Mastodawn

Show thread

Steve Castellarin 2d ago

@monitorsg - also saw possible #SmartApeSG on khaotixlab[.]top on 4/14/26.

Monitor SG 2d ago

Detected #SmartApeSG infection chain

Compromised site
-->
crypta-wave[.]top/secure/admin-dom.php
-->
crypta-wave[.]top/secure/rate-build.js (clickfix)

Monitor SG 3d ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
z3nbyte[.]top/metrics/public-effect.js
-->
z3nbyte[.]top/metrics/reset-transpiler.php
-->
z3nbyte[.]top/metrics/trace-hook.js (clickfix)

Monitor SG 3d ago

Detected #SmartApeSG infection chain

Compromised site
-->
byte-shard[.]top/metrics/reset-transpiler.php
-->
byte-shard[.]top/metrics/trace-hook.js (clickfix)

Monitor SG 4d ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
nexvoid[.]top/auth/legacy-controller.js
-->
nexvoid[.]top/auth/legacy-sessionstore.php
-->
nexvoid[.]top/auth/alias-script.js (clickfix)

Monitor SG 5d ago

Detected #SmartApeSG infection chain

Compromised site
-->
khaotixlab[.]top/alias/login-ajax.php
-->
khaotixlab[.]top/alias/middleware-controller.js (clickfix)

Monitor SG 5d ago

Detected #SmartApeSG infection chain

Compromised site
-->
fluxy-core[.]top/alias/login-ajax.php
-->
fluxy-core[.]top/alias/middleware-controller.js (clickfix)

Monitor SG Apr 10

Detected #SmartApeSG infection chain

Compromised site
-->
zarrvilo[.]top/metrics/identity-validator.php
-->
zarrvilo[.]top/metrics/permission-css.js (clickfix)

Monitor SG Apr 10

Detected #SmartApeSG infection chain

Compromised site
-->
xoera[.]top/metrics/identity-validator.php
-->
xoera[.]top/metrics/permission-css.js (clickfix)

Monitor SG Apr 9

Detected #SmartApeSG infection chain

Compromised site
-->
zellvaro[.]top/rate/gateway-xml.php
-->
zellvaro[.]top/rate/throttle-component.js (clickfix)