Malware distribution via typosquat + Discord social engineering.
Domain: fixxlr.com (registered 2 ...
show moreMalware distribution via typosquat + Discord social engineering.
Domain: fixxlr.com (registered 2026-04-18 via Tucows, Njalla NS)
Hosted at 87.237.52.131 (XSServer GmbH)
Site poses as "virtual mixer and volume booster" — typosquat of
legitimate GoXLR brand (TC-Helicon). No business footprint;
footer copyright dated 2024 despite 5-day-old domain.
Distribution: unsolicited Discord DMs. Operator poses as audio
engineer, directs targets to search "fixxlr" rather than linking.
Falsely claimed affiliation with unrelated legitimate project
FxSound when challenged.
Payload: BunniClient.exe (name does not match advertised product).
Sandbox verdict: Malicious 80/100. Exhibits anti-VM, anti-debug,
packed sections — info-stealer behavior consistent with "Bunni"
family.
Hybrid Analysis: https://hybrid-analysis.com/sample/78b6a6d755a577ff021c4eda53630f2ca45f19a593bb40b805de587be7dd0303
Also reported to Google Safe Browsing and host (XSServer abuse).
show less
PhishingHackingSpoofing
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.