{ "type": "Domain", "indicator": "flightfx.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/flightfx.com", "alexa": "http://www.alexa.com/siteinfo/flightfx.com", "indicator": "flightfx.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3965278854, "indicator": "flightfx.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69a3be40a71473ad1e1ca24b", "name": "fastly.com", "description": "Indicators of conpromise for this domain", "modified": "2026-04-01T00:44:45.494000", "created": "2026-03-01T04:19:12.339000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 266, "CIDR": 2, "FileHash-MD5": 581, "FileHash-SHA1": 597, "FileHash-SHA256": 3442, "email": 14, "hostname": 224, "URL": 307, "CVE": 2 }, "indicator_count": 5435, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66dea8f783e2e21fe8105fa8", "name": "IObit Unlocker", "description": "Browser bar, API access ,\ncached, , device unlocker, search result attacks. |\n\nLink below opened appeared on a device, deleted private crowdstrike.com pulse and other IoC's. Device had only been used for research. Private Crowdstrike pulses included highly highly priority and critical issues found prior to h,obal outage. Unsure if related to IObit. . \n\nhttps://otx.alienvault.com/browse/global/pulses?q=tag:%22esta%20caliente%22&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=esta%20caliente\n\nAs reported before both VirusTotal & otx.alienvault.com experiences frequent attacks. New stealer found.. Other users have mentioned otx issues on other forums.", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T07:51:19.348000", "tags": [ "pe resource", "the bazar", "story", "hackers", "cyber attack", "spotify artist", "gamers", "inno setup", "delphi generic", "win32 exe", "pe32", "intel", "ms windows", "pe32 installer", "module", "linker", "delphi", "info header", "name md5", "language", "overlay", "algorithm", "thumbprint", "serial number", "symantec time", "stamping", "sha256 code", "signing ca", "valid", "valid usage", "class", "windows", "uninstall iobit", "files", "file type", "javascript", "get http", "http requests", "dns resolutions", "ip traffic", "legalcopyright", "component", "read", "write", "dynamicloader", "medium", "time stamping", "malware fighter", "variant", "invalid variant", "stack", "format", "error", "msie", "chrome", "passive dns", "gmt content", "all scoreblue", "name servers", "as35819", "moved", "red team", "are you hiring", "united states", "aaaa", "asnone united", "cname", "nxdomain", "whitelisted", "showing", "as44273 host", "inno5311", "win32", "ipv4", "widgitoolbar", "unknown", "hashes", "windows nt", "win32 dll", "kb file", "historical ssl", "referrer", "malware", "network", "cancer", "dynadot inc", "temp", "domains", "mesh digital" ], "references": [ "unlocker-setup_v1.1.2.exe", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "codes.iobit.com", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Genpack-9877676-0", "display_name": "Win.Malware.Genpack-9877676-0", "target": null }, { "id": "SLF:PUA:Win32/IObitBundler", "display_name": "SLF:PUA:Win32/IObitBundler", "target": null } ], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 379, "FileHash-SHA1": 357, "FileHash-SHA256": 1383, "URL": 122, "domain": 286, "hostname": 568, "email": 8 }, "indicator_count": 3103, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "600 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "unlocker-setup_v1.1.2.exe", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "codes.iobit.com", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Win.malware.genpack-9877676-0", "Slf:pua:win32/iobitbundler" ], "industries": [ "Telecommunications", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69a3be40a71473ad1e1ca24b", "name": "fastly.com", "description": "Indicators of conpromise for this domain", "modified": "2026-04-01T00:44:45.494000", "created": "2026-03-01T04:19:12.339000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 266, "CIDR": 2, "FileHash-MD5": 581, "FileHash-SHA1": 597, "FileHash-SHA256": 3442, "email": 14, "hostname": 224, "URL": 307, "CVE": 2 }, "indicator_count": 5435, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66dea8f783e2e21fe8105fa8", "name": "IObit Unlocker", "description": "Browser bar, API access ,\ncached, , device unlocker, search result attacks. |\n\nLink below opened appeared on a device, deleted private crowdstrike.com pulse and other IoC's. Device had only been used for research. Private Crowdstrike pulses included highly highly priority and critical issues found prior to h,obal outage. Unsure if related to IObit. . \n\nhttps://otx.alienvault.com/browse/global/pulses?q=tag:%22esta%20caliente%22&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=esta%20caliente\n\nAs reported before both VirusTotal & otx.alienvault.com experiences frequent attacks. New stealer found.. Other users have mentioned otx issues on other forums.", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T07:51:19.348000", "tags": [ "pe resource", "the bazar", "story", "hackers", "cyber attack", "spotify artist", "gamers", "inno setup", "delphi generic", "win32 exe", "pe32", "intel", "ms windows", "pe32 installer", "module", "linker", "delphi", "info header", "name md5", "language", "overlay", "algorithm", "thumbprint", "serial number", "symantec time", "stamping", "sha256 code", "signing ca", "valid", "valid usage", "class", "windows", "uninstall iobit", "files", "file type", "javascript", "get http", "http requests", "dns resolutions", "ip traffic", "legalcopyright", "component", "read", "write", "dynamicloader", "medium", "time stamping", "malware fighter", "variant", "invalid variant", "stack", "format", "error", "msie", "chrome", "passive dns", "gmt content", "all scoreblue", "name servers", "as35819", "moved", "red team", "are you hiring", "united states", "aaaa", "asnone united", "cname", "nxdomain", "whitelisted", "showing", "as44273 host", "inno5311", "win32", "ipv4", "widgitoolbar", "unknown", "hashes", "windows nt", "win32 dll", "kb file", "historical ssl", "referrer", "malware", "network", "cancer", "dynadot inc", "temp", "domains", "mesh digital" ], "references": [ "unlocker-setup_v1.1.2.exe", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "codes.iobit.com", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Genpack-9877676-0", "display_name": "Win.Malware.Genpack-9877676-0", "target": null }, { "id": "SLF:PUA:Win32/IObitBundler", "display_name": "SLF:PUA:Win32/IObitBundler", "target": null } ], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 379, "FileHash-SHA1": 357, "FileHash-SHA256": 1383, "URL": 122, "domain": 286, "hostname": 568, "email": 8 }, "indicator_count": 3103, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "600 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "flightfx.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "flightfx.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780307009.6605918 }