ANDROID STATIC ANALYSIS REPORT

app_icon

 foodpanda (24.24.0)
File Name: foodpanda_ food & groceries_24.24.0_APKPure.xapk

Package Name: com.global.foodpanda.android

Scan Date: Sept. 24, 2024, 7:39 a.m.

App Security Score: 49/100 (MEDIUM RISK)

Grade:
B
Trackers Detection: 7/432
 FINDINGS SEVERITY

 HIGH  MEDIUM  INFO  SECURE  HOTSPOT

3 25 3 2 13

 FILE INFORMATION
File Name: foodpanda_ food & groceries_24.24.0_APKPure.xapk
Size: 27.8MB
MD5: e10b09a4087c3ff2bce4b70766ea2dab
SHA1: 798ce3f5bddec9d4b2dbe5a5c4df5e92798a85de
SHA256: e88145af3a86b5fcbdbd1dc08139ee17e8d87fe961463f3fe77a032a49b43a65

 APP INFORMATION
App Name: foodpanda
Package Name: com.global.foodpanda.android
Main Activity:
Target SDK: 34
Min SDK: 28
Max SDK:
Android Version Name: 24.24.0
Android Version Code: 242400264

 APP COMPONENTS
Activities: 171
Services: 16
Receivers: 21
Providers: 11
Exported Activities: 8
Exported Services: 2
Exported Receivers: 3
Exported Providers: 0

 CERTIFICATE INFORMATION
Binary is signed
v1 signature: False
v2 signature: False
v3 signature: True
v4 signature: False
X.509 Subject: C=PT, ST=Porto, L=Porto, O=Rocket Internet, OU=SilverOak, CN=Ricardo Dourado
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2012-11-15 11:34:37+00:00
Valid To: 2040-04-02 11:34:37+00:00
Issuer: C=PT, ST=Porto, L=Porto, O=Rocket Internet, OU=SilverOak, CN=Ricardo Dourado
Serial Number: 0x7941263b
Hash Algorithm: sha256
md5: 6114ede7e27daff0311f8748ec18185d
sha1: a5b05d45938e7795f0df9a81924a32d32c0abe63
sha256: af472590adc7f390d8aa24bdb2b049591efdf35b0a0837582890aa7d2276c663
sha512: 43f2b3de38cb0006e14fb8f649a6c6415bc7322b4245dca01ae3c2392da023ec7798127be1341e1951303b838bbac153052b46e0a05f5bb92de7fcd7d5477cb0
PublicKey Algorithm: rsa
Bit Size: 2048
Fingerprint: 04fe0c011b70310159b0e4547d25c4cab59f5b92d7da6d0eae99edb977a0f220
Found 1 unique certificates
 APPLICATION PERMISSIONS

PERMISSION STATUS INFO DESCRIPTION

Unknown permission from

com.adjust.preinstall.READ_PERMISSION unknown Unknown permission
android reference

Unknown permission from

com.global.foodpanda.android.permission.A4S_SEND unknown Unknown permission
android reference

Unknown permission from

.permission.MAPS_RECEIVE unknown Unknown permission
android reference

Allows an application to create

android.permission.INTERNET normal full Internet access
network sockets.

Allows an application to view the

android.permission.ACCESS_NETWORK_STATE normal view network status
status of all networks.

Unknown permission from

com.google.android.providers.gsf.permission.READ_GSERVICES unknown Unknown permission
android reference

Allows an application to view the

android.permission.ACCESS_WIFI_STATE normal view Wi-Fi status information about the status of
Wi-Fi.

Allows the application to control

android.permission.VIBRATE normal control vibrator
the vibrator.
PERMISSION
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_CONTACTS
android.permission.POST_NOTIFICATIONS
android.permission.READ_CALENDAR
STATUS INFO DESCRIPTION
Access coarse location sources,
such as the mobile network
database, to determine an
coarse (network-based) approximate phone location,
dangerous
location where available. Malicious
applications can use this to
determine approximately where
you are.
Access fine location sources, such
as the Global Positioning System
on the phone, where available.
dangerous fine (GPS) location Malicious applications can use
this to determine where you are
and may consume additional
battery power.
Allows an application to read all
of the contact (address) data
dangerous read contact data stored on your phone. Malicious
applications can use this to send
your data to other people.
allows an app to post Allows an app to post
dangerous
notifications. notifications
Allows an application to read all
of the calendar events stored on
your phone. Malicious
dangerous read calendar events
applications can use this to send
your calendar events to other
people.
PERMISSION
android.permission.WRITE_CALENDAR
android.permission.CAMERA
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.READ_PHONE_STATE
STATUS INFO DESCRIPTION
Allows an application to add or
change the events on your
add or modify calendar calendar, which may send emails
dangerous events and send emails to guests. Malicious applications
to guests can use this to erase or modify
your calendar events or to send
emails to guests.
Allows application to take pictures
and videos with the camera. This
dangerous take pictures and videos allows the application to collect
images that the camera is seeing
at any time.
read/modify/delete
Allows an application to write to
dangerous external storage
external storage.
contents
read external storage Allows an application to read
dangerous
contents from external storage.
prevent phone from Allows an application to prevent
normal
sleeping the phone from going to sleep.
Allows the application to access
the phone features of the device.
An application with this
read phone state and permission can determine the
dangerous
identity phone number and serial number
of this phone, whether a call is
active, the number that call is
connected to and so on.
PERMISSION STATUS INFO DESCRIPTION

Allows an app to access sensor

Access higher sampling
android.permission.HIGH_SAMPLING_RATE_SENSORS normal data with a sampling rate greater
rate sensor data
than 200 Hz.

allows reading image

Allows an application to read
android.permission.READ_MEDIA_IMAGES dangerous files from external
image files from external storage.
storage.

enables regular apps to

Allows a regular application to
android.permission.FOREGROUND_SERVICE normal use
use Service.startForeground.
Service.startForeground.

allows use of device-

Allows an app to use device
android.permission.USE_BIOMETRIC normal supported biometric
supported biometric modalities.
modalities.

This constant was deprecated in

android.permission.USE_FINGERPRINT normal allow use of fingerprint API level 28. Applications should
request USE_BIOMETRIC instead.

recieve push Allows an application to receive

com.google.android.c2dm.permission.RECEIVE normal
notifications push notifications from cloud.

permission defined by A custom permission defined by

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE normal
google Google.

This app uses a Google

application shows
com.google.android.gms.permission.AD_ID normal advertising ID and can possibly
advertisements
serve advertisements.
PERMISSION STATUS INFO DESCRIPTION

This enables the app to retrieve

information related to advertising
attribution, which can be used for
allow applications to targeted advertising purposes.
android.permission.ACCESS_ADSERVICES_ATTRIBUTION normal access advertising App can gather data about how
service attribution users interact with ads, such as
clicks or impressions, to measure
the effectiveness of advertising
campaigns.

This ID is a unique, user-

allow app to access the
android.permission.ACCESS_ADSERVICES_AD_ID normal
device's advertising ID.
resettable identifier provided by
Google's advertising services,
allowing apps to track user
behavior for advertising purposes
while maintaining user privacy.

Allows an application to start itself

as soon as the system has
finished booting. This can make it
automatically start at
android.permission.RECEIVE_BOOT_COMPLETED normal take longer to start the phone
boot
and allow the application to slow
down the overall phone by always
running.

Unknown permission from

com.global.foodpanda.android.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION unknown Unknown permission
android reference

 APKID ANALYSIS
FILE DETAILS

FINDINGS DETAILS

yara_issue yara issue - dex file recognized by apkid but not yara module

Build.FINGERPRINT check
Build.MODEL check
Build.MANUFACTURER check
classes.dex Anti-VM Code Build.PRODUCT check
Build.HARDWARE check
Build.TAGS check
network operator name check

Compiler unknown (please file detection issue!)

Anti Disassembly Code illegal class name

FILE DETAILS

FINDINGS DETAILS

yara_issue yara issue - dex file recognized by apkid but not yara module

Build.FINGERPRINT check
Build.MODEL check
Build.MANUFACTURER check
Anti-VM Code Build.PRODUCT check
Build.TAGS check
classes2.dex
SIM operator check
network operator name check

Compiler unknown (please file detection issue!)

Anti Disassembly Code illegal class name

FILE DETAILS

FINDINGS DETAILS

yara_issue yara issue - dex file recognized by apkid but not yara module

Build.MANUFACTURER check
classes3.dex Anti-VM Code Build.BRAND check
Build.DEVICE check

Compiler unknown (please file detection issue!)

Anti Disassembly Code illegal class name

FINDINGS DETAILS

classes4.dex yara_issue yara issue - dex file recognized by apkid but not yara module

Compiler unknown (please file detection issue!)

FILE DETAILS

FINDINGS DETAILS

yara_issue yara issue - dex file recognized by apkid but not yara module

classes5.dex Anti-VM Code Build.MANUFACTURER check

Compiler unknown (please file detection issue!)

FINDINGS DETAILS

yara_issue yara issue - dex file recognized by apkid but not yara module

Build.FINGERPRINT check
Build.MODEL check
Build.MANUFACTURER check
Build.PRODUCT check
classes6.dex Anti-VM Code Build.HARDWARE check
Build.BOARD check
Build.TAGS check
network operator name check
possible VM check

Anti Debug Code Debug.isDebuggerConnected() check

Compiler unknown (please file detection issue!)

FILE DETAILS

FINDINGS DETAILS

yara_issue yara issue - dex file recognized by apkid but not yara module

classes7.dex
Compiler unknown (please file detection issue!)

 BROWSABLE ACTIVITIES

ACTIVITY INTENT

Schemes: hungry://, foodpanda://, https://,

Hosts: foodpanda.com, www.foodpanda.pk, www.foodpanda.sg,
www.foodpanda.my, www.foodpanda.com.bd, www.foodpanda.co.th,
www.foodpanda.hk, www.foodpanda.com.tw, www.foodpanda.ph,
www.foodpanda.com.kh, www.foodpanda.la, www.foodpanda.com.mm,
de.foodora.android.ui.launcher.LauncherActivity
www.foodpanda.bg, www.foodpanda.ro, www.foodpanda.co.jp,
Paths: /, /corporate,
Path Prefixes: /chain, /city, /cuisine, /darkstore, /groceries, /login, /item, /restaurant,
/restaurants, /shop, /special-menus, /payments, /pandapay, /yuu,
Path Patterns: /..*/,

Schemes: foodpanda-openid://,
com.deliveryhero.auth.oauth.OauthActivity Hosts: auth,
Path Patterns: /callback, /callback/.*,
 ACTIVITY INTENT

Schemes: foodpanda-klarna://,
com.deliveryhero.auth.ui.klarna.KlarnaLoginActivity
Hosts: @string/klarna_return_host,

Schemes: fbconnect://,
com.facebook.CustomTabActivity
Hosts: cct.com.global.foodpanda.android,

Schemes: foodpanda-cashier://,
com.deliveryhero.payment.cashier.LegacyPaymentActivity Hosts: *,
Path Patterns: /cashier-payment,

com.deliveryhero.cobrandedcard.applink.ui.CobrandedCardDeepLinkActivity Schemes: foodpanda-cobrandedcard://,

com.deliveryhero.inapprating.InAppRatingActivity Schemes: foodpanda-iar://,

 NETWORK SECURITY
HIGH: 0 | WARNING: 0 | INFO: 0 | SECURE: 0

NO SCOPE SEVERITY DESCRIPTION

 CERTIFICATE ANALYSIS
HIGH: 0 | WARNING: 0 | INFO: 1

TITLE SEVERITY DESCRIPTION

Signed Application info Application is signed with a code signing certificate

 MANIFEST ANALYSIS
HIGH: 0 | WARNING: 14 | INFO: 0 | SUPPRESSED: 0
NO ISSUE SEVERITY
App can be installed on a vulnerable Android version
1 warning
Android 9, minSdk=28]
App has a Network Security Configuration
2 info
[android:networkSecurityConfig=@xml/network_security_config]
Activity-Alias (de.foodora.android.ui.launcher.LauncherActivity) is not Protected.
3 warning
[android:exported=true]
Activity (com.deliveryhero.auth.oauth.OauthActivity) is not Protected.
4 warning
[android:exported=true]
Activity (com.deliveryhero.auth.ui.klarna.KlarnaLoginActivity) is not Protected.
5 warning
[android:exported=true]
Activity (com.facebook.CustomTabActivity) is not Protected.
6 warning
[android:exported=true]
DESCRIPTION
This application can be installed on an older version
of android that has multiple vulnerabilities. Support
an Android version => 10, API 29 to receive
reasonable security updates.
The Network Security Configuration feature lets apps
customize their network security settings in a safe,
declarative configuration file without modifying app
code. These settings can be configured for specific
domains and for a specific app.
An Activity-Alias is found to be shared with other apps
on the device therefore leaving it accessible to any
other application on the device.
An Activity is found to be shared with other apps on
the device therefore leaving it accessible to any other
application on the device.
An Activity is found to be shared with other apps on
the device therefore leaving it accessible to any other
application on the device.
An Activity is found to be shared with other apps on
the device therefore leaving it accessible to any other
application on the device.
NO ISSUE SEVERITY DESCRIPTION

Activity (com.deliveryhero.payment.wallet.wechat.WeChatEntryActivity) is not An Activity is found to be shared with other apps on

7 Protected. warning the device therefore leaving it accessible to any other
[android:exported=true] application on the device.

Activity (com.deliveryhero.payment.cashier.LegacyPaymentActivity) is not An Activity is found to be shared with other apps on

8 Protected. warning the device therefore leaving it accessible to any other
[android:exported=true] application on the device.

Activity
An Activity is found to be shared with other apps on
(com.deliveryhero.cobrandedcard.applink.ui.CobrandedCardDeepLinkActivity) is
9 warning the device therefore leaving it accessible to any other
not Protected.
application on the device.
[android:exported=true]

A Broadcast Receiver is found to be shared with other

apps on the device therefore leaving it accessible to
any other application on the device. It is protected by
Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is a permission which is not defined in the analysed
Protected by a permission, but the protection level of the permission should be application. As a result, the protection level of the
10 checked. warning permission should be checked where it is defined. If it
Permission: com.google.android.c2dm.permission.SEND is set to normal or dangerous, a malicious application
[android:exported=true] can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.

An Activity is found to be shared with other apps on

Activity (com.deliveryhero.inapprating.InAppRatingActivity) is not Protected.
11 warning the device therefore leaving it accessible to any other
[android:exported=true]
application on the device.
NO ISSUE SEVERITY DESCRIPTION

A Service is found to be shared with other apps on the

device therefore leaving it accessible to any other
application on the device. It is protected by a
Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is
permission which is not defined in the analysed
Protected by a permission, but the protection level of the permission should be
application. As a result, the protection level of the
checked.
12 warning permission should be checked where it is defined. If it
Permission:
is set to normal or dangerous, a malicious application
com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION
can request and obtain the permission and interact
[android:exported=true]
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.

A Service is found to be shared with other apps on the

device therefore leaving it accessible to any other
application on the device. It is protected by a
Service (androidx.work.impl.background.systemjob.SystemJobService) is permission which is not defined in the analysed
Protected by a permission, but the protection level of the permission should be application. As a result, the protection level of the
13 checked. warning permission should be checked where it is defined. If it
Permission: android.permission.BIND_JOB_SERVICE is set to normal or dangerous, a malicious application
[android:exported=true] can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.

A Broadcast Receiver is found to be shared with other

apps on the device therefore leaving it accessible to
any other application on the device. It is protected by
Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is a permission which is not defined in the analysed
Protected by a permission, but the protection level of the permission should be application. As a result, the protection level of the
14 checked. warning permission should be checked where it is defined. If it
Permission: android.permission.DUMP is set to normal or dangerous, a malicious application
[android:exported=true] can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.
 NO ISSUE SEVERITY DESCRIPTION

A Broadcast Receiver is found to be shared with other

apps on the device therefore leaving it accessible to
any other application on the device. It is protected by
a permission which is not defined in the analysed
Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) is Protected
application. As a result, the protection level of the
by a permission, but the protection level of the permission should be checked.
15 warning permission should be checked where it is defined. If it
Permission: android.permission.DUMP
is set to normal or dangerous, a malicious application
[android:exported=true]
can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.

 CODE ANALYSIS
HIGH: 2 | WARNING: 10 | INFO: 3 | SECURE: 2 | SUPPRESSED: 0

NO ISSUE SEVERITY STANDARDS FILES

com/shakebugs/shake/internal/domain/models
/deviceinfo/DeviceInfo.java
com/shakebugs/shake/internal/utils/FileProvide
r.java
CWE: CWE-276: Incorrect Default defpackage/bpw.java
App can read/write to External
Permissions defpackage/ok6.java
1 Storage. Any App can read data warning
OWASP Top 10: M2: Insecure Data Storage defpackage/x1i.java
written to External Storage.
OWASP MASVS: MSTG-STORAGE-2 defpackage/x1l.java
defpackage/xvo.java
defpackage/yd40.java
defpackage/z1e.java
io/sentry/android/core/h0.java

com/adjust/sdk/Logger.java
com/adjust/sdk/oaid/AdjustOaid.java
 com/adjust/sdk/oaid/Util.java
NO ISSUE SEVERITY STANDARDS FILES
com/adjust/sdk/sig/NativeLibHelper.java
com/adjust/sdk/sig/SignerInstance.java
com/bumptech/glide/a.java
com/bumptech/glide/load/engine/GlideExcepti
on.java
com/bumptech/glide/load/resource/bitmap/Def
aultImageHeaderParser.java
com/deliveryhero/app/App.java
com/deliveryhero/chatui/view/chatroom/ChatF
ragment.java
com/deliveryhero/performance/core/AppStartu
pTracesInitializer.java
com/deliveryhero/performance/core/compose/
LifecycleObserver.java
com/hbb20/CountryCodePicker.java
com/hbb20/a.java
com/instacart/library/truetime/BootCompleted
BroadcastReceiver.java
com/klarna/mobile/sdk/core/log/LogExtensions
Kt.java
com/klarna/mobile/sdk/core/log/Logger.java
com/makeramen/roundedimageview/RoundedI
mageView.java
com/shakebugs/shake/Shake.java
com/shakebugs/shake/internal/a4.java
com/shakebugs/shake/internal/b1.java
com/shakebugs/shake/internal/c1.java
com/shakebugs/shake/internal/f.java
com/shakebugs/shake/internal/utils/m.java
com/tencent/mm/opensdk/channel/MMessage
ActV2.java
com/tencent/mm/opensdk/channel/a/a.java
com/tencent/mm/opensdk/diffdev/DiffDevOAu
thFactory.java
com/tencent/mm/opensdk/diffdev/a/a.java
com/tencent/mm/opensdk/diffdev/a/b.java
com/tencent/mm/opensdk/diffdev/a/c.java
com/tencent/mm/opensdk/modelbiz/ChooseCa
rdFromWXCardPackage.java
 com/tencent/mm/opensdk/modelbiz/Subscribe
NO ISSUE SEVERITY STANDARDS FILES
Message.java
com/tencent/mm/opensdk/modelbiz/Subscribe
MiniProgramMsg.java
com/tencent/mm/opensdk/modelbiz/WXChann
elBaseJumpInfo.java
com/tencent/mm/opensdk/modelbiz/WXChann
elJumpMiniProgramInfo.java
com/tencent/mm/opensdk/modelbiz/WXChann
elJumpUrlInfo.java
com/tencent/mm/opensdk/modelbiz/WXChann
elOpenFeed.java
com/tencent/mm/opensdk/modelbiz/WXChann
elOpenLive.java
com/tencent/mm/opensdk/modelbiz/WXChann
elOpenProfile.java
com/tencent/mm/opensdk/modelbiz/WXChann
elShareVideo.java
com/tencent/mm/opensdk/modelbiz/WXInvoic
eAuthInsert.java
com/tencent/mm/opensdk/modelbiz/WXLaunc
hMiniProgram.java
com/tencent/mm/opensdk/modelbiz/WXLaunc
hMiniProgramWithToken.java
com/tencent/mm/opensdk/modelbiz/WXNonta
xPay.java
com/tencent/mm/opensdk/modelbiz/WXOpen
BusinessView.java
com/tencent/mm/opensdk/modelbiz/WXPayIns
urance.java
com/tencent/mm/opensdk/modelbiz/WXPreloa
dMiniProgram.java
com/tencent/mm/opensdk/modelmsg/GetMess
ageFromWX.java
com/tencent/mm/opensdk/modelmsg/LaunchF
romWX.java
com/tencent/mm/opensdk/modelmsg/SendAut
h.java
com/tencent/mm/opensdk/modelmsg/SendMe
ssageToWX.java
 com/tencent/mm/opensdk/modelmsg/WXAppE
NO ISSUE SEVERITY STANDARDS FILES
xtendObject.java
com/tencent/mm/opensdk/modelmsg/WXDesig
nerSharedObject.java
com/tencent/mm/opensdk/modelmsg/WXDyna
micVideoMiniProgramObject.java
com/tencent/mm/opensdk/modelmsg/WXEmoj
iObject.java
com/tencent/mm/opensdk/modelmsg/WXEmoj
iPageSharedObject.java
com/tencent/mm/opensdk/modelmsg/WXEmoj
iSharedObject.java
com/tencent/mm/opensdk/modelmsg/WXEnter
priseCardObject.java
com/tencent/mm/opensdk/modelmsg/WXFileO
bject.java
com/tencent/mm/opensdk/modelmsg/WXGam
eVideoFileObject.java
com/tencent/mm/opensdk/modelmsg/WXImag
eObject.java
com/tencent/mm/opensdk/modelmsg/WXLiteA
ppObject.java
com/tencent/mm/opensdk/modelmsg/WXMedi
aMessage.java
com/tencent/mm/opensdk/modelmsg/WXMini
ProgramObject.java
com/tencent/mm/opensdk/modelmsg/WXMusi
cObject.java
com/tencent/mm/opensdk/modelmsg/WXMusi
cVideoObject.java
com/tencent/mm/opensdk/modelmsg/WXStateJ
umpChannelProfileInfo.java
com/tencent/mm/opensdk/modelmsg/WXStateJ
umpMiniProgramInfo.java
com/tencent/mm/opensdk/modelmsg/WXStateJ
umpUrlInfo.java
com/tencent/mm/opensdk/modelmsg/WXState
SceneDataObject.java
com/tencent/mm/opensdk/modelmsg/WXText
Object.java
 com/tencent/mm/opensdk/modelmsg/WXVide
NO ISSUE SEVERITY STANDARDS FILES
oFileObject.java
com/tencent/mm/opensdk/modelmsg/WXVide
oObject.java
com/tencent/mm/opensdk/modelmsg/WXWeb
pageObject.java
com/tencent/mm/opensdk/modelpay/PayReq.j
ava
com/tencent/mm/opensdk/openapi/BaseWXApi
ImplV10.java
com/tencent/mm/opensdk/openapi/MMShared
Preferences.java
com/tencent/mm/opensdk/openapi/WXAPIFact
ory.java
com/tencent/mm/opensdk/openapi/WXApiImpl
Comm.java
com/tencent/mm/opensdk/utils/Log.java
com/tencent/mm/opensdk/utils/b.java
defpackage/a6j.java
defpackage/ad0.java
defpackage/aee.java
defpackage/aey.java
defpackage/al90.java
defpackage/ana0.java
defpackage/anw.java
defpackage/aq50.java
defpackage/ayz.java
defpackage/b8i.java
defpackage/b9c.java
defpackage/bc4.java
defpackage/be90.java
defpackage/bhg.java
defpackage/bm.java
defpackage/bo2.java
defpackage/bo90.java
defpackage/bq9.java
defpackage/bqa.java
defpackage/bt80.java
defpackage/bu90.java
defpackage/bwl.java
 defpackage/bz8.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/c0a0.java
defpackage/c1i.java
defpackage/c5a.java
defpackage/c5y.java
defpackage/c61.java
defpackage/c6v.java
defpackage/c72.java
defpackage/c7h.java
defpackage/c83.java
defpackage/ca4.java
defpackage/cc30.java
defpackage/chg.java
defpackage/cie.java
defpackage/cjd.java
defpackage/cjg.java
defpackage/ckd.java
defpackage/ckw.java
defpackage/cp2.java
defpackage/csj.java
defpackage/cv10.java
defpackage/cv90.java
defpackage/cyg.java
defpackage/d0a0.java
defpackage/d2l.java
defpackage/d390.java
defpackage/d5c.java
defpackage/d5y.java
defpackage/d790.java
defpackage/da4.java
defpackage/db90.java
defpackage/ddm.java
defpackage/dfa0.java
defpackage/dfi.java
defpackage/dga0.java
defpackage/dhe.java
defpackage/dma0.java
defpackage/dq1.java
defpackage/dq50.java
defpackage/dra.java
 defpackage/ds1.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/ds20.java
defpackage/dtu.java
defpackage/dva.java
defpackage/dyg.java
defpackage/e5y.java
defpackage/ea4.java
defpackage/ec.java
defpackage/eda0.java
defpackage/eg.java
defpackage/eh90.java
defpackage/eiw.java
defpackage/ej0.java
defpackage/eo50.java
defpackage/eoi.java
defpackage/era.java
defpackage/es20.java
defpackage/esj.java
defpackage/exf.java
defpackage/ez00.java
defpackage/f0f.java
defpackage/f3g.java
defpackage/f4x.java
defpackage/f720.java
defpackage/fbn.java
defpackage/fj0.java
defpackage/fn8.java
defpackage/fo2.java
defpackage/foi.java
defpackage/fq0.java
defpackage/ftv.java
defpackage/gc30.java
defpackage/ge40.java
defpackage/gh2.java
defpackage/gh90.java
defpackage/gl8.java
defpackage/glt.java
defpackage/gn00.java
defpackage/gp2.java
defpackage/gq50.java

NO ISSUE
The App logs information. Sensitive
2 info
information should never be logged.
defpackage/gq8.java
SEVERITY STANDARDS FILES
defpackage/gqb.java
defpackage/h1l.java
defpackage/h4a.java
defpackage/h56.java
defpackage/h5y.java
defpackage/h6a.java
defpackage/h930.java
defpackage/haa0.java
defpackage/hao.java
defpackage/hc.java
defpackage/hh90.java
defpackage/hlt.java
CWE: CWE-532: Insertion of Sensitive defpackage/hoa0.java
Information into Log File defpackage/hre.java
OWASP MASVS: MSTG-STORAGE-3 defpackage/htc.java
defpackage/hvu.java
defpackage/hx90.java
defpackage/i3l.java
defpackage/i4a.java
defpackage/i56.java
defpackage/i680.java
defpackage/i690.java
defpackage/i730.java
defpackage/i880.java
defpackage/i92.java
defpackage/ikk.java
defpackage/il30.java
defpackage/ioj.java
defpackage/ir1.java
defpackage/iv90.java
defpackage/ix90.java
defpackage/iz00.java
defpackage/j0f.java
defpackage/j190.java
defpackage/j4a.java
defpackage/j620.java
defpackage/j72.java
defpackage/j730.java
defpackage/j890.java
 defpackage/jbd.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/jbz.java
defpackage/jc30.java
defpackage/jdc.java
defpackage/jf90.java
defpackage/jhe.java
defpackage/jiu.java
defpackage/jj00.java
defpackage/jk90.java
defpackage/jo90.java
defpackage/jsl.java
defpackage/jt20.java
defpackage/jt80.java
defpackage/jw8.java
defpackage/jzm.java
defpackage/k0c.java
defpackage/k1l.java
defpackage/k4y.java
defpackage/k56.java
defpackage/kad.java
defpackage/kc.java
defpackage/kfe.java
defpackage/kh3.java
defpackage/khn.java
defpackage/kj00.java
defpackage/kjw.java
defpackage/kp10.java
defpackage/kr90.java
defpackage/kt90.java
defpackage/kwg.java
defpackage/l0b.java
defpackage/l190.java
defpackage/l300.java
defpackage/l880.java
defpackage/lgz.java
defpackage/lm50.java
defpackage/lm9.java
defpackage/lp80.java
defpackage/lpn.java
defpackage/ltk.java
 defpackage/lzm.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/m08.java
defpackage/m1l.java
defpackage/m280.java
defpackage/mbl.java
defpackage/mc9.java
defpackage/mcv.java
defpackage/mee.java
defpackage/mi90.java
defpackage/mm0.java
defpackage/mo10.java
defpackage/mtk.java
defpackage/mua.java
defpackage/n1l.java
defpackage/n300.java
defpackage/n330.java
defpackage/n56.java
defpackage/n620.java
defpackage/n980.java
defpackage/nan.java
defpackage/nb90.java
defpackage/nbl.java
defpackage/nc.java
defpackage/ne7.java
defpackage/nge.java
defpackage/nkd.java
defpackage/nn90.java
defpackage/nr1.java
defpackage/ns50.java
defpackage/nt20.java
defpackage/nur.java
defpackage/o0n.java
defpackage/o51.java
defpackage/o780.java
defpackage/oc30.java
defpackage/ofe.java
defpackage/ofl.java
defpackage/om50.java
defpackage/ot50.java
defpackage/oya.java
 defpackage/oz8.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/ozb.java
defpackage/oze.java
defpackage/p0f.java
defpackage/p190.java
defpackage/p380.java
defpackage/p51.java
defpackage/p7g.java
defpackage/pf90.java
defpackage/pii.java
defpackage/plt.java
defpackage/ps90.java
defpackage/psh.java
defpackage/pye.java
defpackage/q0f.java
defpackage/q1i.java
defpackage/q380.java
defpackage/q51.java
defpackage/q890.java
defpackage/q9o.java
defpackage/qam.java
defpackage/qd00.java
defpackage/qg3.java
defpackage/qh90.java
defpackage/qhu.java
defpackage/qia0.java
defpackage/qmd.java
defpackage/qs50.java
defpackage/qt50.java
defpackage/r190.java
defpackage/r1l.java
defpackage/r290.java
defpackage/r3g.java
defpackage/r4.java
defpackage/r4y.java
defpackage/r61.java
defpackage/r9f.java
defpackage/r9r.java
defpackage/rak.java
defpackage/rc20.java
 defpackage/rc90.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/ron.java
defpackage/rqj.java
defpackage/rt90.java
defpackage/rtc.java
defpackage/ru7.java
defpackage/ryb.java
defpackage/rz10.java
defpackage/rz3.java
defpackage/s0i.java
defpackage/s1e.java
defpackage/s1l.java
defpackage/s290.java
defpackage/s8v.java
defpackage/sda0.java
defpackage/sdy.java
defpackage/sf6.java
defpackage/si90.java
defpackage/sia0.java
defpackage/sjc.java
defpackage/sr50.java
defpackage/st1.java
defpackage/sw00.java
defpackage/sy00.java
defpackage/sye.java
defpackage/t4m.java
defpackage/tc90.java
defpackage/td40.java
defpackage/tds.java
defpackage/tf60.java
defpackage/tn90.java
defpackage/tnq.java
defpackage/ts90.java
defpackage/u0f.java
defpackage/u5q.java
defpackage/u80.java
defpackage/u840.java
defpackage/uc20.java
defpackage/ucn.java
defpackage/udc.java
 defpackage/ug3.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/ukg.java
defpackage/uox.java
defpackage/urk.java
defpackage/us50.java
defpackage/usd.java
defpackage/uy.java
defpackage/v0i.java
defpackage/v4.java
defpackage/vcv.java
defpackage/vdk.java
defpackage/vk0.java
defpackage/vmw.java
defpackage/vo50.java
defpackage/voa0.java
defpackage/vsd.java
defpackage/vtm.java
defpackage/vzm.java
defpackage/w56.java
defpackage/w8t.java
defpackage/w9a0.java
defpackage/wdg.java
defpackage/wj90.java
defpackage/wn80.java
defpackage/wua.java
defpackage/wv90.java
defpackage/wxg.java
defpackage/x1i.java
defpackage/x230.java
defpackage/x4y.java
defpackage/x6v.java
defpackage/x72.java
defpackage/x780.java
defpackage/xa90.java
defpackage/xc40.java
defpackage/xcv.java
defpackage/xf20.java
defpackage/xfz.java
defpackage/xhk.java
defpackage/xhw.java
 defpackage/xig.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/xka0.java
defpackage/xkm.java
defpackage/xlm.java
defpackage/xmw.java
defpackage/xnj.java
defpackage/xo2.java
defpackage/xt20.java
defpackage/xxa.java
defpackage/xzb.java
defpackage/y040.java
defpackage/y590.java
defpackage/yb00.java
defpackage/yi90.java
defpackage/yj30.java
defpackage/ym9.java
defpackage/ymw.java
defpackage/yoj.java
defpackage/yq90.java
defpackage/ys0.java
defpackage/z.java
defpackage/z0f.java
defpackage/z3x.java
defpackage/z5y.java
defpackage/z630.java
defpackage/zcr.java
defpackage/zf.java
defpackage/zh90.java
defpackage/zhu.java
defpackage/zk90.java
defpackage/zkg.java
defpackage/zla0.java
defpackage/zlm.java
defpackage/zma0.java
com/adjust/sdk/Constants.java
defpackage/zq90.java
com/adjust/sdk/sig/KeystoreHelper.java
defpackage/zr20.java
com/appboy/enums/CardKey.java
defpackage/zs0.java
com/deliveryhero/auth/ageverification/openid/
defpackage/zu90.java
OpenIdAuthUrlApiResponse.java
defpackage/zv10.java
com/deliveryhero/chatsdk/util/PushNotification
defpackage/zva.java
Parser.java
 com/deliveryhero/cobrandedcard/common/dat
NO ISSUE SEVERITY STANDARDS FILES
a/model/CoBrandedErrorModel.java
com/deliveryhero/cobrandedcard/issuance/dat
a/remote/model/issuance/IssuanceSuccessResp
onse.java
com/deliveryhero/configs/api/VariationInfo.java
com/deliveryhero/configs/featuretoggle/Missin
gVariationKeyException.java
com/deliveryhero/contract/model/PhoneCallTy
pe.java
com/deliveryhero/corporate/data/entity/respon
se/allowance/my/MyAllowanceOnBoardingItem
Response.java
com/deliveryhero/crosssell/groceries/data/mod
el/CrosssellProductSwimlane.java
com/deliveryhero/fintech/payments/card/confi
guration/data/models/EncryptionKeyApiModel.j
ava
com/deliveryhero/fintech/payments/card/encry
ption/EncryptionError.java
com/deliveryhero/fwf_client/model/ProtoFeatu
reMsg.java
com/deliveryhero/fwf_http/FeatureRequest.java
com/deliveryhero/grouporder/root/c.java
com/deliveryhero/homescreen/container/navig
ation/i.java
com/deliveryhero/location/presentation/addres
s/coordinator/l.java
com/deliveryhero/pandago/data/exceptions/Pa
ndaGoPaymentConfirmIntentApiErrorModel.jav
a
com/deliveryhero/pandago/data/model/Dynam
icError.java
com/deliveryhero/pandago/data/model/Dynam
icText.java
com/deliveryhero/pandago/data/model/Schedu
leDeliveryCategoryApiModel.java
com/deliveryhero/pandago/data/model/Trackin
gEtaApiModel.java
com/deliveryhero/payment/cashier/p.java
 com/deliveryhero/payment/paymentselector/in
NO ISSUE SEVERITY STANDARDS FILES
tegrations/InstrumentPublicFieldsApiModel.java
com/deliveryhero/payment/paymentselector/in
tegrations/MetaDataApiModel.java
com/deliveryhero/payment/paymentselector/in
tegrations/PaymentDetailsApiModel.java
com/deliveryhero/payment/paymentselector/in
tegrations/TrailingTextAfterIcons.java
com/deliveryhero/payment/paymentselector/in
tegrations/checkout/cashback/CashbackRespon
sesApiModel.java
com/deliveryhero/payment/paymentselector/x
endit/model/remote/CollectBankOfChoiceResp
onse.java
com/deliveryhero/search/api/models/Chains.ja
CWE: CWE-312: Cleartext Storage of Sensitive va
Files may contain hardcoded
Information com/deliveryhero/search/api/models/Cuisines.j
3 sensitive information like usernames, warning
OWASP Top 10: M9: Reverse Engineering ava
passwords, keys etc.
OWASP MASVS: MSTG-STORAGE-14 com/deliveryhero/shop/details/data/config/Gro
ceriesConfig.java
com/deliveryhero/subscription/presentation/de
tails/o.java
com/deliveryhero/vendorinfo/data/remote/Dyn
amicMapApiModel.java
com/klarna/mobile/sdk/core/ui/dialog/DialogA
bstraction.java
com/tencent/mm/opensdk/constants/Constants
API.java
defpackage/acv.java
defpackage/btm.java
defpackage/c2o.java
defpackage/c4d.java
defpackage/clo.java
defpackage/cnx.java
defpackage/cvu.java
defpackage/e0u.java
defpackage/ef7.java
defpackage/f46.java
defpackage/fiv.java
defpackage/fo6.java
 defpackage/fry.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/gcr.java
defpackage/giv.java
defpackage/gry.java
defpackage/hmk.java
defpackage/ich.java
defpackage/ihz.java
defpackage/ika.java
defpackage/j6a.java
defpackage/jiw.java
defpackage/k0t.java
defpackage/k220.java
defpackage/k8e.java
defpackage/lv6.java
defpackage/mjo.java
defpackage/oe00.java
defpackage/olf.java
defpackage/om10.java
defpackage/onp.java
defpackage/otc.java
defpackage/oz30.java
defpackage/ps4.java
defpackage/pz30.java
defpackage/q8f.java
defpackage/q8m.java
defpackage/qe7.java
defpackage/ql10.java
defpackage/qw3.java
defpackage/rl10.java
defpackage/scc.java
defpackage/skd.java
defpackage/swn.java
defpackage/t3i.java
defpackage/to60.java
defpackage/u03.java
defpackage/u7h.java
defpackage/uup.java
defpackage/vi40.java
defpackage/wwq.java
defpackage/x9f.java
 defpackage/yd9.java
NO ISSUE SEVERITY STANDARDS FILES
defpackage/zfc.java
bo/app/d1.java
defpackage/zov.java
com/adjust/sdk/Util.java
fwfd/com/fwfsdk/util/FWFHelper.java
com/perimeterx/mobile_sdk/session/PXSession
sManager.java
defpackage/aj30.java
defpackage/cbz.java
defpackage/cd9.java
defpackage/ctu.java
defpackage/dfa0.java
defpackage/dtu.java
CWE: CWE-330: Use of Insufficiently Random defpackage/eh90.java
Values defpackage/k2.java
The App uses an insecure Random
4 warning OWASP Top 10: M5: Insufficient defpackage/k5a.java
Number Generator.
Cryptography defpackage/kki.java
OWASP MASVS: MSTG-CRYPTO-6 defpackage/mt90.java
defpackage/n0u.java
defpackage/odv.java
defpackage/rbt.java
defpackage/t280.java
defpackage/uvr.java
defpackage/v9o.java
defpackage/weu.java
defpackage/xu20.java
defpackage/yld.java
defpackage/z890.java
NO ISSUE SEVERITY STANDARDS FILES

com/shakebugs/shake/internal/l.java
defpackage/cw90.java
defpackage/doa0.java
defpackage/fq90.java
defpackage/fw90.java
defpackage/qa90.java
defpackage/ryw.java
App uses SQLite Database and
defpackage/sda0.java
execute raw SQL query. Untrusted CWE: CWE-89: Improper Neutralization of
defpackage/syw.java
user input in raw SQL queries can Special Elements used in an SQL Command
5 warning defpackage/tyw.java
cause SQL Injection. Also sensitive ('SQL Injection')
defpackage/uyw.java
information should be encrypted and OWASP Top 10: M7: Client Code Quality
defpackage/vh90.java
written to the database.
defpackage/vmw.java
defpackage/vve.java
defpackage/vyw.java
defpackage/wyw.java
defpackage/x890.java
defpackage/y0f.java
defpackage/yh90.java
NO ISSUE SEVERITY STANDARDS FILES

bo/app/a0.java
bo/app/a5.java
bo/app/c6.java
bo/app/e.java
bo/app/e1.java
bo/app/j1.java
bo/app/k0.java
bo/app/k6.java
bo/app/l.java
bo/app/l0.java
bo/app/l4.java
bo/app/m.java
bo/app/m0.java
bo/app/n6.java
bo/app/r1.java
App can write to App Directory. CWE: CWE-276: Incorrect Default
bo/app/t6.java
6 Sensitive Information should be info Permissions
bo/app/v3.java
encrypted. OWASP MASVS: MSTG-STORAGE-14
bo/app/x0.java
com/klarna/mobile/sdk/core/io/assets/util/Asse
tsUtil.java
com/shakebugs/shake/internal/r2.java
defpackage/cel.java
defpackage/h3l.java
defpackage/h7s.java
defpackage/i8i.java
defpackage/lf2.java
defpackage/m4.java
defpackage/o9t.java
defpackage/okw.java
defpackage/u840.java
defpackage/vdy.java
defpackage/zdl.java
NO ISSUE SEVERITY STANDARDS FILES

bo/app/a5.java
bo/app/k0.java
bo/app/k6.java
CWE: CWE-276: Incorrect Default
bo/app/n6.java
The file or SharedPreference is World Permissions
7 high bo/app/o5.java
Writable. Any App can write to the file OWASP Top 10: M2: Insecure Data Storage
bo/app/p5.java
OWASP MASVS: MSTG-STORAGE-2
bo/app/x0.java
bo/app/y4.java
defpackage/bu90.java

defpackage/hx90.java
defpackage/ku80.java
defpackage/lv7.java
This App may have root detection defpackage/siw.java
8 secure
capabilities. OWASP MASVS: MSTG-RESILIENCE-1 defpackage/xu90.java
defpackage/zla0.java
io/sentry/android/core/h0.java
io/sentry/android/core/internal/util/k.java

com/tencent/mm/opensdk/channel/a/a.java
defpackage/dfa0.java
CWE: CWE-327: Use of a Broken or Risky
defpackage/dyg.java
Cryptographic Algorithm
MD5 is a weak hash known to have defpackage/e93.java
9 warning OWASP Top 10: M5: Insufficient
hash collisions. defpackage/f6c.java
Cryptography
defpackage/hk00.java
OWASP MASVS: MSTG-CRYPTO-4
defpackage/hr1.java
defpackage/me90.java

defpackage/b66.java
CWE: CWE-327: Use of a Broken or Risky defpackage/c1i.java
Cryptographic Algorithm defpackage/lu80.java
SHA-1 is a weak hash known to have
10 warning OWASP Top 10: M5: Insufficient defpackage/lv7.java
hash collisions.
Cryptography defpackage/qv0.java
OWASP MASVS: MSTG-CRYPTO-4 defpackage/wdg.java
io/sentry/t.java
NO ISSUE
Insecure WebView Implementation.
11 Execution of user controlled code in warning
WebView is a critical Security Hole.
The App uses the encryption mode
CBC with PKCS5/PKCS7 padding. This
12 high
configuration is vulnerable to
padding oracle attacks.
This App uses SSL certificate pinning
13 to detect or prevent MITM attacks in secure
secure communication channel.
This App may request root (Super
14 warning
User) privileges.
SEVERITY STANDARDS FILES
com/deliveryhero/evaluation/yuu/pairing/YuuP
airingActivity.java
com/deliveryhero/helpcenter/ui/HelpCenterActi
vity.java
com/deliveryhero/loyalty/pairing/LoyaltyPairing
Activity.java
com/deliveryhero/ordertracker/donation/a.java
CWE: CWE-749: Exposed Dangerous Method
com/deliveryhero/payment/cashier/ui/webview
or Function
/c.java
OWASP Top 10: M1: Improper Platform
com/deliveryhero/payment/paymentselector/cr
Usage
editcard/webview/AddCreditCardActivity.java
OWASP MASVS: MSTG-PLATFORM-7
com/klarna/mobile/sdk/core/ui/dialog/internal
browser/BaseInternalBrowserDialogFragment.j
ava
com/perimeterx/mobile_sdk/PerimeterX.java
com/perimeterx/mobile_sdk/block/PXBlockActi
vity.java
defpackage/khl.java
CWE: CWE-649: Reliance on Obfuscation or
Encryption of Security-Relevant Inputs
without Integrity Checking defpackage/v80.java
OWASP Top 10: M5: Insufficient defpackage/zw9.java
Cryptography
OWASP MASVS: MSTG-CRYPTO-3
defpackage/nur.java
defpackage/qjo.java
OWASP MASVS: MSTG-NETWORK-4 defpackage/qw8.java
defpackage/zp3.java
CWE: CWE-250: Execution with Unnecessary
Privileges io/sentry/android/core/internal/util/k.java
OWASP MASVS: MSTG-RESILIENCE-1
 NO ISSUE SEVERITY STANDARDS FILES

App creates temp file. Sensitive
15 information should never be written
into a temp file.
CWE: CWE-276: Incorrect Default
Permissions
warning
OWASP Top 10: M2: Insecure Data Storage
OWASP MASVS: MSTG-STORAGE-2
com/deliveryhero/helpcenter/ui/HelpCenterActi
vity.java
com/deliveryhero/subscription/presentation/w
ebview/SubscriptionWebViewFragment.java
defpackage/cbr.java
defpackage/x1i.java
org/mp4parser/boxes/iso14496/part12/MediaD
ataBox.java

com/deliveryhero/pandago/ui/order/OrderTrac
This App copies data to clipboard.
kingFragment.java
Sensitive data should not be copied
16 info defpackage/hh30.java
to clipboard as other applications can OWASP MASVS: MSTG-STORAGE-10
defpackage/iq0.java
access it.
defpackage/uxr.java

CWE: CWE-200: Information Exposure com/shakebugs/shake/network/ShakeNetworkI

17 IP Address disclosure warning
OWASP MASVS: MSTG-CODE-2 nterceptor.java

 NIAP ANALYSIS v1.3

NO IDENTIFIER REQUIREMENT FEATURE DESCRIPTION

 ABUSED PERMISSIONS
 TYPE MATCHES PERMISSIONS

android.permission.INTERNET, android.permission.ACCESS_NETWORK_STATE, android.permission.ACCESS_WIFI_STATE,

android.permission.VIBRATE, android.permission.ACCESS_COARSE_LOCATION, android.permission.ACCESS_FINE_LOCATION,
Malware
13/24 android.permission.READ_CONTACTS, android.permission.CAMERA, android.permission.WRITE_EXTERNAL_STORAGE,
Permissions
android.permission.READ_EXTERNAL_STORAGE, android.permission.WAKE_LOCK, android.permission.READ_PHONE_STATE,
android.permission.RECEIVE_BOOT_COMPLETED

Other
android.permission.READ_CALENDAR, android.permission.FOREGROUND_SERVICE, com.google.android.c2dm.permission.RECEIVE,
Common 5/45
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE, com.google.android.gms.permission.AD_ID
Permissions

Malware Permissions:
Top permissions that are widely abused by known malware.
Other Common Permissions:
Permissions that are commonly abused by known malware.

 OFAC SANCTIONED COUNTRIES

This app may communicate with the following OFAC sanctioned list of countries.

DOMAIN COUNTRY/REGION

IP: 156.59.145.154
Country: China
consent-api.service.consent.eu1.usercentrics.eu
Region: Shanghai
City: Shanghai

IP: 156.59.145.154
Country: China
config.eu.usercentrics.eu
Region: Shanghai
City: Shanghai
DOMAIN COUNTRY/REGION

IP: 47.104.30.117
Country: China
app.adjust.cn
Region: Zhejiang
City: Hangzhou

IP: 156.59.145.154
Country: China
api.eu.usercentrics.eu
Region: Shanghai
City: Shanghai

IP: 47.104.30.117
Country: China
ssrv.adjust.cn
Region: Zhejiang
City: Hangzhou

IP: 156.59.145.154
Country: China
aggregator.eu.usercentrics.eu
Region: Shanghai
City: Shanghai

IP: 156.59.145.154
Country: China
uct.eu.usercentrics.eu
Region: Shanghai
City: Shanghai

IP: 47.104.30.117
Country: China
subscription.adjust.cn
Region: Zhejiang
City: Hangzhou

IP: 109.244.217.35
Country: China
long.open.weixin.qq.com
Region: Beijing
City: Beijing
DOMAIN COUNTRY/REGION

IP: 156.59.145.154
Country: China
app.eu.usercentrics.eu
Region: Shanghai
City: Shanghai

IP: 203.205.232.110
Country: China
open.weixin.qq.com
Region: Guangdong
City: Shenzhen

IP: 47.104.30.117
Country: China
gdpr.adjust.cn
Region: Zhejiang
City: Hangzhou

 DOMAIN MALWARE CHECK

DOMAIN STATUS GEOLOCATION

IP: 172.64.146.134
Country: United States of America
Region: Texas
client-api.fwf.deliveryhero.net ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map
DOMAIN STATUS GEOLOCATION

at-display-eu-stg.deliveryhero.io
IP: 104.19.251.88
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 20.207.73.82
Country: United States of America
Region: Washington
github.com ok City: Redmond
Latitude: 47.682899
Longitude: -122.120903
View: Google Map

IP: 185.151.204.200
Country: United States of America
Region: Arizona
s2s.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 104.239.240.11
Country: United States of America
Region: Texas
xml.org ok City: Windcrest
Latitude: 29.499678
Longitude: -98.399246
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 185.151.204.70
Country: United States of America
Region: Arizona
subscription.us.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 156.59.145.154
Country: China
Region: Shanghai
consent-api.service.consent.eu1.usercentrics.eu ok City: Shanghai
Latitude: 31.222219
Longitude: 121.458061
View: Google Map

IP: 172.217.17.46
Country: United States of America
Region: California
console.firebase.google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

IP: 195.15.222.169
Country: Switzerland
Region: Basel-Stadt
www.slf4j.org ok City: Basel
Latitude: 47.558399
Longitude: 7.573270
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 156.59.145.154
Country: China
Region: Shanghai
config.eu.usercentrics.eu ok City: Shanghai
Latitude: 31.222219
Longitude: 121.458061
View: Google Map

api.staging.s.fintech.deliveryhero.com ok No Geolocation information available.

IP: 17.253.39.204
Country: Sweden
Region: Stockholms lan
developer.apple.com ok City: Stockholm
Latitude: 59.332581
Longitude: 18.064899
View: Google Map

IP: 185.151.204.40
Country: United States of America
Region: Arizona
app.adjust.world ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 185.199.108.153
Country: United States of America
Region: Pennsylvania
xmlpull.org ok City: California
Latitude: 40.065632
Longitude: -79.891708
View: Google Map
DOMAIN STATUS GEOLOCATION

graph.s ok No Geolocation information available.

IP: 195.244.54.7
Country: Turkey
Region: Izmir
gdpr.tr.adjust.com ok City: Izmir
Latitude: 38.412731
Longitude: 27.138380
View: Google Map

IP: 35.158.194.55
Country: Germany
Region: Hessen
api.shakebugs.com ok City: Frankfurt am Main
Latitude: 50.115520
Longitude: 8.684170
View: Google Map

IP: 172.64.147.136
Country: United States of America
Region: Texas
www.foodpanda.sg ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map

IP: 185.151.204.50
Country: United States of America
Region: Arizona
gdpr.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 47.104.30.117
Country: China
Region: Zhejiang
app.adjust.cn ok City: Hangzhou
Latitude: 30.293650
Longitude: 120.161423
View: Google Map

IP: 156.59.145.154
Country: China
Region: Shanghai
api.eu.usercentrics.eu ok City: Shanghai
Latitude: 31.222219
Longitude: 121.458061
View: Google Map

at-stg-display.deliveryhero.io
IP: 104.19.252.88
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 108.139.60.19
Country: United States of America
Region: Washington
x.klarnacdn.net ok City: Seattle
Latitude: 47.606209
Longitude: -122.332069
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 52.213.116.251
Country: Ireland
Region: Dublin
eu.klarnaevt.com ok City: Dublin
Latitude: 53.343990
Longitude: -6.267190
View: Google Map

IP: 108.139.79.76
Country: United States of America
Region: Washington
login.nonprod.klarna.net ok City: Seattle
Latitude: 47.606209
Longitude: -122.332069
View: Google Map

IP: 157.240.227.1
Country: Netherlands
Region: Noord-Holland
developers.facebook.com ok City: Amsterdam
Latitude: 52.374031
Longitude: 4.889690
View: Google Map

IP: 108.139.79.34
Country: United States of America
Region: Washington
s3-alpha-sig.figma.com ok City: Seattle
Latitude: 47.606209
Longitude: -122.332069
View: Google Map
DOMAIN
ssrv.adjust.cn
at-display-eu.deliveryhero.io
firebase.google.com
docs.perimeterx.com
STATUS GEOLOCATION
IP: 47.104.30.117
Country: China
Region: Zhejiang
ok City: Hangzhou
Latitude: 30.293650
Longitude: 120.161423
View: Google Map
IP: 104.19.252.88
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
IP: 172.217.17.46
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 35.241.52.23
Country: United States of America
Region: Missouri
ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 172.217.19.238
Country: United States of America
Region: California
issuetracker.google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

IP: 185.151.204.60
Country: United States of America
Region: Arizona
ssrv.eu.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 35.158.194.55
Country: Germany
Region: Hessen
ws.shakebugs.com ok City: Frankfurt am Main
Latitude: 50.115520
Longitude: 8.684170
View: Google Map

IP: 104.21.27.65
Country: United States of America
Region: California
mikepenz.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 35.241.3.184
Country: United States of America
Region: Missouri
api.usercentrics.eu ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map

IP: 185.151.204.33
Country: United States of America
Region: Arizona
ssrv.adjust.net.in ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 172.217.19.211
Country: United States of America
Region: California
www.ccil.org ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

IP: 195.244.54.7
Country: Turkey
Region: Izmir
ssrv.tr.adjust.com ok City: Izmir
Latitude: 38.412731
Longitude: 27.138380
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 35.201.111.240
Country: United States of America
Region: Missouri
consent-api.service.consent.usercentrics.eu ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map

IP: 172.217.17.33
Country: United States of America
Region: California
foodpanda.page.link ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

perimeterx.net ok No Geolocation information available.

IP: 156.59.145.154
Country: China
Region: Shanghai
aggregator.eu.usercentrics.eu ok City: Shanghai
Latitude: 31.222219
Longitude: 121.458061
View: Google Map

IP: 195.244.54.6
Country: Turkey
Region: Izmir
app.tr.adjust.com ok City: Izmir
Latitude: 38.412731
Longitude: 27.138380
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 95.217.106.171
Country: Finland
Region: Uusimaa
www.oivahymy.fi ok City: Helsinki
Latitude: 60.169521
Longitude: 24.935450
View: Google Map

IP: 104.16.54.101
Country: United States of America
Region: Texas
foodpanda.com ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map

IP: 104.18.66.115
Country: United States of America
Region: California
www.netpincer.hu ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

reviews-api-s.fd-api.com ok No Geolocation information available.

IP: 156.59.145.154
Country: China
Region: Shanghai
uct.eu.usercentrics.eu ok City: Shanghai
Latitude: 31.222219
Longitude: 121.458061
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 185.151.204.70
Country: United States of America
Region: Arizona
app.us.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 185.151.204.15
Country: United States of America
Region: Arizona
app.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 185.151.204.44
Country: United States of America
Region: Arizona
subscription.adjust.world ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 34.120.28.121
Country: United States of America
Region: Missouri
aggregator.service.usercentrics.eu ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map

www.image.deliveryhero.com ok No Geolocation information available.

DOMAIN
subscription.adjust.cn
login.playground.klarna.com
graph-video.s
ssrv.us.adjust.com
goo.gl
STATUS GEOLOCATION
IP: 47.104.30.117
Country: China
Region: Zhejiang
ok City: Hangzhou
Latitude: 30.293650
Longitude: 120.161423
View: Google Map
IP: 18.161.69.41
Country: United States of America
Region: Washington
ok City: Seattle
Latitude: 47.627499
Longitude: -122.346199
View: Google Map
ok No Geolocation information available.
IP: 185.151.204.70
Country: United States of America
Region: Arizona
ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
IP: 172.217.19.206
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
DOMAIN STATUS GEOLOCATION

ns.adobe.com ok No Geolocation information available.

IP: 104.17.171.101
Country: United States of America
Region: California
global.fd-api.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 108.139.79.53
Country: United States of America
Region: Washington
ktor.io ok City: Seattle
Latitude: 47.606209
Longitude: -122.332069
View: Google Map

IP: 172.217.17.46
Country: United States of America
Region: California
developer.android.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

IP: 104.18.229.32
Country: United States of America
Region: California
www.foodora.fi ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 216.58.208.238
Country: United States of America
Region: California
google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

IP: 141.193.213.10
Country: United States of America
Region: Texas
www.shakebugs.com ok City: Austin
Latitude: 30.271158
Longitude: -97.741699
View: Google Map

IP: 104.18.23.19
Country: United States of America
Region: California
www.w3.org ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 34.120.238.166
Country: United States of America
Region: Missouri
graphql.usercentrics.eu ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 18.214.229.238
Country: United States of America
Region: Virginia
perimeterx.jfrog.io ok City: Ashburn
Latitude: 39.043720
Longitude: -77.487488
View: Google Map

IP: 172.64.148.188
Country: United States of America
Region: Texas
sdk.iad-01.braze.com ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map

IP: 157.240.227.35
Country: Netherlands
Region: Noord-Holland
facebook.com ok City: Amsterdam
Latitude: 52.374031
Longitude: 4.889690
View: Google Map

IP: 185.151.204.32
Country: United States of America
Region: Arizona
app.adjust.net.in ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
DOMAIN
helpcenter-ap.usehurrier.com
long.open.weixin.qq.com
docs.google.com
subscription.adjust.com
STATUS GEOLOCATION
IP: 172.64.145.10
Country: United States of America
Region: Texas
ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map
IP: 109.244.217.35
Country: China
Region: Beijing
ok City: Beijing
Latitude: 39.907501
Longitude: 116.397232
View: Google Map
IP: 172.217.19.238
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 185.151.204.52
Country: United States of America
Region: Arizona
ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
DOMAIN
at-display-us.deliveryhero.io
at-display-as.deliveryhero.io
accounts.google.com
subscription.tr.adjust.com
STATUS GEOLOCATION
IP: 104.19.251.88
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
IP: 104.19.251.88
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
IP: 74.125.71.84
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 195.244.54.7
Country: Turkey
Region: Izmir
ok City: Izmir
Latitude: 38.412731
Longitude: 27.138380
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 156.59.145.154
Country: China
Region: Shanghai
app.eu.usercentrics.eu ok City: Shanghai
Latitude: 31.222219
Longitude: 121.458061
View: Google Map

IP: 185.199.108.153
Country: United States of America
Region: Pennsylvania
aomedia.org ok City: California
Latitude: 40.065632
Longitude: -79.891708
View: Google Map

IP: 203.205.232.110
Country: China
Region: Guangdong
open.weixin.qq.com ok City: Shenzhen
Latitude: 22.545540
Longitude: 114.068298
View: Google Map

IP: 185.151.204.2
Country: United States of America
Region: Arizona
ssrv.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 172.217.19.206
Country: United States of America
Region: California
play.google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

IP: 185.151.204.34
Country: United States of America
Region: Arizona
subscription.adjust.net.in ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 104.18.36.128
Country: United States of America
Region: Texas
www.foodpanda.hk ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map

IP: 172.217.19.194
Country: United States of America
Region: California
www.googleadservices.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

.facebook.com ok No Geolocation information available.

DOMAIN
www.google-analytics.com
ssl.google-analytics.com
www-new.netpincer.hu
at-display-as-stg.deliveryhero.io
STATUS GEOLOCATION
IP: 142.250.181.142
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 216.58.208.232
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 104.18.66.115
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
IP: 104.19.251.88
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 188.114.96.6
Country: Spain
Region: Madrid, Comunidad de
pandago.sg ok City: Madrid
Latitude: 40.416500
Longitude: -3.702560
View: Google Map

at-display-us-stg.deliveryhero.io
IP: 104.19.252.88
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

mockiconurl.com ok No Geolocation information available.

IP: 185.151.204.60
Country: United States of America
Region: Arizona
subscription.eu.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 172.64.144.252
Country: United States of America
Region: Texas
sondheim.braze.com ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 185.151.204.60
Country: United States of America
Region: Arizona
app.eu.adjust.com ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map

IP: 172.64.147.108
Country: United States of America
Region: Texas
perseus-stg.deliveryhero.net ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map

IP: 172.64.147.108
Country: United States of America
Region: Texas
perseus-productanalytics.deliveryhero.net ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map

IP: 34.102.252.42
Country: United States of America
Region: Missouri
api.avo.app ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 108.139.79.50
Country: United States of America
Region: Washington
images.deliveryhero.io ok City: Seattle
Latitude: 47.606209
Longitude: -122.332069
View: Google Map

IP: 10.0.2.2
Country: -
Region: -
10.0.2.2 ok City: -
Latitude: 0.000000
Longitude: 0.000000
View: Google Map

api.production.s.fintech.deliveryhero.com ok No Geolocation information available.

IP: 104.19.252.88
Country: United States of America
Region: California
geocoder-asia.deliveryhero.io ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 104.17.228.60
Country: United States of America
Region: California
www.braze.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
DOMAIN
app-measurement.com
www.google.com
android-foodora.firebaseio.com
gdpr.us.adjust.com
STATUS GEOLOCATION
IP: 142.250.181.110
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 172.217.17.68
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
IP: 34.120.160.131
Country: United States of America
Region: Missouri
ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map
IP: 185.151.204.70
Country: United States of America
Region: Arizona
ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
DOMAIN
gdpr.adjust.cn
uct.service.usercentrics.eu
static.fd-api.com
gdpr.adjust.net.in
STATUS GEOLOCATION
IP: 47.104.30.117
Country: China
Region: Zhejiang
ok City: Hangzhou
Latitude: 30.293650
Longitude: 120.161423
View: Google Map
IP: 34.95.108.180
Country: United States of America
Region: Missouri
ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map
IP: 104.17.170.101
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map
IP: 185.151.204.32
Country: United States of America
Region: Arizona
ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 104.19.252.88
Country: United States of America
Region: California
at-display.deliveryhero.io ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 104.18.5.226
Country: United States of America
Region: California
cdn.visa.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

schemas.android.com ok No Geolocation information available.

IP: 35.190.14.188
Country: United States of America
Region: Missouri
app.usercentrics.eu ok City: Kansas City
Latitude: 39.099731
Longitude: -94.578568
View: Google Map

fullscreen.klarna.sdk ok No Geolocation information available.

DOMAIN
ssrv.adjust.world
usercentricssupport.zendesk.com
www.facebook.com
gdpr.eu.adjust.com
STATUS GEOLOCATION
IP: 185.151.204.40
Country: United States of America
Region: Arizona
ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
IP: 216.198.53.1
Country: United States of America
Region: California
ok City: San Francisco
Latitude: 37.773968
Longitude: -122.410446
View: Google Map
IP: 157.240.227.35
Country: Netherlands
Region: Noord-Holland
ok City: Amsterdam
Latitude: 52.374031
Longitude: 4.889690
View: Google Map
IP: 185.151.204.60
Country: United States of America
Region: Arizona
ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
DOMAIN
disco.deliveryhero.io
login.klarna.com
helpcenter-stg.usehurrier.com
gdpr.adjust.world
STATUS GEOLOCATION
IP: 172.64.147.65
Country: United States of America
Region: Texas
ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map
IP: 18.161.69.81
Country: United States of America
Region: Washington
ok City: Seattle
Latitude: 47.627499
Longitude: -122.346199
View: Google Map
IP: 104.18.42.246
Country: United States of America
Region: Texas
ok City: Dallas
Latitude: 32.783058
Longitude: -96.806671
View: Google Map
IP: 185.151.204.40
Country: United States of America
Region: Arizona
ok City: Phoenix
Latitude: 33.448380
Longitude: -112.074043
View: Google Map
 FIREBASE DATABASES

FIREBASE URL DETAILS

info
https://android-foodora.firebaseio.com
App talks to a Firebase Database.

 EMAILS

EMAIL FILE

[email protected] defpackage/iaz.java

[email protected]
defpackage/kx90.java
[email protected]

[email protected] defpackage/yey.java

[email protected] defpackage/td40.java

[email protected] defpackage/cie.java

[email protected]
[email protected]
[email protected]
[email protected] Android String Resource
[email protected]
[email protected]
[email protected]
 TRACKERS

TRACKER CATEGORIES URL

Adjust Analytics https://reports.exodus-privacy.eu.org/trackers/52

Braze (formerly Appboy) Location, Advertisement, Analytics https://reports.exodus-privacy.eu.org/trackers/17

Facebook Login Identification https://reports.exodus-privacy.eu.org/trackers/67

Google CrashLytics Crash reporting https://reports.exodus-privacy.eu.org/trackers/27

Google Firebase Analytics Analytics https://reports.exodus-privacy.eu.org/trackers/49

Google Tag Manager Analytics https://reports.exodus-privacy.eu.org/trackers/105

Sentry Crash reporting https://reports.exodus-privacy.eu.org/trackers/447

 HARDCODED SECRETS

POSSIBLE SECRETS

"NEXTGEN_ACNT_PASSWORD" : "Password"

"NEXTGEN_DINEIN_PAYMENT_CANCEL_AUTH_DIALOG_CTA" : "Cancel"

"NEXTGEN_LOGIN_SHOW_PASSWORD" : "Show"
POSSIBLE SECRETS

"NEXTGEN_REGISTER_STARTED_SHOW_PASSWORD" : "Show"

"NEXTGEN_SUBS_RP_SCPWD_INFO_FOOTER_BACK_CTA" : "Back"

"com.google.firebase.crashlytics.mapping_file_id" : "f091ae7b32344a0b9b07c5095d3e5a40"

"com_braze_image_is_read_tag_key" : "com_appboy_image_is_read_tag_key"

"com_braze_image_lru_cache_image_url_key" : "com_braze_image_lru_cache_image_url_key"

"com_braze_image_resize_tag_key" : "com_appboy_image_resize_tag_key"

"file_provider_authority" : "com.global.foodpanda.android.fileprovider"

"firebase_database_url" : "https://android-foodora.firebaseio.com"

"google_api_key" : "AIzaSyCdrhSSqNXjpXEMEzXXTeSige--1ZV9DoM"

"google_crash_reporting_api_key" : "AIzaSyCdrhSSqNXjpXEMEzXXTeSige--1ZV9DoM"

"library_fastadapter_authorWebsite" : "http://mikepenz.com/"

"library_materialize_authorWebsite" : "http://mikepenz.com/"

"library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1"

"shared_prefs_app_id_key_klarna_inapp_sdk" : "sdk-application-id"

258EAFA5-E914-47DA-95CA-C5AB0DC85B11
POSSIBLE SECRETS

29d3d13e441296535c55aa9ef241403e

37a6259cc0c1dae299a7866489dff0bd

A2B55680-6F43-11E0-9A3F-0002A5D5C51B

fXoQtIbGcN0zkVYtS7g9hL2bl1gPiczbsl

Wc7bJUJZOTgjfB6gpWmfMwdoxx7ii2pzShEfgvX0iynLthP3aX

115792089210356248762697446949407573529996955224135760342422259061068512044369

a8b5894279328d2a82e72f1a7dded823e00f68c02103c49eaaecf1c4cf5a1c48

c2ee647e9689dae80722aa39023f79a8

115792089210356248762697446949407573530086143415290314195533631308867097853951

4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5

565d4106-3c24-4f57-9435-aea2f44f675e

8def219c54b8b02bb9afae8298c9011d980400e78cb46784d64c3d4ebe33cce8

cc2751449a350f668590264ed76692694a80308a

df6b721c8b4d3b6eb44c861d4415007e5a35fc95

8a3c4b262d721acd49a4bf97d5213199c86fa2b9
POSSIBLE SECRETS

400f56d2814c03e05eb53452e852464d

61a76bbf38102fa61a8f51b6181dc18c

09a5a04de61bb3ba50f7f4b03bee3579

a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc

kSnfp3ehQW4VG33NlsioUd6UcZGiXNQie7vWUzyvtzcT2SctB6

dQM6X4cPRCBSMmRGMtiy6orUJKVAsgHWiEX4eeQBvYqNvUV2IqrJl7C6

5e1561676731a1bbebfaa5697b5b18b5bb3072601b81a5fc7e02187a38fe4167

edef8ba9-79d6-4ace-a3c8-27dcd51d21ed

c9d6ab7e60369098acfea58dd81d22c9

6aae17afa1732a56fd0fdc0b4ea5dba963a1b00fc259b10ce7b33b81988cc381

49f946663a8deb7054212b8adda248c6

b4de8505dd6c84a8b7c82a59849311c062bdc3519b1c8a33024e9fe8cd042fbf

V1r46C2u7WyihSy5eEEfiCj2fQltEnB0NOisMiNfJKwzlr66Qu

c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66

UjOBkPe2TwBDtIHbeNVXmyMaFHNUCErPOZGi3cyabFk8At7OkQ
POSSIBLE SECRETS

F4Po0h6zvJpwrMet5GnLdwlhgHpD6x8ceNI3SwXvBw2IljkPaKmKSrunaIySrx5nSvfLULENmARYkxSxhwrglt2Mhe057

eacd05ddef02e59c683725a264c61b3346180e1a318fbed3e3ae1f493069d53c

NUcUDJtM2Z6GuQQnG4PordFwXDdLWQo3FjDubsMUmcwQi3U8s

83988915c588086ce03e289c60751f5e575acef61ab758b9c4c40ab59881ccf9

a029a18ff8b1a86fcc01b35351569668

30820268308201d102044a9c4610300d06092a864886f70d0101040500307a310b3009060355040613025553310b300906035504081302434131123010060355040713
0950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b06035504031314466163
65626f6f6b20436f72706f726174696f6e3020170d3039303833313231353231365a180f32303530303932353231353231365a307a310b3009060355040613025553310b
3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b13084
6616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e30819f300d06092a864886f70d010101050003818d0030818902818100c2
07d51df8eb8c97d93ba0c8c1002c928fab00dc1b42fca5e66e99cc3023ed2d214d822bc59e8e35ddcf5f44c7ae8ade50d7e0c434f500e6c131f4a2834f987fc46406115de20
18ebbb0d5a3c261bd97581ccfef76afc7135a6d59e8855ecd7eacc8f8737e794c60a761c536b72b11fac8e603f5da1a2d54aa103b8a13c0dbc10203010001300d06092a864
886f70d0101040500038181005ee9be8bcbb250648d3b741290a82a1c9dc2e76a0af2f2228f1d9f9c4007529c446a70175c5a900d5141812866db46be6559e2141616483
998211f4a673149fb2232a10d247663b26a9031e15f84bc1c74d141ff98a02d76f85b2c8ab2571b6469b232d8e768a7f7ca04f7abe4a775615916c07940656b58717457b4
2bd928a2

60523300b01fc4cd7c192571faa8452ccd2150eeeebb34864f21e0d8935d9e42

9b8f518b086098de3d77736f9458a3d2f6f95a37

68647976601306097149819007990813932172694353001433054093944634591855431833976553942450577463332171975329639963713633211138647686124403
80340372808892707005449

ae282786b50bd08e91335fe82ccb0db9a48b690be23a2208998303c5250bde06

3e3bb09d77d9c78f63e989e1fd4d0d03a84c7f7353971cc5a252aa8639a4a713
POSSIBLE SECRETS

7e7b6b9433a233b86855e980acbe0689

68647976601306097149819007990813932172694353001433054093944634591855431833976560521225596406614545549772963113914808580371219879997166
43812574028291115057151

82213c1f-c715-4970-bec9-5f48fea42e7d

T7tlPcyTHtFZ8W0qAEV56Wgj6PL2T6DG

308202eb30820254a00302010202044d36f7a4300d06092a864886f70d01010505003081b9310b300906035504061302383631123010060355040813094775616e67646
f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79
204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e74657
23110300e0603550403130754656e63656e74301e170d3131303131393134333933325a170d3431303131313134333933325a3081b9310b30090603550406130238363
1123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f67792
85368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420
446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e7430819f300d06092a864886f70d010101050003818d0030818902818100c05f34
b231b083fb1323670bfbe7bdab40c0c0a6efc87ef2072a1ff0d60cc67c8edb0d0847f210bea6cbfaa241be70c86daf56be08b723c859e52428a064555d80db448cdcacc1aea
2501eba06f8bad12a4fa49d85cacd7abeb68945a5cb5e061629b52e3254c373550ee4e40cb7c8ae6f7a8151ccd8df582d446f39ae0c5e930203010001300d06092a864886
f70d0101050500038181009c8d9d7f2f908c42081b4c764c377109a8b2c70582422125ce545842d5f520aea69550b6bd8bfd94e987b75a3077eb04ad341f481aac266e89d
3864456e69fba13df018acdc168b9a19dfd7ad9d9cc6f6ace57c746515f71234df3a053e33ba93ece5cd0fc15f3e389a3f365588a9fcb439e069d3629cd7732a13fff7b891499

62b3abd864bde7488eae5ff575b51091f2d2b929f1d178fbed01c593ed62794e

5a8ed0ef41beb6f1c986b48280b02d69

fb8760f8-6ffc-466a-8d98-0a9b4584e07a

39a19a315fe143742044c49a1116bea5

4f85e88ff3c25eb6c71a99742db2679fc5026183bc7ddbd24cba073747c92a35

119158fa2204ce77cb990474a665fbf5d57499e1c36711f8d1fe6be8c49315dd
POSSIBLE SECRETS

eaeb85e7f91d49f6272f9cdf52d270d13cfb754f08559ab3e1641490f1840467

790646be452ec5050b65785c33d02e3e4d4fbec581b4ed2c257f3c4ae177699f

2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3

c56fb7d591ba6704df047fd98f535372fea00211

39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643

20106998-7fd6-4e1c-9f5d-f66d7fb6cd21

3f6bb38af3b343e95f092ebe5173a343

4d419a24ce2f37cd74ef818f728a1979d39ed57f4380f41cff6f6f6f7d5e133c

39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319

94743e275c3fcfce8bc483b591df18c0

97be66c02ec53eb4ab7d6d4ea2e17633

758a7ad79beb3aa2b49da038718c1ada

8G3ZKFzAnqZbNurKqIN9mX5amqQFq5sQXFWF2Nlk

9A04F079-9840-4286-AB92-E65BE0885F95

AGpgvYFRN6oWceHKF2MtDZzXGbivkqKj38mNRZ
POSSIBLE SECRETS

b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef

b837020d1626632d838e12ec107f2897

e2eaf828d1423fe9372478b0cc9ddba721042797ef4d76525c364ec1e0c5832c

1603907e3186ad7b6cc1183f7eaf1f7c364c90e6d26827955b51fabf8b5d675c

11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650

0123456789abcdefABCDEF

3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f

b79e65184ce0257bef861190ae475cc7

470fa2b4ae81cd56ecbcda9735803434cec591fa

87c5a9e33a1556cefbaf04b18841e0e6172a40dbeb86b8dc1bf75e73991959a7

1a407cf4d3a271e7dedca59f33c9c95290b1617b83a19d6be4058ec11cdf2941

a84da47b260f68de4f56d1bd5df95fb8cb79bb4aa735157c3da5e20ae15cc8d9

8fc33759f3362c37e237950fd213aec913a2542bb4ff0f0dc47feb6def6d110d

18f6df91c0437fc93e5ffa6aef4abb1857de1b0c9ef94c2580cd1c411cd675d5

1Fn28Ziqh6NbpfE422YhL3kXTQ5yC4cgtQsqSvfmHWgi4WjLH301xEx
POSSIBLE SECRETS

sha256/V5L96iSCz0XLFgvKi7YVo6M4SIkOP9zSkDjZ0EoU6b8=

d540ad8a50be02c8216f2def290597bb4fc2526847a51b86cdf02039c4b72cfe

c103703e120ae8cc73c9248622f3cd1e

4316db3f7e84e285ad46c9fc67c22312

7f64ad933e215a49af9586df4f2d602c2277145e2d6b0721b22f593b334d268b

051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00

58b246d4-99aa-4438-a1cd-967602c7fcbb

d080b95f6ada645b7e9ad2832f4ff9eddfd9443767587fb6b9e3f82ff174e42c

aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7

8bd31fecc28e51e25119c9342c6c3a1c

629d19195e0bf14d54e871429df31066a917f7c4b8931c39e199edcad8a8a740

c8e43223c4bd4020eba83d17abe4470d

0e8b7dcd3078579ac5da1020bcd854d800c12f6587a397ef92b6751a8cfdb041

7c43a395daac2b34160a23226813afc0

6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296
 POSSIBLE SECRETS

5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b

 PLAYSTORE INFORMATION
Title: foodpanda: food & groceries

Score: 4.0129914 Installs: 100,000,000+ Price: 0 Android Version Support: Category: Food & Drink Play Store URL: com.global.foodpanda.android

Developer Details: Foodpanda GmbH a subsidiary of Delivery Hero SE, Foodpanda+GmbH+a+subsidiary+of+Delivery+Hero+SE, None, https://www.foodpanda.com/,
[email protected],

Release Date: Nov 19, 2013 Privacy Policy: Privacy link

Description:

live like a panda You do you, we'll bring food and groceries in a flash. In the mood for comfort food from your fave restaurant? Dreading another grocery trip? Spend time
doing things you love, we'll take care of your meals with the best deals. Food for your cravings. Hungry for wood-fired pizza, a classic burger or fried chicken? We know
the best restaurants near you – big famous brands and tiny local faves. Best part? We've got exclusive discounts and promos waiting for all new foodies. Fresh groceries in
a flash. Skip that grocery trip. We’ll do the heavy lifting. Get groceries, snacks and drinks fast from pandamart and foodpanda shops. We deliver fresh produce, essentials,
frozen goods, personal care items, your cute pet’s needs and much more. Save on tasty takeaways. On the go? Try pick-up! Skip the queue and save up when you self-
collect your order. Worry-free package delivery. Need to send or receive a parcel? Go with pandago. Our reliable fleet will safely deliver it for you in no time. What makes
us special? We get you. There's no time to waste waiting. Pick what you love and we’ll bring it in a tap. Save your go-to places and reorder faves with ease. Want more?
Become a pro and save big on your yummy orders. Our tech is shaped by you. Explore personalised offers and delicious picks just for you. Dish out what you feel about
your order and let foodies know what’s yum. For more info, visit https://www.foodpanda.com.bd/ https://www.foodpanda.hk/ https://www.foodpanda.com.kh/
https://www.foodpanda.la/ https://www.foodpanda.com.mm/ https://www.foodpanda.my/ https://www.foodpanda.ph/ https://www.foodpanda.pk/
https://www.foodpanda.sg/ https://www.foodpanda.co.th/ https://www.foodpanda.com.tw/

 SCAN LOGS

Timestamp Event Error

2024-09-24 07:39:50 Generating Hashes OK

2024-09-24 07:39:50 Extracting APK OK

2024-09-24 07:39:50 Unzipping OK

2024-09-24 07:39:51 Getting Hardcoded Certificates/Keystores OK

2024-09-24 07:39:56 Parsing AndroidManifest.xml OK

2024-09-24 07:39:56 Parsing APK with androguard OK

2024-09-24 07:39:56 Extracting Manifest Data OK

2024-09-24 07:39:56 Performing Static Analysis on: foodpanda (com.global.foodpanda.android) OK

2024-09-24 07:39:56 Fetching Details from Play Store: com.global.foodpanda.android OK

2024-09-24 07:39:57 Manifest Analysis Started OK

2024-09-24 07:39:57 Reading Network Security config from network_security_config.xml OK

2024-09-24 07:39:57 Parsing Network Security config OK

2024-09-24 07:39:57 Checking for Malware Permissions OK

2024-09-24 07:39:57 Fetching icon path OK

2024-09-24 07:39:57 Library Binary Analysis Started OK

2024-09-24 07:39:57 Reading Code Signing Certificate OK

2024-09-24 07:39:58 Running APKiD 2.1.5 OK

2024-09-24 07:40:04 Updating Trackers Database.... OK

2024-09-24 07:40:04 Detecting Trackers OK

2024-09-24 07:40:10 Decompiling APK to Java with jadx OK

2024-09-24 07:40:51 Converting DEX to Smali OK

2024-09-24 07:40:51 Code Analysis Started on - java_source OK

2024-09-24 07:41:50 Android SAST Completed OK

2024-09-24 07:41:50 Android API Analysis Started OK

2024-09-24 07:42:40 Android Permission Mapping Started OK

2024-09-24 07:43:11 Android Permission Mapping Completed OK

2024-09-24 07:43:28 Finished Code Analysis, Email and URL Extraction OK

2024-09-24 07:43:28 Extracting String data from APK OK

2024-09-24 07:43:28 Extracting String data from Code OK

2024-09-24 07:43:28 Extracting String values and entropies from Code OK

2024-09-24 07:43:38 Performing Malware check on extracted domains OK

2024-09-24 07:44:16 Saving to Database OK

 2024-09-24 07:44:17 Unzipping OK

Report Generated by - MobSF v4.0.7

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment
framework capable of performing static and dynamic analysis.

© 2024 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.