Cloudflare Radar Top Domains list redacts and hides Aisuru domains
Security Tool/Service
Summary
Hide ▲
Show ▼
Cloudflare redacted Aisuru domains from its Top Domains rankings after the botnet started gaming the public list and distorting trust signals. The update reduces the visibility of malicious entries that were being surfaced by high DNS query volume rather than normal user traffic. It matters because the rankings feed downstream safety and reputation systems that may treat top-N domains as trusted.
Related Happenings
Broad Keitaro TDS abuse across more than 120 campaigns
Target Trend
First: 27.04.2026 09:33
Last: 27.04.2026 09:33
Sources 1
About this happening:
**Keitaro TDS** was abused by **more than 120 distinct campaigns** between **October 2025 and January 2026**, showing a broad recurring pattern of malicious link delivery and spam...
Broad Keitaro TDS abuse across more than 120 campaigns
Target TrendAbout this happening: **Keitaro TDS** was abused by **more than 120 distinct campaigns** between **October 2025 and January 2026**, showing a broad recurring pattern of malicious link delivery and spam...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor Meta
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
**Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor MetaAbout this happening: **Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
TA416 European government espionage campaign
Campaign
First: 01.04.2026 15:05
Last: 01.04.2026 15:05
Sources 1
About this happening:
TA416 has resumed **cyber espionage** activity, targeting **European governments** and **EU/NATO diplomatic missions** with a renewed malware-delivery operation that raises cross-...
TA416 European government espionage campaign
CampaignAbout this happening: TA416 has resumed **cyber espionage** activity, targeting **European governments** and **EU/NATO diplomatic missions** with a renewed malware-delivery operation that raises cross-...
Latest development: 03.04.2026 20:34
TA416 expanded its espionage campaign to Middle Eastern government and diplomatic entities after the outbreak of the U.S.-Israel-Iran conflict in late February 2026, while linking to archives hosted on Google Drive or a compromised SharePoint instance to refine its PlugX delivery chain and collect regional intelligence.
Ip6.arpa reverse-DNS phishing campaign using IPv6 tunneling
Campaign
First: 08.03.2026 16:12
Last: 08.03.2026 16:12
Sources 1
About this happening:
A **phishing campaign** is abusing **ip6.arpa reverse DNS** and **IPv6 tunneling** to slip past domain reputation checks and **email security gateways**, making malicious links ha...
Ip6.arpa reverse-DNS phishing campaign using IPv6 tunneling
CampaignAbout this happening: A **phishing campaign** is abusing **ip6.arpa reverse DNS** and **IPv6 tunneling** to slip past domain reputation checks and **email security gateways**, making malicious links ha...
Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations
Threat Actor Meta
First: 05.03.2026 08:51
Last: 05.03.2026 08:51
Sources 1
About this happening:
**Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....
Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations
Threat Actor MetaAbout this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....
Latest development: 17.05.2026 17:43
eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.
Timeline
-
06.11.2025 04:04 2 articles · 6mo ago
Cloudflare Radar Top Domains list redacts and hides Aisuru domains
Initial Disclosure**Cloudflare Radar** first partially obscured **Aisuru** domains, then began hiding them from the web list as the botnet kept surfacing in the rankings.
Show sources
- Cloudflare Scrubs Aisuru Botnet from Top Domains List — krebsonsecurity.com — 06.11.2025 04:04
- Cloudflare Scrubs Aisuru Botnet from Top Domains List — krebsonsecurity.com — 06.11.2025 04:04