#Tycoon2FA #Phishing 🚨Using new TLD - .co.im🚨 CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev @marsomx_ @JAMESWT_MHT @DonPasci

#Tycoon2FA #Phishing 🐟 Lost the count of New Domains Full List: https://t.co/OR4WQvO9Lb Tool used: @censysio CC: @RacWatchin8872 @g0njxa @500mk500

CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev @marsomx_ @JAMESWT_MHT @DonPasci

#Lumma #Malware 👾12 New Lumma Domains with 0 Hits👾 Lumma was the first malware C2 I hunted After its decline I moved to Tycoon Phishing, but why not trying Lumma Again 🚨 https://t.co/cxRGtBp4SI🚨 Thanks for helping me @g0njxa

#Tycoon2FA #Phishing 🚨Almost 10K🚨 https://t.co/YTVnXcDv47

#Tycoon2FA - Anti-bot system got a few new features - New TLD's being used: .email (@nullwhire95 thanks for the info!!) CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev @marsomx_ @JAMESWT_MHT @DonPasci

#Tycoon2FA #Phishing 🐟 225 New Domains https://t.co/APjJ0i1SOi Full List: https://t.co/OR4WQvO9Lb Uploaded to: @spamhaus Tool used: @censysio CC: @RacWatchin8872 @g0njxa @500mk500

All the domains are now submitted to @spamhaus CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev @marsomx_ @JAMESWT_MHT @DonPasci

Mapping Lumma's infrastructure 🧵 Key pivots: ℹ️Cert fingerprints connecting distribution → C2 ℹ️ASN clustering (Aeza, Routerhosting, Proton66) ℹ️Domain patterns (.qpon, .top, .xyz, .ru) 👉 https://t.co/Pjrwk1bKT7

#Tycoon2FA #Phishing 🐟 127 New Domains https://t.co/Scn8fZGIiH Full List: https://t.co/OR4WQvOHAJ Tool used: @censysio CC: @RacWatchin8872 @g0njxa @500mk500

#Phishing Almost 10k #Tycoon2fa Domains CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev @marsomx_ @JAMESWT_MHT @DonPasci

#Tycoon2FA #Phishing 🐟 558 New Domains Full List: https://t.co/OR4WQvOHAJ Tool used: @ValidinLLC CC: @RacWatchin8872 @g0njxa @500mk500

#Tycoon2FA #Phishing One more TLD: - .ru.com (If you know more TLD's that are not listed in the github, please DM me) CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev @marsomx_ @JAMESWT_MHT @DonPasci

#Tycoon2FA #Phishing 🐟To Many Domains Founded, Bot doesn't know the number Full List: https://t.co/OR4WQvOHAJ Tool used: @ValidinLLC CC: @RacWatchin8872 @g0njxa @500mk500

#Tycoon2FA #Phishing 🐟78 Domains related to Tycoon2FA Phishing with Low Hits on vt: https://t.co/r26Lv7EYgV Full List: https://t.co/OR4WQvO9Lb Tool used: @ValidinLLC CC: @RacWatchin8872 @g0njxa @500mk500

#Tycoon2FA #Phishing - Using new TLD ([.]co[.]za) - New Anti-Bot System (never saw something like that) CC: @banthisguy9349 @NDA0E @BlinkzSec @kddx0178318 @raghav127001 @DaveLikesMalwre @g0njxa @ViriBack @500mk500 @ge0lev @marsomx_ @JAMESWT_MHT @DonPasci

Awesome blog post @silentpush!! https://t.co/k8OsdYB8MO

#Tycoon2FA #Phishing 🐟10 Domains related to Tycoon2FA Phishing with Low Hits on vt: https://t.co/XzD4hBU462 Full List: https://t.co/OR4WQvOHAJ Tool used: @ValidinLLC CC: @RacWatchin8872 @g0njxa @500mk500

#Tycoon2FA #Phishing 🐟79 Domains related to Tycoon2FA Phishing with Low Hits on vt: https://t.co/n0j8Tp3cNk Full List: https://t.co/OR4WQvOHAJ Tool used: @ValidinLLC CC: @RacWatchin8872 @g0njxa @500mk500

#Tycoon2FA #Phishing 🐟48 Domains related to Tycoon2FA Phishing with Low Hits on vt: https://t.co/KQDmnW3fUv Full List: https://t.co/OR4WQvO9Lb Tool used: @ValidinLLC CC: @RacWatchin8872 @g0njxa @500mk500