DOMAINTOOLS’ investigation confirms the exposure of a TLS private key tied to a wildcard certificate for *.myclaw.360[.]cn, used by Qihoo 360’s Security Claw AI platform. The certificate was issued by WoTrus RSA DV SSL CA 2 and was originally valid from 12 March 2026 to 12 April 2027, with the private key shown to match the public key in the certificate, establishing an operational key pair.
CT logs show the certificate was rotated on 16 March 2026, replacing the original key, a move described as emergency key rotation following the exposure. The domain ecosystem is tied to 360[.]cn and registered to Beijing Qihoo Technology Co., Ltd, supporting attribution to Qihoo 360’s operational infrastructure, and the report warns of risks including server impersonation, TLS interception, credential theft and malicious update delivery within the Security Claw environment.
The root cause is identified as a failure in the software build and packaging pipeline, with sensitive credential material inadvertently included in the installer. according to WoTrus RSA DV SSL CA 2.