Mobile threat intelligence for the masses

Try a real life example of Pithus on TryHackMe: Android Malware Analysis
Search by fuzzy hash
See an example of report.

Results

jp.pxv.android
01ef31a90de30a994a897981dbde85f09dc61ed62024476b874231462e4fd902
pixiv
Version: 23822
First seen: 2022-06-26T00:11:27.359847
Attribute: domains

app-api-acti-dev.misoshi.ru

Attribute: domains_analysis._name

app-api-acti-dev.misoshi.ru

Threat level: Moderate Risk
com.trovo.streamerapp
4260817442739ca7f64e56b5b8afe196767d5deb52a0122c732903763605386b
HTV 3.7.1
Version: 65
First seen: 2022-06-23T19:12:57.922939
Attribute: domains

api-m.paypal.com
api-m.sandbox.paypal.com

Attribute: domains_analysis._name

api-m.paypal.com
api-m.sandbox.paypal.com

Threat level: Moderate Risk
com.smd.douyin18.app
9c3fa07b0981d47973ae6e17402029bff511095ed2cfc55136ebea8ae439ff25
TikTok18
Version: 120
First seen: 2022-06-22T12:30:53.461309
Attribute: domains

douyin18-276110.firebaseio.com
api.5nxam.xyz

Attribute: domains_analysis._name

douyin18-276110.firebaseio.com
api.5nxam.xyz

Threat level: High Risk
com.google.android.tts
cf98a1acc68e6f7d425d9186209f5526e1fdd70ff517c571da61059f87db0649
Speech Services by Google
Version: 210333543
First seen: 2022-06-22T03:02:57.737503
Attribute: domains

vital-axiom-120111.firebaseio.com

Attribute: domains_analysis._name

vital-axiom-120111.firebaseio.com

Threat level: Moderate Risk
Attribute: domains

api-project-641133715768.firebaseio.com
api-m.paypal.com
api-ssl.bitly.com
api-m.sandbox.paypal.com

Attribute: domains_analysis._name

api-project-641133715768.firebaseio.com
api-m.paypal.com
api-ssl.bitly.com
api-m.sandbox.paypal.com

Threat level: Moderate Risk
com.sony.songpal.mdr
2c2a476356462ec4cfbdeccb2264fd9ccbb7b5b4e1064f84cce5c677aa204b1d
Headphones
Version: 30200
First seen: 2022-06-19T13:01:34.758841
Attribute: domains

api-deva.meta.csxdev.com

Attribute: domains_analysis._name

api-deva.meta.csxdev.com

Threat level: Moderate Risk
com.mxtech.videoplayer.ad
7881345a05fcf6c90f37bfefe3248c1a622907b66474cba48d44b85f68810371
MX Player
Version: 1310001631
First seen: 2022-06-18T11:57:24.890255
Attribute: domains

api-preprod.amazon.com
api-preprod.amazon.co.uk
api-sandbox.amazon.co.jp
bleu8888.firebaseio.com
api-preprod.amazon.co.jp

Attribute: domains_analysis._name

api-preprod.amazon.com
api-preprod.amazon.co.uk
api-sandbox.amazon.co.jp
bleu8888.firebaseio.com
api-preprod.amazon.co.jp

6/59
Attribute: domains

api.3stripes.net

Attribute: domains_analysis._name

api.3stripes.net

Threat level: Moderate Risk
Attribute: domains

api.7tv.app

Attribute: domains_analysis._name

api.7tv.app

Threat level: Moderate Risk
com.wakie.android
aedd46b9bcab130f868796cbf10b21f6bc79ba35bc7e591e38609dba5953ca3f
Wakie
Version: 262
First seen: 2022-06-14T06:23:03.503379
Attribute: domains

wakie-96696.firebaseio.com

Attribute: domains_analysis._name

wakie-96696.firebaseio.com

Threat level: Moderate Risk
com.grindrapp.android
464e4679664b2d1862d657795e18fc0c0ef302de9bc77a67bf7eaec34b904454
Grindr
Version: 99264
First seen: 2022-06-13T04:34:22.289380
Attribute: domains

api-project-1036042917246.firebaseio.com

Attribute: domains_analysis._name

api-project-1036042917246.firebaseio.com

Threat level: Moderate Risk
com.android.plus.speed
b64e5f7530380737c56af88a8e70bd505da354dae7786e56bf3c7c34e9a590f1
Android Plus
Version: 3
First seen: 2022-06-12T11:58:55.317186
Attribute: domains

api-project-751842291101.firebaseio.com

Attribute: domains_analysis._name

api-project-751842291101.firebaseio.com

Threat level: Moderate Risk
Similar samples:
doujinpaid.skyhi…
com.carxtech.carxdr2
53e207b439f6149962c7b7108b5fc410f1f37e7ea41838e5687df1a1665c1721
CarX Drift Racing 2
Version: 342
First seen: 2022-06-12T06:09:01.118449
Attribute: domains

carx-drift-racing-2-99670949.firebaseio.com

Attribute: domains_analysis._name

carx-drift-racing-2-99670949.firebaseio.com

Threat level: Moderate Risk
com.estrongs.android.pop
1c8bec216248b0f2a41767c67e0dfa73420f70c56105444eb4d1e54797783ee9
ES File Explorer
Version: 10168
First seen: 2022-06-11T10:59:05.996643
Attribute: domains

api-es.doglobal.net
api-en.os.qiku.com
api-feedback.iqiyi.com

Attribute: domains_analysis._name

api-es.doglobal.net
api-en.os.qiku.com
api-feedback.iqiyi.com

Threat level: High Risk
com.doubleTwist.cloudPlayerPro
d1396111d543bd3cff14ac00650f29e7b088e2d7d80afda72b1caf84192390ac
CloudPlayer Platinum
Version: 10177
First seen: 2022-06-09T23:21:48.360457
Attribute: domains

api-project-922192853713.firebaseio.com

Attribute: domains_analysis._name

api-project-922192853713.firebaseio.com

Threat level: Moderate Risk
com.picsart.studio
c43e15cd5063d3d20befd75893fe1a0a040564358cc22d0a90c079105dd88a0e
Picsart
Version: 993819903
First seen: 2022-06-08T17:49:36.253573
Attribute: domains

api-project-1076413845392.firebaseio.com

Attribute: domains_analysis._name

api-project-1076413845392.firebaseio.com

Threat level: Moderate Risk
com.sophos.smsec
98c80b9a02ae236de21b984abbdd838fa19088a4a67c861e791b6bcf199135f6
Sophos Intercept X for Mobile
Version: 3495
First seen: 2022-06-07T23:49:15.300896
Attribute: domains

sophos-mobile-control-eb139.firebaseio.com

Attribute: domains_analysis._name

sophos-mobile-control-eb139.firebaseio.com

Threat level: Moderate Risk
Attribute: domains

api-va.tiktokv.com

Attribute: domains_analysis._name

api-va.tiktokv.com

26/60
com.sec.android.inputmethod
160083235b512494ac6e85ec3c2beab0205c2d940d344f55796591d0ba5ad262
Samsung Keyboard
Version: 332333030
First seen: 2022-06-06T18:42:45.106376
Attribute: domains

api-samsung.swypeconnect.com

Attribute: domains_analysis._name

api-samsung.swypeconnect.com

Threat level: Moderate Risk
com.now.moov
c61848dde9ad9322ab241f36a86ba06fa1373b16eeda81687ee7ed9e90e735fa
MOOV
Version: 905
First seen: 2022-06-05T12:51:41.433878
Attribute: domains

moov-995.firebaseio.com

Attribute: domains_analysis._name

moov-995.firebaseio.com

Threat level: Moderate Risk
com.apple.android.music
9a78c79f7f88d884b8f9f452446fb892170c90e1d7881e8246303a6f59a58c06
Apple Music
Version: 901
First seen: 2022-06-05T12:35:02.163084
Attribute: domains

apple-music-8cac2.firebaseio.com

Attribute: domains_analysis._name

apple-music-8cac2.firebaseio.com

Threat level: Moderate Risk
lyr.search.net
df4a8a026c692325cf63fdc2326609cdcf7ce0edb5ffebcebe5671cd21249912
Fildo
Version: 457
First seen: 2022-06-04T20:15:56.252563
Attribute: domains

lyric-522a9.firebaseio.com

Attribute: domains_analysis._name

lyric-522a9.firebaseio.com

Threat level: Moderate Risk
com.app.awqsome.ennowallet
ebb57304a4432179cae975f51b0a905c20bf7090637c81e40057fd89b5bdbf17
Enno Wallet
Version: 230
First seen: 2022-06-04T09:33:40.458738
Attribute: domains

api-testnet.waves.exchange

Attribute: domains_analysis._name

api-testnet.waves.exchange

Threat level: Moderate Risk
org.khanacademy.android
d6c35fcb7c3e8695fea2d1dc0b7b0f405afee0fcf3746eb5a4412d19a2115c20
Khan Academy
Version: 100535
First seen: 2022-06-03T01:11:07.407634
Attribute: domains

khan-academy-a13d4.firebaseio.com

Attribute: domains_analysis._name

khan-academy-a13d4.firebaseio.com

Threat level: Moderate Risk
com.camerasideas.trimmer
f635bfbe03f446cdd5846e93cd6cdd35cbc8a5ed13987b1e399a27d1becd0dde
YouCut - Video Editor
Version: 1142
First seen: 2022-06-02T17:29:17.039090
Attribute: domains

youcut-7d8a3.firebaseio.com

Attribute: domains_analysis._name

youcut-7d8a3.firebaseio.com

Threat level: Moderate Risk
Attribute: domains

ssservice-d0f49.firebaseio.com

Attribute: domains_analysis._name

ssservice-d0f49.firebaseio.com

Threat level: Moderate Risk
Attribute: domains

ssservice-d0f49.firebaseio.com

Attribute: domains_analysis._name

ssservice-d0f49.firebaseio.com

Threat level: Moderate Risk
quic.ktran.slate
064bb9f0ad0acb773578bfeccc2e7e4ac6865763abd583682126637bc7975513
Quick Translate
Version: 1
First seen: 2022-06-02T12:27:13.208690
Attribute: domains

amm-api-translate.herokuapp.com

Attribute: domains_analysis._name

amm-api-translate.herokuapp.com

Threat level: Moderate Risk
io.oneinch.android
0ef382c6dc62eddbd8fa54704d5d06e5866989a3e36199cb1dfadb89f6668f14
1inch Wallet
Version: 190
First seen: 2022-06-01T21:50:44.260634
Attribute: domains

gas-price-api.1inch.io
api-optimistic.etherscan.io

Attribute: domains_analysis._name

gas-price-api.1inch.io
api-optimistic.etherscan.io

Threat level: Moderate Risk
com.americamovil.claroshop
65c889bda27777bb9c6b7b1b19a45bc225636472b4217728d20bafd6a5b2e70d
Claro shop
Version: 700027
First seen: 2022-06-01T21:04:57.264933
Attribute: domains

api-m.paypal.com
sdk-api-v1.singular.net
api-m.sandbox.paypal.com

Attribute: domains_analysis._name

api-m.paypal.com
sdk-api-v1.singular.net
api-m.sandbox.paypal.com

Threat level: Moderate Risk
Attribute: domains

api-vabf-sis-idfm.eae.apis.svc.as8677.net

Attribute: domains_analysis._name

api-vabf-sis-idfm.eae.apis.svc.as8677.net

Threat level: Moderate Risk
com.schoology.app
9e79eb1508bf1ae90874f168332f635da62c50e770223b4e7da89ba0e7a22182
Schoology
Version: 600000442
First seen: 2022-06-01T13:52:14.197115
Attribute: domains

api-project-113270738334.firebaseio.com

Attribute: domains_analysis._name

api-project-113270738334.firebaseio.com

Threat level: Moderate Risk
Attribute: domains

api-cmshow-sdk.cmcm.com
api-gd.dutils.com

Attribute: domains_analysis._name

api-cmshow-sdk.cmcm.com
api-gd.dutils.com

Threat level: High Risk
Attribute: domains

femm-health-app-a7172.firebaseio.com

Attribute: domains_analysis._name

femm-health-app-a7172.firebaseio.com

Threat level: Moderate Risk
com.facily
df2b8bc38fd83b1c769eea8c4104f16f702b2921fb56f8c5f1913d29057c408f
Facily
Version: 4100004
First seen: 2022-05-28T20:36:17.576361
Attribute: domains

facily-817c2.firebaseio.com

Attribute: domains_analysis._name

facily-817c2.firebaseio.com

Threat level: Moderate Risk
com.intsig.camscanner
265479ed06b68288594dcf017cfa7c9f99470ec93e44c3ab0dce725ed6962631
CamScanner
Version: 61587
First seen: 2022-05-27T23:13:40.787474
Attribute: domains

api.500px.com
api-cs-bak.intsig.net
camscanner-d8060.firebaseio.com
api-t.auth.lvjinhui.cn
api-cs.intsig.net

Attribute: domains_analysis._name

api.500px.com
api-cs-bak.intsig.net
camscanner-d8060.firebaseio.com
api-t.auth.lvjinhui.cn
api-cs.intsig.net

Threat level: Moderate Risk
id.xecureworld.app
da5ff752aa599dbaf486df1422ef67ae06a0df158c0d11e427fa2cd14772ce5d
PALAPA
Version: 5970
First seen: 2022-05-27T17:54:40.602746
Attribute: domains

sonorous-veld-162113.firebaseio.com

Attribute: domains_analysis._name

sonorous-veld-162113.firebaseio.com

Threat level: Moderate Risk
Attribute: domains

passbase-api-preprod-master-api-server.service.passbase.com

Attribute: domains_analysis._name

passbase-api-preprod-master-api-server.service.passbase.com

Threat level: Moderate Risk
Attribute: domains

bob-books-reading-magic-2.firebaseio.com

Attribute: domains_analysis._name

bob-books-reading-magic-2.firebaseio.com

Threat level: Moderate Risk
com.arabChat.dating
ec51740ad10edd1c6b6429c0855b2a781b29689709947bf87205ff433c3b4013
عرب شات
Version: 37
First seen: 2022-05-24T10:53:54.977188
Attribute: domains

arabchat-9ef07.firebaseio.com

Attribute: domains_analysis._name

arabchat-9ef07.firebaseio.com

Threat level: Moderate Risk
com.samsung.android.scloud
5de343910159183e5bf76c49bb19a23012358d6e995417c66087670441c8f59d
Samsung Cloud
Version: 440013000
First seen: 2022-05-24T02:10:39.616825
Attribute: domains

samsungcloud-f0001.firebaseio.com

Attribute: domains_analysis._name

samsungcloud-f0001.firebaseio.com

Threat level: Moderate Risk
com.recollect.linkus
390df52c6c7ce9f95455c540ac825c36f915539482df44912f2561ce4e962cc6
Private Messenger
Version: 733
First seen: 2022-05-23T10:20:07.436774
Attribute: domains

project-1720012803535836257.firebaseio.com

Attribute: domains_analysis._name

project-1720012803535836257.firebaseio.com

Threat level: High Risk
com.transsion.plat.appupdate
2584e9529e0988c1c2f9d657c5e2c55d1770e451d4120c176b5a505f2ee1033d
App Update
Version: 461030
First seen: 2022-05-22T18:00:24.588241
Attribute: domains

app-update-d5858.firebaseio.com

Attribute: domains_analysis._name

app-update-d5858.firebaseio.com

Threat level: Moderate Risk
net.bat.store
f5346d1388aff293bc84b481c3a9823cc3bf76ffc241fcf455754b86028f22b9
AHA Games
Version: 1903
First seen: 2022-05-22T17:20:32.808661
Attribute: domains

app-store-63685.firebaseio.com

Attribute: domains_analysis._name

app-store-63685.firebaseio.com

1/62
com.ryde_android
d22ed5cbfbca942c8d5ad225867891b5a9f8acc4a511745d394ceb32e96466b7
Ryde
Version: 193
First seen: 2022-05-22T13:37:35.478630
Attribute: domains

ryde-93e57.firebaseio.com

Attribute: domains_analysis._name

ryde-93e57.firebaseio.com

Threat level: High Risk
ru.mts.music.android
fce66629f6ec97e28c3a1f18ad725c6946c9a9a553af7c437e023a7b3eba49c9
МТС Music
Version: 353441
First seen: 2022-05-22T13:31:32.140899
Attribute: domains

mtsmusic-06122019.firebaseio.com

Attribute: domains_analysis._name

mtsmusic-06122019.firebaseio.com

Threat level: Moderate Risk
com.fitbod.fitbod
df633b6d6cf58eed9bc5885a7998fb4f916787c12282fde273b476f40dec9eff
Fitbod
Version: 1030602
First seen: 2022-05-19T21:17:56.712480
Attribute: domains

fitbod-f9767.firebaseio.com

Attribute: domains_analysis._name

fitbod-f9767.firebaseio.com

Threat level: Moderate Risk
doujinpaid.skyhighmm
4c131a7ea90544e3e855b3eb94447522a5378de88d654ec845746b156b52f9d2
DoujinPaid Sky High MM
Version: 1
First seen: 2022-05-19T11:20:09.194868
Attribute: domains

api-project-751842291101.firebaseio.com

Attribute: domains_analysis._name

api-project-751842291101.firebaseio.com

4/63
Similar samples:
com.android.plus…
Attribute: domains

purchase-api-qa.dynabic.com

Attribute: domains_analysis._name

purchase-api-qa.dynabic.com

Threat level: Moderate Risk
co.sitic.pp
e3848a88ead126dd544645865b15dd3e5940968068de8db27e0c92555fe57810
sysDLL
Version: 1089
First seen: 2022-05-18T20:09:47.920784
Attribute: domains

phoneprotect-47af3.firebaseio.com

Attribute: domains_analysis._name

phoneprotect-47af3.firebaseio.com

Threat level: Moderate Risk