📖 Overview
A new URL-based indicator has been identified associated with payload delivery activity tied to the malware win.netsupportmanager_rat. This malicious URL, hosted under the domain linomu[.]com, masquerades as a legitimate JavaScript resource but instead delivers a remote access trojan with full control capabilities.
📌 Key Details
Field | Information |
---|---|
Type | URL |
Indicator | linomu[.]com/ajax/pixi.min.js |
Threat Type | Payload Delivery |
Malware | win.netsupportmanager_rat |
Confidence | 100% |
Date | 28 Aug 2025 – 14:02:09 UTC |
Tags | SmartApeSG |
Reporter | monitorsg |
🔎 URLScan Result
- Page Title: Home Page
- Screenshot: https://urlscan.io/screenshots/0198f104-03d0-74e7-a2c9-00439dce91e1.png
- Result: https://urlscan.io/result/0198f104-03d0-74e7-a2c9-00439dce91e1/

📡 Related Intelligence
- VirusTotal Report: https://www.virustotal.com/gui/url-analysis/u-d6003ff5bcebc6d398a9ec864edb9e27579e22f2141e5b22b99b04817420d8ff-1756402617
🛡️ Defensive Guidance
- Block
linomu[.]com
at the network and endpoint level. - Monitor for suspicious script loads from unexpected domains.
- Hunt for win.netsupportmanager_rat persistence artifacts in endpoint telemetry.
- Review proxy/firewall logs for attempted outbound requests to malicious JS payloads.