Detected #ParrotTDS infection chain
Compromised site
-->
trust.scriptobject[.]com/init.js (ParrotTDS)
-->
store.alignfrisco[.]com (SocGholish)
-->
www[.]publynx[.]com/profileLayout (SocGholish JS C2)
#ParrotTDS
Detected #ParrotTDS infection chain
Compromised site
-->
trust.scriptobject[.]com/init.js (ParrotTDS)
-->
store.alignfrisco[.]com (SocGholish)
-->
images.nashbashracing[.]com/profileLayout (SocGholish JS C2)
Detected #ParrotTDS infection chain
Compromised site
-->
trust.scriptobject[.]com/init.js (ParrotTDS)
-->
store.alignfrisco[.]com (SocGholish)
-->
files.fnomworldwide[.]com/profileLayout (SocGholish JS C2)
Detected #ParrotTDS infection chain
Compromised site
-->
trust.scriptobject[.]com/init.js (ParrotTDS)
-->
store.alignfrisco[.]com (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
trust.scriptobject[.]com/init.js (ParrotTDS)
-->
store.alignfrisco[.]com (SocGholish)
-->
phpmyadmin.emeraldpineventures[.]com/profileLayout (SocGholish JS C2)
Detected #ParrotTDS infection chain
Compromised site
-->
trust.scriptobject[.]com/init.js (ParrotTDS)
-->
clients.dedicatedservicesusa[.]com (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
trust.scriptobject[.]com/init.js (ParrotTDS)
-->
premium.davidabostic[.]com (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
source.scriptsafedata[.]com/init.js (ParrotTDS)
-->
premium.davidabostic[.]com (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
jsincloud[.]com/adv.min.js (ParrotTDS)
-->
premium.davidabostic[.]com (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
jswebcloud[.]net/ui_static.js (ParrotTDS)
-->
premium.davidabostic[.]com (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
jswebcache[.]com/adv.min.js (ParrotTDS)
-->
premium.davidabostic[.]com (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
apicachebot[.]com/ui_cache.js (ParrotTDS)
-->
retraining.allstardriving[.]org (SocGholish)
-->
https://*.loans.fishingreelinvestments[.]com//editContent (SocGholish JS C2)
Detected #ParrotTDS infection chain
Compromised site
-->
apicachebot[.]com/ui_cache.js (ParrotTDS)
-->
retraining.allstardriving[.]org (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
absolutecache[.]com/ui_cache.js (ParrotTDS)
-->
retraining.allstardriving[.]org/5P/Ks5/dqdqA3fCB0c/mkZbd8JGMm6mRmQ== (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
storage.webfiledata[.]com/ui_static.js (ParrotTDS)
-->
retraining.allstardriving[.]org/5P/Ks5/dqdqA3fCB0c/mkZbd8JGMm6mRmQ== (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
absolutecache[.]com/ui_cache.js (ParrotTDS)
-->
retraining.allstardriving[.]org/hZ3Uyv6/t6Phv+74sKj46Pe/7ujq8r664eq/q/z8saHjv6k= (SocGholish)
Detected #ParrotTDS infection chain
Compromised site
-->
webdatacache[.]com/ui_cache.js (ParrotTDS)
-->
webdatacache[.]com/ui_cache.js (ParrotTDS)
-->
retraining.allstardriving[.]org/hZ3Uyv6/t6Phv+74sKj46Pe/7ujq8r664eq/q/z8saHjv6k= (SocGholish)
Observed #ParrotTDS #Socgholish domain
victim site
-->
followcache[.]com/ui_cache.js?ver=ab29anwemn77tgn72vwvfg (ParrotTDS)
-->
retraining.allstardriving[.]org/hZ3Uyv6/t6Phv+74sKj46Pe/7ujq8r664eq/q/z8saHjv6k=
New observed #SocGholish #ParrotTDS server:
visitclouds[.]com/ac-analytics.js?ver='
217[.]29.53.49
Haven't been able to get the full chain off this domain yet, probably due to it just coming live 10 hours ago according to VT
Detected #ParrotTDS infection chain
Compromised site
-->
cachewebspace[.]com/jquery.min.js (ParrotTDS)
-->
retraining.allstardriving[.]org/hZ3Uyv6/t6Phv+74sKj46Pe/7ujq8r664eq/q/z8saHjv6k= (SocGholish)
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst