Behind the Flashpoint Intel Site Compromise | WhoisXML API

Threat reports

Behind the Flashpoint Intel Site Compromise

Back in 2019, the Flashpoint Intel site suffered from a zero-day attack that caused visitors with JavaScript enabled on their systems to be redirected to an external website with a malware-laced pop-up.1

WhoisXML API threat researcher Dancho Danchev took a trip down memory lane to revisit the incident. Using 10 publicized indicators of compromise (IoCs), malicious domains to be exact, he found that parts of the criminal infrastructure remain active, specifically:

  • 290+ IP addresses to which the domains identified as IoCs resolved
  • 170+ possibly connected domains since they shared the IoCs’ hosts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://flashpoint.io/blog/after-action-report-flashpoint-remediation-of-0-day-exploit-on-our-public-facing-website/
Try our WhoisXML API for free
Get started