrush.java
com/ta/utdid2/aid/AidManager.java
com/taobao/accs/ut/statistics/BindUserStatistic.java
com/alibaba/akita/fonticon/b.java
anet/channel/c/h.java
com/taobao/tao/log/collect/RealTimeUploaderManager.java
com/taobao/accs/utl/UTMini.java
com/uc/webview/export/internal/d.java
com/ut/store/UTLogSqliteStore.java
com/taobao/tao/log/TLogAccsMsgAcceptor.java
com/uc/webview/export/cd/g.java
com/taobao/accs/client/AccsConfig.java
com/alibaba/support/b/b.java
anet/channel/e/a.java
com/bumptech/glide/load/resource/bitmap/n.java
org/android/spdy/NetTimeGaurd.java
com/alibaba/aliexpresshd/module/order/TakePhotoFragment.java
com/alibaba/aliexpresshd/module/qa/QuestionDetailFragment.java
anet/channel/session/a.java
com/alibaba/support/zxing/view/e.java
com/alibaba/widget/j.java
com/taobao/accs/ut/statistics/ReceiveMsgStat.java
com/bumptech/glide/load/a/g.java
com/bumptech/glide/d/k.java
com/aaf/base/i/n.java
com/bumptech/glide/load/b/a.java
com/taobao/accs/net/HeartbeatManager.java
com/alibaba/widget/ViewScroller.java
com/taobao/accs/base/AccsAbstractDataListener.java
com/alibaba/poplayer/utils/f.java
com/taobao/accs/flowcontrol/FlowControl.java
com/ut/mini/comp/device/SystemUtils.java
com/uc/webview/export/internal/setup/b.java
org/android/spdy/spduLog.java
com/alibaba/poplayer/utils/PopLayerConsole.java
com/taobao/accs/ut/monitor/TrafficsMonitor.java
com/alibaba/mtl/a/g/o.java
com/uc/webview/export/cd/c.java
com/uc/webview/export/extension/UCSettings.java
com/alibaba/support/zxing/b/d.java
com/uploader/export/h.java
anet/channel/b.java
com/taobao/accs/client/AdapterGlobalClientInfo.java
com/alibaba/wireless/security/framework/SGBasePluginActivity.java
com/taobao/accs/utl/FileUtils.java
com/taobao/accs/internal/ElectionServiceImpl.java
anet/channel/k.java
com/taobao/agoo/control/RequestListener.java
com/ut/store/UTLogStoreMgr.java
com/uc/webview/export/cd/CDController.java
com/alibaba/akita/fonticon/FontIconView.java
com/taobao/accs/net/SpdyConnection.java
com/taobao/accs/base/BaseService.java
anet/channel/util/ALog.java
com/taobao/tlog/adapter/TLogConfigSwitchReceiver.java
com/alibaba/akita/f/f.java
com/bumptech/glide/load/resource/bitmap/ImageHeaderParser.java
com/taobao/tao/log/collect/LogFileUploaderImp.java
com/alibaba/poplayer/utils/libs/StandOutWindow.java
com/uc/webview/export/internal/d/a/a.java
com/uc/webview/export/internal/d/d.java
com/bumptech/glide/load/c/n.java
anet/channel/j/p.java
anet/channel/j/a/e.java
com/bumptech/glide/load/b/a/f.java
anet/channel/session/e.java
com/alipay/euler/andfix/AndFixManager.java
com/bumptech/glide/i/a.java
org/android/agoo/message/MessageService.java
anet/channel/util/i.java
com/taobao/agoo/control/data/RegisterDO.java
com/aliexpress/service/utils/permission/a.java
com/uc/webview/export/utility/Utils.java
com/taobao/accs/data/MessageHandler.java
com/taobao/accs/base/BaseReceiver.java
com/alipay/euler/andfix/AndFix.java
butterknife/ButterKnife.java
com/bumptech/glide/load/a/f.java
com/uc/webview/export/cd/a.java
com/bumptech/glide/load/c/f.java
com/taobao/tao/log/CommandDataCenter.java
com/alibaba/common/util/c.java
com/taobao/accs/statistics/DBHelper.java
com/ta/utdid2/android/utils/TimeUtils.java
com/taobao/tao/log/TLogInitializer.java
org/android/agoo/control/AgooFactory.java
com/taobao/update/AndroidHttpClient.java
android/taobao/windvane/jsbridge/api/WVContacts.java
com/taobao/accs/ut/statistics/SendAckStatistic.java
com/taobao/accs/utl/AdapterUtilityImpl.java
com/uc/webview/export/cd/b.java
com/bumptech/glide/load/b/b/i.java
org/android/agoo/common/Config.java
com/alibaba/support/zxing/b/f.java
com/alibaba/aliexpresshd/module/product/a/a.java
com/alibaba/widget/CameraView.java
com/uc/webview/export/internal/setup/m.java
com/taobao/agoo/BaseNotifyClickActivity.java
com/alibaba/support/zxing/view/d.java
com/alibaba/common/util/au.java
com/bumptech/glide/load/resource/bitmap/l.java
com/taobao/accs/internal/ReceiverImpl.java
com/taobao/accs/ChannelService.java
com/uc/webview/export/internal/utility/c.java
com/taobao/accs/election/ElectionServiceUtil.java
com/bumptech/glide/load/b/c/a.java
com/uc/webview/export/cd/CDConsumer.java
com/alibaba/poplayer/utils/libs/b/b.java
com/bumptech/glide/load/resource/bitmap/f.java
com/bumptech/glide/load/b/c.java
com/alibaba/aliexpresshd/module/order/a/d.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 anet/channel/j/o.java
com/ut/mini/internal/UTTeamWork.java
com/taobao/wireless/security/sdk/securesignature/SecureSignatureDefine.java
com/alibaba/wireless/security/open/securesignature/SecureSignatureDefine.java
com/ut/mini/comp/device/Device.java
com/taobao/accs/eudemon/EudemonManager.java
com/alibaba/ugc/modules/festival/collection/view/f.java
org/android/spdy/SpdyProtocol.java
com/aliexpress/service/apibase/database/DatabaseManager.java
android/taobao/windvane/extra/uc/c.java
com/ut/mini/utils/UTMCPhoneInfoUtils.java
com/ta/utdid2/device/UTUtdid.java
org/android/agoo/common/Config.java
com/ut/mini/core/onlineconf/core/UTMCOnlineConfMgr.java
com/ta/utdid2/device/UTUtdidHelper.java
com/taobao/accs/common/Constants.java
com/taobao/tao/log/TLogController.java
com/ut/mini/base/UTMCConstants.java
com/alibaba/aliexpresshd/module/order/LeaveFeedbackFragment.java
com/taobao/tao/log/TLogConstant.java
com/alibaba/ugc/modules/festival/collection/view/e.java
com/taobao/ju/track/constants/Constants.java
com/aaf/base/e/a.java
com/aliexpress/service/io/net/akita/net/io/MteeUtil.java
com/taobao/accs/ChannelService.java
android/taobao/windvane/i/c/f.java
com/ta/utdid2/device/UTUtdidHelper2.java
com/alipay/android/app/constants/CommonConstants.java
com/ut/mini/comp/device/Constants.java
com/ta/utdid2/device/DeviceInfo.java
com/ut/mini/core/onlineconf/UTMCRealTimeDebuggingBiz.java
com/alibaba/poplayer/c.java
com/taobao/wireless/security/sdk/indiekit/IndieKitDefine.java
com/alibaba/aliexpresshd/module/common/RouteMainActivity.java
com/taobao/accs/client/ClientManager.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/alibaba/ugc/a.java
android/taobao/windvane/jsbridge/api/ScreenCaptureUtil.java
com/taobao/tao/log/TLogInitializer.java
android/taobao/windvane/o/k.java
com/alipay/apmobilesecuritysdk/f/a.java
com/ta/utdid2/android/utils/SystemUtils.java
com/ta/utdid2/core/persistent/PersistentConfiguration.java
com/aliexpress/service/apibase/mock/AEMockNetImpl.java
com/taobao/accs/utl/UtilityImpl.java
com/aliexpress/service/apibase/b/a.java
com/alipay/b/a/a/a/b.java
com/aaf/base/f/g.java
anet/channel/j/p.java
com/taobao/tao/log/TLogUtils.java
com/uc/webview/export/internal/setup/UCSetupTask.java
com/alibaba/widget/CameraView.java
com/aliexpress/service/utils/b.java
com/aaf/base/i/f.java
com/alipay/d/a/a/b/b.java
com/alibaba/aliexpresshd/module/profile/MyProfileActivity.java
com/alibaba/common/util/au.java
com/aaf/base/i/i.java
android/taobao/windvane/o/f.java
android/taobao/windvane/o/a.java
com/alibaba/support/webview/SimpleWebViewActivity.java
com/taobao/accs/election/ElectionServiceUtil.java
com/aliexpress/service/utils/h.java
com/alibaba/common/util/d.java
High
CVSS:7.4
Weak Encryption algorithm used
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/taobao/tao/log/TLogUtils.java
com/alipay/android/app/util/encrypt/Des.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 org/android/agoo/common/EncryptUtil.java
com/alipay/b/a/a/a/i.java
c/a/i.java
vkey/android/vos/VosWrapperBase.java
com/ta/utdid2/device/UTUtdid.java
com/ut/mini/utils/UTMCSHA1Utils.java
com/ta/utdid2/android/utils/AESUtils.java
Low
CVSS:3.9
App can write to App Directory. Sensitive Information should be encrypted.
MASVS: MSTG-STORAGE-14
CWE-276 Incorrect Default Permissions
Files:
 com/ta/utdid2/core/persistent/TransactionXMLFile.java
High
CVSS:4
The file is World Readable. Any App can read from the file
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/ta/utdid2/core/persistent/TransactionXMLFile.java
High
CVSS:7.4
The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.
MASVS: MSTG-CRYPTO-3
CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
M5: Insufficient Cryptography
Files:
 com/alipay/d/a/a/a/a/b.java
com/aliexpress/service/component/third/b/a.java
com/uc/webview/export/internal/d/a/b.java
com/ta/utdid2/android/utils/AESUtils.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/alipay/android/app/util/encrypt/MD5.java
com/aliexpress/service/utils/i.java
com/alibaba/mtl/a/g/i.java
com/alipay/euler/andfix/security/SecurityChecker.java
com/uploader/implement/action/c/a.java
com/ut/mini/utils/UTMCMD5Utils.java
anet/channel/util/k.java
com/aliexpress/service/utils/b/b.java
org/android/agoo/common/EncryptUtil.java
com/vk/sdk/a/c.java
com/alipay/android/app/util/StringUtil.java
com/uc/webview/export/cyclone/UCCyclone.java
com/aliexpress/service/utils/h.java
d/c.java
com/uc/webview/export/internal/d/a/b.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files:
 android/taobao/windvane/webview/WVWebView.java
High
CVSS:5.4
Remote WebView debugging is enabled.
MASVS: MSTG-RESILIENCE-2
CWE-919 - Weaknesses in Mobile Applications
M1: Improper Platform Usage
Files:
 android/taobao/windvane/webview/WVWebView.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 com/alibaba/aliexpresshd/module/sharecomponent/a/a.java
android/taobao/windvane/webview/WVWebView.java
com/alibaba/aliexpresshd/module/hybrid/b.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 com/alipay/android/app/monitor/log/LogModel.java
com/alipay/android/app/util/DeviceInfo.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 com/taobao/accs/client/AccsConfig.java
android/taobao/windvane/b/d.java
com/uc/webview/export/Build.java
com/alipay/b/a/a/a/w.java
com/taobao/ju/track/constants/Constants.java
com/aliexpress/service/io/net/akita/net/io/DnsDispatcher.java
com/aaf/base/f/f.java
com/taobao/accs/eudemon/EudemonManager.java
com/uc/webview/export/internal/d.java
com/uploader/implement/b.java
com/taobao/accs/common/Constants.java
android/taobao/windvane/b/e.java
High
CVSS:7.4
Insecure WebView Implementation. WebView ignores SSL Certificate errors and accept any SSL Certificate. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 com/aliexpress/service/component/third/webview/h.java
com/alibaba/widget/f.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/aaf/base/a/d.java
com/alipay/android/app/a/a/a.java
org/android/agoo/message/MessageService.java
com/taobao/accs/statistics/DBHelper.java
com/aliexpress/service/a/d.java
com/aliexpress/service/apibase/database/DatabaseManager.java
com/alibaba/mtl/a/e/b.java
com/ut/store/UTLogSqliteStore.java
com/aliexpress/service/a/a/d.java
High
CVSS:7.4
Insecure Implementation of SSL. Trusting all the certificates or accepting self signed certificates is a critical Security Hole. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 com/alipay/android/app/transfer/PhoneCashierHttpClient.java
com/alipay/b/a/a/a/h.java
com/aliexpress/service/io/net/akita/net/io/_FakeX509TrustManager.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 com/uploader/implement/connection/recycler/d.java
vkey/android/vos/VosWrapperBase.java
com/uploader/implement/connection/recycler/f.java
anet/channel/session/c.java
High
CVSS:0
This App may request root (Super User) privileges.
MASVS: MSTG-RESILIENCE-1
CWE-250 Execution with Unnecessary Privileges
Files:
 com/alipay/apmobilesecuritysdk/e/d.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/soundcloud/android/crop/b.java
com/vk/sdk/api/photo/VKUploadImage.java
Pygal China: 600 Germany: 1400 Hong Kong: 1000 Russian Federation: 500 United States: 1100

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US twitter.com 104.244.42.129
US schemas.polites.com 192.0.78.25
agoodm.wapa.taobao.com
CN wapp.m.taobao.com 59.82.29.3
DE star.aliexpress.com 47.254.143.107
US www.17track.net 172.66.43.241
HK c-adash.m.taobao.com 47.246.137.207
CN applog.uc.cn 123.183.235.37
iclientgw.d7467.alipay.net
iclientgw-d8817.alipay.net
mddc.m.taobao.com
HK iclientgw.alipay.com 47.235.16.76
RU img.alicdn.com 79.133.177.251
ru.itao.com
US play.google.com 142.250.186.46
HK m-adash.m.taobao.com 47.246.137.207
DE api.m.aliexpress.com 47.254.143.107
RU www.taobao.com 79.133.177.233
RU ae01.alicdn.com 79.133.177.251
HK news.alibaba.com 47.246.136.125
HK gw.api.alibaba.com 47.246.136.125
US chart.googleapis.com 172.217.16.138
DE sale.aliexpress.com 23.32.59.174
img1.daily.taobaocdn.net
US translate.google.com 142.250.185.78
HK adash.m.taobao.com 47.246.137.207
iclientgw-1-64.test.alipay.net
DE a.aliexpress.com 23.32.59.171
HK iclientgwpre.alipay.com 47.235.16.77
DE mobi.aliexpress.com 47.254.143.112
HK intl.alipay.com 47.235.16.76
schemas.android.com
US www.googleapis.com 142.250.185.170
DE m.aliexpress.com 23.32.59.171
RU oauth.vk.com 87.240.129.181
tb.cn
DE activities.aliexpress.com 47.254.143.112
DE img1.tbcdn.cn 163.181.56.193
US xmlpull.org 74.50.61.58
RU vk.com 87.240.190.78
DE api.aliexpress.com 47.254.143.107
CN agoodm.m.taobao.com 203.119.144.58
DE img.alibaba.com 104.111.243.137
HK us.my.alibaba.com 47.246.137.70
DE d.aliexpress.com 47.254.143.112
CN pg.aliexpress.com 203.119.245.26
CN hydra.alibaba.com 203.119.175.213
DE login.aliexpress.com 23.32.59.171
schemas.alibaba.com
DE www.aliexpress.com 23.32.59.171
HK kfupload.alibaba.com 47.246.136.125
US www.pinterest.com 199.232.56.84
CN ams.alibaba-inc.com 59.82.112.188
US www.facebook.com 185.60.216.35
DE gw.alicdn.com 163.181.56.193
US schema.org 142.250.74.206

URL analysis

Information computed with MobSF.

http://xmlpull.org/v1/doc/features.html#indent-output
Defined in com/ta/utdid2/core/persistent/b.java
http://xmlpull.org/v1/doc/features.html#indent-output
Defined in com/ta/utdid2/core/persistent/a.java
http://hydra.alibaba.com/
Defined in com/ta/utdid2/aid/AidRequester.java
https://star.aliexpress.com
Defined in com/alibaba/ugc/common/d.java
http://sale.aliexpress.com/listrules.htm
Defined in com/alibaba/ugc/modules/festival/collection/view/c.java
javascript:(function
http://tb.cn/n/poplayerdebug?windvane=%s&log_cache_size=%s
Defined in com/alibaba/poplayer/b.java
http://us.my.alibaba.com/user/company/forget_password_input_email.htm?email=
http://m.aliexpress.com/login.htm
Defined in com/alibaba/aliexpresshd/auth/user/ui/SnsEmailExistLoginFragment.java
http://us.my.alibaba.com/user/company/forget_password_input_email.htm?email=
http://m.aliexpress.com/login.htm
Defined in com/alibaba/aliexpresshd/auth/user/ui/SnsEmailExistLoginFragment.java
http://us.my.alibaba.com/user/company/forget_password_input_email.htm?email=
http://m.aliexpress.com/login.htm
Defined in com/alibaba/aliexpresshd/auth/user/ui/LoginFragment.java
http://us.my.alibaba.com/user/company/forget_password_input_email.htm?email=
http://m.aliexpress.com/login.htm
Defined in com/alibaba/aliexpresshd/auth/user/ui/LoginFragment.java
http://news.alibaba.com/article/detail/help/100453670-1-alibaba.com-free-membership-agreement.html
Defined in com/alibaba/aliexpresshd/auth/user/ui/RegisterFragment.java
http://news.alibaba.com/article/detail/help/100453670-1-alibaba.com-free-membership-agreement.html
Defined in com/alibaba/aliexpresshd/auth/user/ui/SnsEmailInvalidRegisterFragment.java
http://www.aliexpress.com/item/-/
Defined in com/alibaba/aliexpresshd/module/order/FeedbackShareFragment.java
http://www.17track.net/en/
Defined in com/alibaba/aliexpresshd/module/order/TrackingInfoFragment.java
http://m.aliexpress.com/store/storeHome.htm?sellerAdminSeq=
Defined in com/alibaba/aliexpresshd/module/order/OrderDetailActivity.java
http://m.aliexpress.com/store/storeHome.htm?sellerAdminSeq=
Defined in com/alibaba/aliexpresshd/module/promotion/FlashDealsDetailFragment.java
http://www.aliexpress.com/about.html
http://m.aliexpress.com/tools/exchangeRate.htm
Defined in com/alibaba/aliexpresshd/module/base/AEBasicDrawerActivity.java
http://www.aliexpress.com/about.html
http://m.aliexpress.com/tools/exchangeRate.htm
Defined in com/alibaba/aliexpresshd/module/base/AEBasicDrawerActivity.java
http://m.aliexpress.com/store/storeHome.htm?sellerAdminSeq=
Defined in com/alibaba/aliexpresshd/module/wishlist/WishListStoreListFragment.java
http://img.alibaba.com
Defined in com/alibaba/aliexpresshd/module/wishlist/WishListProductReductionFragment.java
http://img.alibaba.com
Defined in com/alibaba/aliexpresshd/module/wishlist/WishListProductFragment.java
http://m.aliexpress.com/store/storeHome.htm?sellerAdminSeq=
Defined in com/alibaba/aliexpresshd/module/shopcart/ShopingCartActivity.java
http://m.aliexpress.com/search.htm?keywords=%s&from=aia
http://m.aliexpress.com/item/%s.html?from=aia
http://schema.org/ViewAction
Defined in com/alibaba/aliexpresshd/module/d/a/a.java
http://m.aliexpress.com/search.htm?keywords=%s&from=aia
http://m.aliexpress.com/item/%s.html?from=aia
http://schema.org/ViewAction
Defined in com/alibaba/aliexpresshd/module/d/a/a.java
http://m.aliexpress.com/search.htm?keywords=%s&from=aia
http://m.aliexpress.com/item/%s.html?from=aia
http://schema.org/ViewAction
Defined in com/alibaba/aliexpresshd/module/d/a/a.java
http://m.aliexpress.com/store/storeHome.htm?sellerAdminSeq=
Defined in com/alibaba/aliexpresshd/module/profile/MyCouponSellerFragment.java
http://sale.aliexpress.com/ru/__mobile/public_offer_4pl.htm
Defined in com/alibaba/aliexpresshd/module/profile/AddressAddFragment.java
http://10.101.80.150:8080/app/test.html
http://wapp.m.taobao.com/wv/debug/windvane.html
http://ams.alibaba-inc.com/page/preview/source/1117
Defined in com/alibaba/aliexpresshd/module/common/SettingsFragment.java
http://10.101.80.150:8080/app/test.html
http://wapp.m.taobao.com/wv/debug/windvane.html
http://ams.alibaba-inc.com/page/preview/source/1117
Defined in com/alibaba/aliexpresshd/module/common/SettingsFragment.java
http://m.aliexpress.com/store/sellerInfo.htm?sellerAdminSeq=
http://m.aliexpress.com/store/StoreCategory.htm?sellerAdminSeq=
http://www.aliexpress.com/store/
Defined in com/alibaba/aliexpresshd/module/sellerstore/SellerStoreFragment.java
http://m.aliexpress.com/store/sellerInfo.htm?sellerAdminSeq=
http://m.aliexpress.com/store/StoreCategory.htm?sellerAdminSeq=
http://www.aliexpress.com/store/
Defined in com/alibaba/aliexpresshd/module/sellerstore/SellerStoreFragment.java
http://m.aliexpress.com/store/sellerInfo.htm?sellerAdminSeq=
http://m.aliexpress.com/store/StoreCategory.htm?sellerAdminSeq=
http://www.aliexpress.com/store/
Defined in com/alibaba/aliexpresshd/module/sellerstore/SellerStoreFragment.java
http://m.aliexpress.com/store/storeHome.htm?sellerAdminSeq=
Defined in com/alibaba/aliexpresshd/module/message/ConversationDetailFragment.java