# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: magecart # Reference: https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/ magentocore.net # Reference: https://www.riskiq.com/blog/labs/magecart-keylogger-injection/ abuse-js.link angular.club cdn-js.link docstart.su govfree.pw jquery-cdn.top js-abuse.link js-abuse.su js-cdn.link js-link.su js-magic.link js-mod.su js-save.link js-save.su js-start.su js-stat.su js-sucuri.link js-syst.su js-top.link js-top.su jscript-cdn.com lolfree.pw mage-cdn.link mage-js.link mage-js.su magento-cdn.top mageonline.net mipss.su mod-js.su mod-sj.link sj-mod.link sj-syst.link stat-sj.link statdd.su statsdot.eu stecker.su stek-js.link syst-sj.link top-sj.link truefree.pw # Reference: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ http://89.47.162.248 baways.com # Reference: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/ http://85.93.5.188 http://94.156.133.211 webfotce.me # Reference: https://twitter.com/bad_packets/status/1043809501516726272 gamacdn.com # Reference: https://twitter.com/hashtag/magecart?src=hash # Reference: https://twitter.com/AmiV2/status/1042988934576271360 neweggstats.com # Reference: https://otx.alienvault.com/pulse/5c9287b3b67a75234fc56b6b cdnassels.com cdnmage.com cmytuok.top configsysrc.info js-cloud.com magejavascripts.com magesecuritys.com magescripts.pw mcloudjs.com mypiltow.com secure.livechatinc.org # Reference: https://twitter.com/jeromesegura/status/1121134552158621696 # Reference: https://twitter.com/bad_packets/status/1121147936203624448 # Reference: https://otx.alienvault.com/pulse/5cd3ef4f22e204745f6672c3 magento-analytics.com # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada/ cloudmetric-analytics.com g-analytics.com ebitbr.com # Reference: https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/ googletagmanager.eu # Reference: https://twitter.com/jeromesegura/status/1128387989111853056 jqueryextd.at # Reference: https://twitter.com/bad_packets/status/1128517905765683201 fontsawesome.gq # Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/ # Reference: https://otx.alienvault.com/pulse/5ce56f2bc5bbee0a58f7073c thatispersonal.com top5value.com voodoo4tactical.com # Reference: https://twitter.com/jeromesegura/status/1133160126561394688 # Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/ modest4ever.com # Reference: https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html # Reference: https://www.virustotal.com/gui/ip-address/178.33.231.184/relations http://178.33.231.184 adorebeauty.org all-about-sneakers.org battery-force.org blackriverimaging.org braincdn.org childsplayclothing.org citywlnery.org closetlondon.org dahlie.org davidsfootwear.org dobell.su elpalaciodehierro.org etradesupply.org exrpesso.org foodandcot.com freshdepor.com greatfurnituretradingco.org hqassets.com jewsondirect.com kik-vape.org labbe.biz lamoodbighats.net mage-checkout.org misshaus.org nililotan.org oakandfort.org ottocap.org pmtonline.su replacemyremote.org safeprocessor.com sagecdn.org scriptdesire.com security-payment.su shop-rnib.org slickjs.org swappastore.com verywellfitnesse.com walletgear.org # Reference: https://blog.malwarebytes.com/threat-analysis/2019/06/magecart-skimmers-found-on-amazon-cloudfront-cdn/ cdn-imgcloud.com font-assets.com js-cloudhost.com wix-cloud.com ww1-filecloud.com # Reference: https://twitter.com/rommeljoven17/status/1144786273741107200 # Reference: https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html # Reference: https://otx.alienvault.com/pulse/5d1a08ac3f9760423c70c999 tracker-visitors.com jquery-web.com jquery-stats.com jsreload.pw routingzen.com # Reference: https://twitter.com/eComscan/status/1147077036692922368 http://89.32.251.136 # Reference: https://www.zscaler.com/blogs/research/magecart-activity-and-campaign-enhancements # Reference: https://www.virustotal.com/gui/ip-address/62.233.50.75/relations # Reference: https://www.virustotal.com/gui/domain/dnsden.biz/relations # Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/ http://93.187.129.249/gate.php developer-js.info dnsden.biz jquery-bin.com jquery-bins.com jsreload.pw jqueryextd.at routingzen.com saterday-race.com scriptvault.org /errors/default/gate.php # Reference: https://twitter.com/killamjr/status/1151142181643702277 ccprocess.review # Reference: https://twitter.com/eComscan/status/1152153363892637696 magesource.su # Reference: https://twitter.com/AffableKraut/status/1154641710653300737 googlepíng.com xn--googlepng-m5a.com # Reference: https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html # Reference: https://twitter.com/daphiel/status/1156314169492279299 invoiceservice.info lnfo.cc google-analytîcs.com xn--google-analytcs-xpb.com google.ssl.lnfo.cc # Reference: https://twitter.com/killamjr/status/1154393722777460737 googlc-analytics.cm # Reference: https://twitter.com/jeromesegura/status/1158473869029601280 mageento.com onlineclouds.cloud # Reference: https://twitter.com/rommeljoven17/status/1158657062403883008 api-googles.com facebookfollow.com gstatlcs.com qpstasis.com # Reference: https://twitter.com/rommeljoven17/status/1169124706567544832 jquerycodemagento.com # Reference: https://twitter.com/killamjr/status/1171399767240273920 trafficanalyzer.biz # Reference: https://twitter.com/MBThreatIntel/status/1171817639728934912 magentoconnectors.com # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/ # Reference: https://otx.alienvault.com/pulse/5d821c4c16cca4b63f931226 googletrackmanager.com # Reference: https://twitter.com/shotgunner101/status/1174759248703741952 bluemarineholding.com/wp-includes/locales.php # Reference: https://www.riskiq.com/blog/labs/magecart-reused-domains/ # Reference: https://otx.alienvault.com/pulse/5d836d20a4a3d90861e796e2 cdnanalytics.net cdnapis.com contextjs.info magelib.com magento-order.com nexcesscdh.net ossmaxcdn.com # Reference: https://twitter.com/shotgunner101/status/1175181663464230913 google-analyitics.org # Reference: https://www.ibm.com/downloads/cas/O3W1LZAZ cnzz.space cnzz.work jsboxcontents.com ms-akadns.com sdsyxwx.com survey-microsoft.net /runforestrun?sid=botnet # Reference: https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/ # Reference: https://otx.alienvault.com/pulse/5d9cf3671d2973bf30d2753f cdn-volusion.com volusion-cdn.com # Reference: https://twitter.com/killamjr/status/1182045635593289728 clouding.live piratefashions.com # Reference: https://twitter.com/killamjr/status/1182050912224849920 jsblom.com # Reference: https://twitter.com/xiatianguo/status/1183405035192872961 # Reference: https://twitter.com/FullM3talPacket/status/1182404667755520000 # Reference: https://pastebin.com/kqMV9vCX bks0.com cssjs.co jscss.co jspri.co pen4.co j2.is # Reference: https://twitter.com/MBThreatIntel/status/1184531791102857216 assetstorage.net fileskeeper.org # Reference: https://twitter.com/killamjr/status/1185376383180136448 mgstrs.com # Reference: https://www.group-ib.com/blog/coffemokko 3lift.org abtasty.net adaptivecss.org adorebeauty.org all-about-sneakers.org ar500arnor.com authorizecdn.com bannerbuzz.info battery-force.org batterynart.com blackriverimaging.org braincdn.org btosports.net chicksaddlery.net childsplayclothing.org christohperward.org citywlnery.org closetlondon.org coffemokko.com coffetea.org dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org energytea.org etradesupply.org exrpesso.org foodandcot.com freshchat.info freshdepor.com greatfurnituretradingco.org info-js.link jewsondirect.com kandypens.net kik-vape.org labbe.biz lamoodbighats.net link-js.link londontea.net mage-checkout.org majsurplus.com map-js.link mechat.info misshaus.org mylrendyphone.com nililotan.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su replacemyremote.org sagecdn.org security-payment.su shop-rnib.org slickjs.org slickmin.com smart-js.link swappastore.com teacoffe.net top5value.com track-js.link ukcoffe.com verywellfitnesse.com walletgear.org zapaljs.com zoplm.com # Reference: https://www.group-ib.com/blog/illum illum.pw nstatistics.com payment-line.tk paymentpal.cf payrightnow.cf requestnet.tk cdn.illum.pw sr.illum.pw records.nstatistics.com request.payrightnow.cf request.requestnet.tk # Reference: https://www.group-ib.com/blog/g-analytics # Reference: https://threatpost.com/card-skimming-google-analytics-angular/142264/ analytic.is analytic.to dittm.org g-analytics.com googlc-analytics.cm google-analytics.cm google-analytics.is google-analytics.to gooqletagmanager.com iozoz.com jquery-js.com # Reference: https://www.group-ib.com/blog/reactget adsapigate.com adsgetapi.com ajaxstatic.com aldenmlilhouse.com apitstatus.com asianfoodgracer.com balletbeautlful.com bargalnjunkie.com billgetstatus.com cloudodesc.com fbstatspartner.com geisseie.com gtmproc.com hs-payments.com livecheckpay.com livegetpay.com mageanalytics.com maxstatics.com mediapack.info mxcounter.com newrelicnet.com nr-public.com ordercheckpays.com orderracker.com payselector.com reactjsapi.com simcounter.com sydneysalonsupplies.com tagsmediaget.com tagstracking.com trust-tracker.com # Reference: https://twitter.com/AffableKraut/status/1185070871691616256 fb-seo.net # Reference: https://twitter.com/unmaskparasites/status/1185171035693441024 magento-community.org # Reference: https://twitter.com/unmaskparasites/status/1185172904276836352 fb-content.dev # Reference: https://twitter.com/unmaskparasites/status/1185256035633811463 magento-security.dev # Reference: https://twitter.com/eComscan/status/1185170381331714048 fb-pixel.com magento-protection.com # Reference: https://twitter.com/killamjr/status/1182335468425416705 # Reference: https://twitter.com/xuy1202/status/1192005820491239424 xciy.net /content/Compare/website.js # Reference: https://twitter.com/killamjr/status/1182095269418024960 google-taq.com # Reference: https://twitter.com/AffableKraut/status/1172052860378521600 magicsaphe.com questappo.com rqstpp.com yongffice.com # Reference: https://twitter.com/Totocellux/status/1165223332633022468 # Reference: https://blog.malwarebytes.com/threat-analysis/2019/08/magecart-criminals-caught-stealing-poker-face/ ajaxclick.com www-trust.com # Reference: https://twitter.com/AffableKraut/status/1159677725994622976 mage.biz.ua # Reference: https://twitter.com/AdAstra247/status/1159111119488860160 scripts-analytics.com # Reference: https://twitter.com/zombisoft/status/1152333754670755841 installw.com # Reference: https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/ cdn-c.com # Reference: https://twitter.com/unmaskparasites/status/1184571273583706112 cdn-clouds.com # Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ (# Magecart Group 5 domains) informaer.biz informaer.cc informaer.com informaer.net informaer.org informaer.pw informaer.ws informaer.xyz informaer.info # Reference: https://twitter.com/gwillem/status/1187667658642206720 hsadspixel.com # Reference: https://twitter.com/RapidSpike/status/1189882327557648386 /js/mage/adminhtml/product/composite/validate.php # Reference: https://twitter.com/xuy1202/status/1192006102969282560 jquerycdnlib.at # Reference: https://www.perimeterx.com/blog/multiple-magecart-groups-attacking-simultaneously/ mogento.info /src/upscalestripper.js /src/galeriedebeaute.js /src/deliveryathome.js # Reference: https://www.group-ib.com/blog/fakesecurity alloaypparel.com firstofbanks.com fiswedbesign.com mage-security.org magento-security.org # Reference: https://twitter.com/jknsCo/status/1192806947118092289 cdn-shopify.com # Reference: https://blog.sucuri.net/2019/11/skimmers-for-both-magento-and-wordpress.html gooqleadvstat.com gooqlemgrteg.com jquerystatic.com zendesk-chart.com # Reference: https://twitter.com/xuy1202/status/1195361991805681664 cxizi.net getprices.online gooogle-js.com installerr.site js-mini.com myexclusivediamond.com # Reference: https://twitter.com/xuy1202/status/1195290863875706881 # Reference: https://twitter.com/kyleehmke/status/1179727877488730113 cdn-zendesk.com zendesk-cdn.com # Reference: https://twitter.com/xuy1202/status/1194897841694507009 recheckcard.info # Reference: https://twitter.com/xuy1202/status/1194896618245382145 routingzen.com # Reference: https://twitter.com/xuy1202/status/1194895878181421061 script-analytics.com /js/mage/google.js # Reference: https://twitter.com/xuy1202/status/1194894864699121664 woldorf.com # Reference: https://twitter.com/xuy1202/status/1194893048817143808 statcounter.one # Reference: https://twitter.com/xuy1202/status/1194593451947356160 yxxi.net /ipost-con.4.php # Reference: https://twitter.com/xuy1202/status/1194508362903277568 jquery-script.icu # Reference: https://blog.netlab.360.com/ongoing-credit-card-data-leak-continues/ adwordstraffic.link /onestepcheckoutauthorizenet.js /onestepcheckoutccpayment.js # Reference: https://twitter.com/xuy1202/status/1196058702391861249 hilosennogada.com # Reference: https://twitter.com/xuy1202/status/1196404569137242112 securecdn.eu # Reference: https://twitter.com/unmaskparasites/status/1196934377063800832 # Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/ http://103.139.113.34 /osr-3.0.php # Reference: https://www.helpnetsecurity.com/2019/11/19/macys-online-store-compromised/ # Reference: https://otx.alienvault.com/pulse/5dd513439df4d4400824b738 barn-x.com # Reference: https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/ # Reference: https://twitter.com/jeromesegura/status/1197611010992918529 # Reference: https://otx.alienvault.com/pulse/5ddd99064d1dd4420367304b (# Fullz House) account-restrictions.com ajaxstatic.com americanexpress-secure.com appleld-verification.com authorizeplus.com checkout-sagepay.com com-protect.com deliveroosurvey.com google-analytics.top google-query.com google-smart.com googletagmanaqer.com halifax-verification.com halifaxverification.com java-query.info jquery-assets.com lightgetjs.com limited-account-panel.com limited-restriction.com limited-restrictions-paypai.com limited-restrictions.com limited-user-restrictions.com limited-user-uk.com limited-users-login.com limited-users-restrictions.com live-sagepay.com login-limited-user.com login-user-limited.com login-user-restricted.com login-users-limited.com mastercard-migs.com mediapack.info migs-mastercard.com mythreelogin.com networkreset.net online-secure-account.com onlineaccountverificationwellssfargo.com pay-u-biz.com payment-mastercard.com payment-sagepay.com payment-worldpay.com paymentfailurespotifiyj.top paypai-account-limited.com paypai-limited-user.com paypai-limited-users.com paypai-user-limited.com paypai-user-restricted.com paypal-secured.com paypl-limited-users.com paypl-users-limited.com payu-biz.com perfectmeme.info perfectmeme.us ppl-secure-uk.com ppl-user-limitation.com priceapigate.com query-manager.info rackapijs.com ref017.com ref3939-paypai.com restricted-user-panel.com roorewards.co.uk sagepay-live.com section.ws secure-alerts-halifax.com secure-users-paypai.com security-check-paypai.com securityaccountupdatewellsfargoo.info securityadvance.co securityupdateewellsfargoo.info topapigate.com uk-limited-user.com uk-restricted-user.com uk-user-limited.com uk-user-restricted.com uk-users-limitations.com updatesecuritywelllsfargo.info user-limited-login.com user-limited-restrictions.com user-login-limited.com user-restricted-uk.com user-restriction.com user-restrictions-paypai.com user-uk-restricted.com users-limited-paypai.net users-limited-uk.com users-restricted.com users-restriction.com # Reference: https://twitter.com/xuy1202/status/1197848155204640768 w00commerce.com # Reference: https://twitter.com/MBThreatIntel/status/1199010885525626890 # Reference: https://otx.alienvault.com/pulse/5ddc0e4cf94bd70658582ed8 magento-data.com mage-js.com # Reference: https://twitter.com/JCyberSec_/status/1199726915856158720 marketplace-magento.com # Reference: https://twitter.com/JCyberSec_/status/1199701208530739200 g-statistic.com # Reference: https://twitter.com/JCyberSec_/status/1197470727462641664 web-stats.net # Reference: https://twitter.com/CTI_Marc/status/1196344211890683904 magestore.online # Reference: https://twitter.com/AffableKraut/status/1196299424697331713 google-anaiytlcs.com # Reference: https://twitter.com/AffableKraut/status/1157164442829746176 googletagmanger.com # Reference: https://twitter.com/jeromesegura/status/1148358099712897024 nogaron.com write-cdn.com # Reference: https://twitter.com/rommeljoven17/status/1136555260477001728 anduansury.com frocklay.com sainester.com theresevit.com # Reference: https://twitter.com/jknsCo/status/1200061735278911488 googlemgrteg.com # Reference: https://twitter.com/eComscan/status/1200749626988662784 sanguinelab.net sansec.us # Reference: https://twitter.com/eComscan/status/1197894033772875776 iubendas.com # Reference: https://twitter.com/eComscan/status/1197097324264202240 magentohub.de # Reference: https://twitter.com/GroupIB_GIB/status/1201520226791305216 # Reference: https://www.virustotal.com/gui/domain/phplib.net/relations phplib.net # Reference: https://twitter.com/MBThreatIntel/status/1201572698545102856 googlctagmanager.com # Reference: https://twitter.com/MBThreatIntel/status/1201552839182438406 ancient-savannah-86049.herokuapp.com # Reference: https://twitter.com/MBThreatIntel/status/1189217083688738816 sharp-planet.eu # Reference: https://twitter.com/unmaskparasites/status/1201625226704015367 stark-gorge-44782.herokuapp.com # Reference: https://twitter.com/JCyberSec_/status/1201850052723052549 # Reference: https://twitter.com/JCyberSec_/status/1201850090153005056 gnogle.ru jquerycdnlib.at # Reference: https://twitter.com/jeromesegura/status/1202275080526422016 pure-peak-91770.herokuapp.com # Reference: https://twitter.com/gwillem/status/1202322985065091072 cdcc02.com # Reference: https://twitter.com/gwillem/status/1202330272164990977 magento-track.com # Reference: https://blog.malwarebytes.com/web-threats/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku/ # Reference: https://otx.alienvault.com/pulse/5de90822773402f817d5c9ab aqueous-scrubland-51318.herokuapp.com # Reference: https://twitter.com/jknsCo/status/1203453915930472448 googletage.com # Reference: https://twitter.com/unmaskparasites/status/1204080970191777795 localserver.host /app/code/core/Mage/Checkout/controllers/OnepageController.php # Reference: https://twitter.com/MBThreatIntel/status/1204093071954046976 webassetsshop.com # Reference: https://twitter.com/felixaime/status/1203959327612116995 magento-statistics.com # Reference: https://twitter.com/xuy1202/status/1204778227517935616 jguerycdn.network # Reference: https://twitter.com/killamjr/status/1204878142248235008 jquerycodemagento.com # Reference: https://twitter.com/AffableKraut/status/1204997344581881856 magecart.net # Reference: https://twitter.com/JCyberSec_/status/1206558829456048128 /payment/mage_secure/payment.js /payment/mage_secure/post.php # Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations google-payment.com # Reference: https://twitter.com/jeromesegura/status/1206713600288555010 cdnbigcommerce.com google-analycs.com # Reference: https://twitter.com/unmaskparasites/status/1206699288723697671 cdncontentserver.com impress-slides.com # Reference: https://twitter.com/killamjr/status/1207150660782657536 googlead.tech # Reference: https://twitter.com/xuy1202/status/1207164640431505408 slade-sell-shop.com # Reference: https://twitter.com/killamjr/status/1209165822939279365 opencartmodules.biz # Reference: https://twitter.com/AffableKraut/status/1210298773248696320 # Reference: https://www.virustotal.com/gui/ip-address/124.156.35.204/relations http://124.156.35.204 googieapls.com google-catalog.com googletag-manager.com gstatlcs.com jquery-js.link xn--gstatc-7va.com # Reference: https://twitter.com/killamjr/status/1212058181725114369 blockandcmqany.com chatshop.online chatstat.online clientsupport.space farmaforma.info g-statistic.com googleadservicesonline.com googleservices.online janmarlni.com jqueryservice.info mageento.com magento-check.info magestore.online megaliveonline.com onlineclick.xyz onlineclouds.cloud onlineclouds.info onlineshoptracker.info pythonservice.info shoplogs.site shopvalid.info statisticpay.info webstatvisit.com webstatvisits.com zoopim.online # Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ tawktalk.com # Reference: https://twitter.com/MBThreatIntel/status/1212889315572760577 # Reference: https://www.virustotal.com/gui/ip-address/5.188.9.61/relations googlc-analytics.net googlo-analytics.com # Reference: https://twitter.com/AffableKraut/status/1212927165454520321 googlc-analytics.com googlctagmanager.cm # Reference: https://twitter.com/xuy1202/status/1214051382178660352 newmagento.com # Reference: https://www.bleepingcomputer.com/news/security/magecart-attackers-steal-card-info-from-focus-camera-shoppers/ # Reference: https://www.virustotal.com/gui/domain/zdsassets.com/details zdsassets.com # Reference: https://twitter.com/MBThreatIntel/status/1215693928764063744 vamberlo.com # Reference: https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/ # Reference: https://twitter.com/BreachMessenger/status/1057394505266151425 # Reference: https://www.virustotal.com/gui/ip-address/124.156.210.169/relations a4c.cloud ajaxstatic.com apipack.host authorizeplus.com autojspack.com cdndeskpro.com cdnpack.net cdnpack.site dusk.net.in faceapiget.com fbpixelget.com gstaticapi.com jspack.pro kegland.top lightgetjs.com listrakjs.com olarkcdn.com perriconemd.me.uk priceapigate.com rackapijs.com section.ws sectionget.com sectionio.com topapigate.com worx.top # Reference: https://twitter.com/JCyberSec_/status/1216676671983624193 js-react.com # Reference: https://twitter.com/jeromesegura/status/1064924824336654336 bootstrap-js.com # Reference: https://twitter.com/xuy1202/status/1216951727615668224 apis-analytics.com # Reference: https://www.rapidspike.com/blog/2019-magecart-timeline/ cleor.co creditprop.com googletagstorage.com imagesengines.com # Reference: https://twitter.com/Jouliok/status/1217400178170368001 gold.platinumus.top # Reference: https://twitter.com/unmaskparasites/status/1204080970191777795 localserver.host # Reference: https://twitter.com/unmaskparasites/status/1217452290577195008 # Reference: https://www.virustotal.com/gui/domain/logistic.tw/relations logistic.tw # Reference: https://twitter.com/unmaskparasites/status/1217860398789120003 cilent-tracking.com cloudservice.tw # Reference: https://twitter.com/felixaime/status/1218135753110302720 silver-statistics.com # Reference: https://twitter.com/felixaime/status/1219175480303202307 # Reference: https://twitter.com/matr0cks/status/1220418827751763969 jqueryextplugin.com # Reference: https://www.riskiq.com/blog/labs/fullz-house/ # Reference: https://www.virustotal.com/gui/ip-address/124.156.34.157/relations # Reference: https://www.virustotal.com/gui/ip-address/47.245.55.198/relations # Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations checkout-sagepay.com google-analytics.top google-payment.com google-query.com google-smart.com google-taq.com jquery-assets.com live-sagepay.com mastercard-migs.com migs-mastercard.com pay-u-biz.com payment-mastercard.com payment-sagepay.com payment-worldpay.com payu-biz.com sagepay-live.com /ga.js?analytic= # Reference: https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/ opendoorcdn.com # Reference: https://twitter.com/jknsCo/status/1221031002564370432 hotjar.us jquery.us # Reference: https://twitter.com/AffableKraut/status/1220829096197939202 doubleclick.ws # Reference: https://www.riskiq.com/blog/labs/magecart-group-12-olympics/ # Reference: https://otx.alienvault.com/pulse/5e3d8f9c9c559a74b0c82a71 # Reference: https://malware.news/t/inside-view-of-brazzzersff-infrastructure/62431 http://45.141.86.31 cdn-content.cc content-delivery.cc deliveryjs.cc givemejs.cc jquerycdn.su storefrontcdn.com toplevelstatic.com # Reference: https://twitter.com/felixaime/status/1226292060547878913 cdnanalyze.com cdnapis.org cdnchecker.org cdnoptimize.com # Reference: https://twitter.com/gwillem/status/1227936380380119041 # Reference: https://twitter.com/gwillem/status/1231604432586125313 e4.ms http.ps # Reference: https://twitter.com/felixaime/status/1228343232649662464 amirtechet.com supermanager.space # Reference: https://twitter.com/felixaime/status/1228342963744444416 googletegmanager.com # Reference: https://twitter.com/d09r_/status/1228214041878749184 wappallyzer.com # Reference: https://twitter.com/dubstard/status/1230895567947149314 # Reference: https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf apienclave.com apisquere.com b-metric.com jquery-cycle.com ordercheck.online pridecdn.com quicdn.com # Reference: https://raw.githubusercontent.com/gwillem/magento-malware-scanner/master/rules/burner-domains.txt # Reference: https://www.virustotal.com/gui/ip-address/185.202.103.37/relations abuse-js.link account-mage.su activaguard.com adsgetapi.com advocatecdn.com afterscripts.com air-frog33.pw alabamascripts.com aleinvest.xyz alemoney.xyz alfcdn.com allacarts.com allyouwant.online amasty.biz analiticoscdn.com anduansury.com angular.club animalzz921.pw api-googles.com apismanagers.com apissystem.com apitstatus.com assetmage.com assetsbrain.com assetsbraln.com aw-test.com awscan.eu awscan.info awtest.eu baways.com bbypass.pw beforescripts.com bit.wo.tc bm24.biz bm24.info bm24.org bootstrapjs.com braincdn.org brainpayments.com braintcdn.com brainterepayments.com braintform.com braintreepaumenls.com braintreepauments.com braintreepaymenls.com bralntree.com brazersd.top bridge.industries brontocdn.com busnguard.com byte.wo.tc ccheckout.com ccvalidate.com cdn-ch.org cdn-cloud.pw cdn-imgcloud.com cdn-js-42.com cdn-js.link cdnanalytics.net cdnapis.com cdnassels.com cdnbronto.com cdnbronto.info cdngoogle.com cdnmage.com cdnpayment.com cdnppay.com cdnrfv.com cdnscriptx.com cdnwhiltelist.com cellubiue.com cellublue.info checkercarts.com ciscostats.com citwinery.com citywiners.com cl0udfiare.com cloud-jquery.com cloud-jquery.net cloud-jquery.org cloud-privacy.com cloud-update.top cloud-wp.org cloudfusion.me cloudmetric-analytics.com cloudservice.tw cloudtrusted.org cmytuok.top codesmagento.com configmage.com configsysrc.com configsysrc.info connectbootstrap.com controlmage.com crtteo.com d0ubletraffic.com directvapar.com directvaporonline.com directvaporus.com directvaprr.com dmaxjs.com dnsden.biz dobellonline.com docstart.su doublecllck.com drberg.online drberg.store duserjs.com ebitbr.com ebizmart.biz encoderform.com encrypterforms.com encryptforms.com exrpesso.org facebookfollow.com fastlscripts.com fbcommerse.com fbprotector.com fellsogood43.pw font-assets.com frameuserstat.com frashjs.com friend4cdn.com g-analytics.com gamacdn.com ganalytlcs.com gitformage.com gitformlife.com gitmage.com googieapls.com googiecloud.com googieservlce.com google-anaiytic.com google-analytisc.su googleprotectionshop.com googletagmanager.eu googletagnamager.com googlitagmanager.com googletrackmanager.com gooqleadvstat.com gooqlemgrteg.com govfree.pw gstatlcs.com gtagaffilate.com icon-base.biz info-js.link infopromo.biz informaer.com informaer.net informaer.org informaer.ws infostat.pw inst-js.su installw.com internalvaporgroup.com invisiblename.com invisiblename.pro invisiblename.pw ip.5uu8.com javascloud.com javascripts-system.com jcloudcdn.com jquery-cdn.top jquery-cdnlib.com jquery-cloud.net jquery-cloud.org jquery-code.su jquery-css.su jquery-js.com jquery-js.link jquery-libs.su jquery-main.su jquery-min.su jquery-stats.com jquery-validation.org jquery-web.com jquery.su jquerycdnlibrary.com jquerycodemagento.com jqueryextd.us jqueryexts.us jquerystatic.com jquerystorage.com js-abuse.link js-abuse.su js-cdn.link js-cloud.com js-cloudhost.com js-link.su js-magic.link js-mod.su js-react.com js-save.link js-save.su js-start.su js-stat.su js-stats.click js-stats.xyz js-storage.click js-sucuri.link js-syst.su js-top.link js-top.su jscontroller.stream jscript-cdn.com jscripts-cloud.com jscriptscloud.com jsdellvr.com jsecurely.com jsecuri.com jsmagento.com jspoi.com jsreload.pw kennedyform.com kissmetrik.com link-js.link link-js.su listrakb.com locateooo.com logisticusa.biz lolfree.pw m24js.com mage-cdn.link mage-js.link mage-js.su mage-storage.pw magecompas.com mageconfig.com magejavascripts.com magely.info magemarts.com magento-analytics.com magento-cdn.top magento-connection.com magento.name magento.ontools.net magentocore.net magentopatchupdate.com mageonline.net magescripts.info magescripts.pw magesecurely.com magesecuritys.com magesources.com magestops.com map-js.link market-stats.com maskforms.com maxijs.com mcloudjs.com mdelivry.com mediageting.com megalith-games.com minifyscripts.com minpays.com mipss.su mjs24.com mod-js.su mod-sj.link monenate.net monerate.net monestate.net msecurely.com msn-analytics.com my-braintree.com myageverify.com mycloudtrusted.com mytokeasn2s.ru netmg-cdn.com neweggstats.com newrellc.com nodejsapi.net nodejscript.net nykoa.in oh-polly.com ohpoliy.com oklahomjs.com oltratoke.ru onlineclouds.cloud onlinereserchstatistics.online onlineshopsecurity.com onlinestatus.site onlinestatus.stream optimizly.info order-security.com orealjs.com pass-js.click paymentnow.tk paymentpal.cf paymentsystem.info paypallobjects.com privacyform.com privatejs.com privatixjs.com qpstasis.com qsxjs.com realtrustsafe.com receiverinformation.com requestnet.tk resselerratings.com rlteaid.com routingzen.com s3-us-west.com safeprivatcy.com safeyouform.com sagecdn.org sainester.com samescripts.com samexsame.com saveyoujs.com scriptb.com scriptsform.com scriptsfyou.com scriptsjzone.com securecloudtrusted.com secureqbrowser.com securipayment.com security-mage.com secury-checkout.com shelljs.com shop-analytics.net simcounter.com simpiehuman.com sistem-js.su siteverification.online siteverification.site sj-mod.link sj-syst.link slickjs.org slripe.com smart-js.link specjs.com sportys.store sslbrainform.com sslpayform.com sslvalidator.com stat-sj.link statdd.su statesales.info statistic-info.me statsdot.eu stecker.su stek-js.link storemagento.info storentrust.com stormnguard.com strapform.com sucuri-cloud.com sucuri-js.com supporttech281012.tk syst-sj.link system-backup.biz tcsupport241012.tk termlifelearned.us thatispersonal.com theresevit.com top-sj.link top5value.com track-js.link track-magento.com tracker-visitors.com trafficanalyzer.biz traskedlink.com truefree.pw trustd.biz typejsx.com typekit.website typekitcloud.com typeklt.com uorineall.info upgradenstore.com ups-broker.org userinfos.com userinfos.info userlandform.com userlandpay.com uslogisticexpress.com valdatecode.com validatenyou.com validateyourinfo.com validatorcc.com vamberlo.com verifiedjs.com verpayment.com verpayments.com vmaxjs.com voodoo4tactical.com vuserjs.com web-info.me web-rank.cc web-rank.pw web-stat.biz web-stat.me web-stats.cc web-stats.pw webfotce.me webrank.ws webstat-info.ws webstat.cc webstatistic.me webstatistic.pw webstatistic.tech webstatistic.ws webstats.me webstatvisit.com whitelistjs.com wix-cloud.com wpconnect.org wpserve.org ww1-filecloud.com x-magesecurity.com xmageform.com xmageinfo.com xmagejs.com xmagesecurity.com xn--google-analytcs-xpb.com xn--gstatc-7va.com youpayme.info zendesk-chart.com zonejs.com zs.mk # Reference: https://twitter.com/xuy1202/status/1232162075285147648 ns-scripts.com # Reference: https://twitter.com/gwillem/status/1232246887367028737 # Reference: https://www.virustotal.com/gui/domain/cloudmgrtracker.com/detection cloudmgrtracker.com # Reference: https://twitter.com/MBThreatIntel/status/1232404872999231488 pluginmagento.net # Reference: https://twitter.com/xuy1202/status/1232581248083582976 data-safeguard.com # Reference: https://twitter.com/MBThreatIntel/status/1232726202281889793 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/ cdn-mediafiles.org cdn-sources.org d68344fb.ngrok.io # Reference: https://sansec.io/labs/2020/02/25/longest-skimming-operation-yet/ aleopeople.info bizlawyer.org contentequare.com cquotinent.com jackhemmingway.com joyjewell.com installerr.pw installerr.site pizdasniff.site qitcdn.net securedcdn.net thefei.com vk-a6t5h7f3k.site /5d507d3e6fdc7.js /5d55d10058c9d.js /5d570bebe00ed.js # Reference: https://twitter.com/felixaime/status/1234111603831910400 webscriptly.com # Reference: https://twitter.com/felixaime/status/1224257587555770368 jquerytxtplugin.com # Reference: https://twitter.com/unmaskparasites/status/1234536106953146369 http://163.172.136.230 # Reference: https://twitter.com/unmaskparasites/status/1234917686242619393 # Reference: https://www.virustotal.com/gui/ip-address/83.166.248.67/relations autocapital.pw http.ps xxx-club.pw y5.ms # Reference: https://twitter.com/felixaime/status/1235131517908570113 # Reference: https://www.virustotal.com/gui/ip-address/185.181.164.216/relations # Reference: https://www.virustotal.com/gui/ip-address/47.56.114.152/relations # Reference: https://www.virustotal.com/gui/domain/wp-includ.com/relations # Reference: https://twitter.com/500mk500/status/1235330678700548098 reportgns.com sucuritester.com wp-includ.com # Reference: https://web.misker.me/blog/malware/2020/03/04/Raindrop-PoppedShop.html # Reference: https://www.virustotal.com/gui/domain/googletagmanagrapis.com/detection googletagmanagrapis.com # Reference: https://twitter.com/felixaime/status/1236201312842326016 savemoneyoffice.com/js/varien/print.js # Reference: https://twitter.com/felixaime/status/1236321303902269441 imprintcenter.com/js/embed.min.js imprintcenter.com/js/flash/ # Reference: https://twitter.com/jeromesegura/status/1121811483195633670 # Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/ jquerylol.ru # Reference: https://twitter.com/rootprivilege/status/1233065094965125120 # Reference: https://pastebin.com/4seW3Aya neuro-programmer.de/e.php neuro-programmer.de/test.php # Reference: https://twitter.com/fletchsec/status/1175180643514355713 kursy.atas.pl/templates/system/html/data/red.php # Reference: https://www.virustotal.com/gui/ip-address/181.214.86.150/relations get-js.com marketplace-magento.net # Reference: https://twitter.com/d09r_/status/1238302755032166400 # Reference: https://www.virustotal.com/gui/ip-address/178.33.71.232/relations # Reference: https://www.virustotal.com/gui/domain/theresevit.com/relations jsvault.net linkedtop.com scriptopia.net # Reference: https://twitter.com/ydklijnsma/status/1232727444962107392 google-anallytic.com google--analytics.com google-analyitics.com google-anolytics.com # Reference: https://twitter.com/AffableKraut/status/1207664349634011137 bizrateservices.com j-queries.com teamsystems.info towbarchat.com twinkhelp.com # Reference: https://twitter.com/AffableKraut/status/1169489081568497664 gmagea.com # Reference: https://twitter.com/AffableKraut/status/1169458435290804225 genidaff.com strchckr.com tfalseacc.com tryuseracc.com vaccss.com # Reference: https://twitter.com/AffableKraut/status/1169458426344333312 htjar.com # Reference: https://twitter.com/AffableKraut/status/1166223620886208513 shellsn.ru # Reference: https://twitter.com/AffableKraut/status/1159677725994622976 jquery.in.ua # Reference: https://twitter.com/AffableKraut/status/1133599840544468992 jqueryes.com # Reference: https://twitter.com/MBThreatIntel/status/1238537326956933121 cookiepro.cloud # Reference: https://www.riskiq.com/blog/labs/magecart-nutribullet/ # Reference: https://otx.alienvault.com/pulse/5e72332db0bfef80752cec40 amerisleep.github.io 3lift.org abtasty.net adaptivecss.org adorebeauty.org all-about-sneakers.org ar500arnor.com authorizecdn.com bannerbuzz.info battery-force.org batterynart.com blackriverimaging.org braincdn.org btosports.net cdnassels.com cdnmage.com chicksaddlery.net childsplayclothing.org christohperward.org citywlnery.org closetlondon.org cmytuok.top coffemokko.com coffetea.org configsysrc.info dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org energytea.org etradesupply.org exrpesso.org foodandcot.com freshchat.info freshdepor.com greatfurnituretradingco.org info-js.link jewsondirect.com js-cloud.com kandypens.net kik-vape.org labbe.biz lamoodbighats.net link-js.link livechatinc.org londontea.net mage-checkout.org magejavascripts.com magescripts.pw magesecuritys.com majsurplus.com map-js.link mcloudjs.com mechat.info melbounestorm.com misshaus.org mylrendyphone.com mypiltow.com nililotan.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su prodealscenter.com replacemyremote.org sagecdn.org scriptoscript.com security-payment.su shop-rnib.org slickjs.org slickmin.com smart-js.link swappastore.com teacoffe.net top5value.com track-js.link ukcoffe.com verywellfitnesse.com walletgear.org webanalyzer.net zapaljs.com zoplm.com # Reference: https://twitter.com/felixaime/status/1241765974929530884 googletagmanage.com # Reference: https://twitter.com/MBThreatIntel/status/1241837000564428800 sucurl.net # Reference: https://www.virustotal.com/gui/domain/sucuri.pro/relations sucuri.pro # Reference: https://twitter.com/MBThreatIntel/status/1242538048044150784 # Reference: https://www.virustotal.com/gui/domain/allegrolearnings.com/relations allegrolearnings.com/blogs/media/embed.min.js allegrolearnings.com/blogs/media/common.js # Reference: https://www.virustotal.com/gui/ip-address/161.117.236.58/relations jquerrycdn.xyz # Reference: https://twitter.com/d09r_/status/1242845745218228224 # Reference: https://twitter.com/securityaffairs/status/1242873730235277313 # Reference: https://securityaffairs.co/wordpress/100449/hacking/tupperware-site-hacked.html # Reference: https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/ deskofhelp.com # Reference: https://twitter.com/felixaime/status/1243083359212969984 gocgle-analytics.com # Reference: https://twitter.com/felixaime/status/1243561946982625284 oldworldaccents.net/js/embed.min.js # Reference: https://www.virustotal.com/gui/domain/google-analytics.gq/relations google-analytics.gq # Reference: https://twitter.com/felixaime/status/1247414542759575552 google-analytc.com # Reference: https://twitter.com/unmaskparasites/status/1247886037881196547 # Reference: https://blog.sucuri.net/2020/01/web-swiper-in-image-title.html # Reference: https://www.virustotal.com/gui/domain/intljs.rmtag.net/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.161.89/relations intljs.rmtag.net pollyfill.com # Reference: https://twitter.com/d09r_/status/1247951999305302016 # Reference: https://www.virustotal.com/gui/ip-address/34.227.50.166/relations # Reference: https://www.virustotal.com/gui/ip-address/54.89.179.241/relations # Reference: https://www.virustotal.com/gui/ip-address/3.83.72.214/relations # Reference: https://www.virustotal.com/gui/ip-address/52.1.206.175/relations # Reference: https://www.virustotal.com/gui/ip-address/3.84.27.209/relations 3alesforce.com 4esla.services 4eslamotors.com 7indowsupdate.com 7ootric.com adn-apple.com akalai.net ap0see.com app3ee.com appqee.com appsae.com appsue.com aprsee.com apxsee.com arpsee.com atpsee.com bdn-apple.com calesforce.com cdf-apple.com cdj-apple.com cdl-apple.com cdn-a0ple.com cdn-ap0le.com cdn-appde.com cdn-apphe.com cdn-appla.com cdn-appld.com cdn-applg.com cdn-applm.com cdn-applu.com cdn-appme.com cdn-appne.com cdn-apqle.com cdn-aprle.com cdn-aptle.com cdn-apxle.com cdn-aqple.com cdn-arple.com cdn-atple.com cdn-axple.com cdn-cpple.com cdn-epple.com cdn-ipple.com cdn-qpple.com cdnmapple.com cdo-apple.com cen-apple.com cfn-apple.com clack-msgs.com cln-apple.com coogleanalytics.com coogleusercontent.com cppsee.com ctn-apple.com deslamotors.com eicrosoftonline.com eixpanel.com eoogleanalytics.com eoogleusercontent.com eropbox.com fgxnews.com fo8news.com fohnews.com foogleanalytics.com fopnews.com foxlews.com foxne7s.com foxneus.com foxnew3.com foxoews.com foynews.com fpnjs.com gdn-apple.com ggogleanalytics.com ggogletagmanager.com ggogleusercontent.com gindowsupdate.com gkogleanalytics.com gkogleusercontent.com gmogleanalytics.com gmogletagmanager.com gmogleusercontent.com gnogleanalytics.com gnogletagmanager.com gnogleusercontent.com goggletagmanager.com goggleusercontent.com gokgleanalytics.com gokgletagmanager.com gokgleusercontent.com gomgleanalytics.com gongleanalytics.com gongletagmanager.com gongleusercontent.com goocleanalytics.com goocletagmanager.com goocleusercontent.com gooeleanalytics.com gooeleusercontent.com goofleanalytics.com goofletagmanager.com googdeanalytics.com googdetagmanager.com googheanalytics.com googhetagmanager.com googheusercontent.com googlaanalytics.com googlatagmanager.com googlausercontent.com googldanalytics.com googldtagmanager.com googldusercontent.com google4agmanager.com google5sercontent.com googleafalytics.com googleajalytics.com googlealalytics.com googleanadytics.com googleanahytics.com googleanal9tics.com googleanalqtics.com googleanalxtics.com googleanaly4ics.com googleanalydics.com googleanalypics.com googleanalytacs.com googleanalythcs.com googleanalytias.com googleanalytibs.com googleanalytic3.com googleanalyticc.com googleanalyticq.com googleanalyticr.com googleanalyticw.com googleanalytigs.com googleanalytiks.com googleanalytiss.com googleanalytkcs.com googleanalytmcs.com googleanalytycs.com googleanalyuics.com googleanalyvics.com googleanamytics.com googleananytics.com googleanclytics.com googleanelytics.com googleanilytics.com googleanqlytics.com googleaoalytics.com googlecnalytics.com googledagmanager.com googleenalytics.com googleesercontent.com googleinalytics.com googlepagmanager.com googleqnalytics.com googleqsercontent.com googletacmanager.com googletaemanager.com googletag-anager.com googletageanager.com googletagianager.com googletaglanager.com googletagmafager.com googletagmajager.com googletagmalager.com googletagmanacer.com googletagmanaeer.com googletagmanafer.com googletagmanagar.com googletagmanagdr.com googletagmanage2.com googletagmanageapi.com googletagmanageb.com googletagmanagep.com googletagmanages.com googletagmanagev.com googletagmanagez.com googletagmanaggr.com googletagmanagmr.com googletagmanagris.com googletagmanagrs.com googletagmanagrsapi.com googletagmanagur.com googletagmanaoer.com googletagmanawer.com googletagmancger.com googletagmaneger.com googletagmaniger.com googletagmanqger.com googletagmaoager.com googletagmcnager.com googletagminager.com googletagmqnager.com googletagoanager.com googletaomanager.com googletawmanager.com googletcgmanager.com googletigmanager.com googletqgmanager.com googletsercontent.com googleu3ercontent.com googleuagmanager.com googleucercontent.com googleuqercontent.com googleurercontent.com googleusarcontent.com googleusdrcontent.com googleuse2content.com googleusebcontent.com googleusepcontent.com googleuseraontent.com googleuserbontent.com googleusercgntent.com googleuserckntent.com googleusercmntent.com googleusercnntent.com googleusercoftent.com googleusercojtent.com googleusercoltent.com googleusercon4ent.com googleusercondent.com googleuserconpent.com googleusercontant.com googleusercontdnt.com googleuserconteft.com googleusercontejt.com googleusercontelt.com googleuserconten4.com googleusercontend.com googleusercontenp.com googleusercontenu.com googleusercontenv.com googleuserconteot.com googleusercontgnt.com googleusercontmnt.com googleusercontunt.com googleuserconuent.com googleuserconvent.com googleusercootent.com googleusergontent.com googleusersontent.com googleusescontent.com googleusevcontent.com googleusgrcontent.com googleusmrcontent.com googleusurcontent.com googlevagmanager.com googlewsercontent.com googlganalytics.com googlgtagmanager.com googlgusercontent.com googlmanalytics.com googlmtagmanager.com googluanalytics.com googlutagmanager.com googluusercontent.com googmeanalytics.com googmetagmanager.com googmeusercontent.com googneanalytics.com goognetagmanager.com googneusercontent.com goooleanalytics.com goooletagmanager.com gootric.com goowleanalytics.com goowletagmanager.com goowleusercontent.com hocalytics.com iicrosoftonline.com iixpanel.com ippsee.com jpnjs.com ka3persky.com kaqpersky.com kaspepsky.com kasperqky.com kaspersk9.com kasperskq.com kaspessky.com kaspezsky.com kaspgrsky.com kaspmrsky.com kaspursky.com kastersky.com kasxersky.com kcspersky.com kdn-apple.com lgcalytics.com licrosoftonline.com lmcalytics.com lncalytics.com loaalytics.com locadytics.com locahytics.com localqtics.com localy4ics.com localydics.com localytacs.com localythcs.com localytias.com localytibs.com localytic3.com localyticc.com localyticw.com localytigs.com localytiks.com localytiss.com localytkcs.com localytmcs.com localytycs.com localyuics.com localyvics.com locamytics.com locanytics.com locclytics.com locelytics.com locqlytics.com lokalytics.com lpnjs.com mhxpanel.com mi8panel.com mibrosoftonline.com micposoftonline.com micrgsoftonline.com micrksoftonline.com microqoftonline.com microskftonline.com microsmftonline.com microsnftonline.com microsobtonline.com microsof4online.com microsofdonline.com microsoftgnline.com microsoftknline.com microsoftnnline.com microsoftofline.com microsoftojline.com microsoftolline.com microsoftonhine.com microsoftonlane.com microsoftonlhne.com microsoftonlife.com microsoftonlije.com microsoftonlile.com microsoftonlina.com microsoftonlind.com microsoftonling.com microsoftonlinu.com microsoftonlioe.com microsoftonlkne.com microsoftonlmne.com microsoftonmine.com microsoftonnine.com microsoftooline.com microsofuonline.com microsofvonline.com microsovtonline.com micsosoftonline.com micvosoftonline.com miczosoftonline.com mihpanel.com mippanel.com mix0anel.com mixpalel.com mixpanal.com mixpandl.com mixpaned.com mixpanem.com mixpanml.com mixpanul.com mixpcnel.com mixpenel.com mixpinel.com mixranel.com mixtanel.com mixxanel.com mkcrosoftonline.com mkxpanel.com mmxpanel.com mocalytics.com myxpanel.com n0njs.com npjjs.com npljs.com npnhs.com npnj3.com npnks.com npnns.com npnzs.com npojs.com nqnjs.com nrnjs.com ntnjs.com nxnjs.com oicrosoftonline.com oixpanel.com ooogleanalytics.com ooogleusercontent.com opnjs.com peslamotors.com qalesforce.com qlack-msgs.com qppsee.com qymantec.com ralesforce.com regment.io rlack-msgs.com rymantec.com s9mantec.com sadesforce.com sahesforce.com saldsforce.com sale3force.com saleqforce.com salesborce.com salesfgrce.com salesfmrce.com salesfnrce.com salesfo2ce.com salesfobce.com salesfopce.com # Reference: https://twitter.com/felixaime/status/1248154035053637632 google-analytcsapi.com # Reference: https://www.perimeterx.com/resources/blog/2020/new-stealth-magecart-attack-bypasses-payment-services-using-iframes/ # Reference: https://www.virustotal.com/gui/ip-address/83.166.250.66/relations braintreegateway24.com braintreegateway24.tech braintreegateway.services # Reference: https://twitter.com/felixaime/status/1250807334676414465 tag-css.icu # Reference: https://twitter.com/MBThreatIntel/status/1252265931088080896 vetality.site # Reference: https://twitter.com/MBThreatIntel/status/1252285343555960833 ducatigrenoble.com/skin/frontend/ves_brave/default/css/bootstrap.php # Reference: https://twitter.com/MBThreatIntel/status/1252338975265546242 clipbutton.com.br/catalog/discount.php tivents.de/media/wysiwyg/paypal4.gif # Reference: https://twitter.com/felixaime/status/1253039202465468419 # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.55/relations # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.62/detection secrityipa.club securityipa.club # Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# Skimmer) # Reference: https://www.virustotal.com/gui/domain/sunrisepromos.com/relations sunrisepromos.com/js/lib/ccard.js # Reference: https://securityaffairs.co/wordpress/98124/cyber-crime/uncovering-new-magecart-implant.html # Reference: https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/ # Reference: https://labs.sucuri.net/web-skimmer-with-a-domain-name-generator-follow-up/ # Reference: https://twitter.com/AffableKraut/status/1257937430709186560 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations ql201000.pw ql201041.pw ql201243.pw ql201456.pw ql201463.pw ql201721.pw ql202141.pw ql202412.pw ql202657.pw ql202989.pw qr201010.pw qr201089.pw qr201161.pw qr201346.pw qr201854.pw qr202004.pw qr202284.pw qr202754.pw qr202844.pw qr202960.pw q(l|r)[0-9]{5,6}\.pw /js/ar/ar906.php /js/ar/ar2497.php /js/ar/ar7938.php # Reference: https://blog.sucuri.net/2020/04/web-skimmer-with-a-domain-name-generator.html gooogletagmanager.online # Reference: https://twitter.com/Bank_Security/status/1258130762685186048 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/ # Reference: https://www.virustotal.com/gui/ip-address/83.166.242.105/relations myicons.net psas.pw # Reference: https://twitter.com/felixaime/status/1258800483524804608 jquerycdn.at # Reference: https://twitter.com/felixaime/status/1258834331163922432 jquerye.at # Reference: https://twitter.com/felixaime/status/1260822992180973572 cdnjustuno.icu manag.icu targetad.icu # Reference: https://twitter.com/felixaime/status/1260827294723170304 tags-app.icu tags-bootstrap.icu # Reference: https://twitter.com/MBThreatIntel/status/1269400469845061632 tagapp.icu # Reference: https://twitter.com/AffableKraut/status/1261157021027622912 # Reference: https://gist.github.com/krautface/c2f2d6d0c4516afc47efcbe17e561e0c priangan.com/wp-content/languages/blogid/ # Reference: https://twitter.com/tosscoinwitcher/status/1261353530465456128 # Reference: https://twitter.com/500mk500/status/1261361366339903488 # Reference: https://www.virustotal.com/gui/domain/googletagmanagr.com/detection googletagmanagr.com # Reference: https://twitter.com/MBThreatIntel/status/1262893385448210434 magentorates.com # Reference: https://twitter.com/MBThreatIntel/status/1263850035382378497 # Reference: https://twitter.com/500mk500/status/1263861204327505928 # Reference: https://twitter.com/d09r_/status/1263864711847620609 # Reference: https://www.virustotal.com/gui/ip-address/5.188.62.173/relations # Reference: https://www.virustotal.com/gui/ip-address/176.123.6.37/relations padmin.xyz hostssl.uno hostssl.xyz shopssl.xyz idtransfer.icu # Reference: https://twitter.com/MBThreatIntel/status/1263876741094727680 # Reference: https://www.virustotal.com/gui/ip-address/23.106.215.85/relations cdncontentserver.com onlineimageservices.com # Reference: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/ gocgle-analytics.cm gocgle-analytics.net gocgletagmanager.cm gocgletagmanager.com # Reference: https://www.virustotal.com/gui/ip-address/194.180.224.112/relations authcrize.net gcogle-analytics.com gocgle-analytics.net googlo-analytics.com googlo-analytics.net gooqle-analytics.com gooqle-analytics.net secure-authorize.net wanalytic.is secure.authcrize.net # Reference: https://twitter.com/kyleehmke/status/1399680399756906502 # Reference: https://www.virustotal.com/gui/ip-address/87.120.254.4/relations gooqle-login.com # Reference: https://twitter.com/felixaime/status/1264124350883602432 # Reference: https://www.virustotal.com/gui/ip-address/161.35.202.72/relations cdndoubleclick.net # Reference: https://twitter.com/felixaime/status/1264567401380753409 cdn-contentstore.com cdn-sources.com # Reference: https://twitter.com/AffableKraut/status/1265349583925841922 ads-fbstatistic.com # Reference: https://twitter.com/felixaime/status/1265175178532831237 livechatcdn.com # Reference: https://twitter.com/felixaime/status/1265176411322499072 cloudfrontapi.com cloudfrontapi.net # Reference: https://twitter.com/MBThreatIntel/status/1266397492658098176 s3.amazonaws.com/content.zipboss.com/code/zipboss.dev.js # Reference: https://twitter.com/felixaime/status/1267045708932222976 apibazaarvoice.com # Reference: https://twitter.com/benkow_/status/1267034595758833667 http://89.82.251.136/counter/index.php # Reference: https://twitter.com/felixaime/status/1267095794571792384 # Reference: https://twitter.com/dimitribest/status/1372632649496420364 # Reference: https://twitter.com/rootprivilege/status/1392119803997941762 # Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/ http://45.197.141.250 45.197.141.250:443 happykid.in/image/catalog/d_blog_module/review/jjs.js tienda.flex.cl/media/sello-ecommerce.js # Reference: https://twitter.com/eclipsepicards/status/1268240487233867778 platinumus.top # Reference: https://twitter.com/MBThreatIntel/status/1267874481113989121 googleapifs.space # Reference: https://twitter.com/felixaime/status/1267729483987062786 ssecurapi.club # Reference: https://twitter.com/MBThreatIntel/status/1268340229347270657 jquerylib.at # Reference: https://twitter.com/MBThreatIntel/status/1268982125543387136 cdnn-aws.com # Reference: https://twitter.com/unmaskparasites/status/1269005294325108738 hits-cache.com # Reference: https://blog.sucuri.net/2020/06/evasion-tactics-in-hybrid-credit-card-skimmers.html # Reference: https://www.virustotal.com/gui/ip-address/185.110.132.220/relations http://185.110.132.220 jshost.org # Reference: https://twitter.com/prsecurity_/status/1269843378088247296 http://185.4.65.69 http://185.4.65.72 http://185.4.66.82 http://37.252.0.91 http://37.252.0.115 http://37.252.0.150 http://37.252.0.149 http://37.252.0.196 http://37.252.0.199 http://5.45.80.46 http://5.45.82.166 http://5.45.82.189 http://5.45.83.202 http://5.45.83.223 # Reference: https://twitter.com/unmaskparasites/status/1270064808864419841 # Reference: https://www.virustotal.com/gui/ip-address/54.38.49.244/relations jsassets.net payprocessor.net # Reference: https://twitter.com/MBThreatIntel/status/1270150196333142016 locol.site # Reference: https://twitter.com/JWilsonSecurity/status/1270087185795026944 t.obet.us/gagal/log.php # Reference: https://twitter.com/MBThreatIntel/status/1270861231776137218 # Reference: https://twitter.com/MBThreatIntel/status/1279128778543783936 # Reference: https://twitter.com/500mk500/status/1270945615812460544 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.189/relations bootstrapmag.com chatajax.com google-adware.com jquery-apl.com jqueryalert.com jqueryapiscript.com magento-info.com magento-stores.com magento-updater.com security-magento.com securityscr.com w3schooli.com wordpress-scripts.com # Reference: https://twitter.com/felixaime/status/1271061780849209344 # Reference: https://www.virustotal.com/gui/ip-address/193.32.161.74/relations cdnxmljquerybucket.com jqueryapichecker.com tagmanagercdn.com tagmanagerxmlraw.com xmljqueryscoring.com xmlrawdataresponse.com # Reference: https://securityaffairs.co/wordpress/104776/hacking/claires-magecart-attack.html claires-assets.com # Reference: https://twitter.com/felixaime/status/1263818626114740224 # Reference: https://twitter.com/MBThreatIntel/status/1272679759126777857 # Reference: https://www.virustotal.com/gui/ip-address/185.217.92.149/relations jquerystats.com salesstatistic.com scriptstatistic.com # Reference: https://twitter.com/benkow_/status/1273214642458853376 reddotarms.com/js/infortis/jquery/jquery-1.7.2.min.js # Reference: https://twitter.com/benkow_/status/1273219665582579713 visaandpassportagency.com/js/prototype/prototype.js # Reference: https://twitter.com/felixaime/status/1273221200886587392 magento-api.icu magentolink.icu bootstrap-fronts.icu bootstrap-jquery.icu cloud-fronts.icu bootstrap-jquery.host magento-api.host cloud-fronts.host magentolink.host jqueryjs.host # Reference: https://twitter.com/MBThreatIntel/status/1273733879526903808 # Reference: https://www.virustotal.com/gui/ip-address/185.92.148.128/relations cddn.site lebs.site # Reference: https://securelist.com/web-skimming-with-google-analytics/97414/ google-anatytics.com google-analytics-js.com # Reference: https://www.virustotal.com/gui/ip-address/84.38.182.177/relations mstracking.link paypalapiobjects.com # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.50/relations googleapimanager.com # Reference: https://twitter.com/MBThreatIntel/status/1376665239647756289 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ ads-fbstatistic.com apilivechat.com bestcdnforbusiness.com bizrateservices.com cddn.site cxizi.net favicon.click j-queries.com jquery-analitycs.com jqueryanalise.xyz koinweb.site lebs.site magentorates.com pixasbay.com sonol.site teamsystems.info towbarchat.com undecoveria.com webtrans.site wosus.site xciy.net xoet.site yxxi.net yzxi.net # Reference: https://twitter.com/MBThreatIntel/status/1279651033883439105 kttape.com/pub/static/frontend/Plumtree/kttapeb2b/en_US/mage/mail.js # Reference: https://twitter.com/MBThreatIntel/status/1279523525192081408 cloud-flares.host # Reference: https://twitter.com/wwp96/status/1279551267698888704 jquerycloud.host # Reference: https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/ # Reference: https://twitter.com/MBThreatIntel/status/1280180299112919041 # Reference: https://www.virustotal.com/gui/ip-address/31.220.60.108/relations cdn-xhr.com hivnd.net hixrq.net idpcdn-cloud.com joblly.com rackxhr.com thxrq.com # Reference: https://twitter.com/unmaskparasites/status/1280569151833223168 cdn-google-analytics.com # Reference: https://twitter.com/p5yb34m/status/1111707577685991424 givemejs.cc # Reference: https://twitter.com/jeromesegura/status/1121811483195633670 # Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/ /mage/master/mage.js # Reference: https://www.symantec.com/security-center/writeup/2018-092007-1208-99 (JSCoffe domains) beachyripe.com energycoffe.org energytea.org lightbulbs-direct.org teacoffe.net ukcoffe.com # Reference: https://blog.sucuri.net/2018/12/localization-and-customization-of-credit-card-stealing-malware.html kinfirighbetted.host sales4reason.com greatwebstat.com # Reference: https://www.helpnetsecurity.com/2020/07/08/magecart-group-8/ # Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-A-3.pdf # Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-B-1.pdf adaptivecss.org adorebeauty.org anduansury.com ankese.com assethomify.com assetstorage.net blackriverimaging.org braincdn.org citywlnery.org closetlondon.org coffemokko.com coffetea.org dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org etradesupply.org exrpesso.org fileskeeper.org foodandcot.com freshchat.info freshdepor.com frocklay.com hqassets.com info-js.link jewsondirect.com js-storage.click jsvault.net labbe.biz link-js.link londontea.net mage-checkout.org majsurplus.com map-js.link mechat.info misshaus.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su replacemyremote.org safeprocessor.com sagecdn.org sainester.com scriptdesire.com scriptsparadise.com scriptvault.org security-payment.su shourve.com slickjs.org smart-js.link stairany.com swappastore.com teacoffe.net theresevit.com top5value.com track-js.link ukcoffe.com uthorizecdn.com verywellfitnesse.com walletgear.org weblibscdn.com # Reference: https://twitter.com/unmaskparasites/status/1283084460519456771 cdnlistrakbi.com # Reference: https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html # Reference: https://www.virustotal.com/gui/ip-address/8.208.19.101/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.77.10/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.99.41/relations analytics-core.com analytics-ssl.com fonts-googlemaps.com fonts-gstatic.com fontsgoogle-apis.com fontsgoogleapis.com google-conf.com google-console.com google-core.com google-sert.com dash.google-console.com fonts.fontsgoogleapis.com ssl.analytics-core.com /app/design/frontend/Magento/luma/media/mage.png /pub/media/downloadable/mage.png # Reference: https://twitter.com/felixaime/status/1287408636164284419 cdn-filestorm.com cloud-sources.com # Reference: https://twitter.com/500mk500/status/1288482532774891521 # Reference: https://www.virustotal.com/gui/ip-address/8.211.36.239/relations # Reference: https://www.virustotal.com/gui/domain/rooplancdn.com/detection rooplancdn.com # Reference: https://twitter.com/felixaime/status/1288604510802325509 shopify-sales.com # Reference: https://twitter.com/felixaime/status/1288601153400446976 # Reference: https://www.virustotal.com/gui/ip-address/47.88.14.111/relations # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.134/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.84.18/relations # Reference: https://twitter.com/felixaime/status/1301090258671542272 adw-gooqle.com blog-mage.com cailpercovers.com cheeseceke.com cioubfiare.com claristokp.top clickstrackings.com cloubfiare.com cloudflaea.com cloudfliare.com googie-seo.com google-ahatytics.com google-anatytics.com google-ssm.com gooqieapis.com jquery-doc.com jquery-magento.com jqueryupdate.com magenlo.com magento-update.com marketing-yahoo.com optimized-js.com path-magento.com script-magento.com sucuil.net tag-managers.com up-tracking.com # Reference: https://twitter.com/unmaskparasites/status/1288922935240077313 http://31.214.157.134/in.php /setup/performance-toolkit/files/search_terms.php # Reference: https://twitter.com/AffableKraut/status/1290031871670104066 # Reference: https://twitter.com/AffableKraut/status/1290031876892057600 # Reference: https://www.virustotal.com/gui/ip-address/37.252.5.111/relations # Reference: https://gist.github.com/krautface/b65cb1e717038f000d4d9dfd860830ea cdn-adsense.com # Reference: https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/ # Reference: https://otx.alienvault.com/pulse/5f2c453b5b063dda49dd855f # Reference: https://www.virustotal.com/gui/ip-address/51.83.209.11/relations cigarpaqe.com fleldsupply.com pushcrew.pw winqsupply.com zoplm.com # Reference: https://twitter.com/felixaime/status/1292567951762231299 cdncom.site # Reference: https://twitter.com/AffableKraut/status/1293104085835689984 # Reference: https://www.virustotal.com/gui/domain/googapi.com/detection googapi.com # Reference: https://twitter.com/felixaime/status/1295796245588512768 payprocessor.net # Reference: https://twitter.com/felixaime/status/1295800211416190976 # Reference: https://www.virustotal.com/gui/ip-address/188.209.49.71/relations clipboardplugin.com devtoolsforweb.com variousscripts.com topcc.biz topcc.pw topcc.store topcc.su # Reference: https://twitter.com/unmaskparasites/status/1295816804133199878 # Reference: https://twitter.com/AffableKraut/status/1295817245017493507 amastybootstrap.host amastybootstrap.online amastybootstrap.store bootstrapcd.host bootstrapcd.online bootstrapcss.host bootstrapcss.online cdnbootstrap.host cdnbootstrap.store dbbootstrap.online dbbootstrap.zip # Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations cdn-jquerystatic.ddns.net static-jquery.sytes.net # Reference: https://www.virustotal.com/gui/ip-address/91.211.247.69/relations cvv2.name # Reference: https://www.virustotal.com/gui/ip-address/47.241.7.41/relations acloudsapi.com securebnp-server.com securebnp1-update.com secureing-update.com # Reference: https://twitter.com/JCyberSec_/status/1298929497354448901 gaminpit.com # Reference: https://twitter.com/MBThreatIntel/status/1299380573966802944 # Reference: https://www.virustotal.com/gui/ip-address/108.62.12.46/detection content-analytics-server.com # Reference: https://twitter.com/felixaime/status/1300335046029606912 lighting-spot.com/pub/media/js/jscol.min.js lighting-spot.com/pub/media/js/lighting.js # Reference: https://twitter.com/sansecio/status/1304043546970927104 # Reference: https://www.virustotal.com/gui/ip-address/80.78.254.128/relations sansec.biz csp.sansec.biz # Reference: https://twitter.com/sansecio/status/1305041618744086528 # Reference: https://twitter.com/sansecio/status/1305461119314690048 # Reference: https://sansec.io/research/largest-magento-hack-to-date # Reference: https://otx.alienvault.com/pulse/5f5f9a8ba62718db52b64700 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.152/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.245.32/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.245.93/relations ajaxcloudflare.com imags.pw mcdnn.me mcdnn.net myicons.net data-id-click.ru divamoda-tds.ru justwe-track.ru # Reference: https://twitter.com/sansecio/status/1306190540963282946 facelook.no/en_US/pixel.js # Reference: https://twitter.com/unmaskparasites/status/1308419144048668672 http://94.158.244.55 # Reference: https://twitter.com/MBThreatIntel/status/1310703704396279808 static-trustpilot.com # Reference: https://twitter.com/felixaime/status/1310835184917458944 # Reference: https://www.virustotal.com/gui/ip-address/161.117.237.217/relations # Reference: https://www.virustotal.com/gui/ip-address/45.14.12.199/relations # Reference: https://www.virustotal.com/gui/ip-address/6.9.3.11/relations acdn.space ancdn.site ancdnto.site arcdn.site bcdn.space cacdn.site ccdn.space cdna.site cdna.space cdnb.site cdnb.space cdnc.site cdnc.space cdncom.site cdnd.site cdnd.space cdne.site cdne.space cdnf.site cdnf.space cdng.site cdng.space cdnh.site cdnh.space cdni.site cdni.space cdnj.site cdnj.space cdnk.site cdnk.space cdnl.site cdnl.space cdnm.site cdnm.space cdnn.site cdnn.space cdno.site cdno.space cdnp.site cdnp.space cdnq.site cdnq.space cdnr.site cdnr.space cdns.site cdns.space cdnt.site cdnt.space cdnu.site cdnu.space cdnv.site cdnv.space cdnw.site cdnw.space cdnx.site cdnx.space cdny.site cdny.space cdnz.site cdnz.space dcdn.space fcdn.space frcdn.site gcdn.space gtacdn.site gtag.site gtage.site gtamanag.site gtcdn.site gtgcdn.site gtmcdn.site hcdn.space icdn.space jcdn.space kcdn.space ncdn.space ocdn.space qcdn.space tcdn.space usacdn.site uscdn.site wcdn.space xcdn.space zcdn.space # Reference: https://www.virustotal.com/gui/ip-address/45.32.178.26/relations acache.pw adev.pw asite.pw # Reference: https://twitter.com/felixaime/status/1310840704801951744 jquerycss.online jquerycss.space jquerycss.store jquerycss.tech jquerycss.website # Reference: https://twitter.com/JWilsonSecurity/status/1311140720498147334 # Reference: https://www.virustotal.com/gui/domain/ride4speed.com/relations ride4speed.com # Reference: https://twitter.com/AffableKraut/status/1311330609546104832 googleanalytics.monster googleanalytics.buzz google-analytics.monster google-analytics.buzz googletagmanager.cyou google-analytics.icu google-analytics.club googletagmanager.top google-analytics.cyou googleanalytics.top googleanalytics.cyou statanalytic.cyou googleshopanalytic.icu gstatic.cyou gstatic.club # Reference: https://twitter.com/MBThreatIntel/status/1311423125582540802 adsojs.com cdndeskpro.com cdnprog.com faceapiget.com facecdnget.com fbpixelget.com gstaticapi.com keywestcdn.com klaviyo.host lightgetjs.com listrakjs.com mediabtracker.com meidiaplus.com section.ws sectionget.com sumome.net swiftypecdn.org uniquegetapi.com findericons.com/favicon.ico # Reference: https://unit42.paloaltonetworks.com/malicious-coinminers-web-skimmer/ metahtmlhead.com # Reference: https://twitter.com/rootprivilege/status/1311731116345237509 # Reference: https://blog.sucuri.net/2021/01/magento-php-injection-loads-javascript-skimmer.html # Reference: https://www.virustotal.com/gui/ip-address/5.135.247.140/relations underscorefw.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.90.81/relations fontsgoogle-api.com googleapis-fonts.com # Reference: https://twitter.com/MBThreatIntel/status/1313137479512276995 # Reference: https://www.virustotal.com/gui/ip-address/188.68.220.49/relations # Reference: https://www.virustotal.com/gui/ip-address/31.184.253.166/relations # Reference: https://www.virustotal.com/gui/ip-address/47.245.128.231/relations # Reference: https://www.virustotal.com/gui/ip-address/47.89.184.107/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.170.245/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.84.162/relations # Reference: https://www.virustotal.com/gui/ip-address/5.53.125.202/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.14.9/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.20.61/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.27.102/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.72.188/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.79.49/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.65.45/relations # Reference: https://www.virustotal.com/gui/ip-address/8.210.68.59/relations # Reference: https://www.virustotal.com/gui/ip-address/79.143.29.164/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.144.26/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.145.190/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.147.241/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.148.133/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.30.191/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.31.102/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.31.214/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.233/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.84/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.183.160/relations admin-autorization.com bing-analytics.com bing-insert.com bootstrap-java.com cdn-jquery.com checkout-sagepay.com connect-facebook.com google-analytics.top google-anylysis.com google-apic.com google-assignments.com google-assistant.com google-checkout.com google-connect.com google-modile.com google-money.com google-payment.com google-query.com google-sale.com google-sanek.com google-smart.com google-standard.com google-taq.com google-tasks.com google-worldpay.com jquery-assets.com jquery-assist.com jquery-insert.com jquery-migrate.com live-sagepayment.com pay-sagepay.com pay-u-biz.com payment-sagepay.com payment-worldpay.com paypal-assist.com paypal-debit.com paypal-vendor.com paypal-worldpay.com paypalapiobjects.com payu-biz.com sagepay-live.com sagepay-world.com yahoo-manager.com yahoo-tasks.com cdn.jquery-migrate.com # Reference: https://www.virustotal.com/gui/ip-address/47.245.128.230/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.181.56/relations cdnanalyticss.top google-picaso.com promakerboi.top # Reference: https://twitter.com/AffableKraut/status/1313600312045907973 shopifyst.com # Reference: https://twitter.com/unmaskparasites/status/1313913253035159553 # Reference: https://www.virustotal.com/gui/ip-address/176.123.3.85/relations ay64.club by222.site cyan24.club dynrdns.site googleanalytics.icu idssl.site shopstatanalytics.store statanalytic.site # Reference: https://twitter.com/malwareinfosec/status/1349425176983658497 # Reference: https://www.virustotal.com/gui/ip-address/8.208.102.232/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.24.81/relations facebookapimanager.com tag-manager.net tags-manager.com # Reference: https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/ # Reference: https://www.virustotal.com/gui/ip-address/198.187.31.243/relations # Reference: https://twitter.com/MBThreatIntel/status/1314298615204995072 playbacknows.com # Reference: https://twitter.com/jeromesegura/status/1137087208630833152 jquers.com jqueres.com # Reference: https://twitter.com/Jacob_Pimental/status/1316173250850942977 # Reference: https://twitter.com/Jacob_Pimental/status/1316174498073399296 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.154/relations dataprocessor.net luhnvalidator.com stairany.com # Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html polobear.shop # Reference: https://twitter.com/marcelmalware/status/1140723183584272386 # Reference: https://www.virustotal.com/gui/domain/jquery.su/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.97.167/relations certicodeplus.cn cloudflare.su cloudflareplus.com cloudflareplus.net cloudflarepro.info cloudflarepro.name cloudflareshop.com coomperative.com glohtoris.top googleexpert.name googleinfo.name googlemaster.info googlemaster.name googleplus.name googletag.info googletag.name jquery.su jquery24.com jqueryexpert.com jqueryinfo.com jsstroy.com magentoinfo.name magentoinfo.org magentoportal.com magentostore.org mycloudflare.net paypai.xyz procloudflare.com procloudflare.net # Reference: https://www.virustotal.com/gui/ip-address/195.54.167.88/relations alipayservice.top alipaysecurity.top unionpayinternational.services # Reference: https://twitter.com/AffableKraut/status/1325157786032992258 # Reference: https://twitter.com/AffableKraut/status/1325157787291168775 aws-amazon.site freshdesk.space gaming-spirit.xyz gaminpit.com googletagmanager.site gooogletagsmanage.com karovi.best kckaa.com kxotic.me newoldtime.site newoldtime.space riskified.site shipstation.space signifyd.site tiros.xyz # Reference: https://www.virustotal.com/gui/ip-address/47.91.76.198/relations google-site-verification.com googlecloud-verification.com googletags-manager.com jquerydll.com script-analytic.com script-analytics.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.76.69/relations apibaseajax.com reactjsget.com statsaps.com # Reference: https://twitter.com/EKFiddle/status/1326245935559692289 # Reference: https://www.virustotal.com/gui/ip-address/162.241.201.20/relations artichgroup.com # Reference: https://twitter.com/rootprivilege/status/1326231381169512450 # Reference: https://www.virustotal.com/gui/ip-address/194.59.40.37/relations jquerylib-min.com jquerylib-min.net onlinecdn-js.com # Reference: https://www.riskiq.com/resources/research/magecart-ant-and-cockroach-skimmer/ # Reference: https://urlscan.io/search/#google-statik.pw # Reference: https://www.virustotal.com/gui/ip-address/217.12.204.185/relations 2binary-education.pw ads2.adverline.com/retargetproduit/partntertag/103754_tag.js alexa-rank.pw batbing.com bgznnfzn.pw checkip.biz consoler.in gnwnprnf.pw google-statik.pw niywqcnp.pw pornodrive.pw pornostyle.pw portal-a.pw portal-b.pw portal-c.pw portal-d.pw portal-e.pw portal-f.pw recaptcha-in.pw search-components.pw sexrura.pw tattoopad.pw xnprnfzn.pw # Reference: https://www.virustotal.com/gui/ip-address/185.236.232.88/relations # Reference: https://www.virustotal.com/gui/ip-address/5.44.45.58/relations # Reference: https://otx.alienvault.com/indicator/domain/gtagmanagers.com # Reference: https://urlscan.io/result/fcd59e67-62ae-4d44-904a-51208ed82f3e # Reference: https://hybrid-analysis.com/sample/309d6cd27991b14cffe004ffbf3844dec6e050e2ed1604558627fa3077599032 gtagmanagers.com # Reference: https://securityaffairs.co/wordpress/111009/cyber-crime/sucuri-software-skimmer.html terminal4.veeblehosting.com/~sucurrin/i/gate.php /~sucurrin/ /sucurrin/ # Reference: https://twitter.com/rootprivilege/status/1331766420317773826 zago-store.vn/pub/health_check.php # Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ # Reference: https://twitter.com/AffableKraut/status/1333258524219072515 adsometrick.com apptegmaker.com googletage.com indesiter.com tag-metrix.com tawktalk.com # Reference: https://twitter.com/AffableKraut/status/1334745410750046208 abcanalytics.net adsymptotic.net artestfut.com artfut.net iofrontcloud.com outbrains.net upsellit.io zdassets.net # Reference: https://twitter.com/EKFiddle/status/1334908783894491138 # Reference: https://twitter.com/rootprivilege/status/1335018000227868672 # Reference: https://sansec.io/research/svg-malware budoshop.si/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css budoshop.si/pub/health_check.php myfisherstore.com/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css myfisherstore.com/pub/health_check.php # Reference: https://twitter.com/AffableKraut/status/1335501765031174145 # Reference: https://www.virustotal.com/gui/ip-address/51.89.179.232/relations jquerycdn.net jquerycss.xyz jquerysapi.com js-jquery.com jslibcdn.net # Reference: https://www.group-ib.com/blog/fakesecurity_raccoon (# FakeSecurity) cloud-js.co.za host-js.co.za magento-cloud.co.za magento-js.co.za magento-security.co.za marketplace-magento.co.za marketplacemagento.co.za node-js.co.za payment-js.co.za security-js.co.za web-js.co.za # Reference: https://twitter.com/sansecio/status/1336319799501078529 (# FakeSecurity) # Reference: https://twitter.com/AffableKraut/status/1336342947613306881 bing-statistic.co.za bing-statistic.org.za bing-statistic.web.za cdn-jquery.co.za cdn-jquery.org.za cdn-jquery.web.za cdn-js.co.za cdn-js.org.za cdn-js.web.za chrome.co.za chrome.org.za chrome.web.za font-google.co.za font-google.org.za font-google.web.za g00gle.africa g00gle.co.za g00gle.org.za g00gle.web.za godaddy.co.za godaddy.org.za godaddy.web.za google-script.co.za google-script.org.za google-script.web.za google-scripts.co.za google-scripts.org.za google-scripts.web.za javascript.co.za javascript.org.za javascript.web.za js-google.co.za js-google.org.za js-google.web.za magent0.co.za magent0.org.za magent0.web.za magento-connect.co.za magento-connect.org.za magento-connect.web.za magento-content.co.za magento-content.org.za magento-content.web.za microsoft.co.za microsoft.org.za microsoft.web.za mozilla.co.za mozilla.org.za mozilla.web.za opera.co.za opera.org.za opera.web.za yah00.co.za yah00.org.za yah00.web.za # Reference: https://www.virustotal.com/gui/ip-address/169.239.182.46/relations # Reference: https://twitter.com/AffableKraut/status/1336352752478334977 google-statistic.com google-statistic.net yahoo-statistic.com yahoo-statistic.net # Reference: https://www.virustotal.com/gui/domain/google-statistics.com/relations google-statistics.com # Reference: https://twitter.com/500mk500/status/1336333922213404673 # Reference: https://www.virustotal.com/gui/ip-address/8.208.99.195/relations comepropay54.net # Reference: https://twitter.com/sansecio/status/1336614850047381506 # Reference: https://www.virustotal.com/gui/ip-address/89.108.90.123/relations cloud-iq.net # Reference: https://www.virustotal.com/gui/ip-address/89.108.90.125/relations brandcdn.net # Reference: https://twitter.com/kyleehmke/status/1336694242685702147 google-register.com webspagestat.com # Reference: https://twitter.com/AffableKraut/status/1337485794940956675 # Reference: https://twitter.com/AffableKraut/status/1337491084960739329 # Reference: https://twitter.com/500mk500/status/1337499684370255872 # Reference: https://pastebin.com/Xf4iGu9q adrequest.xyz agrorek.site apiiiiii.com appraisalqpm.com artifacia.store bigdomain.in businesslocationfinder.org cloudfront.pro comebizframe.com evamedia.top evanalitic.com g-content.bid golecode.com gooaglesyndication.com google-stupidix.com googleadservicees.com googleais.com googlecodelibs.com googlesyndicatiofn.com googlesyndiction.com googletagmanag-er.com googlgr.com googlnalytics.com gytmoogletagmanager.com hs-script.com html5update.com javascriptcdn.stream jquerry.online jquerytutorialjs.com jss-mautic.com koobecaf.info mediapays.info ml-api.pw nearsightedraccoon.com polygons.cloud professionalcdn.com raku10shop.net realtracking.ninja removeclickfunnels.com rotate4ads.com seetestnow.com sitespy.in sublytics-5d6fcf0a813fd.com thesqt.online trackedlink.biz visitorhunter.com weathers.pw xhtmls.cc # Reference: https://twitter.com/jfslowik/status/1337465833602203648 centosupdatecdn.com jqery.net # Reference: https://twitter.com/AffableKraut/status/1337682688233398273 googie-analytisc.com google-analytisc.com google-ecommerce.com google-science.com google-trusts.com # Reference: https://www.virustotal.com/gui/domain/google-analysis.com/detection google-analysis.com # Reference: https://twitter.com/gwillem/status/1339895713405280265 # Reference: https://www.virustotal.com/gui/file/2602da2aafea7a632d69654269c923d33d23bb72176bee9b5cd2e602bd3c93c3/detection # Reference: https://www.virustotal.com/gui/file/4321b96d5ee4f89baeca39d24a7808190129b1115d1236297e191c4706444090/detection # Reference: https://www.virustotal.com/gui/file/85b74ceae400d70ab81aa8e0f1412689196e9eead3fc3dbe33df26af7fac33c9/detection # Reference: https://www.virustotal.com/gui/file/89ad715d0c924625fb4af392353e07c97b4e6a23fd65ef845690900e5d3dbb1d/detection hostreselling.com jquerysmartstack.com # Reference: https://community.riskiq.com/article/14924d61 # Reference: https://urlscan.io/search/#jquerycloud.com # Reference: https://www.virustotal.com/gui/ip-address/8.211.0.55/relations jquerycloud.com /js/dovesfarm.js # Reference: https://twitter.com/VK_Intel/status/1162434460731813893 # Reference: https://www.zscaler.com/blogs/security-research/magecart-hits-again-leveraging-compromised-sites-and-newly-registered-domains cloudflara.org googletagmanager-service.com # Reference: https://twitter.com/500mk500/status/1339707412316626945 # Reference: https://www.virustotal.com/gui/ip-address/185.154.13.210/relations # Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.129.13/relations gstatica.space gstaticc.space gstaticd.space gstatice.space gstaticf.space gstaticq.space gstaticr.space gstatics.space gstaticv.space gstaticw.space gstaticx.space gstaticz.space # Reference: https://twitter.com/rootprivilege/status/1339751739604365312 printcss.host # Reference: https://twitter.com/sansecio/status/1339914201662443520 # Reference: https://www.virustotal.com/gui/ip-address/162.241.222.203/relations hsbc-secures.com hsbcaccts.com hsbcsecuressl.com nmdatast.com ushsbcsecure.com # Reference: https://twitter.com/AffableKraut/status/1340035274450079744 # Reference: https://twitter.com/500mk500/status/1340048171779633153 paymaster-ssl.ru # Reference: https://twitter.com/makflwana/status/1341239469836357633 # Reference: https://www.virustotal.com/gui/ip-address/176.123.7.116/relations googlessl.icu idtransfer.icu idtransfer.me # Reference: https://www.group-ib.com/blog/ultrarank # Reference: https://otx.alienvault.com/pulse/5fe4cb300b0a9b6655a11de1 45.141.84.239:1443 googletagsmanager.co googletagsmanager.info s-panel.su # Reference: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce zg9tywlubmftzw5ldza.com zg9tywlubmftzw5ldze.com zg9tywlubmftzw5ldze0.com zg9tywlubmftzw5ldze1.com zg9tywlubmftzw5ldzew.com zg9tywlubmftzw5ldzex.com zg9tywlubmftzw5ldzey.com zg9tywlubmftzw5ldzez.com zg9tywlubmftzw5ldzg.com zg9tywlubmftzw5ldzi.com zg9tywlubmftzw5ldzk.com zg9tywlubmftzw5ldzm.com zg9tywlubmftzw5ldzq.com zg9tywlubmftzw5ldzu.com zg9tywlubmftzw5ldzy.com # Reference: https://www.virustotal.com/gui/ip-address/47.90.242.121/relations # Reference: https://www.virustotal.com/gui/ip-address/47.91.28.226/relations trustcdnjs.com # Reference: https://www.virustotal.com/gui/ip-address/161.117.89.16/relations # Reference: https://urlscan.io/result/2cbc4a8f-eff1-4ed2-8fcf-09514c612e19/ # Reference: https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/ # Reference: https://urlscan.io/domain/myxintad.com jsglobal.top myxintad.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.89.255/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations connecstaff.com pubmatgic.com # Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations awskit.com awsprog.com keywestapi.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.24.53/relations pixeltrack.top # Reference: https://twitter.com/p0x53/status/1343649574674550784 # Reference: https://www.virustotal.com/gui/ip-address/176.119.1.157/relations amazon-server12-cdn.com amazon-server15-cdn.com # Reference: https://twitter.com/felixaime/status/1343958003905671173 jerrysmusic.com/js/varien/validation.js # Reference: https://twitter.com/marcelmalware/status/1277615543013519362 gtows.com/wp-content/js/var.js # Reference: https://twitter.com/sinnadabueno/status/1344078328278482946 userway-api.com # Reference: https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html java-e-shop.com soulmagic.biz.fozzyhost.com # Reference: https://twitter.com/malwareinfosec/status/1347590799249219584 # Reference: https://www.virustotal.com/gui/ip-address/102.130.115.168/relations cdn-cloud.co.za cdn-jquery.biz cdn-jquery.net cdn-jquery.net.za cdn-jquery.org cdn-jquery.web.za cdn-jquery.org.za cdn-stat.co.za cdn-stat.org.za cdn-stat.web.za cdn-update.co.za # Reference: https://twitter.com/malwareinfosec/status/1347598539589709824 veterinaryconcepts.com/errors/enx.php?data= # Reference: https://twitter.com/500mk500/status/1347687209844027392 # Reference: https://urlscan.io/result/0a34d7a1-aef8-45d3-b71a-71d68d66530b/ # Reference: https://urlscan.io/result/838576c6-7d97-4821-86cd-6d463d21782b/ # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.81/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.4/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.5/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.6/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.7/relations cloudchimp.online cloudchimp.tech mail-chimp.site mailchimp.press printcss.site supportpay.club tagmanager.online tagmanager.site tagmanager.store tagmanager.tech # Reference: https://twitter.com/felixaime/status/1351456431086698498 # Reference: https://twitter.com/malwareinfosec/status/1351584550099435526 # Reference: https://twitter.com/p0x53/status/1352188052433633280 # Reference: https://www.virustotal.com/gui/ip-address/109.199.125.72/relations # Reference: https://www.virustotal.com/gui/ip-address/80.92.206.12/detection styl.click styl.host styl.press analyst.uno magento.uno publish.uno servers.uno sql.uno vms.uno # Reference: https://twitter.com/AffableKraut/status/1260829836198711296 analitic.club felers.club tags-analitic.icu tags-css.icu # Reference: https://twitter.com/AffableKraut/status/1348165316589846532 fbevents.host fbevents.site fbevents.store fbevents.tech # Reference: https://twitter.com/AffableKraut/status/1348525412415107072 # Reference: https://www.virustotal.com/gui/ip-address/45.155.38.3/relations cdn-google-cloudflare.com # Reference: https://twitter.com/AffableKraut/status/1348684891718901762 # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.139/relations # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.153/relations # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.147/relations asp-cloud.org.za google-document.co.za google-js.co.za google-js.org.za google-js.web.za google-network.co.za google-statistic.co.za google-statistic.org google-statistic.org.za google-statistic.web.za jquery.africa jquery.org.za lib-cloud.org.za lib-cloud.web.za mage.org.za mage.web.za magento.web.za node-js.org.za node-js.web.za nodejs.org.za yahoo-statistic.org.za yahoo-statistic.web.za # Reference: https://community.riskiq.com/article/5bea32aa statexplore.com jquery-dll.net # Reference: https://twitter.com/AffableKraut/status/1351390506484445184 # Reference: https://twitter.com/AffableKraut/status/1351390507759529984 # Reference: https://twitter.com/AffableKraut/status/1351390508719943680 # Reference: https://twitter.com/AffableKraut/status/1430075608143384580 # Reference: https://gist.github.com/krautface/3957a1f6d21cb201fefb8327ecb3dfdd # Reference: https://gist.github.com/krautface/8e4706bc1142f5d14c3fb15a8a17a7ed # Reference: https://gist.github.com/krautface/e80d3dbf7cbc49a6449ba3355b6af327 # Reference: https://gist.github.com/krautface/e16ad2ccf30612378e0f22699982dbf5 # Reference: https://gist.github.com/krautface/e31ca7282537ac3858a72295b7d62dad # Reference: https://gist.github.com/krautface/cd29d552cb1edd50059ae541dfda9532 01phone.uno 0days.uno 0fx.club 0night.xyz 0to1.buzz 0xand.buzz 0york.xyz 114oo.icu 189027.icu 1place.buzz 1sterr.uno 1time.buzz 1to3.buzz 1xbe.icu 221u7.cyou 24hrs.fun 2days.fun 2every.fun 2nght.xyz 2now.cyou 3dw.buzz 3dwarfs.xyz 3dworks.club 3sombreros.xyz 3x3x3x.xyz 404p.icu 4evver.buzz 4mer.buzz 4youu.buzz 5leos.xyz 5meter.fun 5star.uno 5x5x5.cyou 64bitss.club 666devil.fun 6drops.buzz 6tries.uno 7chance.xyz 7digits.us 7game.fun 7luck.buzz 80srock.club 8er.uno 8planet.xyz 8words.xyz 99of100.xyz 9gag.uno 9precept.xyz 9tuvw.xyz a42.buzz absorb.buzz abspl.xyz amads.buzz amads.uno amads.xyz amads2.xyz ambien.buzz amlog.buzz arriver.buzz ax128.icu ay64.club b17.monster badger.uno bbonus.xyz blacktrade.net brainr.xyz broadw.xyz bx333.cyou by222.site c982.link coals.fun coas.uno commv.club croat.uno cx1md.cyou cyan24.club d883.click deepe.icu deriv.fun dredn.uno dropz.fun dx26cmd.icu dynrdns.site e-holodilnik.com e141.icu ehrmen.xyz enabler.buzz errno.xyz estim.buzz ext22.icu eyes2u.site f1racing.icu f8822.buzz floaty.buzz foldr.xyz freejob.uno frozn.xyz fx555.cyou fykes.club g8super.monster g98.monster gigo.buzz google-analytics.buzz google-analytics.club google-analytics.cyou google-analytics.icu google-analytics.monster googleanalytics.buzz googleanalytics.cyou googleanalytics.icu googleanalytics.monster googleanalytics.top googleshopanalytic.icu googletagmanager.cyou googletagmanager.top gravit.xyz greml.xyz grosss.club gstatic.club gstatic.cyou gx717.icu gym365.site herbo.xyz hick.buzz hihihi.cyou hija.buzz hint.fun holidaygo.ru hostssl.uno hostssl.xyz hx24.cyou hyper1.club iamsuch.fun ifilez.uno inits.fun intr0.cyou irrati.uno ix85.cyou iyork.club jeepp.fun jobber.fun jockey.monster johndoe.icu joinem.uno jx22.icu jyjy.site kanken.ru keepr.buzz klear.buzz klingon.monster knowit.buzz kraftz.uno kx482.icu kyat.club lassoz.xyz lazyfox.icu limitedd.xyz lizrd.xyz loll0l.xyz lx05.cyou lynx1.site merph.fun miners.fun mirr.buzz misstr.xyz monk.monster mx11.shop mythis.store n0ne.cyou narrr.xyz nerol.xyz noth.buzz nozzl.uno nx44.fun nyvip.store objec.fun objen.fun om.sb oppen.icu oreal.fun originel.buzz ox95.top oyer.club ozzyz.buzz padmin2.xyz pens.monster peppp.uno popcrn.icu posr.uno prods.uno propty.xyz px22.xyz pxxx.xyz pyrex.site qee.buzz quake.buzz questn.fun quickerr.xyz quicky.cyou qx48.buzz qyizz.store rebor.xyz rebrn.xyz reddys.icu restt.xyz rollr.buzz rxazz.uno rxbet.uno rxch.uno rxchg.uno rxdd.uno rxdex.uno rxem.uno rxemb.uno rxfff.uno rxgreed.uno rxgrow.uno rxhop.uno rxindia.uno rxint.uno rxjoke.uno rxkoz.uno rxled.uno rxmod.uno rxnop.uno rxooo.uno rxpro.uno rxquz.uno rxrch.uno rxstd.uno rxtmp.uno rxuno.uno rxvvv.uno rxwax.uno rxxx.uno rxyz.uno rxzip.uno ryanz.cyou rybbon.cyou rycycle.cyou ryddle.club ryderz.cyou ryer.club ryeseed.club ryezon.cyou ryfer.cyou ryggle.cyou rygle.cyou ryhed.cyou ryhson.cyou ryibol.cyou ryicat.cyou ryjoke.cyou rykman.cyou ryloth.cyou rymour.cyou rynder.cyou ryots.cyou ryprop.cyou ryquoko.cyou ryren.cyou ryser.cyou rytlab.cyou ryuuk.cyou ryvers.cyou ryweak.cyou ryxmas.cyou ryyyy.cyou ryzone.cyou shopssl.xyz shopstatanalytics.store sportloto.buzz sstockk.xyz sstrip.uno statanalytic.cyou steelz.uno streetrac.icu stress.buzz sub0.monster sxamp.uno sxbet.uno sxcad.uno sxdmp.uno sxerr.uno sxfnc.uno sxgear.uno sxhit.uno sxint.uno sxjump.uno sxklap.uno sxldr.uno sxmnt.uno sxnem.uno sxobj.uno sxpro.uno sxqck.uno sxrock.uno sxsok.uno sxterm.uno sxung.uno sxvid.uno sxwww.uno sxxx.uno sxyz.uno sxzz.uno sxzz.xyz syamoto.club syberian.club sycamor.club sydne.club syenna.club syfer.club sygna.club syhire.club syidim.club syjet.club sykzer.club sylamine.club symbiond.club synchros.club synjet.site syomi.club syphons.club syqqure.club syrreal.club system31.club sytcom.club syultra.club syvere.club sywang.club syxteen.club syyy.club syzu.club tanks.cyou tickis.club tremol.xyz tropicl.fun turb.buzz txarb.uno txbor.uno txcrn.uno txdln.uno txesc.uno txflt.uno txgnd.uno txhwnd.uno txinp.uno txjack.uno txkrn.uno txlist.uno txlost.uno txmag.uno txnop.uno txogr.uno txport.uno txqr.uno txred.uno txset.uno txtds.uno txuno.uno txvol.uno txweb.uno txxen.uno txyzz.uno txzer.uno tyador.club tybrown.club tyctok.club tydrew.club tyebas.club tyffoo.club tyggle.club tyhinz.club tyings.club tyjer.club tykers.club tylerz.club tympan.club tyndall.club tyosophy.club typesett.club tyquest.club tyrole.club tyssian.club tytrat.club tyultra.club tyvolume.club tywing.club tyxtyx.club tyyear.club tyzone.club ultim.fun ultrav.fun unkel.uno uoycc.cyou user42.xyz uvlamp.buzz uxand.uno uxbtn.uno uxclk.uno uxdrop.uno uxeof.uno uxfog.uno uxgot.uno uxhot.uno uxids.uno uxjob.uno uxkom.uno uxlamp.uno uxmed.buzz uxnex.buzz uyarray.club uybusiness.club uycreate.club uydamage.club uyembed.club uyfrost.club uygreat.club uyhotline.cyou uyignite.cyou uyjingle.cyou uyknight.cyou uymiddle.cyou uynight.cyou vacuum5.club vanad.uno vdr.monster versn.xyz volc.uno voltage.fun warr.club wick.buzz worldz.buzz wron.xyz wyomng.icu xchgr.xyz xfilesx.club xmass.xyz xports.xyz xrayz.buzz yellw.fun yets.xyz ynter.xyz yorkzz.buzz yoyoyo.cyou zerr.club zetas.buzz zetas.club zetas.fun zetas.monster zetas.xyz # Reference: https://twitter.com/rootprivilege/status/1352625063212666880 # Reference: https://twitter.com/unmaskparasites/status/1352743873714348033 # Reference: https://lukeleal.com/research/posts/magento2-skimmer-testserver-php/ bardven.com/testServer.php pedlitz.com/testServer.php # Reference: https://twitter.com/AffableKraut/status/1352693061336371200 # Reference: https://www.virustotal.com/gui/ip-address/169.239.183.80/relations ajax-plugin.org cdn-ajax.co.uk cdn-cloudflare.biz cdn-js.co.uk cdn-magento.com cdn-plugins.org cdn-rackspace.com cloud-plugins.org js-widget.com plugin-ajax.com widget-ajax.co.uk widget-js.co.uk # Reference: https://twitter.com/malwrhunterteam/status/1354431227802095619 # Reference: https://www.virustotal.com/gui/ip-address/34.85.13.9/relations jquery-scdn.com # Reference: https://twitter.com/jeromesegura/status/1354598447022653442 # Reference: https://www.virustotal.com/gui/ip-address/188.227.57.93/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.119.130/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.72.238/relations google-analuting.com google-conversion.com google-gateway.com google-note.com google-squery.com paypal-moneypay.com # Reference: https://twitter.com/AffableKraut/status/1355263804872024072 # Reference: https://twitter.com/AffableKraut/status/1355263805899595783 aws-amazon.site extrn.ru freshdesk.space google-analytics.su kckaa.com newoldtime.site newoldtime.space riskified.site shipstation.space signifyd.site strat-o-matic.org tolinkjpattr.com tywyvern.com # Reference: https://twitter.com/unmaskparasites/status/1356378296292806657 # Reference: https://twitter.com/AffableKraut/status/1356412371334529024 advertising-cdn.com africa-best-dating.com google-adwert.com google-adwersting.com new-adversting.com # Reference: https://twitter.com/jeromesegura/status/1356654794098626560 # Reference: https://twitter.com/MBThreatIntel/status/1357028912677613568 # Reference: https://www.virustotal.com/gui/ip-address/144.202.119.63/relations # Reference: https://www.virustotal.com/gui/ip-address/45.77.125.110/relations # Reference: https://blog.malwarebytes.com/cybercrime/2021/02/credit-card-skimmer-piggybacks-on-magento-1-hacking-spree/ auxbeam-img.cloud cdnmaeva.top costway.top crazyvaps.info hdanalyse.com hdenvironement.com hdpopulation.com motoxpricambi.top securityxx.top /costway.js /mcostway.js # Reference: https://twitter.com/virelli/status/1359465087204024325 beyondhealth.com/media/js/a1def6c62256906029767cb784323ab3.js # Reference: https://twitter.com/kyleehmke/status/1360189186578513920 # Reference: https://www.virustotal.com/gui/ip-address/45.155.37.122/relations gtmtagmanager.com # Reference: https://twitter.com/AffableKraut/status/1360319951182180355 adfast.tech getquantum.space heatmap-customer-tracking.com intellibs.net ipmarketing.biz jquery-library-code.ru jsdeliddvr.net media-rotator.net mktracking.com popstat.net push.report rotationmessage.net salesbeeapi.com statgecko.com statisticsfree.com weathermap.biz # Reference: https://twitter.com/AffableKraut/status/1360343813454245893 # Reference: https://sansec.io/research/google-apps-script # Reference: https://www.virustotal.com/gui/ip-address/91.194.11.205/relations analit.tech hotjar.host pixelm.tech # Reference: https://twitter.com/500mk500/status/1361061870061424653 # Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations # Reference: https://www.virustotal.com/gui/ip-address/91.200.85.137/relations blondescript.info blondescript.net blondescript.org coollandpage.ru # Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations # Reference: https://www.virustotal.com/gui/ip-address/89.203.198.177/relations # Reference: https://urlscan.io/result/533860b5-b101-483a-8716-d8bd19c57679/ clickandunder.com gdprmysites.co javaskript.pw json-jquery.icu statistikajsscrypt.com # Reference: https://twitter.com/benkow_/status/1222457832810991616 # Reference: https://www.virustotal.com/gui/domain/bamblbee.store/relations bamblbee.store # Reference: https://twitter.com/AffableKraut/status/1363366240039952387 google-tag.com # Reference: https://urlscan.io/result/256f6bae-84f0-488e-9e15-47ae15760cc6/ # Reference: https://www.virustotal.com/gui/ip-address/45.145.64.143/relations fbanalytic.org # Reference: https://twitter.com/unmaskparasites/status/1364675090256785411 elume.org # Reference: https://twitter.com/unmaskparasites/status/1364652993971245060 # Reference: https://www.virustotal.com/gui/ip-address/45.142.213.172/relations googlecdn-api.com jquery-in.com jquery-ini.com mastercvv.in sert-googlefonts.com # Reference: https://www.virustotal.com/gui/ip-address/34.65.43.209/relations evolutagain.ru huntes.ru manualseos.ru seocmson.ru # Reference: https://gist.github.com/krautface/b97dfcb3e07d74ebc2eab7f1051923d2 bulder.online # Reference: https://twitter.com/sansecio/status/1367404202461450244 # Reference: https://twitter.com/unmaskparasites/status/1370579966069383168 # Reference: https://urlscan.io/result/293c311f-900b-4662-9b5d-c1d0b11cead7/ # Reference: https://www.virustotal.com/gui/ip-address/195.123.217.18/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.246.34/relations facedook.host predator.host pathc.space redorn.space zeborn.pw # Reference: https://urlscan.io/result/6dea6218-8a34-4f48-931e-93fa1677faf6/ googletagmanaaer.com # Reference: https://www.virustotal.com/gui/ip-address/5.34.179.116/relations google-jquery.eu # Reference: https://twitter.com/TeamDreier/status/1368955262900592640 # Reference: https://www.virustotal.com/gui/ip-address/185.238.171.228/relations # Reference: https://www.virustotal.com/gui/ip-address/35.228.62.27/relations cloubfiare.net googiemanager.com googlemanagerads.com googlemgr.net gooqleads.net gooqlescript.com qodaddy.net # Reference: https://twitter.com/TeamDreier/status/1369617099023388672 google-codes.com google-thumbs.com google-worlds.com paypal-merchant.com paypal-merchants.com # Reference: https://twitter.com/jfslowik/status/1369745187480559617 analytics-cdn.net analytics-ssl.net # Reference: https://twitter.com/unmaskparasites/status/1370151988285992960 # Reference: https://twitter.com/rootprivilege/status/1370394651509678080 content-analytics-server.com pagemonitor-server.com templatesurvey.com # Reference: https://www.group-ib.com/blog/e1rb cdn-gstat.com cdn-host.org google-analitics.org jquery-live.com jquery-on.com telrshop.com # Reference: https://twitter.com/MBThreatIntel/status/1371877118909378568 adextech.com/tr/echo/advisor.min.js # Reference: https://twitter.com/rcwht_/status/1374016465444220932 # Reference: https://www.virustotal.com/gui/ip-address/8.209.70.103/relations ssl-authorization.com # Reference: https://twitter.com/unmaskparasites/status/1374806612611723264 wedelf.com/wip/reverse.min.js # Reference: https://twitter.com/unmaskparasites/status/1374812123562319872 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.143/relations # Reference: https://www.virustotal.com/gui/ip-address/194.87.144.10/relations agilityscripts.com amazonawscdn.com cdnforplugins.com devlibscdn.com mirasvit.net secure4d.net seoagregator.com speedtransaction.com spotforassets.com v2-zopim.com webadstracker.com # Reference: https://twitter.com/MBThreatIntel/status/1375516616243474438 un5.ffox.site # Reference: https://twitter.com/TeamDreier/status/1375149879664709638 # Reference: https://www.virustotal.com/gui/ip-address/35.228.228.1/relations bing-visitors.com googieads.com googieupdate.com google-site-verification.net googleadservlces.com googlegtm.com jquerylast.com yahoo-tracker.com # Reference: https://twitter.com/MBThreatIntel/status/1376662429229142022 # Reference: https://twitter.com/rootprivilege/status/1549799944835371008 # Reference: https://www.virustotal.com/gui/ip-address/185.215.113.111/relations # Reference: https://www.virustotal.com/gui/ip-address/194.61.25.77/relations # Reference: https://www.virustotal.com/gui/ip-address/77.83.36.33/relations gstatis.co jqueri-web.at jqueri.at jqueridev.at jqueriweb.at jsdelivr.at # Reference: https://twitter.com/unmaskparasites/status/1377383696009895939 brewtees.com/jquery/ # Reference: https://twitter.com/unmaskparasites/status/1378065215565168641 # Reference: https://twitter.com/unmaskparasites/status/1378065738422874114 # Reference: https://www.virustotal.com/gui/ip-address/198.27.64.84/relations # Reference: https://www.virustotal.com/gui/ip-address/47.91.78.128/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.69.32/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.96.5/relations # Reference: https://www.virustotal.com/gui/ip-address/80.211.41.122/relations googletagmanagers.com googletagsmanagers.com fonts-analytics.com fontsgstatic.com googlefonts-api.com googlefonts-dns.com jquery-dns.com jquery-ssl.com page2adgooglesyndication.com stackpathbootstrapcdn.com # Reference: https://urlscan.io/result/e76a66c0-403e-4099-a673-ecb322b99f7e/ # Reference: https://urlscan.io/result/14b99a92-2ec2-4327-a0f1-a0249e4513be/ # Reference: https://www.virustotal.com/gui/ip-address/203.91.116.53/relations cdnjsapis.com jquery-analytics.com # Reference: https://urlscan.io/result/a38d860f-b1a2-432c-a8ff-a4132c0f8293/ jquery-google.com # Reference: https://twitter.com/rootprivilege/status/1379096986897408001 # Reference: https://lukeleal.com/research/posts/magento2-payprocess-obj_31337-skimmer/ payprocess.org processpayment.cc # Reference: https://www.virustotal.com/gui/ip-address/8.208.78.46/relations cdn-alipearlhair.com livechatlnc.com paypalobjacts.com tagmanaqer.com # Reference: https://twitter.com/AffableKraut/status/1380022960627593216 # Reference: https://twitter.com/AffableKraut/status/1380022963160895490 # Reference: https://twitter.com/AffableKraut/status/1380022987626328065 # Reference: https://www.virustotal.com/gui/ip-address/176.9.51.172/relations aramorganstake.com cdnnetworking.com cdnnetwrk.com csscdnnett.com fivemofreegate.com fonts.services gegelanallitics.com google-analytics.org googleanalyse.website googlecashstat.com healcodes.com huggy.tech joopsjeemz.com liquidibi.com manutdfuns.com remincss.com sellait.com sixmofreegate.com snowdronedge.com # Reference: https://www.virustotal.com/gui/ip-address/144.76.57.177/relations aldyen.com braitnreegateway.com cobrosya.net cullqi.com cyberesources.com e-posnets.com epayou.net eurocommerces.net filows.com khipus.net mercadopagos.net mindbodyonlines.com oppwwa.com paypluge.com paypulatam.com redysys.net sinetesis.com stripies.com transbanks.net vivapayments.net vnmnet.net xpaymentes.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.78.196/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.92.202/relations amazon-sert.com analyticsfonts.com fontsgoogles.com googlefonts-map.com # Reference: https://www.virustotal.com/gui/ip-address/192.187.120.45/detection # Reference: https://www.virustotal.com/gui/ip-address/35.197.229.31/relations # Reference: https://urlscan.io/result/14d969b1-dc3e-4803-8b8a-9a3356f44a79/ googl-mail.com googl-service.com # Reference: https://www.virustotal.com/gui/ip-address/98.129.19.208/relations script-manager.com scriptmgr.com # Reference: https://www.virustotal.com/gui/ip-address/96.126.108.31/relations scriptdispense.com # Reference: https://twitter.com/TeamDreier/status/1383696994380648448 # Reference: https://www.virustotal.com/gui/ip-address/95.217.250.26/relations googlemanagerapi.com # Reference: https://www.virustotal.com/gui/ip-address/149.28.245.206/relations api-hotjar.com # Reference: https://twitter.com/AffableKraut/status/1383964524110245888 analistnet.site analiticnet.site analiticsnet.site analiticweb.site analylicweb.site analystclick.site analysttraffic.site analystview.site analystweb.site analyticlick.site analyticmanager.site analyticview.site clickanalyst.site clickanalytic.site foundanalyst.site foundanalytic.site managertraffic.site netanalist.site netanalitic.site netanalitics.site nettraffic.site siteanalist.site siteanalitic.site siteanalitics.site siteanalyst.site siteanalytic.site sitetraffic.site trafficanalyst.site trafficanalytics.site trafficcloud.site trafficweb.site unpkgtraffic.site viewanalyst.site viewanalytic.site webanalitic.site webanalitics.site webanalylic.site webanalyst.site # Reference: https://twitter.com/TeamDreier/status/1384089703599595526 # Reference: https://www.virustotal.com/gui/ip-address/34.125.75.72/relations ajaxtracker.com analytics-gtm.com cdn-cgi.net doubiecliick.net jquery-ui.net # Reference: https://twitter.com/rootprivilege/status/1384357710603292676 cdn-frontend.com # Reference: https://www.virustotal.com/gui/ip-address/103.232.215.140/relations jcsscpt.com jcsscpt.net sscyulept.com # Reference: https://www.virustotal.com/gui/ip-address/104.219.248.46/relations legacy-scripts.com # Reference: https://twitter.com/AffableKraut/status/1384553513842352130 conf-localhost.com facebooknetworks.com secure-conf.com # Reference: https://twitter.com/AffableKraut/status/1384546205921943552 # Reference: https://urlscan.io/search/#filename:%22google.analytics.b.js%22 /google.analytics.b.js # Reference: https://twitter.com/TeamDreier/status/1384818143156129792 coupon-popup.net dns-servers-update.net # Reference: https://www.virustotal.com/gui/ip-address/8.208.86.98/detection # Reference: https://urlscan.io/result/420f0ac5-d7b4-4417-9985-ce325c4feeb4/ ssl-center.com # Reference: https://www.virustotal.com/gui/ip-address/135.181.34.206/relations # Reference: https://www.virustotal.com/gui/ip-address/45.148.120.226/relations # Reference: https://www.virustotal.com/gui/ip-address/45.61.139.93/relations # Reference: https://www.virustotal.com/gui/ip-address/61.164.109.218/relations # Reference: https://www.virustotal.com/gui/ip-address/67.205.167.220/relations # Reference: https://www.virustotal.com/gui/ip-address/44.227.238.106/relations # Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations # Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations # Reference: https://www.virustotal.com/gui/ip-address/27.124.42.69/relations # Reference: https://www.virustotal.com/gui/ip-address/185.248.102.2/relations js-cdn.club js-cdn.host js-cdn.info js-cdn.net js-cdn.online js-cdn.org js-cdn.pw js-cdn.ru js-cdn.site js-cdn.top js-cdn.xyz # Reference: https://www.virustotal.com/gui/ip-address/45.33.20.246/relations 1001-font.com alexa-tracking.com ali-clicks.com analytics-website-services.com analytix.host cdn-hosted.com cdn-js-query.com code-scripts.com count-stats.com data-analytics.club dr-cdn.com glatrac.com goolgeapis.com jquery-custom-plugin.com js-cdn.com jscriptlibrary.org kissmetrics-analytics.com quikianalytics.site securemy-js.com staticjs-webui-library.com tagblock-analytics.com toolscript-js.com tracfb.com track-link.site trackr.website vnlyse.com yanalyics.com # Reference: https://www.virustotal.com/gui/ip-address/96.126.117.191/relations cdn-aws.com clicktracking321.com google-analytics-premium.com fonts-community.com fonts-directory.com leadcap-js.com # Reference: https://www.virustotal.com/gui/ip-address/106.187.48.151/relations # Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations # Reference: https://www.virustotal.com/gui/ip-address/162.243.186.224/relations # Reference: https://www.virustotal.com/gui/ip-address/185.12.12.191/relations # Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations # Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations # Reference: https://www.virustotal.com/gui/ip-address/83.220.168.154/relations jquery-cdn.info jquery-cdn.me jquery-cdn.net jquery-cdn.org jquery-cdn.pw jquery-cdn.ru jquery-cdn.tk # Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations jquerys.ga jquerys.ml jquerys.tk # Reference: https://www.virustotal.com/gui/ip-address/104.28.1.107/relations # Reference: https://www.virustotal.com/gui/ip-address/172.67.128.115/relations # Reference: https://www.virustotal.com/gui/ip-address/178.208.80.82/relations # Reference: https://www.virustotal.com/gui/ip-address/198.54.116.84/relations # Reference: https://www.virustotal.com/gui/ip-address/63.141.229.19/relations # Reference: https://www.virustotal.com/gui/ip-address/93.174.93.164/relations jquerys.info jquerys.net jquerys.org jquerys.ru jquerys.site jquerys.xyz # Reference: https://www.virustotal.com/gui/ip-address/141.8.226.58/relations ddcdn.pw # Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations ml-js.com peretrax-js.com # Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations cloud-js.link js-cloud.xyz scripteleven.ru # Reference: https://www.virustotal.com/gui/ip-address/202.222.31.77/detection js-cloud.net # Reference: https://www.virustotal.com/gui/ip-address/185.91.175.226/relations bootstrap-cdn.com # Reference: https://www.virustotal.com/gui/domain/cdn-magento.com/detection cdn-magento.com # Reference: https://www.virustotal.com/gui/ip-address/167.99.163.243/relations ssl-google.com # Reference: https://www.virustotal.com/gui/ip-address/34.102.136.180/relations googlefi.info ssl-facebook.com paymentssecured.com tatteredscript.com # Reference: https://www.virustotal.com/gui/ip-address/50.63.51.92/relations ssl-cloud.com # Reference: https://www.virustotal.com/gui/ip-address/185.141.25.37/relations ssl-analytics.com # Reference: https://www.virustotal.com/gui/ip-address/192.64.119.207/detection ssl-aws.com # Reference: https://www.virustotal.com/gui/ip-address/37.120.206.98/relations # Reference: https://www.virustotal.com/gui/ip-address/91.245.255.10/relations fontawesome.dev g-metrics.me jquerys.me ooolll.me # Reference: https://www.virustotal.com/gui/ip-address/64.70.19.203/relations jquerys.ws # Reference: https://www.virustotal.com/gui/ip-address/95.216.161.60/detection ssl-cloud.me # Reference: https://twitter.com/josh_larsen/status/1388892152680288262 evilcdn.com # Reference: https://twitter.com/virusbtn/status/1387795316682940421 # Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html # Reference: https://documents.trendmicro.com/assets/Appendix_Water-Pamola-Attacked-Online-Shops-Via-Malicious-Orders.pdf 77i.co auth1html.site basic-authentication.live cloudlstorage.com googleoapis.com xf6.site # Reference: https://twitter.com/unmaskparasites/status/1390027415615795200 renokonnect.com/stats/js/jcrop/jcrop.min.js # Reference: https://www.circleid.com/posts/20210506-deep-dive-into-known-magecart-iocs-connected-internet-properties/ fastmycdn.com statistik.site webinformer.biz zigzapframe.biz # Reference: https://www.virustotal.com/gui/ip-address/34.95.57.185/detection # Reference: https://www.virustotal.com/gui/ip-address/35.203.186.155/relations purechal.com # Reference: https://twitter.com/MBThreatIntel/status/1392887777902030853 houseofdesigners.in/scure.php # Reference: https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/ kermo.pw thesun.pw zolo.pw /m1_2021_force # Reference: https://twitter.com/unmaskparasites/status/1394762869233786880 bingfindapi.com bulder.online foundstyle.online fountm.online gstatcs.com jqwereid.online webfaset.com # Reference: https://twitter.com/sansecio/status/1395765199169261570 sanseclabs.com # Reference: https://twitter.com/sansecio/status/1395770562769788929 pay.mollie.nl/checkout/v3/css/global.css # Reference: https://twitter.com/unmaskparasites/status/1397030574749982722 celolum.com # Reference: https://www.riskiq.com/blog/external-threat-management/mobile-inter/ # Reference: https://otx.alienvault.com/pulse/60afd2d5ce95a296d0f9323e google-analyticss.com google-downloader.com google-pick.com google-sens.com google-turn.com gooqle.ru.oitx.xyz # Reference: https://twitter.com/MBThreatIntel/status/1398037002923110400 gstaticsfonts.com # Reference: https://twitter.com/AffableKraut/status/1398056214492291074 fonts-gstatics.com googles-analytic.com # Reference: https://twitter.com/AffableKraut/status/1398148316886491143 # Reference: https://twitter.com/AffableKraut/status/1428417456998060037 # Reference: https://gist.github.com/krautface/e213d52bbd1f6a278570afb1ae64a05e adminbox.site adminet.site adminet.space adminpan.site allforyour.site amasterweb.site analist-net.site analist-net.space analist-rete.space analistcloud.space analistnet.site analistnet.space analistnetwork.site analistnetwork.space analistpanel.site analistrete.site analistsite.site analistsite.space analisttab.site analisttab.space analistweb.site analistweb.space analitic-site.site analitic-site.space analitic-tab.site analitic-tab.space analiticnet.site analiticpanel.site analiticpanel.space analitics-panel.site analitics-site.site analitics-site.space analitics-tab.site analitics-web.space analiticsblock.site analiticsblock.space analiticsite.site analiticsite.space analiticsnet.site analiticspanel.site analiticspanel.space analiticssite.site analiticssite.space analiticstab.site analiticstab.space analiticsweb.site analiticsweb.space analitictab.site analitictab.space analiticweb.site analizeport.site analizerete.site analylicweb.site analystclick.site analysttraffic.site analystview.site analystweb.site analyticlick.site analyticmanager.site analyticview.site aneweb.site assiststore.site blockanalist.site blockanalist.space blockanalitics.site blocktestnet.space bootstrapload.site cartmainer.site cdnetworker.site cdnetworker.space cleanerjs.site clickanalyst.site clickanalytic.site cloudjs.site cloudtester.site commenter.site connectweb.space domainclean.site domainet.site domainet.space fastloader.site fastupload.space flexposter.site foundanalyst.site foundanalytic.site goodstats.site hardtester.site httpanel.site httpanel.space interage.site ipcounter.site jscleaner.site lanetester.site lanlocker.site lanlocker.space libloader.site libminifaer.site libstorage.space linkerage.site linkerange.site listmanager.space loockerweb.site lookingstore.site magengine.site managerage.site managerage.space managertraffic.site masterlinker.site masternet.space masterport.site minanalize.site minimazerjs.site minlibscdn.space net-analist.site net-analist.space net-analitic.space netanalist.site netanalist.space netanalisttest.space netanalitic.site netanalitic.space netanalitics.site netcontrol.site netpanel.site netstart.space nettestpanel.site nettinganalist.site nettinganalist.space nettingpanel.site nettingtest.site nettraffic.site networkanalist.site networkanalist.space onlinecount.site onlinecounter.site onlinerpage.site owlloader.site owlplugin.site ownerpage.site pagecacher.site pagecleaner.site pagegine.site pagelettermass.site pagenator.site pagesocket.site pagestater.site pagesupport.site pageviewer.site panel-analitic.site panel-analitic.space panelake.site panelake.space panelaker.site panelan.site panelanalist.site panelanalist.space panelanalitics.site panelanalitics.space panelblock.site panelnetting.site panelocker.site placepager.site planetspeed.site portviewer.site producteditor.site reteanalitics.site retenetweb.site saverplanel.site sectimer.site securefield.site seeweb.space sellmanager.site shoppingmetod.site showproduct.site site-analitic.site site-analitic.space site-analitics.site site-analitics.space siteanalist.site siteanalist.space siteanalitic.site siteanalitic.space siteanalitics.site siteanalitics.space siteanalyst.site siteanalytic.site sitengine.site sitesecure.space sitetraffic.site slickclean.site slotmanager.site slotshower.site spaceclean.site spacecom.site speedstress.site speedtester.site speedtester.space sslmanager.site sslsecurer.site starnetting.site statetraffic.site statsclick.site storepanel.site suporter.site tab-analitic.site tab-analitic.space tab-analitics.site tab-analitics.space tabanalist.site tabanalist.space tabanalitic.site tabanalitic.space tabanalitics.site tabanalitics.space targetag.space tawk-manger.site telanet.site trafficanalyst.site trafficanalytics.site trafficcloud.site trafficsanalist.site trafficsee.site trafficweb.site unpkgtraffic.site versionhtml.site viewanalyst.site viewanalytic.site viewonline.space web-analitics.space webanalist.site webanalist.space webanalitic.site webanalitics.site webanalitics.space webanalylic.site webanalyst.site webmode.site webtable.site woodyday.top # Reference: https://www.virustotal.com/gui/ip-address/47.91.77.83/relations google-opinion.com # Reference: https://twitter.com/AffableKraut/status/1399786791931101192 googie-analytics.online googie-analitycs.site googie-analytics.website googletagsmanager.website # Reference: https://twitter.com/TracerSpiff/status/1399840920057659404 googie.host # Reference: https://twitter.com/rootprivilege/status/1400850998063632389 # Reference: https://lukeleal.com/research/posts/analiticsweb-skimmer/ analiticsweb.site # Reference: https://www.virustotal.com/gui/ip-address/47.74.9.12/relations skin-jquery.com # Reference: https://twitter.com/rootprivilege/status/1404595455065870336 # Reference: https://lukeleal.com/research/posts/hotjar-dot-info-skimmer/ hotjar.info # Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations javasrtscript.com # Reference: https://www.virustotal.com/gui/ip-address/146.0.72.96/relations cloudappcdn.com # Reference: https://twitter.com/unmaskparasites/status/1407433077048057856 addjs.co addsc.co jss.lt jsz.lt ujl.me ujq.me vdf.me vdf.xyz # Reference: https://www.virustotal.com/gui/ip-address/64.190.62.111/relations magento.host # Reference: https://twitter.com/AffableKraut/status/1408512205289660429 cdn-doubleclick.net chimpstatic-cdn.com cloudflare-cdnjs.com cloudflare-ssl.com fontgoogleapis.com static-doubleclick.com static-zdassets.com tatic-hotjar.com widget-freshworks.com # Reference: https://twitter.com/unmaskparasites/status/1408561524235374602 renokonnect.com/stats/js/jcrop/jcrop.min.js sgtrek.com/jquery/jQuery.viewer.js # Reference: https://blog.malwarebytes.com/cybercrime/2021/06/lil-skimmer-the-magecart-impersonator/ # Reference: https://www.virustotal.com/gui/ip-address/87.236.16.107/relations bebedepotplus.site bebedepotplus.website cdnattn.site cloudfiare.site dirsalonfurniture.site dogdug.website estrategia-script.site facebookmanagers.pw ganan-script.site googie.website googleapis.website googletagmanager.space gorillawhips.site jquery.fun perfecttux.site perfecttux.website postguard.website tidio.fun win-activar.site win-script.website win-scripto.site # Reference: https://twitter.com/rootprivilege/status/1409575929165193226 # Reference: https://www.virustotal.com/gui/ip-address/89.108.116.218/relations toolser.pw # Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations googleapis.site # Reference: https://www.virustotal.com/gui/ip-address/163.172.117.25/relations googleapis.me googlfonts.com # Reference: https://www.virustotal.com/gui/ip-address/194.58.123.10/relations googleapis.tk # Reference: https://www.virustotal.com/gui/ip-address/31.187.64.40/relations analytics-scripts.ml font4u.ga googleapis.ml # Reference: https://www.virustotal.com/gui/ip-address/104.27.185.122/detection googleapis.ga # Reference: https://www.virustotal.com/gui/ip-address/193.37.212.63/relations googleapis.gq # Reference: https://www.virustotal.com/gui/ip-address/209.126.103.139/relations sites-analytic.com # Reference: https://www.virustotal.com/gui/ip-address/195.123.222.43/relations hot-jar.com hotjar-analytics.com # Reference: https://twitter.com/AffableKraut/status/1411229363685806082 # Reference: https://www.virustotal.com/gui/ip-address/8.209.68.13/relations apayments.top stripe-auth-api.com # Reference: https://twitter.com/felixaime/status/1349261822591954946 # Reference: https://twitter.com/500mk500/status/1411680465086525440 # Reference: https://www.virustotal.com/gui/ip-address/147.135.1.203/relations cdngateways.com cdncontentdelivery.com query.network jqueny.com securecontentssl.com site-counter.com # Reference: https://www.virustotal.com/gui/ip-address/165.232.142.149/relations # Reference: https://www.virustotal.com/gui/ip-address/206.81.5.96/relations # Reference: https://www.virustotal.com/gui/ip-address/37.1.204.37/relations adsclick.click apps-analytics.net awesomelytics.com bootstrapmin.website caphyon-analytics.com cdnstreamfree.com cdnstreamlive.com cdnze.com cookiebot.org cosmjs.com evolvemediametrics.com facehttpsk.net fix-fonts.com fontapis.com hatenaclick.site informesanaliticos.com jquery.im jquerycdn.top jquerynetwork.best jsdeliavr.net mage-seooptimization.com measurablemetrics.co mecontentassent.website mob-api.net owlanalytics.io owlcdn.com potokcdn.com proclaim-api.net sites-mark.com tagsrv.com webfontcdn.com webs-meter.com webs-metric.com zscript1.com ztrack1.com # Reference: https://www.virustotal.com/gui/ip-address/185.26.99.122/relations zscript.site ztrack.site # Reference: https://twitter.com/unmaskparasites/status/1413251798345736197 # Reference: https://twitter.com/Ledtech3/status/1413256014569345036 sslapis.com # Reference: https://twitter.com/unmaskparasites/status/1412932692077731841 banheirasdoka.com.br/skin/frontend/rwd/default/lib/b.js banheirasdoka.com.br/skin/frontend/rwd/default/lib/route.php design2mall.com/js/mage/translate.min.js design2mall.com/skin/frontend/rwd/default/js/lib/route.php tallerheels.com/skin/frontend/rwd/default/lib/route.php /skin/frontend/rwd/default/lib/b.js /skin/frontend/rwd/default/lib/route.php /skin/frontend/rwd/default/js/lib/route.php # Reference: https://twitter.com/AffableKraut/status/1414459135052111878 # Reference: https://www.virustotal.com/gui/ip-address/37.46.130.142/relations cdn-library.net cdn-library.su jquery-library.net # Reference: https://twitter.com/unmaskparasites/status/1414732273543356419 wooanalytics.biz # Reference: https://twitter.com/AffableKraut/status/1415734360213528581 # Reference: https://twitter.com/AffableKraut/status/1415742977083908104 # Reference: https://twitter.com/MBThreatIntel/status/1432859477271711749 # Reference: https://www.virustotal.com/gui/ip-address/47.254.184.114/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.64.30/relations # Reference: https://www.virustotal.com/gui/ip-address/87.251.79.162/relations # Reference: https://www.virustotal.com/gui/ip-address/91.219.62.215/relations # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=5.188.89.120 # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=80.66.64.230 banca-unicredit.com google-activate.com google-activated.com google-analytlc.com google-create.com google-gate.com google-merchants.com google-pays.com google-sagepay.com google-script.com jquery-migrates.com merchant-analytics.com paypal-analitics.com paypal-pays.com # Reference: https://twitter.com/p0x53/status/1415976988100096000 cdncontainer.com hottrackcdn.com shoppersbaycdn.com webscriptcdn.com # Reference: https://twitter.com/MBThreatIntel/status/1416169274641510400 pagegine.site # Reference: https://twitter.com/AffableKraut/status/1416854101246291969 # Reference: https://www.virustotal.com/gui/ip-address/195.54.160.61/relations cdn-plugin.co.uk cdn-plugin.us cdnplugin-info.cloud data-cdn.site data-log.site data-update.site dev-connect.cloud dev-connect.co.uk dev-connect.com.de dev-connect.one dev-connect.us dev-connect.work formstats.us google-info.us google-stats.work nice-cdn.site plugin-app.cloud plugin-app.org plugin-connect.one plugin-connect.us pro-cdn-data.site pro-cdn2.site ticket-stat.site trafficstats.business trafficstats.co trafficstats.company trafficstats.us # Reference: https://twitter.com/AffableKraut/status/1416865169326673925 adminbox.site adminpan.site analist-net.site analist-net.space analist-rete.space analistpanel.site analistrete.site analiticpanel.site analiticpanel.space analitics-panel.site analitics-site.site analitics-site.space analitics-web.space analiticspanel.site analiticspanel.space analiticsweb.space blockanalitics.site cloudjs.site fastloader.site ipcounter.site net-analist.site net-analist.space net-analitic.space onlinecount.site panel-analitic.site panel-analitic.space panelanalist.site panelanalist.space panelanalitics.site panelanalitics.space reteanalitics.site web-analitics.space webanalitics.space # Reference: https://twitter.com/tiketiketikeke/status/1417072955675144194 # Reference: https://twitter.com/AffableKraut/status/1417141954186465285 # Reference: https://www.virustotal.com/gui/ip-address/159.69.209.43 goolgestats.com gstaticnets.com mtdnsstatic.com mtndnsstatec.com mtndnsstatecs.com mtndnsstatic.com ntndnsstatic.com # Reference: https://twitter.com/felixaime/status/1417134452103335936 # Reference: https://www.virustotal.com/gui/ip-address/69.175.91.242/relations # Reference: https://imp0rtp3.wordpress.com/2021/08/12/tetris/ # Reference: https://otx.alienvault.com/pulse/611d0d9877560b71ff3f7e59 google-drivers.com googledrivers.com # Reference: https://twitter.com/felixaime/status/1418119972858044422 # Reference: https://twitter.com/matthieu_faou/status/1471600401183084550 hotjar.net visitortrack.net webfx.bz webffx.bz # Reference: https://twitter.com/AffableKraut/status/1420424683758002178 # Reference: https://twitter.com/AffableKraut/status/1420424686366756870 # Reference: https://www.virustotal.com/gui/ip-address/158.160.129.176/relations api-facebook.net api-localhost.com cdn-bootstrapcdn.com conect-facebook.net core-static.com hollandtrees.com ssl-doubleclick.net tr-snapchat.com uc-widget-freshworks.com webstatistisc.org proxy.cdn-bootstrapcdn.com store.cdn-bootstrapcdn.com # Reference: https://twitter.com/p0x53/status/1420758015884488711 roi-traffic.icu # Reference: https://www.virustotal.com/gui/ip-address/139.59.66.9/relations # Reference: https://www.virustotal.com/gui/ip-address/179.43.160.43/relations corejquery.com js-jquery.org sjquery.com # Reference: https://twitter.com/unmaskparasites/status/1422681441146605570 # Reference: https://www.virustotal.com/gui/ip-address/185.246.130.169/relations adwords-track.com adwords-track.top clickinks-api.com drhorveys.com drnarveys.com font-staticx.com fontsctatic.com fontsctaticx.com fontstatics.com fontstaticx.com frontstatics.com g-staticx.com gctatic.com gctatics.com google-tagmanager.com googlestaticx.com googlestatix.com googletagmahager.com googletagnamager.com gstaticx.com gstaticxs.com scaraabresearch.com staticzd-assets.com # Reference: https://twitter.com/AffableKraut/status/1422819706394882051 # Reference: https://www.virustotal.com/gui/ip-address/193.105.134.147/relations ga-track.com hs-scrlpts.com # Reference: https://www.virustotal.com/gui/ip-address/217.8.117.66/relations jqueryui.at # Reference: https://www.perimeterx.com/tech-blog/2021/evolution-of-a-magecart-attack-leveraging-recaptcha-tech-domain/ recaptcha.tech # Reference: https://twitter.com/MBThreatIntel/status/1433104999152697344 cloud-app.shop trafficapps.business trafficapps.org trafficapps.quest trafficapps.us wp-extension.cloud wp-extension.work xenapp.blog # Reference: https://twitter.com/p0x53/status/1438147940103581699 googletagmanager.info # Reference: https://www.virustotal.com/gui/ip-address/185.198.56.73/relations adwalte.info cdjs.online cdn3.info cdncloud.space cloudapi.online cookies.coffee domclick.network go111111ogleapis.com golesyndication.com google-anailyticss.com googleapis.net googecode.com googleftagmanager.com googletagmanager.xyz googletagmanagerdservices.com googlesyndicatio.com googlesyndiation.com googlesyndicatiofn.com googlesyndicatsion.com googletongji.com gooogletagmanager.com gotitlogle-analytics.com gugle.cf javscript.pw jquery-uim.download jsunifile.bid my-seo.top netcdn-cdn.com netanalitics.space soogletagmanager.com # Reference: https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/ adaptivestyles.com carders.best csjquery.com faviconx.com fonts-googleapi.com fontsgoooglestatic.com googleatagmanager.com googlestag.com googletagmamager.com googletagmanagen.com googletaqmanager.com googletaqmanaqer.com jquery-statistika.info panelsaveok.com v2zopim.com validbins.su validcvv.ru validshop.sx # Reference: https://www.virustotal.com/gui/ip-address/72.52.179.174/relations google-anayltics.com # Reference: https://twitter.com/unmaskparasites/status/1438262156298911744 intexys.fr/js/mirasvit/mira.js intexys.fr/js/tbt/trl.js intexys.fr/js/tiny_mce/tiny_mce_popup.php # Reference: https://twitter.com/unmaskparasites/status/1445488898365214733 # Reference: https://www.virustotal.com/gui/ip-address/85.192.56.45/relations # Reference: https://www.virustotal.com/gui/ip-address/46.173.214.126/relations adslstickerfi.world authnetcim.net authorlze.net bralntree.com strlpe.net # Reference: https://twitter.com/sansecio/status/1445748280118317073 # Reference: https://www.virustotal.com/gui/ip-address/185.251.90.109/relations # Reference: https://www.virustotal.com/gui/ip-address/217.12.204.185/relations # Reference: https://www.virustotal.com/gui/ip-address/46.173.214.113/relations # Reference: https://www.virustotal.com/gui/ip-address/46.173.214.126/relations apiscaptcha.com batbings.com chimpstatics.com chimpstatics.xyz clearfix.xyz express-pay-online.com gtagstatic.com payp-express.com re-captha.com recaptcha-analytics.com recaptcha-in.pw recaptcha.tech recaptha.com # Reference: https://www.virustotal.com/gui/ip-address/176.113.81.124/relations log-inmember.com loginclient.net # Reference: https://www.virustotal.com/gui/ip-address/195.22.149.186/relations googietagmanager.com # Reference: https://www.virustotal.com/gui/ip-address/194.87.253.36/relations jquerydll.net googlensmanager.com # Reference: https://www.virustotal.com/gui/ip-address/46.8.158.191/relations easy-wb1auth.com easy1-webca.net # Reference: https://www.virustotal.com/gui/ip-address/46.172.91.28/relations js-inst.su js-sistem.su js-star.su save-js.su star-js.su # Reference: https://twitter.com/AffableKraut/status/1450109837543628805 dyadonline.monster # Reference: https://twitter.com/MBThreatIntel/status/1452690744544665601 # Reference: https://www.virustotal.com/gui/ip-address/185.186.142.69/relations # Reference: https://www.virustotal.com/gui/ip-address/185.204.3.48/detection jquerylibs.net jqueryllc.net magento-plugin.com trustdomains.net # Reference: https://twitter.com/AffableKraut/status/1451622631715835904 # Reference: https://www.virustotal.com/gui/ip-address/89.108.109.237/relations sentry-cdn.io # Reference: https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/ abtasty.net adsrvr.biz alligaturetrack.com artesfut.com brands-watch.com clickcease.biz climpstatic.com cloud-chart.net cookieslaw.org crisconnect.net dc-storm.org demo-metrics.net digital-speed.net getambassador.net hal-data.org iofrontcloud.com librarysetr.com libsconnect.net listrakbi.biz mantisadnetwork.org marklibs.com megalixe.org murdoog.org opendwin.com rawgit.net rolfinder.com sleefnote.com speed-metrics.com tevidon.com troadster.com webflows.net api.abtasty.net apis.murdoog.org app.iofrontcloud.com app.rolfinder.com cdn.cookieslaw.org cdn.getambassador.net cdn.megalixe.org con.digital-speed.net css.tevidon.com dev.crisconnect.net graph.cloud-chart.net js.artesfut.com js.demo-metrics.net js.librarysetr.com js.rawgit.net js.speed-metrics.com m.brands-watch.com nypi.dc-storm.org st.adsrvr.biz stage.libsconnect.net stage.sleefnote.com static.mantisadnetwork.org static.opendwin.com stst.climpstatic.com tag.listrakbi.biz web.webflows.net # Reference: https://twitter.com/MBThreatIntel/status/1457804685327224833 # Reference: https://twitter.com/MBThreatIntel/status/1469023858569089031 static1.xyz static2.xyz # Reference: https://twitter.com/MBThreatIntel/status/1472995976507916290 bootstrap1.xyz bootstrap2.xyz /s/us_cdl.js # Reference: https://twitter.com/MBThreatIntel/status/1458185084201148416 bludigital.cyou # Reference: https://twitter.com/unmaskparasites/status/1457896674374815750 firchtech.xyz # Reference: https://twitter.com/unmaskparasites/status/1458905989130829832 webcachespace.net # Reference: https://www.virustotal.com/gui/ip-address/45.146.166.186/relations webcachespace.com webprohoster.com # Reference: https://www.virustotal.com/gui/ip-address/8.209.65.75/relations # Reference: https://www.virustotal.com/gui/ip-address/8.211.6.123/relations analythics.com analythics.xyz cdn-manager.com cdn-manager.me cdn-manager.xyz spotifylatepayment.com # Reference: https://twitter.com/unmaskparasites/status/1460424711825887236 # Reference: https://www.virustotal.com/gui/ip-address/91.132.139.192/relations googletrackevent.com # Reference: https://decoded.avast.io/threatresearch/avast-q321-threat-report/ # Reference: https://www.virustotal.com/gui/ip-address/193.203.203.240/relations ganalitics.com # Reference: https://www.virustotal.com/gui/ip-address/80.211.182.208/relations ganalitics.site # Reference: https://twitter.com/unmaskparasites/status/1448408373863403520 corpanalytics.info # Reference: https://twitter.com/unmaskparasites/status/1435749969105874947 # Reference: https://twitter.com/unmaskparasites/status/1458241033058222081 # Reference: https://www.virustotal.com/gui/ip-address/174.138.117.217/relations # Reference: https://www.virustotal.com/gui/ip-address/45.55.224.107/relations cgtag.com cgtags.com curenciesapp.com icosenses.com tags.ws # Reference: https://sansec.io/research/ecommerce-malware-linux-avp # Reference: https://www.virustotal.com/gui/file/2d422affb9727b71b0e1610568bea8643892d99bdaed99269a10e7554c88437b/detection http://103.233.11.28 103.233.11.28:443 /jQuery_StXlFiisxCDN.php # Reference: https://twitter.com/felixaime/status/1462512317405536262 inslco.bar # Reference: https://twitter.com/0xbadad/status/1462913839381504007 booctstrap.com # Reference: https://twitter.com/rootprivilege/status/1465763408901337092 convert-server.com # Reference: https://twitter.com/sansecio/status/1467865884362346500 nekrva6s.beget.tech # Reference: https://community.riskiq.com/article/2efc2782 woocheck.tk # Reference: https://www.virustotal.com/gui/domain/validcc.su/relations validcc.su # Reference: https://twitter.com/AffableKraut/status/1472959218823090178 # Reference: https://gist.github.com/krautface/8f2196c9aad5d4f5cc91237eb9c71205 allofussoupdip.buzz allofussoupdip.xyz alloyz.xyz broadcas.buzz bunnyy.buzz cradle.uno crowcrown.fun denwr.uno diggr.fun epsilon.buzz excelnt.buzz foamfoam.xyz focuss.xyz gratiss.buzz growlz.xyz hairbarnyc.xyz homini.xyz hoppr.buzz indee.fun interes.uno joggl.uno jumpr.fun kemp.buzz klerna.buzz lazylee.xyz leakg.xyz modrn.buzz moette.buzz moette.uno moette.xyz mozes.buzz nerox.xyz newral.xyz oppos.uno oppress.fun prework.uno prodo.fun quento.xyz quinz.xyz ratino.buzz rockman.buzz stuckr.xyz swisz.xyz teamlead.buzz thefthing.xyz trollo.buzz uniteds.uno unsubscr.uno uxong.buzz uxprot.buzz uxqez.buzz uxrod.buzz uxsad.buzz uxtom.buzz uxuvl.buzz uxvol.buzz uxwww.buzz uxxen.buzz uxyes.buzz uxzone.buzz uyoper.cyou uypartial.cyou uyquest.cyou uyronder.cyou uystatic.cyou uytrial.cyou uyunion.cyou uyverified.cyou uyworld.cyou uyxenon.cyou uyyellow.cyou uyzambia.cyou verygood.fun voluntee.fun vxart.buzz vxbin.buzz vxcom.buzz vxdig.buzz vxegg.buzz vxfog.buzz vxgoto.buzz vxhop.buzz vximg.buzz vxjan.buzz vxkap.buzz vxliz.buzz vxman.buzz vxnix.buzz vxogr.buzz vxpro.buzz vxqck.buzz vxrok.buzz vxsom.buzz vxtyp.buzz vxuno.buzz vxvax.buzz vxwid.buzz vxxor.buzz vxyes.buzz vxzet.buzz vyanswer.cyou vybroken.cyou vycricket.cyou vydeal.cyou vyeconomy.cyou vyfridge.cyou vygamma.cyou vyheal.cyou vyident.cyou vyjeep.cyou vykeep.cyou vylead.cyou vymoon.cyou vynoble.cyou vyopress.cyou vypromo.cyou vyqueer.cyou vyrebel.cyou vysocket.cyou vytrail.cyou vyultimate.cyou vyverify.cyou vyworld.cyou vyxerox.cyou vyyoung.cyou vyzummer.cyou wermnt.buzz wrack.buzz wxano.buzz wxbuf.buzz wxcop.buzz wxdom.buzz wxext.buzz wxfom.buzz wxgon.buzz wxhop.buzz wximb.buzz wxjob.buzz wxkit.buzz wxlot.buzz wxmac.buzz wxnil.buzz wxorg.buzz wxpro.buzz wxqot.buzz wxred.buzz wxsot.buzz wxtod.buzz wxuvl.buzz wxvid.buzz wxwww.buzz wxxor.buzz wxyer.buzz wxzet.buzz wyadoo.cyou wybeeper.cyou wycrock.cyou wydeer.cyou wyerrn.cyou wyfloating.cyou wygreat.cyou wyhidden.cyou wyinternet.cyou wyjoker.cyou wykombo.cyou wyleaf.cyou wymoney.cyou wyndzor.cyou wyobject.cyou wyproduct.cyou wyquote.cyou wyroller.cyou wysocket.cyou wytrade.cyou wyulkar.cyou wyvolcano.cyou wywear.cyou wyxellent.cyou wyyear.cyou wyzummer.cyou xcelnt.xyz xmess.xyz xxand.buzz xxbit.buzz xxcom.buzz xxdoc.buzz xyareno.cyou xybombero.cyou xycryxes.cyou xydripper.cyou ypsilon.buzz zetas.quest # Reference: https://geminiadvisory.io/magecart-google-tag-manager/ ganalitis.com pixupjqes.tech googleadwordstrack.com googleadwordswidget.com googletagstorage.com googletagswidget.com googletagwidgets.com googletrackevent.com # Reference: https://www.virustotal.com/gui/ip-address/91.242.229.96/relations gstatsc.com gstatuslink.com # Reference: https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html apiujquery.com # Reference: https://www.virustotal.com/gui/domain/gstatic-cn.com/relations # gstatic-cn.com # Note: under investigation # Reference: https://twitter.com/rootprivilege/status/1476671161073541122 dyneff.fr/health_check.php # Reference: https://twitter.com/unmaskparasites/status/1476741426633265157 cdn-s11.azureedge.net # Reference: https://twitter.com/unmaskparasites/status/1424805950645358593 # Reference: https://twitter.com/unmaskparasites/status/1424805639214157827 aathitiyapravash.in/image/jquery_v14v.js aathitiyapravash.in/image/jQuery_v176.js avir.ir/image/favicon.js # Reference: https://twitter.com/brianlinux/status/1478249807558885379 # Reference: https://www.virustotal.com/gui/ip-address/5.230.28.78/relations googleadwordstrack.com # Reference: https://www.virustotal.com/gui/ip-address/45.142.212.194/relations fonts-cdn.com # Reference: https://www.virustotal.com/gui/ip-address/194.156.99.212/relations fonts-static.com # Reference: https://www.virustotal.com/gui/ip-address/45.142.212.243/relations zdassets-static.com # Reference: https://twitter.com/AffableKraut/status/1479641280040902661 # Reference: https://twitter.com/AffableKraut/status/1488262668091805697 # Reference: https://www.virustotal.com/gui/ip-address/176.97.70.103/relations # Reference: https://www.virustotal.com/gui/ip-address/5.252.177.247/relations brilliantclub.website interclub.website siing-amoueon.top sing-amoeuon.top sombo.top # Reference: https://twitter.com/500mk500/status/1482310341711347713 # Reference: https://urlscan.io/result/11a16239-5de7-412a-af89-5f0e1dd3cc22/ cdntraff.info # Reference: https://www.virustotal.com/gui/domain/jsfeedadsget.com/detection jsfeedadsget.com # Reference: https://ti-research.io/ioc_extender/?name=ET_Magecart sauvage-paysage.com # Reference: https://ti-research.io/ioc_extender/?name=ET_Magecart g00glestatic.com gaelytics.com # Reference: https://www.virustotal.com/gui/ip-address/190.2.139.23/relations cdn-binteractive.com cdn1-comingsoon.net cdn8.info cdndore.com cdnpage.net cloud-info.email cloud-info.express clodoudfront.net clusterscloud.com cooogle.net # Reference: https://www.virustotal.com/gui/ip-address/179.177.63.84/relations # Reference: https://www.virustotal.com/gui/ip-address/47.251.42.9/relations # Reference: https://www.virustotal.com/gui/ip-address/8.218.22.193/relations jquerylab.com jquerymedia.com jquerypulse.com jquerypure.com jqueryspace.com staticpolars.com # Reference: https://twitter.com/sansecio/status/1485598267975114762 # Reference: https://twitter.com/sansecio/status/1485598270554529794 jsallow.com reqsolutions.org # Reference: https://www.virustotal.com/gui/ip-address/47.88.27.175/relations # Reference: https://www.virustotal.com/gui/ip-address/5.53.125.150/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.77.82/relations assets-protect.com google-analuzing.com google-boom.com google-globals.com # Reference: https://twitter.com/sansecio/status/1486000220647444491 # Reference: https://twitter.com/sansecio/status/1486258634409623552 naturalfreshmall.com # Reference: https://twitter.com/rootprivilege/status/1486419929720967168 # Reference: https://www.virustotal.com/gui/ip-address/212.224.124.86/relations # Reference: https://www.virustotal.com/gui/ip-address/54.86.140.52/relations # Reference: https://lukeleal.com/research/posts/tracking-pixel-phishing-countermeasure/ content-cdn.com images-cdn.info nextstatic-cdn.com trans-cdn.com # Reference: https://twitter.com/AffableKraut/status/1487939215774081026 # Reference: https://twitter.com/AffableKraut/status/1487939224145993730 chaosfab.com/2020/data1/images/data/ppbtns.html fraudlabpros.at # Reference: https://twitter.com/AffableKraut/status/1488240428734365701 # Reference: https://www.virustotal.com/gui/ip-address/185.234.247.55/relations # Reference: https://urlscan.io/result/32d776df-c57e-492f-ac09-0f17f197059e/ bootstraplaver.online # Reference: https://twitter.com/MBThreatIntel/status/1488241823378075649 getfrontendlib7.xyz # Reference: https://twitter.com/AffableKraut/status/1488376093254029313 http://185.4.65.144 http://37.1.211.211 http://37.1.217.23 http://5.45.83.223 http://66.11.117.40 aqaja.com checkouts.best # Reference: https://twitter.com/AffableKraut/status/1488375539421306882 # Reference: https://www.virustotal.com/gui/ip-address/37.120.234.105/relations avalong-analytics.org communigate.icu earlymorningcigarette.com fontawesome.dev golt.xyz indesiter.com jquerymain.com recaptcha.cc rxtds.com seoanalitycs.com seostat.org yoursafepayments.com # Reference: https://twitter.com/MBThreatIntel/status/1488954638103547904 # Reference: https://www.virustotal.com/gui/ip-address/78.47.155.179/relations analiticash.com analiticmanager.com analiticsstat.com cashgooglestat.com cdncashcontent.com cdncashcontents.com cdncssontents.com cdnfastcss.com cdngcontents.com cdngconts.com cdnjsontents.com cssdataf.com cssimghost.com googlestatanal.com googlestatanale.com imagescdns.com imgcssnet.com jsdataf.com jsdatastat.com mediasdnb.com mediasdnnet.com mediasdnnets.com mtdnsstatic.icu mtndnsstaticser.com mtndnsstaticx.com mxdnsstateces.icu mxdnsstatecs.icu nnetsmedias.com ntnpstatica.com ntpstatica.com ntsndnsstatics.com ntxndnsstatics.com pagofacily.com statetsmedias.com staticcash.com staticocontents.com js.analiticash.com js.analiticmanager.com js.analiticsstat.com js.cashgooglestat.com js.cdncashcontent.com js.cdncashcontents.com js.cdncssontents.com js.cdngcontents.com js.cdngconts.com js.cdnjsontents.com js.cssdataf.com js.cssimghost.com js.googlestatanal.com js.googlestatanale.com js.imagescdns.com js.imgcssnet.com js.jsdataf.com js.jsdatastat.com js.mediasdnb.com js.mediasdnnet.com js.mediasdnnets.com js.mtdnsstatic.icu js.mtndnsstaticser.com js.mtndnsstaticx.com js.mxdnsstateces.icu js.mxdnsstatecs.icu js.nnetsmedias.com js.ntnpstatica.com js.ntpstatica.com js.ntsndnsstatics.com js.ntxndnsstatics.com js.statetsmedias.com js.staticcash.com js.staticocontents.com # Reference: https://twitter.com/MBThreatIntel/status/1489007692240752641 cdn-cloudmedia.com # Reference: https://www.virustotal.com/gui/domain/cdn-yahoo.com/relations cdn-yahoo.com # Reference: https://twitter.com/felixaime/status/1498055426230738944 tagmanagerstatic.com # Reference: https://twitter.com/felixaime/status/1500812201262829568 633786e01e.nxcli.net # Reference: https://twitter.com/sansecio/status/1502322526709551104 stylesfound.com # Reference: https://community.riskiq.com/article/a472ec2d # Reference: https://www.riskiq.com/blog/external-threat-management/magecart-group8-hosting-patterns/ # Reference: https://www.virustotal.com/gui/ip-address/190.2.139.23/relations # Reference: https://otx.alienvault.com/pulse/6142f70ea663fff6bc350288 impressart.net lastdaysonlines.com palletforks.net webtoolsapp.com # Reference: https://twitter.com/unmaskparasites/status/1519784855730499585 # Reference: https://www.virustotal.com/gui/ip-address/188.68.222.146/relations # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.140/relations # Reference: https://www.virustotal.com/gui/ip-address/5.53.124.42/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.145.91/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.69/relations app-cloudflare.com appcloudflare.com cdn-optimizely.com cdn-trackjs.com get-bootstrap.com livehotjars.com static-affilate.com # Reference: https://twitter.com/EKFiddle/status/1522282636542197762 # Reference: https://www.virustotal.com/gui/ip-address/194.104.136.113/relations accsbapp.com cloudflaes.com # Reference: https://twitter.com/AvastThreatLabs/status/1499347571969511426 # Reference: https://decoded.avast.io/pavlinakopecka/web-skimming-attacks-using-google-tag-manager/ # Reference: https://www.virustotal.com/gui/ip-address/77.75.230.130/relations cloudgstats.com cdncscloud.com gtagmagr.com pixstatics.com # Reference: https://www.virustotal.com/gui/ip-address/47.88.218.85/relations # Reference: https://www.virustotal.com/gui/ip-address/95.213.204.180/relations analyzer-js.com # Reference: https://twitter.com/AffableKraut/status/1523693678551740418 # Reference: https://twitter.com/EKFiddle/status/1523714436896202752 # Reference: https://www.virustotal.com/gui/ip-address/206.188.197.50/relations google-tags.com tag-google.com # Reference: https://twitter.com/unmaskparasites/status/1523791136988352512 # Reference: https://www.virustotal.com/gui/ip-address/223.252.173.166/relations issuspsorry.online # Reference: https://twitter.com/EKFiddle/status/1526684723149344768 # Reference: https://www.virustotal.com/gui/ip-address/198.54.115.32/relations # Reference: https://www.virustotal.com/gui/ip-address/37.19.192.30/relations jamescjonas.top socialanalyticweb.com gorlon.in.ua napas.biz.ua # Reference: https://twitter.com/unmaskparasites/status/1526659924058460160 pixelgoogle.xyz # Reference: https://twitter.com/sansecio/status/1526518050865954816 # Reference: https://twitter.com/unmaskparasites/status/1530405066590474240 papershoppers.com /js/3uPop.js # Reference: https://twitter.com/sansecio/status/1526490490497032193 # Reference: https://twitter.com/sansecio/status/1541345598007193605 sanguinelab.net sansec.biz sansec.us sanseclabs.com sanzsec.com /gate.php?card_num= # Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030663.html # Reference: https://www.virustotal.com/gui/ip-address/89.36.224.122/relations authorizen.net js.authorizen.net # Reference: https://twitter.com/sansecio/status/1529146291535634438 arnottindustries.com/js/tiny_mce/plugins/contextmenu/editor_plugin_scr.js # Reference: https://www.virustotal.com/gui/ip-address/185.150.162.28/relations # Reference: https://www.virustotal.com/gui/ip-address/209.250.244.63/relations # Reference: https://www.virustotal.com/gui/ip-address/95.179.179.138/relations brbr.buzz jquery-analytics.xyz jquery-common.xyz jquerystatic.xyz staj.xyz tokenkit.tk # Reference: https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/ 106.15.179.255:443 dratserv.bar sotech.fun techlok.bar /jQuery_StXlFiisxCDN.php # Reference: https://twitter.com/sansecio/status/1532361233365598209 cdn.stripe.ngrok.io # Reference: https://twitter.com/sansecio/status/1532763512887459841 pluginmagento.com # Reference: https://twitter.com/sansecio/status/1534862125470035970 # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.184/relations scanalytic.org cdn.scanalytic.org # Reference: https://twitter.com/rootprivilege/status/1536197955728048128 # Reference: https://lukeleal.com/research/posts/staticounter/ staticounter.net js.staticounter.net # Reference: https://twitter.com/unmaskparasites/status/1536454343280340992 biftick.com # Reference: https://twitter.com/felixaime/status/1536999558823219200 ambrosia-solingen.de/js/prototype/form.js ariaperfume.com/js/extjs/ext.js textilia.be/flash/accept.js # Reference: https://twitter.com/felixaime/status/1537327680345063425 # Reference: https://www.virustotal.com/gui/ip-address/172.86.75.152/relations # Reference: https://www.virustotal.com/gui/ip-address/45.61.137.105/relations ads-google-analytics-shop.info googleadsanalytics.info usaayurveda.com/js/prototype/form.js # Reference: https://twitter.com/felixaime/status/1537458621726052354 google-track.com cdn.google-track.com # Reference: https://twitter.com/rootprivilege/status/1537799222681956352 cdn-fonts.com # Reference: https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ abtasty.net accutics.org adsrvr.biz alexametrics.net alligaturetrack.com artesfut.com base-code.org bayforall.biz boxsearch.org brands-watch.com celebrosnlp.org clarlity.com clickcease.biz cloud-chart.net cookieslaw.org crisconnect.net dc-storm.org demo-metrics.net digital-metric.org digital-speed.net druapps.org dwin-co.jp dwin1.org etakeawaymax.biz feedaty.org g-livestatic.com getambassador.net global-search.net hal-data.org hs-analytics.org imagero.org iofrontcloud.com jsdelivr.biz klarnacdn.org librarysetr.com libsconnect.net listrakbi.io listrakbi.org livechatsinc.net lookmetric.com lookmind.net lpsnmedia.org mantisadnetwork.org marklibs.com moonflare.org mosindup.com murdoog.org newrelc.net nomalert.org nosto.org opendwin.com outbrains.net owneriq.org pepperjams.org pinnaclecart.io purechat.org quatserve.com rawgit.net rolfinder.com shopvisible.org sjsmartcontent.org sleefnote.com sleeknote.org snapengage.io speedcurve.org speedstester.com stat-analytics.org tevidon.com tomafood.org trackedlink.org troadster.com trustedport.org webflows.net accdn.lpsnmedia.org amplify.outbrains.net apis.murdoog.org app.iofrontcloud.com app.mosindup.com app.nomalert.org app.purechat.org app.rolfinder.com cdn.accutics.org cdn.alexametrics.net cdn.alligaturetrack.com cdn.base-code.org cdn.boxsearch.org cdn.cookieslaw.org cdn.getambassador.net cdn.hs-analytics.org cdn.jsdelivr.biz cdn.nosto.org cdn.pinnaclecart.io cdn.speedcurve.org cdn.tomafood.org cdn.trustedport.org common.quatserve.com con.digital-speed.net content.digital-metric.org css.tevidon.com dev.crisconnect.net epos.bayforall.biz graph.cloud-chart.net h.lookmind.net img.etakeawaymax.biz js.artesfut.com js.g-livestatic.com js.imagero.org js.librarysetr.com lp.celebrosnlp.org m.brands-watch.com m.sleeknote.org nypi.dc-storm.org px.owneriq.org r.klarnacdn.org s1.listrakbi.org sdk.moonflare.org search.global-search.net st.adsrvr.biz stage.sleefnote.com static.clarlity.com static.druapps.org static.lookmetric.com static.mantisadnetwork.org static.newrelc.net static.opendwin.com t.trackedlink.org web.dwin-co.jp web.livechatsinc.net web.speedstester.com web.webflows.net xn--v1a.lookmind.net # Reference: https://twitter.com/sansecio/status/1539252937486127104 # Reference: https://www.virustotal.com/gui/ip-address/185.253.33.190/relations cdn-fastimages.net quickespark.net cdn.quickespark.net # Reference: https://twitter.com/felixaime/status/1539539440942686208 apipauy.com # Reference: https://twitter.com/EKFiddle/status/1540019849581105152 apfeltee.de/js/prototype/form.js # Reference: https://twitter.com/EKFiddle/status/1540094462340108289 hubberstore.com # Reference: https://twitter.com/EKFiddle/status/1540070708377559040 ariaperfume.com/errors/default/403.php cafeunido.com/pub/errors/default/403.php cafeunido.com/pub/media/flag/flag.js candlemaking.com/media/email/logo/default/az1.js # Reference: https://twitter.com/EKFiddle/status/1540377960351293442 contactsform.com # Reference: https://twitter.com/sansecio/status/1540742673094438913 cdn-mediacloud.com cdn-webhub.com # Reference: https://twitter.com/sansecio/status/1541375801387614212 affirmcdn.com t.affirmcdn.com # Reference: https://twitter.com/EKFiddle/status/1541447869491601408 bsvholdingsa.com/js/lib/ico.svg code2a.com/js/lib/translate.js # Reference: https://twitter.com/MBThreatIntel/status/1541549810150346752 cloudflareinside.com nortonpost.net rimpstatic.net ping.rimpstatic.net tag.nortonpost.net # Reference: https://twitter.com/unmaskparasites/status/1542237945779826688 # Reference: https://www.virustotal.com/gui/ip-address/149.56.118.126/relations cdntaggoogle.com pringleshop.cc # Reference: https://twitter.com/sansecio/status/1542508263064932352 # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.203/relations tempeasy.net s.tempeasy.net # Reference: https://twitter.com/felixaime/status/1542531512758837249 # Reference: https://www.virustotal.com/gui/ip-address/185.215.113.20/relations apigstatic.com # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.210/relations gatestatic.com js.gatestatic.com # Reference: https://twitter.com/EKFiddle/status/1543997043546341376 # Reference: https://www.virustotal.com/gui/ip-address/185.253.33.176/relations # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.141/relations # Reference: https://www.virustotal.com/gui/ip-address/89.108.109.26/relations geotac.net knowledgecdn.org sale-alerts.com js.knowledgecdn.org m.sale-alerts.com s.geotac.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.45/relations cenbase.org cdn.cenbase.org # Reference: https://twitter.com/MBThreatIntel/status/1544019143841574913 # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.47/relations omniworked.com h.omniworked.com # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.48/relations contmount.net p.contmount.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.53/relations sentrymap.net h.sentrymap.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.55/relations anyonecdn.net s.anyonecdn.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.36/relations jmpduco.jp co.jmpduco.jp # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.35/relations signefyd.com js.signefyd.com # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.254/relations claritycdn.com c.claritycdn.com # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.157/relations transitfex.com static.transitfex.com # Reference: https://twitter.com/EKFiddle/status/1544076272694743040 # Reference: https://www.virustotal.com/gui/ip-address/141.98.82.244/relations # Reference: https://www.virustotal.com/gui/ip-address/5.188.62.10/relations 0hero.xyz 0nero.xyz 0troll.pics 0versn.xyz 0zero.club 1clan.buzz 1done.lol 1fun.buzz 1plac.buzz 1time.fun 2blu.cloud 2blue.xyz 2moon.buzz 2morrow.fun 2send.pics 3bri.lol 3free.lol 3mmer.uno 3ster.xyz 3tree.buzz 4cast.fun 4core.buzz 4door.one 4eign.fun 4give.xyz 4tune.buzz 5dive.one 5goods.xyz 5hive.homes 5hive.xyz 5starz.uno 5strz.buzz 6brix.quest 6sixsix.buzz 6tier.xyz 6trix.buzz 6trix.cloud 6tweaks.xyz 7day.buzz 7down.xyz 7dwarfs.one 7raven.fun 7raven.uno 8er.fun 8great.xyz 8height.buzz 8mate.buzz 8orz.buzz 8rate.xyz 9dime.buzz 9line.lol 9prime.buzz 9st.uno 9time.buzz 9unit.xyz allegry.xyz anaconda.buzz analyticz.monster anarch.buzz arnoldzz.xyz aromax.xyz axaro.buzz axbit.buzz axcat.buzz axdiv.buzz axelf.buzz axfin.buzz axgit.buzz axhog.buzz axist.buzz axjmp.buzz axkid.buzz axlok.buzz axmem.buzz axnxt.buzz axord.buzz axpot.buzz axqrt.buzz axrub.buzz axsil.buzz axtik.buzz axund.buzz axvac.buzz axwok.buzz axxor.buzz axyes.buzz axzet.buzz ayarro.cyou aybrandy.cyou aycopper.cyou aydigger.cyou ayeffort.cyou ayformal.cyou aygopher.cyou ayharmony.cyou ayimbue.cyou ayjacker.cyou aykernel.cyou aylizard.cyou aymoment.cyou aynickel.cyou ayobject.cyou ayprotect.cyou ayquiz.cyou ayremote.cyou aystraight.cyou aytoken.cyou ayunion.cyou ayversion.cyou aywicked.cyou ayxenoz.cyou ayyield.cyou ayzorro.cyou birdsmans.xyz brewnow.buzz brizzer.xyz brokery.cyou buzzardd.buzz bxant.buzz bxbot.buzz bxcit.buzz bxdoc.buzz bxelf.buzz bxfog.buzz bxgit.buzz bxhit.buzz bxirc.buzz bxjog.buzz bxkop.buzz bxled.buzz bxmod.buzz bxnor.buzz bxost.buzz bxpic.buzz bxqol.buzz bxred.buzz bxsot.buzz bxtik.buzz bxuno.buzz bxviz.buzz bxwok.buzz bxxtr.buzz bxyes.buzz bxzil.buzz byathlone.cyou byballoon.cyou bycoffee.cyou bydriver.cyou byelaw.cyou byffalo.cyou bygdata.cyou byhello.cyou byindex.cyou byjacker.cyou bykrafter.cyou byladder.cyou bymiddle.cyou bynothing.cyou byoxide.cyou byprimary.cyou byqueen.cyou byrocket.cyou bystrict.cyou bytropics.cyou byuniform.cyou byvictory.cyou bywerner.cyou byxenos.cyou byyttrium.cyou byzitter.cyou calcz.fun candyz.fun clickr.cyou crabbery.sbs craftor.fun cxand.buzz cxbet.buzz cxcip.buzz cxdex.buzz cxelc.buzz cxfat.buzz cxgit.buzz cxhat.buzz cxirc.buzz cxjmp.buzz cxkid.buzz cxlot.buzz cxmix.buzz cxnix.buzz cxopt.buzz cxpet.buzz cxqip.buzz cxred.buzz cxsum.buzz cxtik.buzz cxunk.buzz cxvec.buzz cxwik.buzz cxxor.buzz cxyob.buzz cxzet.buzz cyanide.cyou cybinary.cyou cyclonez.cyou cydrix.cyou cyentrance.cyou cyfrix.cyou cygwin.cyou cyhrono.cyou cyirrevoke.cyou cyjabber.cyou cykatering.cyou cylunar.cyou cymanner.cyou cynexus.cyou cyonide.cyou cyprobe.cyou cyquery.cyou cyreader.cyou cysoccer.cyou cytracker.cyou cyunique.cyou cyviral.cyou cywonder.cyou cyxinet.cyou cyyellow.cyou cyzapper.cyou deeer.uno domin.uno drawnd.quest dreamcas.cfd dresso.uno dxarc.buzz dxbit.buzz dxcop.buzz dxdel.buzz dxext.buzz dxfog.buzz dxget.buzz dxhit.buzz dxirc.buzz dxjog.buzz dxkit.buzz dxloc.buzz dxman.buzz dxnox.buzz dxorg.buzz dxpig.buzz dxqck.buzz dxred.buzz dxsit.buzz dxtea.buzz dxund.buzz dxvin.buzz dxwok.buzz dxxen.buzz dxyes.buzz dxzoc.buzz dyaroses.cyou dybreaker.cyou dyction.cyou dydactic.cyou dyecins.cyou dyflector.cyou dygger.cyou dyhromic.cyou dyincludes.cyou dyjital.cyou dykracker.cyou dylorean.cyou dymanager.cyou dynamites.cyou dyoxise.cyou dyprecate.cyou dyquiz.cyou dyrector.cyou dystrict.cyou dytergent.cyou dyurgent.cyou dyving.cyou dyworking.cyou dyxiland.cyou dyyourself.cyou dyzraptor.cyou eagly.online echoz.lol ergonom.buzz essencyx.xyz examn.buzz exbit.buzz excal.buzz exdop.buzz execs.buzz exfin.buzz exgrw.buzz exhit.buzz exigl.buzz exind.buzz exjob.buzz exkal.buzz exlic.buzz exmid.buzz exner.buzz exodig.xyz exods.buzz exprt.buzz exqod.buzz exrit.buzz exset.buzz extrm.buzz exurc.buzz exvol.buzz exwin.buzz exxen.buzz exytd.buzz exzip.buzz eyarrange.cyou eybrillow.cyou eychmann.cyou eydread.cyou eyeseeker.cyou eyffell.cyou eygreement.cyou eyhenmann.cyou eyirrigate.cyou eyjoyeer.cyou eykermann.cyou eyleyrz.cyou eymixer.cyou eyngineer.cyou eyorganic.cyou eyphemery.cyou eyquickly.cyou eyrental.cyou eysocket.cyou eytoken.cyou eyusual.cyou eyvisual.cyou eyworker.cyou eyxorux.cyou eyyesterday.cyou eyzolter.cyou famouz.store forbird.buzz formals.buzz fromusa.xyz frozzen.buzz fxalt.pics fxbet.pics fxcit.pics fxdwl.pics fxeho.pics fxfog.pics fxget.pics fxhot.pics fxink.pics fxjet.pics fxkid.pics fxlot.pics fxmid.pics fxnix.pics fxopt.pics fxpit.pics fxqub.pics fxrot.pics fxsed.pics fxtok.pics fxund.pics fxvet.pics fxwok.pics fxxid.pics fxyep.pics fxzip.pics fyallow.cyou fybrillic.cyou fyction.cyou fydback.cyou fyerwall.cyou fyfrogs.cyou fygures.cyou fyhronicle.cyou fyintero.cyou fyjimoto.cyou fyktions.cyou fyllerman.cyou fymarito.cyou fyngicide.cyou fyopacity.cyou fyprivacy.cyou fyquestn.cyou fyrocket.cyou fysicals.cyou fytprint.cyou fyurbanic.cyou fyworkout.cyou fyxious.cyou fyyellow.cyou fyzionics.cyou gottas.buzz grapez.buzz greetin.buzz griver.quest grossry.site gxarc.pics gxbit.pics gxcut.pics gxdoc.pics gxemp.pics gxfog.pics gxgot.pics gxhop.pics gximp.pics gxjog.pics gxkit.pics gxliz.pics gxmod.pics gxnop.pics gxorg.pics gxpet.pics gxqus.pics gxrop.pics gxsof.pics gxtok.pics gxuno.pics gxvin.pics gxweb.pics gxxen.pics gxyes.pics gxzip.pics gyaranaz.cyou gybreaking.cyou gycookies.cyou gydmanic.cyou gyeffort.cyou gyfrozery.cyou gygenotes.cyou gyhamster.cyou gyinterest.cyou gyjumper.cyou gyktionary.cyou gyleading.cyou gymorning.cyou gynothing.cyou gyography.cyou gypnothic.cyou gyquestn.cyou gyroscope.cyou gysmalltalk.cyou gytraulic.cyou gyurbanic.cyou gyvocabulary.cyou gyweekend.cyou harmoon.xyz heartyz.xyz herbalz.xyz hovr.monster hubbble.buzz hxarm.pics hxbic.pics hxcit.pics hxdot.pics hxfel.pics indid.buzz internl.xyz intrst.sbs iqtester.xyz istat.buzz jeepper.buzz jeepr.cfd jekel.xyz joggle.buzz justdo.cyou kampaign.fun komby.uno komodor.sbs kopper.uno krown.buzz lampz.fun leoprd.fun linguic.pics lordsofrock.uno lynxer.monster mammt.buzz megaz.space mickeym.buzz microz.xyz mixtrz.online nazaretz.xyz nickelz.xyz nickl.store nockk.cfd nopp.buzz oblivio.buzz oppressr.cfd orego.buzz orx.buzz oxmid.xyz picos.pics pigin.xyz precisel.buzz preparic.site projer.xyz qolls.buzz quanto.sbs qubic.fun questnz.xyz quickl.online razo.quest restor.uno restorat.sbs revolve.buzz rikroll.xyz secondry.autos statanalytics.xyz strangr.fun strifer.fun strimmr.buzz stubb.buzz tokend.space torquse.uno trickly.xyz trimmr.club trytogo.online ultimatez.cfd undone.buzz unforg.fun unrel.lol untell.xyz varname.buzz vectr.quest vizrd.xyz vorm.buzz warrant.sbs widgt.xyz wizrd.cloud wondr.buzz wormz.buzz xeno.buzz xtremo.lol xtrict.xyz xtrim.fun xxfor.buzz xxgot.buzz xxhit.buzz xxirc.buzz xxjog.buzz xxkep.buzz xxlid.buzz xxmod.buzz xxnex.buzz xxorg.buzz xxpos.buzz xxqck.buzz xxred.buzz xxset.buzz xxtec.buzz xxund.buzz xxvec.buzz xxwex.buzz xxxyz.buzz xxyop.buzz xxzet.buzz xyforward.cyou xygrabber.cyou xyhover.cyou xyinterrupt.cyou xyjumper.cyou xykombo.cyou xylesson.cyou xymoon.cyou xyneedle.cyou xyopera.cyou xypromo.cyou xyquest.cyou xyroman.cyou xystream.cyou xytracker.cyou xyunique.cyou xyvery.cyou xyworld.cyou xyxylene.cyou xyyclept.cyou xyzigzag.cyou yankeyz.cfd yeartwo.buzz yellw.xyz yesllow.homes yester.uno yttrim.uno zetas.cfd zetas.me zetas.shop zxarc.buzz zxbod.buzz zxchk.buzz zxdoc.buzz zxext.buzz zxfog.buzz zxgod.buzz zxhog.buzz zxind.buzz zxjep.buzz zxkid.buzz zxlex.buzz zxmid.buzz zxnix.buzz zxopr.buzz zxpro.buzz zxqud.buzz zxrop.buzz zxset.buzz zxtok.buzz zxund.buzz zxvoc.buzz zxwww.buzz zxxer.buzz zxymb.buzz zxzip.buzz zyambient.cyou zybridge.cyou zycross.cyou zydrive.cyou zyeffort.cyou zyfrozen.cyou zygophyte.cyou zyhandle.cyou zyinternal.cyou zyjumper.cyou zykenia.cyou zyluss.cyou zymase.cyou zynarrow.cyou zyomide.cyou zypper.cyou zyquick.cyou zyrock.cyou zyslave.cyou zytrick.cyou zyultimate.cyou zyvictory.cyou zyworker.cyou zyxpert.cyou zyypper.cyou zyzeolite.cyou # Reference: https://www.virustotal.com/gui/ip-address/185.253.33.181/relations freellock.com cdn.freellock.com # Reference: https://twitter.com/EKFiddle/status/1544348118593941504 # Reference: https://twitter.com/MBThreatIntel/status/1544743417745289216 collectingstatistics.net javascriptmagneto.net jsconfigur.net jsconfigur.org # Reference: https://twitter.com/sansecio/status/1545097814945845248 # Reference: https://www.virustotal.com/gui/ip-address/38.132.99.214/relations # Reference: https://www.virustotal.com/gui/ip-address/85.239.55.67/relations cloudestreem.com systemcloud.in /api/id/IEKAOIEKAOIEKAO /IEKAOIEKAOIEKAO # Reference: https://twitter.com/sansecio/status/1545159974254362626 html5decode.net /redirect-non-site.php?datasend= # Reference: https://twitter.com/unmaskparasites/status/1545463671492681731 pingurlx.com # Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_Magecart.json 01scambiomoda.net 2015onlineshop.com 20180426.com 24sevenprinting.org 24wp.org 29wp.org 2nt6.com 3-easy.xyz 360-3d.info 360popads.com 360popunderfire.com 36obuy.org 38027.info 3dartevideo.com 3hourweb.com 3rfm.com actual-textile.com artistgossip.info asamtechnologies.com asapmobilelocksmithsny.com assistmail.net autocustomcarpets.org autodealerjournal.com autoricambiteam.com bantin113online.com besttowerfanreview.com blossomdigital.net bmoar.com borac.org borderleads.net bournelegacy2012.com bournelegacy2012.info bovyc.info bowobcloud1.com boxmovihd.com cartix.org cartme.org casadellaturadio.com casamadeleine.info casaspremoldadas.net case-lagodorta.com cashpeels.com casino-pokerdom.com casitasduquesa.com casquebeatsspascherr.com cassandragraisford.com cat-lovely.com causeun.com cbtagclouds.com cdtk9.com celeb2vote.com celltheraphy.net click-fraud-detection.com clicktictac.com clipsexteen.com clixapper.com cloud-info.click clunder.net cms-skin.com cmsucoz.com codecomplete4u.com codelessay.info codingbutler.com codnetnewsletter.com coffeebrewerdenver.info coffeemakercolumbus.info coffeeshoprestaurant.info consultabotox.com consultoriocanino.com contextrtb.com contribusourcesyndication.com controlwebadmin.com conversiongold2.com conversioninabox.com convertizrds.com cookiescript.cdn8.info cookingequipmentguides.com cool-board.info cool-cool.info cool-fashion.info cool-her.info cool-herstyle.info cool-key.info cool-mystyle.info cool-top.info coolcounters.net coordenadas-gps.info cople.info corissapoley.com cosmicvent.net cosmosoftsolutions.com countybuck.com coureleads.com cppgf.com cracks4free.info crackthecode.info custom-webdesigns.net customgaugepanelsinhampsteadnc.com cyber-25.info cyberstampedeinc.com cykahax.net cyklist.info cyzyk.info d-artchitex.com da-redirect.info daftar-pokeronline.com daoblockscenter.com dev-extension.cloud dfdffgff.kitewhite.online downloadreview.net dressforyouka.com elunlversal.com freeaudiovideodelivery.com freechoiceact.net freedominvestingsystem.com freedownloadreviewed.com freeinternetvideopoker.com freelancerfree.com freepokercostarica.com freesearchworld.com freewebsitetrafic.com freitagautomobile.com friendpetsclub.com fromtheendzone.com fruitybarre.com fushigi-yume.com gacsapps.com gadgea.com gadget-solutions.com gallerialabronica.com galloom.com getleadfeeder.com grandriverinspection.com graycardinals.com greetingsfromhb.com imzaj.com in-management.info inard.info incinflorida.com includejs.net indatwa.net india-luxury-travel-packages.com indobacklinks.com indovertiser.com inferactive.net info-angebote.info info-circle-area.com info-e-cigarette.com infocirclearea.com infocus52.com infoeduonline.info infoguiaguadalajara.com infomusculacao.com infoserveconsultants.com infpoker.com ingilteredilokulu.org inieshop1.com inlscorp.com inspirationalquotesandsayings.com jogja-handycraft.info johngoodmandesign.com johnsbogers.com jople.info joshuahunt.info joyeriaenpontevedra.com jqwp.org jscrpt.info kimchisan.com kimhuetea.com kimiawebsitedesign.com kinoskachka.com kiralikgunlukdaire.net klasfm.info klin9.info koddostu.net kolnossystems.com konkhmer8.info kvazis.fvds.ru mfhfeeds.com mgtct02.net miamimuseum.info microfin.info miderea.com mybestmediadownloads.com myclickmonitor.com mycrews.info mydearmishima.com mydon.org myhurtbaby.com myluckymarriage.com myogisaputra.info myprestatheme.com myreklama.org mysimplename.com myskop.com myweb-tools.info myxomop.net n1te1337.com n284adserv.com n285adserv.com nannieroth.info navegaengalego.com naverle.com ndezo.net nekretnine365.info neley888.info neohealthnews.com nerds-down.com net-city.info net-fortune-telling.info netrotator.net newimagemagazine.info newm33arads.com newrooseveltinitiave.com newrus.net newsvidnews.info nfsgames.info nfwebminer.com nguoiay.info nguyenthikieuquan.com nhacaipoker.com niaz22.com nikscenes.info nimbuzzer-java.com nitrostats.com njsa-assignments.com nntindia.org nosleeppress.com noticiasnicaragua.info notno.info notraff.com optionsm-stats.com optom-iz-kitaya.com opvar.com oracleinsider.com oracyweb.com orangewebscape.com orc-my.com organicvillagenyc.com organizingdealers.info orthodontistqld.com osatjobs.info otitez.org plugin-connect.cloud pokerdestek.com polskiandi.com pommenoir.com popads.info porno-hab.com pos-in-dubai.com potteryandglasscollectiblesx16.info ppcindonesia.net practicefieldadv.com praguemost.info pralilipiped.net preferredbenefitpartners.com premium-software.info prentissw.com pressing-arcenciel.com pricefeel.info pricesee.info pricesix.info prim-vod.com printerkaosmurah.com prizrakov.net puzzlesgamesplusb3.info radio-constantine.org radiovideoads.com ragonese.net ralphsells.info randompatternsmusic.com raymond-mill.org rdrbackup.com reachingforyourhand.com reportersinc.info reptibious.com reviewerplus.info reyfiles.com rezekidarisms.com rhythm9.com ricondamaintenance.com ridewithtraiv.com ridingmowersendofseason.info ripsawdesign.com rispostaindia.info ristorantedabeni.com riverfrontgrumble.com rjmungo.com rmrefer.com robertostrizzi.com rotation-media.net skolske-knjige.net # Reference: https://twitter.com/MBThreatIntel/status/1549086388024254465 # Reference: https://twitter.com/unmaskparasites/status/1549172191572267008 # Reference: https://www.virustotal.com/gui/ip-address/223.252.173.12/relations # Reference: https://www.virustotal.com/gui/ip-address/85.239.41.205/relations checkmag.shop clientswebstat.online finteza.online funeldata.com help-chat.shop jstat.shop issuspsorry.online kgrs.shop online-chat.shop online-support.best paymentpay.shop visualwebsiteoptimizer.online /api/id/854OIEKAOIEKAOIEKA /854OIEKAOIEKAOIEKA # Reference: https://www.virustotal.com/gui/ip-address/223.252.173.168/relations googlecom.click # Reference: https://twitter.com/sansecio/status/1554902168108294144 # Reference: https://www.virustotal.com/gui/ip-address/103.253.43.232/relations # Reference: https://www.virustotal.com/gui/ip-address/195.54.174.154/relations clickstat.eu cloud-zdassets.com crprtd.com drubofast.com flexchat.shop ghtrs.com gtpely.com hstatbuy.shop iocloud.shop liveclick.shop masmag.shop msft-tools.net stopyfy.com webmastersite.shop zitye.com # Reference: https://twitter.com/MalwareInfosec/status/1559281030283939841 # Reference: https://www.virustotal.com/gui/ip-address/23.106.215.227/relations webtemplatedelivr.com # Reference: https://twitter.com/rootprivilege/status/1559238666077081600 # Reference: https://www.virustotal.com/gui/ip-address/167.235.20.31/relations # Reference: https://www.virustotal.com/gui/ip-address/49.12.223.222/relations 101request.com 99request.com drrequest.com request101.com requestbee.com ab.ro.lt # Reference: https://blog.group-ib.com/switching-side-jobs # Reference: https://www.virustotal.com/gui/ip-address/82.180.173.146/relations # Reference: https://www.virustotal.com/gui/ip-address/82.180.173.187/relations designestylelab.com congolo.pro gvenlayer.com metahtmlhead.com nmdatast.com seclib.org vamberlo.com winsiott.com # Reference: https://twitter.com/rootprivilege/status/1562998526329495553 # Reference: https://www.virustotal.com/gui/ip-address/85.239.54.210/relations united81.com # Reference: https://twitter.com/MBThreatIntel/status/1567533004297490437 stripefaster.com # Reference: https://twitter.com/unmaskparasites/status/1567604988750483457 # Reference: https://www.virustotal.com/gui/ip-address/77.91.74.92/relations gtmapicss.com gtsmapicss.com jqstylemin.com jqstylemini.com jqstyleminjs.com sanapicss.com # Reference: https://twitter.com/MBThreatIntel/status/1572316461615677440 # Reference: https://www.virustotal.com/gui/ip-address/192.236.209.185/relations # Reference: https://www.virustotal.com/gui/ip-address/51.75.49.254/relations stats-doubleclick.com # Reference: https://www.virustotal.com/gui/ip-address/195.22.149.218/relations # Reference: https://www.virustotal.com/gui/ip-address/91.203.192.227/relations cloudfsnbg.cc google-application.com google-bootstrap.com google-clipboard.com google-font.com google-ltag.com google-manager.com google-portal.com google-server.com google-work.com _mta-sts.cloudfsnbg.cc # Reference: https://twitter.com/unmaskparasites/status/1572635560153612288 # Reference: https://www.virustotal.com/gui/ip-address/94.131.107.62/relations gjsmini.com goojsytle.com stylecssmini.com # Reference: https://twitter.com/MBThreatIntel/status/1573059941619081221 guyacave.fr/js/tiny_mce/themes/modern/validate.js # Reference: https://twitter.com/MBThreatIntel/status/1577039325157822464 # Reference: https://www.virustotal.com/gui/ip-address/142.11.211.60/relations # Reference: https://www.virustotal.com/gui/ip-address/178.20.40.156/relations assetsclick.com assetsfind.com assetspower.com assetsspace.com megaebun.ru stripecheck.com # Reference: https://twitter.com/MBThreatIntel/status/1578483645568147456 # Reference: https://twitter.com/EKFiddle/status/1578497647857762304 fleuriste.ca/static/version1664884145/_cache/merged/510ae23a9c13df084a8608806e1bb5be.min.js gs27usa.com/translations/tw/mails.php # Reference: https://twitter.com/MBThreatIntel/status/1579869056819396609 cdn-mediahub.com # Reference: https://www.virustotal.com/gui/ip-address/103.109.101.137/relations payce-google.com payse-google.com # Reference: https://twitter.com/sansecio/status/1587034728292646913 # Reference: https://www.virustotal.com/gui/ip-address/176.99.6.185/relations altersave.org js.altersave.org # Reference: https://twitter.com/AffableKraut/status/1587457210564726791 # Reference: https://urlscan.io/result/f14c5092-9bec-4985-91be-a4601d39ddac/ lalalatatata.com # Reference: https://www.virustotal.com/gui/ip-address/188.114.97.3/relations jscdnstore.pw # Reference: https://twitter.com/unmaskparasites/status/1593321085323595776 aspoln.info # Reference: https://twitter.com/c0d3inj3cT/status/1594974179463499778 # Reference: https://www.zscaler.com/blogs/security-research/black-friday-scams-4-emerging-skimming-attacks-watch-holiday-season artmodecssdev.art cdn-common.com cdn-webcloud.com devjs.biz html5decode.biz html5decode.com html5decode.org java-cloud.biz java-cloud.net java-cloud.org magento-cloud.biz magento-cloud.com magento-cloud.net magento-cloud.org modersecure.com mozillajs.biz mozillajs.net mozillajs.org payment-analytics.info stirepoint.com # Reference: https://twitter.com/SinghSoodeep/status/1598320639961710596 # Reference: https://www.virustotal.com/gui/ip-address/46.30.40.108/detection cdn-jsnode-call.com cvv-news.store cvv-private.online cvv-private.space cvv24.cc cvv24.site cvv24.store cvvamoggrcopaeehscyic6xu3q5lbameo3kv3q3ptpfa5bsq2vrbjsad.onion cvvhub.at cvvhub.in cvvhub.site cvvhub.store cvvhub.su www-cvvhub.ru # Reference: https://www.virustotal.com/gui/ip-address/34.171.171.32/relations # Reference: https://www.virustotal.com/gui/ip-address/51.91.209.190/relations jquerystatistik.com jqurystatistic.com statistiktrafiktrubest.com statistiktrafiktrubest.net # Reference: https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.36/relations 2blu.cloud 7raven.uno add222.golf bind853.me blind227.boutique block714.mobi bus527.cfd composition375.digital depth305.digital dig159.digital door111.network earn454.live follow707.cloud gymorning.cyou heavy689.immo hinder799.cyou hovr.monster literature539.space lynxer.monster mn-vps.art nothing536.loan operator595.city passenger210.bar reduction925.cc salt204.me slavery588.biz someone332.bond strimmr.buzz supper728.gifts temple321.bar wa-track.com war740.engineer bx46558954.block714.mobi 6383573447.dig159.digital a139127292.dig159.digital ad51503046.dig159.digital au54908186.add222.golf b752190403.dig159.digital bu4177319.passenger210.bar ck40780353.hinder799.cyou cn24778728.composition375.digital dr16228601.party257.engineer ei18376437.operator595.city fe50866349.operator595.city ga71625840.door111.network ic28610131.door111.network kv6922771.door111.network mq16264526.temple321.bar oe45905490.reduction925.cc temple321.earn454.live tracker.web-cockpit.jp w4451.wa-track.com w7415.lb.wa-track.com wl63518921.nothing536.loan yq40826.bind853.me yv32724828.operator595.city # Reference: https://www.virustotal.com/gui/ip-address/172.64.80.1/relations cdnjs.pw # Reference: https://www.mertsarica.com/magecart-ile-mucadele/ /js/6cb1e31ff2f343a9d576d889bfcbde0e.js /6cb1e31ff2f343a9d576d889bfcbde0e.js # Reference: https://www.virustotal.com/gui/ip-address/162.19.175.7/relations jquery-mobile.com # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven 2xdepp.com # Reference: https://www.virustotal.com/gui/ip-address/185.157.160.171/relations magento-cdn.net # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336 antohub.shop app-stat.com jquery-node.com nebiltech.shop okqtfc1.org rithdigit.cyou yachtbars.fun cdn.nebiltech.shop # Reference: https://twitter.com/unmaskparasites/status/1633894598908219392 git-authorize.net # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/03/hunter-skimmer # Reference: https://otx.alienvault.com/pulse/641b199b876ff4d23aab375c 1537la.buzz 1537li.buzz 1537lx.buzz 1568la.buzz 1568li.buzz 1568lx.buzz 1599la.buzz 1599li.buzz 1599lx.buzz 1599lz.buzz 1630lz.buzz appcloud1.buzz appcloud19.buzz appcloud2.buzz appcloud20.buzz appcloud3.buzz appcloud5.buzz araboxtv.sbs blindsmax.sbs bubapeq.quest dev-extension.one dev-extension.us hedeya.sbs inspirefitness.sbs motherearthlabs.sbs nasaservers.sbs newarriwal.quest paramountchemicals.sbs peqart.sbs remediadigital.sbs roboshop.sbs schmerzfrei-shop.sbs swsgswsg.sbs thecornerstoreau.sbs ultracoolfl.sbs # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/03/new-kritec-skimmer # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/11/credit-card-skimming-on-the-rise-for-the-holiday-shopping-season # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.76/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.78/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.80/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.82/relations # Reference: https://otx.alienvault.com/pulse/641c8658102b428a20157ffc # Reference: https://otx.alienvault.com/pulse/6555e85408ac74ea956c5471 accotech.quest aifanul.yachts androton.online animtech.quest apexit.yachts arastek.online aurelec.shop autotec.shop avordic.site avtomob.sbs babtek.click bachitech.pics balacdigit.pics bantec.pics basewhit.quest beatmob.pics becasotec.site bednedigit.quest begistic.site belmrs.click bereelec.quest beresor.store bespitech.sbs bibstele.online biposou.online bolotoc.store boroshtic.click bufelec.yachts bulkmob.store calcdigit.pics cegteh.store centridig.store changeyellow.cfd chasoc.quest chekeelec.quest chelotec.quest chokdigit.pics chutech.works cloud-cdn.org cloveselec.quest comepetec.click cosmafit.click cutele.shop cuvanil.quest daisnetech.site dayspiselec.quest defimob.bar dekrenof.quest deletouch.shop deliverclos.online deliverclos.sbs denetok.site denlog.shop depeyo.online deshvoc.store digitstel.site divimob.space djutech.online domelec.shop domog.shop donashhack.online dorojet.store dowonderful.store druzit.quest dujetech.yachts dvanatech.yachts dvojnatech.sbs dychtech.shop dzelonline.shop ecosustain.digital effecttec.shop efromob.site eleconuch.click elenots.site eluntec.info encit.yachts enisemol.click ensdigit.quest entrydelt.sbs etibuz.shop fadyit.pics fantodelt.sbs fasfad.site felestech.click flagmob.quest flattec.sbs fletmob.sbs flowit.pics followmilitry.cfd frikctictempo.fun frodetraho.click funkomob.sbs gachit.yachts galeglob.quest gambon.shop garnimob.sbs gastdigit.quest gelenhan.online gelimog.online gemdigit.pics gemofab.store gemstec.yachts genertech.pw genimmob.online genodigit.store genstech.shop gentop.online gerelec.site golyadik.site golyter.shop goponl.online greentechify.digital gretit.yachts hapermob.shop hasekytop.click helinit.yachts helostop.shop helotec.pics hemidigit.click hemogom.online hempomot.space henove.store heptombo.store hhfnsfsga.sbs hoohotic.click hovarelec.shop hustiontec.store idopos.shop ifilone.site igusfil.shop imhoelec.yachts imperel.site inlinedigital.pics innovate360.digital inspireworks.digital intescon.store intesres.quest irlatok.shop istoretc.shop jantech.quest jestmob.pics jetomob.shop jezesec.quest jondong.online jujoc.online justlice.store kafaben.site kajetic.fun kalomob.store kamitac.shop karadigit.quest keistodigit.pics kiligob.site kinotec.pics klstech.shop kolrmob.space kontec.quest kouelec.cyou krasoticmob.space kritec.pics kruktech.shop kurkumin.click lavutele.yachts ledeehub.shop lehelec.yachts lemnidig.shop lemtok.store lenosmac.shop lenton.store leritgo.sbs lielecef.cyou lishetoc.shop livepolitical.sbs lokotec.quest luktoc.online mageants.sbs metsimob.yachts mihayam.shop miskotec.store moboed.icu moldmob.site musatech.quest mutelec.quest mylase.click nadoelec.space najitel.quest nasnamob.quest nechuvelec.click nemojmob.online nepochtec.shop nevomob.quest noanotech.sbs nogtech.site nujtec.shop obfuscator.io obogtec.quest obomob.site odintech.sbs odnydigit.quest oifilon.site oklasdon.online oleketec.store olinmasot.click onitzech.sbs optemhop.shop osobtech.yachts otkridigit.quest otpusmob.shop oumymob.shop paunit.pics pelstec.online pershtec.click perstech.shop petlelec.quest pilozol.quest pitamec.shop plactech.quest plasmob.pics podbotec.sbs podobadigit.quest poidelt.sbs poptec.sbs povomob.shop pracelec.yachts pricetool.store prihot.fun prijetech.shop prodovjtec.shop projectmob.sbs provtec.shop psyhomob.sbs pubupu.quest ragutech.shop rebomob.quest regtech.sbs resuelec.yachts ribtech.shop rozkatech.yachts ruepliz.click sakwohub.shop samknut.click samopotele.yachts sanpatech.shop sasaiso.cfd schetdigit.pics screenmet.sbs secreelec.shop selentech.click seletech.markets seletmob.online semebit.online sgolen.store shakorot.site shareeffectiv.yachts shellmob.fun shokomob.sbs shonowor.site shotsmob.sbs shpitech.quest shumocom.site sintec.store sipletoc.site smestech.shop soplelec.pics sorotele.yachts sotkelec.yachts sourite.online spilotich.online startculturl.site statemob.yachts stelor.shop stemtec.click stiildig.store stimob.pics stiornec.store stonworks.vip stopfurther.sbs strajit.yachts stramdigital.yachts supermob.network sviisdigit.quest tanuatech.quest tastmob.yachts tekeiteh.quest teledomn.quest telehub.shop teletoch.pics teletouch.click temtoch.site tenastoc.click timetok.online tisimy.quest tochdigital.pics tochelec.quest topostock.shop trepmob.sbs trevago.site tromtustec.quest tuchtoch.shop tuchtok.site tuctec.site tululudoc.online udamos.online ukatec.pics ulyatec.quest usespecial.quest uznatec.shop valetec.pw vdoxdigit.pics vedldeno.store verecey.quest vetitec.quest vitalmob.pics vjevec.quest vkiten.click volonmob.sbs volosmob.pics volosmob.sbs vonderdigit.quest voouvdigit.site votedigit.shop vozvrec.store vuroselec.quest vushtech.sbs weitmob.shop wellbeingtech.digital writefederal.click wudutec.shop xentech.shop xiloditg.yachts xorotelec.quest yaknatec.pics yamatel.store yavipustec.online yedelec.sbs yelyotech.pics yololive.sbs yukmob.store zahidelt.sbs zamlmob.pics zizitok.shop zlakovos.click cdn.chelotec.quest cdn.donashhack.online cdn.dorojet.store cdn.elenots.site cdn.imperel.site cdn.kurkumin.click cdn.oumymob.shop cdn.podobadigit.quest ww12.podobadigit.quest # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.130/relations nespomob.sbs cdn.shotsmob.sbs # Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ info-stat.ws # Reference: https://cyberweek.ae/materials/D4%20TRACK%202%20-%20APT%20Attacks%20On%20Crypto%20Exchange%20Employees%20-%20Heungsoo%20Kang.pdf analyticsfit.com # Reference: https://www.virustotal.com/gui/ip-address/23.88.97.138/relations js-jquerylibs.com # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art # Reference: https://otx.alienvault.com/pulse/644ba6b9255f619b29fc7ac3 daichetmob.sbs genlytec.us interytec.shop pyatiticdigt.shop shumtech.shop stacstocuh.quest zapolmob.sbs # Reference: https://unit42.paloaltonetworks.com/internet-threats-late-2022/ # Reference: https://www.virustotal.com/gui/file/eaadde9a724180a0318c13a9399ec30bda7a3ec6399ff43b8b7207bf0e74332b/detection personallydeliver.com # Reference: https://twitter.com/unmaskparasites/status/1653895004287537152 # Reference: https://www.virustotal.com/gui/ip-address/194.4.49.208/relations codesejquery.com codesjquery.com gojqswejs.com gojqueryajax.com gojqwejs.com gojqwerjs.com jspixjqurey.com jspqurey.com # Reference: https://sansec.io/research/postponed-exfiltration-evades-detection # Reference: https://www.virustotal.com/gui/ip-address/185.142.238.71/relations # Reference: https://www.virustotal.com/gui/ip-address/185.142.238.77/relations # Reference: https://www.virustotal.com/gui/ip-address/198.54.117.242/relations gogletags.click gtag-analytics.com pickuptestold.site cdn.gogletags.click cdn.gtag-analytics.com cdn.pickuptestold.site gt473829.pickuptestold.site # Reference: https://twitter.com/threatcat_ch/status/1661006743340724224 # Reference: https://twitter.com/unmaskparasites/status/1661052684366143489 # Reference: https://www.virustotal.com/gui/ip-address/91.202.5.222/relations cdnjsbrt.com cdnjstat.com marhamteb.com miagw1b-1.net vk-0y7l5hkf.ru webstatlstics.net www111.site # Reference: https://twitter.com/unmaskparasites/status/1673811920263208960 # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=49.12.201.215 fedgeat.com fwldewr.com giberuz.com harilov.com hdrequest.com htmesed.com letoloh.com pattepr.com requesthd.com requesttip.com sacarie.com tusunal.com varcinu.com velenzy.com velioan.com # Reference: https://www.virustotal.com/gui/ip-address/188.114.96.4/relations cloudfarle.com cdn.cloudfarle.com # Reference: https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains # Reference: https://www.virustotal.com/gui/ip-address/194.50.153.45/relations # Reference: https://www.virustotal.com/gui/ip-address/51.250.22.129/relations # Reference: https://www.virustotal.com/gui/ip-address/80.66.64.143/relations byvlsa.com cdnreport.net chatwareopenalgroup.net woocommerce.im woocomnnerce.com yoursmartpanel.com cpanel.woocomnnerce.com emv1.byvlsa.com emv1.google-site-verification.com puzygqxxsdu.woocomnnerce.com # Reference: https://threatfox.abuse.ch/browse/malware/js.magecart/ lemodigit.online macsetech.online mopedigit.shop olimpsport.org ttewe.quest yalomob.pics # Reference: https://www.virustotal.com/gui/ip-address/195.80.51.59/relations # Reference: https://www.virustotal.com/gui/ip-address/34.88.77.180/relations script-hotjar.com cpanel.script-hotjar.com random.script-hotjar.com 9dac4f19-6e96-4470-974c-73ca48c6c0cc.random.script-hotjar.com # Reference: https://www.virustotal.com/gui/ip-address/107.158.94.87/relations google-analytics.publicvm.com # Reference: https://www.virustotal.com/gui/ip-address/193.106.174.210/relations dwww.script-analytics.com ipfs.script-analytics.com mail.script-analytics.com # Reference: https://sansec.io/research/malware-persistence-via-telegram-and-github # Reference: https://www.virustotal.com/gui/ip-address/51.161.204.249/relations kissupme.life # Reference: https://otx.alienvault.com/pulse/64d69f098146e2b80ae306a3 xurum.com mail.xurum.com mx.xurum.com # Reference: https://threatfox.abuse.ch/ioc/1152655/ dispatchweekly.com/wp-admin/admin-ajax.php yamtorrecampo.com/wp-includes/card.js # Reference: https://www.virustotal.com/gui/ip-address/193.106.174.126/relations # Reference: https://www.virustotal.com/gui/ip-address/51.250.66.41/relations cdn-report.com fsxtwuuitax.cdnreport.net mail.cdnreport.net mta-sts.cdn-report.com mta-sts.google-site-verification.com mvwsggyjwgk.woocomnnerce.com thsid.megaebun.ru sber.megaebun.ru smtp.cdnreport.net smtp.woocomnnerce.com # Reference: https://www.virustotal.com/gui/ip-address/31.44.184.200/relations googleapicert.com # Reference: https://twitter.com/Gi7w0rm/status/1705319428802449846 http://155.133.7.22 # Reference: https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer # Reference: https://www.virustotal.com/gui/ip-address/37.1.220.159/relations adsometric.com anality-cdn.com cngresearch.com pmdresearch.com secures-tool.com tool-cdn.net # Reference: https://sansec.io/research/is-your-stores-newsletter-being-used-for-phishing pub-7f69134e44ab4a03bb5e13c4894ffb4f.r2.dev # Reference: https://twitter.com/sucurisecurity/status/1732865318903505168 # Reference: https://twitter.com/unmaskparasites/status/1732880913359585670 # Reference: https://blog.sucuri.net/2023/12/40-new-domains-of-magecart-veteran-atmzow-found-in-google-tag-manager.html artdataharvest.com artisticexpressiondb.com artisticpatterndata.com artistictrendsmap.com artistictrendsprobe.com artprofilingtool.com artstattracker.com arttrendtrackers.com artworkanalytics.com brushstrokemetrics.com canvastrendstracker.com colorpalettemetrics.com colorschemeobserver.com drawdatahub.com drawinginfopro.com drawninfoinspector.com drawnstatsgather.com gallerydatainsight.com gallerytrendstracker.com imageinsightvault.com imagepatternprofiler.com imagestatistician.com paintedvisionsstats.com paintedworldstats.com paintinfoanalyzer.com picinfometrics.com picturedataminer.com picturetrendsdb.com picturetrendsmonitor.com sketchanalyticsvault.com sketchdataanalytics.com sketchdataharbor.com sketchinsightswatch.com sketchmetrics.com sketchtrendsmonitor.com strokeanalysislab.com strokepatternanalysis.com visualartexplorer.com visualartinsights.com visualdatacollector.com cdn.artdataharvest.com cdn.artisticexpressiondb.com cdn.artisticpatterndata.com cdn.artistictrendsmap.com cdn.artistictrendsprobe.com cdn.artprofilingtool.com cdn.artstattracker.com cdn.arttrendtrackers.com cdn.artworkanalytics.com cdn.brushstrokemetrics.com cdn.canvastrendstracker.com cdn.colorpalettemetrics.com cdn.colorschemeobserver.com cdn.drawdatahub.com cdn.drawinginfopro.com cdn.drawninfoinspector.com cdn.drawnstatsgather.com cdn.gallerydatainsight.com cdn.gallerytrendstracker.com cdn.imageinsightvault.com cdn.imagepatternprofiler.com cdn.imagestatistician.com cdn.paintedvisionsstats.com cdn.paintedworldstats.com cdn.paintinfoanalyzer.com cdn.picinfometrics.com cdn.picturedataminer.com cdn.picturetrendsdb.com cdn.picturetrendsmonitor.com cdn.sketchanalyticsvault.com cdn.sketchdataanalytics.com cdn.sketchdataharbor.com cdn.sketchinsightswatch.com cdn.sketchmetrics.com cdn.sketchtrendsmonitor.com cdn.strokeanalysislab.com cdn.strokepatternanalysis.com cdn.visualartexplorer.com cdn.visualartinsights.com cdn.visualdatacollector.com # Reference: https://twitter.com/ViriBack/status/1737215413715361833 http://91.92.250.214 # Reference: https://blog.sucuri.net/2023/12/magecart-wordpress-plugin-injects-malicious-user-credit-card-skimmer.html fbplx.com lin-cdn.com # Reference: https://threatfox.abuse.ch/browse/tag/Magecart/ http://37.252.1.225 http://45.153.48.176 http://5.252.177.247 37.1.213.121:8080 37.252.1.225:443 45.153.48.176:443 5.45.83.223:443 # Reference: https://www.virustotal.com/gui/ip-address/80.78.25.165/relations js-utilities.com # Reference: https://www.virustotal.com/gui/ip-address/80.78.22.139/relations liquisync.com # Reference: https://www.virustotal.com/gui/ip-address/91.206.178.221/relations dexpols.tech con-next.tech coreallbridges.tech octusbridges.tech doogle-analytics.online doogle-analytics.site doogle-analytics.store # Reference: https://twitter.com/Gi7w0rm/status/1746907826511851668 /dcce10/stat.php # Reference: https://twitter.com/Gi7w0rm/status/1746905252744294853 # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.36/relations 0ad.g-content.bid 0c72099354.dig159.digital 1clicktracker.com 1d88817234.dig159.digital 1f47719105.dig159.digital 2ftracker.web-cockpit.jp 3043890602.dig159.digital 3043890602.mn-vps.info 3282978873.dig159.digital 3282978873.mn-vps.info 3659627184.dig159.digital 45447314.dig159.digital 4693606354.mn-vps.info 4gods.nl 5441551fdd.com 55.forjs.online 5880298611.dig159.digital 5880298611.mn-vps.info 5b89443922.dig159.digital 5d87691157.dig159.digital 6c12149180.dig159.digital 722a9c3988.5441551fdd.com 788555.vip 7e59911148.dig159.digital 7tor.fun 8252261061.dig159.digital 9227543145.dig159.digital 9227543145.mn-vps.info 9379155332.dig159.digital 9a57017380.dig159.digital a636377283.dig159.digital ab48478730.mn-vps.info ab88188560.bind853.me ad.g-content.bid ad83067819.politician407.cc adutler-fermion.com advice875.kaufen af31462241.little574.dog af79129622.heavy689.immo affilprofinetwork.cz africangirl.top ah12307213.hole579.info ah24319910.little574.dog ah48793979.follow707.cloud ak14365841.reduction925.cc al98798321.operator595.city always609.me an42494030.slavery588.biz analytics.bncapp.net analytics.brinelab.com analytics.dogpower-news.it analytics.dynamit.space analytics.skyliumradio.de analytics.youlindo.eu anglerfox.design anti-bot.buzz api.getreviews.app api.getshar.es apiu.ru apiwm.link app.calldrive.io app.conversionratebooster.com app.custiom.com app.eshop-ads.online app.isflm.com app.neunetic.com app.notifendo.com app.notifyer.pro app.viralproof.co apps.poln.co aq74359105.mnvps.cc arbitko.ru arch535.industries as64897077.blind227.boutique au93566707.supper728.gifts auglstats.net av78696081.salt204.me awebcommerce.com ax82528484.paste518.cyou ay41005849.hand995.camp azjs.win b252188235.dig159.digital ba86862616.supper728.gifts barber462.space bcmid.eu be17524253.slavery588.biz be28299789.dig159.digital best-developer-work.com beyond426.gold bh42322336.party257.engineer bi43350504.mnvps.live bi77461158.reduction925.cc bi98398831.mnvps.click bisn.manqi.app bit681.center bj49908013.slavery588.biz blame303.download bm32148204.mn-vps.click bm62997213.add222.golf bn99972963.reduction925.cc bncapp.net boswelling.com bp61431860.weekend956.agency bq20940184.hole579.info brandsale.website brinelab.com bro.kim bs46335192.little574.dog bt82594660.door111.network bu18998023.earn454.live bu28836450.door111.network bugherd.sg bunneumetcea.tk buoy.bz bx44819218.party257.engineer byggonline_gotenehus_se.cdpx-eu.com bz56223611.supper728.gifts ca70104711.party257.engineer cad-constructor.de cafe24.instashoppick.com caishenlailai.com calldrive.io canecto.info cb6956786.dig159.digital cdn.cloudnxd.com cdn.micspanel.net cdn.obisonesrl.com cdn.omapapi.com cdn.oryxcommerce.com cdn.pushdialog.com cdpx-eu.com cg26555208.temple357.careers ch27390466.operator595.city checkouau93566707.supper728.gifts checkout-cdn.net chicocanvas.com chillzone.pm ci85339965.mnvps.art ciasnafurta.pl circle504.shop cj90473967.classify321.jewelry cj90473967.instant768.cheap cj90473967.party257.engineer ck36970538.keep822.cam ck38055632.operator595.city ck44111745.keep822.cam classify321.jewelry cloud.optimizer.systems cloud.site22.hk.luocheng.site cloudfare.tech cloudnxd.com cm35012446.bus527.cfd compteurgratuit.net connect.faceboooooooooooooooooook.net console.naomi.chat conversionratebooster.com copoetry.com cq69947833.laugh687.delivery cqtw22699791.herbalsolutionsource.com cr61571145.eastern305.space credit-cashback.net cs70855524.reduction925.cc cta.shopgear.io custiom.com cx51318470.bus527.cfd cz72358199.temple321.bar d.g-content.bid d140273217.dig159.digital da32858492.supper728.gifts da9495731.mn-vps.art data-stat.info datbinhduongdep.net dc30117151.wide227.dog delay994.cc demospalabanda.com detect.redirectron.com dh55trk.com diamond674.digital dj20331469.blind227.boutique dk13597652.block714.mobi dl.jscript.cloud dogpower-news.it doogle-analytics.online doogle-analytics.site doogle-analytics.store dp26034124.follow707.cloud dp66758414.temple321.bar ds88277251.earn454.live dshost.pro dsncs55ms.xyz dssdsdaas.xyz dt31380469.block714.mobi dynamit.space e.slimfy.net e313588511.dig159.digital eastern305.space eba18.ffox.site ec12544429.heavy689.immo ec22129369.dig159.digital ef27127706.door111.network eh54560443.party257.engineer eh74850685.reduction925.cc ei23992012.passenger210.bar elitemail.monster em89206696.arch535.industries em92287661.supper728.gifts email2marketing.com embed.tawkto.bid en.bro.kim eo5162594.nothing536.loan eq53211622.salt204.me er70536089.follow707.cloud erikawraps2015.com eshop-ads.online estats.live eu20976880.bit681.center ew26641374.mn-vps.click ew90072292.add222.golf extenmap.com f279509202.dig159.digital fa57865601.dig159.digital faceboooooooooooooooooook.net fasten466.golf fb28343398.temple321.bar fb8353087.bind853.me fbmarketing.top fd14727926.heavy689.immo fd602061.bind853.me fd76829342.depth305.digital fh51299271.passenger210.bar fi2550286.diamond674.digital fifsupport.com firsaturunleri.net fk38210998.circle504.shop flavor540.info fn22214993.hinder799.cyou follow.hk forjs.online fp8565340.temple321.bar fq37456017.hole579.info fq9451830.circle504.shop frame185.kim frankdocs.biz freeblowjob.online frighten164.men ftracker.web-cockpit.jp fy18161208.bus527.cfd fz11934809.mn-vps.cc fz19876324.circle504.shop fz97829124.operator595.city ga92626343.salt204.me gablr.me get-statics.live getreviews.app getshar.es giftblink.top gk66765425.hole579.info globalmiglog.com go.rere.live goat420.football gojinji.com gojoglesyndication.com gonulkomur.wv535171.war740.engineer googieplay.info gp71233739.war740.engineer gq77935519.supper728.gifts gq97717721.blind227.boutique gralek.pl great-news2.club group-bif.com gt36830018.arch535.industries gtagagent.org gulandsonshotel.com gw3344224.war740.engineer gw47326997.blind227.boutique gz42908556.circle504.shop gz52395619.weekend956.agency hand995.camp he95169012.earn454.live heapstatic.com helpdesk.minkundservice.se herbalsolutionsource.com hk.luocheng.site hm9219478.mnvps.live ho37690430.little574.dog hole579.info hope903.quest hp3345578.slavery588.biz hr66074833.block714.mobi hu6086129.follow707.cloud humorhunter.net hunger605.online hw27367815.severe373.asia hy89263832.hole579.info hydrahydra.ir hydrahydra.kim hz86232397.mnvps.live ic10353896.slavery588.biz ie92799119.hinder799.cyou if10917833.earn454.live if40149807.little574.dog ij85301239.circle504.shop ik38902469.bind853.me il44395769.mnvps.club im33413012.slavery588.biz imatone-hosting.com imstats.imatone-hosting.com in640600.mn-vps.click inflow.humorhunter.net informatykadlafirm.pl instant768.cheap instashoppick.com investearners.com iq71846426.blind227.boutique iq85570406.bind853.me isflm.com it38469760.passenger210.bar iv20033491.she583.info iv30616081.war740.engineer iz83661546.fasten466.golf j-nic.jp ja.bro.kim ja42590609.party257.engineer jab.shopping javaskript.xyz jc48870821.salt204.me jd56933392.hand995.camp jd66321716.war740.engineer jg72225657.earn454.live jl59722347.keep822.cam jo94315710.bind853.me jq81278204.depth305.digital jqbs-cdn.store jqbs-checker.store jqbs-cloud-cdn.xyz jqbs-cloud-min.xyz jqbs-min.store jqbs-rest.store jqueurystatic.com js78281653.always609.me jscript.cloud json.gdn jspcss.com jx16629495.party257.engineer jx20957303.war740.engineer ka57680696.mnvps.live kb74503782.passenger210.bar kb99948025.operator595.city kd37039685.severe373.asia keep822.cam keit.master-tds.com kejnojd7.ru kg54544974.bind853.me kh40424217.operator595.city khobanthodep.vn kitchenventsystem.com kj37309760.little574.dog kj96485300.blind227.boutique km85530062.blind227.boutique kn6199553.diamond674.digital kp96190005.laugh687.delivery kw2199162.hand995.camp ky72778169.nothing536.loan laboratorio-salvadori.com laugh687.delivery lcvy25944673.herbalsolutionsource.com leadfeedssl.com li75628279.reduction925.cc likemytests.pw link.luocheng.site linkdonations.com listen884.digital little574.dog livechat.copoetry.com lk19006130.salt204.me lk45801402.nothing536.loan load587.date lobo2.pink log.nuserv.eu lowhost.ru lp37095324.reduction925.cc lr28711659.block714.mobi ls7010884.add222.golf lu32159822.bind853.me lu33625959.permanent875.center lu37005322.operator595.city lu37152750.block714.mobi lu76955282.earn454.live lu96707629.hinder799.cyou luocheng.site lw21955709.circle504.shop ma16394068.arch535.industries mail.africangirl.top mail.g-content.bid mail.instashoppick.com mail.jquerycdn.at mail.jquerylib.at mail.json.gdn mail.kinfirighbetted.host mail.medownet.xyz mail.toplevelstatic.com mail.veotracking.com mail.ws2.g-content.bid mail.ws3.g-content.bid manqi.app manyvps.online maskado.art master-tds.com mautic.gralek.pl mb73969123.passenger210.bar medownet.xyz meligue.online menzilmobilya.com mere836.digital mf57071519.bind853.me micspanel.net militarymini.club minijs.website minijs.xyz minkundservice.se miwolib.com mj13915057.diamond674.digital mju.dsncs55ms.xyz mn-vps.cc mn-vps.click mn-vps.club mn-vps.info mn42303470.mnvps.live mn46368989.put361.blog mnvps.art mnvps.cc mnvps.click mnvps.club mnvps.info mnvps.live moi.sivuseuranta.fi mother227.cc mp.lobo2.pink mq2668236.depth305.digital mx36218168.earn454.live my49898597.party257.engineer mywidget.me n.bro.kim na98470849.severe373.asia nad.g-content.bid naomi.chat nb70893594.bus527.cfd nd11950863.bind853.me ne13599891.slavery588.biz network.wiy.ro neunetic.com ng79410170.earn454.live ng88644832.passenger210.bar nj38996860.salt204.me nj42584278.salt204.me nl96544673.block714.mobi notifendo.com notifyer.pro notiv.id nq54555111.little574.dog nr57072098.nothing536.loan ns1.advice875.kaufen ns1.beyond426.gold ns1.blame303.download ns1.classify321.jewelry ns1.delay994.cc ns1.frame185.kim ns1.goat420.football ns1.mere836.digital ns1.plain923.me ns1.reach183.online ns1.someone332.bond ns1.spirit500.clinic ns1.star374.live ns1.stiff551.quest ns1.use635.coffee ns1.worry257.ink ns13102412.circle504.shop ns2.advice875.kaufen ns2.beyond426.gold ns2.blame303.download ns2.classify321.jewelry ns2.delay994.cc ns2.frame185.kim ns2.goat420.football ns2.manyvps.online ns2.mere836.digital ns2.plain923.me ns2.someone332.bond ns2.spirit500.clinic ns2.star374.live ns2.stiff551.quest ns2.use635.coffee ns2.worry257.ink nstp.erikawraps2015.com nt24321600.operator595.city nuserv.eu nw22767877.party257.engineer nz22993409.earn454.live oa87423576.follow707.cloud obisonesrl.com oc427773.slavery588.biz of98134012.passenger210.bar off301.space oh43208413.door111.network ohric.east1.pmrockettools.app oj83725790.hinder799.cyou oj88912451.mn-vps.cc omapapi.com onlinewebtracking.de onto566.shop oownik.com op10194629.mn-vps.art op89216989.flavor540.info optimizer.systems optimumtrade.online oq67557328.depth305.digital or64384422.temple321.bar oryxcommerce.com ou26382554.flavor540.info ov52235842.nothing536.loan ow72853614.add222.golf owa.ws2.g-content.bid owa.ws3.g-content.bid owaspi.info owaspi.me ox42878257.blind227.boutique oxusinfotec.com p7z912.bro.kim pagead2.gojoglesyndication.com pakistancloudservers.com part-time-job.biz paste518.cyou pd87452203.listen884.digital pe32628866.earn454.live pe3839026.subject403.quest pegasobooking.it permanent875.center pg86372135.flavor540.info pj69707064.bus527.cfd pk11855309.circle504.shop plain923.me pm11996024.composition375.digital pmrockettools.app pn81543304.nothing536.loan podpora.support politician407.cc poln.co pr25058134.composition375.digital pr78855440.follow707.cloud premiumstoreoutlet.com prestashop-demos.org printserviceroma.it profiyou.ffox.site pt27484752.she583.info pt30120535.circle504.shop pushdialog.com put361.blog pw06.woibs.net py99764136.bind853.me qa88445857.bind853.me qb47154533.hope903.quest qd94153140.operator595.city qdtn36019268.herbalsolutionsource.com qi32775626.subject403.quest qi85741768.bus527.cfd qn37470165.war740.engineer qo14322810.paste518.cyou qo63839594.depth305.digital quot-now.com qx13279925.subject403.quest qz71358249.diamond674.digital r.buoy.bz ra78188285.bind853.me reach183.online redirectron.com resource.canecto.info rh95617864.composition375.digital rose-musquee.eu rq38017361.bind853.me rq56823917.she583.info rs92227615.war740.engineer ru35757716.supper728.gifts rw2678233.hole579.info rw77183276.little574.dog rx74588942.blind227.boutique rxfg73700013.herbalsolutionsource.com s.apiu.ru sa41989673.mn-vps.art sa46349005.war740.engineer sa78782323.reduction925.cc salesurfboard.club sam2ur5.ffox.site sb31247426.earn454.live sb32247426.earn454.live sbd2424.com sbz-140.com se59739702.hole579.info secure.g-content.bid secure.ws2.g-content.bid secure.ws3.g-content.bid semcms.top severe373.asia sevgiliyeozelkolye.firsaturunleri.net she583.info shipping-manager.net shopgear.io site22.hk.luocheng.site sivuseuranta.fi sj31662514.reduction925.cc skyliumradio.de sl68369434.mnvps.info slimfy.net sm96549464.reduction925.cc smartsmokestorelocator.com so17524929.diamond674.digital socialproof.guru society850.online song858.info soulvip.vip sp24661619.slavery588.biz spirit500.clinic sr43121329.bit681.center ssl.g-content.bid ssl.ws2.g-content.bid ssl.ws3.g-content.bid sslapi.org sslinfotype.pw st39211802.passenger210.bar star374.live stat.oxusinfotec.com statcntr.net static.extenmap.com static.leadfeedssl.com stats.bcmid.eu stats.ciasnafurta.pl statsforseo.com stattrak.submitnet.fr stiff551.quest stun.ro subject403.quest submitnet.fr suey96960758.herbalsolutionsource.com sv8091674.operator595.city sy21735681.blind227.boutique t81kztrk.com ta17872794.hole579.info ta66041257.party257.engineer tacker.web-cockpit.jp tawkto.bid tb71766075.door111.network td53771365.circle504.shop temple357.careers test.wmadmin.dev textiu.co thaonhinguyen.com thesmallofbig.tk tm82342922.war740.engineer tmzimg.com tn61677941.mnvps.club to82078409.earn454.live towel694.store tracher.web-cockpit.jp track.dshost.pro tracking.follow.hk traffic.tmzimg.com travel4a.win trustboostr.com truuudomen.com tu60621748.slavery588.biz tw55759545.composition375.digital tx11121533.wide227.dog tx35699366.mnvps.click ty35486575.bind853.me tz3839388.little574.dog u8vaaaa.ffox.site ua23867164.mother227.cc ua53419659.temple321.bar ub42862687.hunger605.online ub89321051.supper728.gifts uc12244149.earn454.live ud59127852.politician407.cc uh42219679.earn454.live uh79452205.earn454.live ui73435259.nothing536.loan uk92876136.follow707.cloud ul17578149.door111.network ultimate-engine.com um67804342.follow707.cloud un11z.ffox.site uncle282.online unitcapervhost67405.lowhost.ru up47852607.earn454.live update-fonts.com ur41825359.party257.engineer ur4401018.supper728.gifts use635.coffee uw57850127.bind853.me uz41203767.operator595.city v-muse.ru vd49770052.door111.network ve19ve.ffox.site ve89354036.slavery588.biz veldom.tokyo veotracking.com vg2514962.heavy689.immo vh22461617.operator595.city vi-news.net vi77977655.door111.network vilgo.pw viralproof.co vn44479387.party257.engineer vo71326216.salt204.me vo99726097.hand995.camp vw40951692.mn-vps.art vy19972663.earn454.live vy4779320.passenger210.bar vz61763422.permanent875.center w10209.lb.wa-track.com w11004.lb.wa-track.com w11788.wa-track.com w12150.lb.wa-track.com w13025.wa-track.com w1319.wa-track.com w13376.wa-track.com w1353.lb.wa-track.com w2022.lb.wa-track.com w2247.wa-track.com w2561.wa-track.com w2719.lb.wa-track.com w3074.wa-track.com w3177.wa-track.com w3438.lb.wa-track.com w3571.wa-track.com w3762.wa-track.com w4210.lb.wa-track.com w4245.lb.wa-track.com w4626.lb.wa-track.com w5420.lb.wa-track.com w5536.lb.wa-track.com w5767.wa-track.com w5955.wa-track.com w6055.lb.wa-track.com w6153.wa-track.com w6672.lb.wa-track.com w6766.lb.wa-track.com w7060.lb.wa-track.com w8045.lb.wa-track.com w8229.wa-track.com w8489.wa-track.com w8759.wa-track.com w9203.wa-track.com w9535.lb.wa-track.com w9882.wa-track.com w9948.lb.wa-track.com wa17139521.paste518.cyou walltraf.ffox.site walri.xyz wb1454734.listen884.digital wc5654285.always609.me web.heapstatic.com web.vi-news.net webcounter.ro webmail.ws2.g-content.bid webmail.ws3.g-content.bid websitemeter.net websitesvoormobiel.nl webstatics.org webstats.no weekend956.agency werbemanager.net wf81145276.party257.engineer wgoa72821275.herbalsolutionsource.com wh71712897.blind227.boutique wi70718111.follow707.cloud wide227.dog wildmarkullared_se.cdpx-eu.com wiy.ro wmadmin.dev woibs.net worry257.ink wp9127968.flavor540.info wq29973568.block714.mobi ws1.g-content.bid ws2.g-content.bid ws3.g-content.bid ws92479102.blind227.boutique wt79578298.mn-vps.cc wv18752813.bind853.me wv535171.war740.engineer wx22563588.passenger210.bar wz62802319.temple357.careers wz91076974.composition375.digital xc34780244.block714.mobi xc50801004.mnvps.info xh16776341.composition375.digital xh78870068.mnvps.art xj42729993.mnvps.live xl61626185.war740.engineer xn--80aaxadpodfvnz1a1g.xn--p1ai xo16802435.passenger210.bar xo69358393.supper728.gifts xp23013920.frighten164.men xp72043049.slavery588.biz xq78357079.war740.engineer xt51444837.door111.network xu74804709.keep822.cam xv64562297.mn-vps.click xw17366339.temple321.bar yb53618855.circle504.shop yd20410958.flavor540.info yf99616650.fasten466.golf yg39698513.earn454.live yg89130451.literature539.space yh70522246.wide227.dog yj30210045.politician407.cc ym97779850.circle504.shop yn92788541.reduction925.cc yo11301955.hinder799.cyou yo40765422.passenger210.bar youlindo.eu yourdiome.com yp29618907.slavery588.biz yv95715342.blind227.boutique yx66313828.salt204.me zc93201966.bind853.me zg90664169.earn454.live zg90664169.politician407.cc zg90664169.star374.live zi19123501.flavor540.info zi30717909.war740.engineer zk82141747.mnvps.live zm31689573.hole579.info zq51825438.mnvps.live zs81601425.follow707.cloud zt49818598.war740.engineer zv3305370.weekend956.agency zx61673924.arch535.industries # Reference: https://sucuri.net/documentation/CreditCardSkimmingMalwareThreats.pdf /wp-content/plugins/wpputty/wpputty.php /wp-content/plugins/wpzip/wpzip.php /wp-content/plugins/wpyii2/wpyii2.php /wp-content/plugins/uzolyryl/uzolyryl.php /plugins/wpputty/wpputty.php /plugins/wpzip/wpzip.php /plugins/wpyii2/wpyii2.php /plugins/uzolyryl/uzolyryl.php /uzolyryl/uzolyryl.php /wpputty/wpputty.php /wpyii2/wpyii2.php /uzolyryl.php /wpputty.php /wpyii2.php # Reference: https://www.virustotal.com/gui/ip-address/162.255.119.135/relations ccscsnff.shop # Reference: https://www.virustotal.com/gui/ip-address/85.239.41.118/relations ccscsnff.uk # Reference: https://www.virustotal.com/gui/ip-address/45.134.173.161/relations bardowarc.com gtagmanager.net cpanel.gtagmanager.net cpcalendars.gtagmanager.net cpcontacts.gtagmanager.net mail.gtagmanager.net ns1.bardowarc.com ns1.gtagmanager.net ns1.okqtfc1.org ns2.bardowarc.com ns2.gtagmanager.net ns2.okqtfc1.org webdisk.gtagmanager.net webmail.gtagmanager.net # Reference: https://www.virustotal.com/gui/ip-address/185.62.56.234/relations gtagmanager.org # Reference: https://www.virustotal.com/gui/ip-address/94.156.71.191/relations gtagmanager.site # Reference: https://www.virustotal.com/gui/domain/carcoverstore.pics/relations carcoverstore.pics # Reference: https://www.virustotal.com/gui/ip-address/158.247.215.195/relations ajax-assets.com fonts-assets.com # Reference: https://www.virustotal.com/gui/ip-address/188.225.10.105/relations cdn-analytic.net # Reference: https://twitter.com/sdcyberresearch/status/1765006091404869790 # Reference: https://twitter.com/sdcyberresearch/status/1767159363729301667 admission616.clothing clay468.loan control-tools.com dance774.guru fault185.cool fry708.info gettinfo.com greed549.deals hit243.mobi into352.agency pet384.date punctual501.work respect802.gold slip136.fyi static-cdn.info aw91804586.fault185.cool cm2346556.slip136.fyi db30325716.dance774.guru ew84887253.fry708.info fv4038924.into352.agency hw33626285.greed549.deals iw40948723.greed549.deals jp95683586.dance774.guru ld19736836.punctual501.work me50041745.into352.agency np13667114.fry708.info rl70595265.fault185.cool rw58276777.hit243.mobi sg37875211.dance774.guru uo68384370.respect802.gold uz87619761.respect802.gold wr17716066.respect802.gold # Reference: https://twitter.com/sdcyberresearch/status/1760293613928419397 cdn-googletag.online # Reference: https://www.virustotal.com/gui/ip-address/46.17.248.65/relations cdn-googletagmanager.com # Reference: https://twitter.com/sdcyberresearch/status/1759604161220374745 # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.139/relations keytoc.online cdn.keytoc.online # Reference: https://twitter.com/sdcyberresearch/status/1757023351510364666 bgxjymfky29ycde.com ganalyticsmanager.com # Reference: https://twitter.com/sdcyberresearch/status/1756691225762033841 # Reference: https://twitter.com/sdcyberresearch/status/1779861913838494047 # Reference: https://www.virustotal.com/gui/ip-address/5.188.86.197/relations 0level.shop 0prob.lol 0stat.shop 1khan.fun 1run.in.net 1shop.in.net 1sun.buzz 2cdn.shop 2screw.shop 2tags.cfd 2tbs.space 3bee.pw 3brick.space 3monitor.sbs 3ple.shop 4bid.shop 4core.lol 4more.in.net 5info.in.net 5lbs.fun 5life.pw 6dix.shop 6fix.shop 6mix.in.net 7eleven.pw 7free.fun 7lemon.shop 8date.pw 8great.space 8straight.shop 9fine.shop 9line.shop 9shine.in.net agemnt.shop aromagy.shop articall.shop bradleys.fun brewer.in.net brixband.pw cosinus.space crexful.shop croxes.shop decimal.pw dharmas.in.net dragonz.shop effectos.shop elector.shop enhances.digital formed.network freight.in.net fysical.pw gigamarkt.shop greekoil.shop grotesq.shop herbplus.pw herbz.in.net hypermercado.shop intellimart.xyz intergates.shop inthebar.shop jeepwheel.shop jeepwork.in.net jetpacks.shop keepstat.shop kerberos.shop kontrol.shop lazyanalytics.xyz leadery.pw liquidz.in.net managemnt.shop mangoman.shop multishop.guru newengine.space newversion.in.net normly.pw onlystat.shop openbar.shop osmann.shop protected.in.net protectedtag.sbs protocols.pw quadroz.shop quickanalytics.cfd quickstat.shop regain.in.net regain.pw rockstore.buzz statkeepr.shop steelguard.shop superstat.online tagmanager.digital tagmanager.shop tempostore.shop trackers.in.net transtat.pw ultradata.xyz ultralife.fun ultramercado.fun ultrasale.fun ultrashop.fun ultrastat.fun ultrastores.fun unistat.fun unixen.shop vectorz.space vermont.in.net vmanager.space vocamix.cc webstat.shop webstats.shop wokfactory.in.net wonderz.lol xperiment.shop xtrac.fun xtract.pw xtractz.fun yankeez.shop yetready.pics zenger.mom zotas.in.net zummer.pw /cdn/absorberr.com.js /absorberr.com.js # Reference: https://twitter.com/sdcyberresearch/status/1751986738120028234 # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.230/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.247/relations bomtech.site dvtmob.shop fantatic.fun helcalc.space lokopon.online segtec.store cdn.dvtmob.shop # Reference: https://twitter.com/sdcyberresearch/status/1750155707888890089 portec.shop telemob.click uydrdig.quest zauetc.site # Reference: https://twitter.com/sdcyberresearch/status/1749404277913600310 # Reference: https://www.virustotal.com/gui/ip-address/5.252.22.197/relations googurlcdns.com goourlcns.com goourlcss.com securlfondcss.com securlfondocss.com # Reference: https://twitter.com/sdcyberresearch/status/1747263048526758386 # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.226/relations odinmob.shop poyaslim.space rozmzhen.site stenetoc.fun svzntop.online cdn.odinmob.shop /karendidion-loader.js # Reference: https://twitter.com/sdcyberresearch/status/1747262893132001767 xploit.im # Reference: https://twitter.com/sdcyberresearch/status/1745089590631797215 # Reference: https://www.virustotal.com/gui/ip-address/212.118.53.134/relations webagencyanalytics.com static.webagencyanalytics.com # Reference: https://twitter.com/sdcyberresearch/status/1734198037059138018 kajuinc.sbs videelect.icu # Reference: https://twitter.com/sdcyberresearch/status/1731683929566933185 indicalive.com cdn.indicalive.com # Reference: https://twitter.com/sdcyberresearch/status/1729138740969472433 # Reference: https://www.virustotal.com/gui/ip-address/82.180.138.247/relations cacheloading.com cdn.cacheloading.com tracking.services.bz # Reference: https://twitter.com/sdcyberresearch/status/1726582074394747350 webappanalyzer.com # Reference: https://twitter.com/sdcyberresearch/status/1724079447303737458 arctica.shop hxenc.pics ultramart.fun # Reference: https://twitter.com/sdcyberresearch/status/1721537506611527982 gtm-statistic.com gtm-statistlc.com gtm-statistlcs.com gtm-statlstic.com gtm-statlstics.com gtm-statlstlc.com gtmstatlstics.com gtstatistic.com gtstatistic.info idor-marketing.com # Reference: https://www.virustotal.com/gui/ip-address/217.21.77.96/relations # Reference: https://www.virustotal.com/gui/ip-address/217.21.77.96/relations safecontentdelivery.com csp.safecontentdelivery.com # Reference: https://twitter.com/sdcyberresearch/status/1718661840161394951 # Reference: https://www.virustotal.com/gui/ip-address/195.179.237.105/relations tagflows.com tgsms.shop cart.tagflows.com clients.tagflows.com sec.tagflows.com staging.tagflows.com tags.tagflows.com # Reference: https://twitter.com/sdcyberresearch/status/1719367704233005304 # Reference: https://www.virustotal.com/gui/ip-address/195.35.39.47/relations query.searchyourservices.com # Reference: https://twitter.com/sdcyberresearch/status/1719001051322306986 vspact.com cdn.vspact.com # Reference: https://www.virustotal.com/gui/ip-address/104.21.93.124/relations gtm-stats.com # Reference: https://twitter.com/sdcyberresearch/status/1769712742317817963 # Reference: https://www.virustotal.com/gui/ip-address/82.202.160.253/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.161.192/relations allquickcdn.com easyclickinc.com m.easyclickinc.com t.allquickcdn.com # Reference: https://twitter.com/sdcyberresearch/status/1770096876961878253 dfsdjfheuu8.github.io susial.github.io # Reference: https://twitter.com/sdcyberresearch/status/1770445832128459136 # Reference: https://www.virustotal.com/gui/ip-address/45.88.3.145/relations # Reference: https://www.virustotal.com/gui/ip-address/45.88.3.89/relations helpoton.quest looptic.store picktoc.online sandton.shop shtelpenstec.site starlanded.click cdn.helpoton.quest cdn.looptic.store cdn.picktoc.online cdn.sandton.shop cdn.shtelpenstec.site cdn.starlanded.click /fenchelshades-loader.js # Reference: https://twitter.com/sdcyberresearch/status/1773018548350115936 # Reference: https://threatfox.abuse.ch/ioc/1247074/ # Reference: https://threatfox.abuse.ch/ioc/1247075/ # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.209/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.210/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.211/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.212/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.213/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.65/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.89/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.90/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.92/relations bepicetn.online bupunit.store cbynout.online cnejktec.fun cristech.space gemokelt.store gepotich.space getepol.space hempomot.space heubqtec.space hopefor.space jelint.online joykent.online keltsmob.shop komitic.store mikolec.shop nehetech.space olynoo.site pilotech.store rdyttop.fun seletec.fun skeltit.site stelitech.site stuckers.click stuckitech.shop teersinc.shop teolydigi.online tolinfore.shop treimob.cfd tucton.shop veltefre.shop yelubin.cfd yostek.fun cdn.cnejktec.fun cdn.cosmafit.click cdn.hopefor.space cdn.jelint.online cdn.komitic.store cdn.treimob.cfd cdn.tucton.shop # Reference: https://twitter.com/sdcyberresearch/status/1772611379490382249 # Reference: https://www.virustotal.com/gui/ip-address/188.119.113.118/relations statsmetrica.co # Reference: https://blog.sucuri.net/2024/04/magento-shoplift-ecommerce-malware-targets-both-wordpress-magento-cms.html # Reference: https://www.virustotal.com/gui/ip-address/195.93.173.80/relations # Reference: https://www.virustotal.com/gui/ip-address/37.220.31.58/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.100.104/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.100.134/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.17.55/relations 195.93.173.80:8001 38.180.17.55:8001 bulkmailsms.com cloudlayerinsights.com jqueurystatics.com jqueurystatics.xyz jqueurystaticx.com jstags.com sanzsec.net cdn.cloudlayerinsights.com # Reference: https://www.virustotal.com/gui/ip-address/185.159.82.57/relations chlmpstatiic.com jqueryoverlay.com jqueurystaticx.com # Reference: https://www.virustotal.com/gui/ip-address/185.251.90.189/relations fraudlabzpros.com googleinfodata.com jquerystatics.com # Reference: https://www.virustotal.com/gui/ip-address/195.14.123.101/relations jqueurystatic.xyz # Reference: https://www.virustotal.com/gui/ip-address/195.93.173.18/relations # Reference: https://www.virustotal.com/gui/ip-address/5.45.84.11/relations chimpstatiic.com g-staticxs.com gstatics.org sucuriwebtrack.org # Reference: https://www.virustotal.com/gui/ip-address/185.180.221.174/relations cdnjsdelivr.com ww25.cdnjsdelivr.com ww38.cdnjsdelivr.com # Reference: https://www.virustotal.com/gui/ip-address/198.54.117.197/relations gstaticss.com # Reference: https://www.virustotal.com/gui/ip-address/185.109.170.47/relations analitiscs.com githubb.info golanguag.com googlaepis.net gstaticcs.com translategog.com ads.googlaepis.net # Reference: https://www.virustotal.com/gui/ip-address/45.130.146.195/relations jquerystatic.net # Reference: https://twitter.com/sdcyberresearch/status/1775561694850297945 # Reference: https://www.virustotal.com/gui/ip-address/5.230.68.237/relations gtmetrix.app gtadsense.com api.gtmetrix.app # Reference: https://sansec.io/research/magento-xml-backdoor halfpriceboxesusa.com/pub/health_check.php # Reference: https://www.virustotal.com/gui/ip-address/13.38.162.56/relations tagmanager.ml # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.162/relations # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.36/relations blind761.asia convenient830.cool cover351.date fine459.dog lord479.gold old221.asia party257.engineer stair151.clinic # Reference: https://twitter.com/sdcyberresearch/status/1778056754636451903 # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.37/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.38/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.53/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.55/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.56/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.57/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.58/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.59/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.60/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.65/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.66/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.67/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.68/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.70/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.75/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.76/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.77/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.79/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.80/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.81/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.82/relations aimoob.online bempiroom.store bitudata.site cdttech.site cemoping.site chenklemob.shop curvdam.store cyetec.click depoment.site desjardins-auth.one eitich.shop eiton.click eternlis.site etransfer.one ewopit.online furelet.store geligen.quest gemitil.click gentics.site getintoch.info gsimob.site hapist.click hasobob.online helebanet.online heleton.store helmidigi.quest helurin.shop hemopet.quest hemytemd.fun hepites.store interqca.site interrqc.site intrev.online jepenet.space jerelink.shop jeynoon.online jojkatic.shop jopstet.shop julifmob.click kehepics.site keldmob.site keletenc.site keliden.shop kelimont.click kelkmet.shop kelysink.store kempetic.space kenotic.site kentics.store kentol.space ketipool.click kinteko.online konpop.store lemiguid.online leniton.online lenupop.click lepetewol.quest liantis-key.com liantis-sleutel.com liantis.store lompotic.shop lootbop.shop ltcento.space meltetok.online mijn-liantis.com militool.click miusets.works neretec.store neyfliixx.com outstak.online panotek.site pertec.store prihomob.sbs ribudec.click sefroyek.link sempytol.site sfantech.space shentech.shop sqedigit.quest stikitec.site stinesimp.email stojitoc.online tegmob.quest tempecan.fun teseloc.quest tikfonk.network tojasm.store ubnanet.online uelenck.site uelkaf.fun visken.shop woohtik.click xentouch.store zapteches.shop zytrhent.quest cdn.aifanul.yachts cdn.cemoping.site cdn.curvdam.store cdn.deletouch.shop cdn.depeyo.online cdn.deshvoc.store cdn.digitstel.site cdn.eiton.click cdn.eternlis.site cdn.funkomob.sbs cdn.furelet.store cdn.gafevomp.shop cdn.gemitil.click cdn.gemofab.store cdn.genimmob.online cdn.gentics.site cdn.hasobob.online cdn.helebanet.online cdn.henove.store cdn.hovarelec.shop cdn.intescon.store cdn.jojkatic.shop cdn.kehepics.site cdn.keldmob.site cdn.kelimont.click cdn.kentics.store cdn.kiligob.site cdn.konpop.store cdn.kritec.pics cdn.kruktech.shop cdn.ledeehub.shop cdn.lemiguid.online cdn.leniton.online cdn.lepetewol.quest cdn.lompotic.shop cdn.lootbop.shop cdn.ltcento.space cdn.metsimob.yachts cdn.musatech.quest cdn.psyhomob.sbs cdn.sempytol.site cdn.sfantech.space cdn.shokomob.sbs cdn.shumtech.shop cdn.soplelec.pics cdn.timetok.online cdn.uelkaf.fun cdn.votedigit.shop cdn.wudutec.shop cdn.xentouch.store cdn.zapteches.shop # Reference: https://twitter.com/sdcyberresearch/status/1778056754636451903 aluyeq.click apissp.cc asiment.shop beedigit.site cesolot.shop cikatic.online comtep.store crptohub.shop d1g1tall.cc dalwent.quest dewilv.quest dotinbel.online ehatec.quest ejidigit.click ekodigit.quest empitok.online enarmob.shop enarmob.shop erotest.online ettransfer.live fesget.store fetneicks.quest fidelec.click gafevomp.shop ganbuz.online gembetec.store gemmob.online genitek.quest genptec.click gimnitec.click gjronline.click gootelec.online helipen.click hemtoc.online heqipop.space hevipent.site hicomben.click hobidoch.store holkmob.store hvelmvec.shop isajlootic.online jelkintec.site jiilymob.quest jojlet.shop josetech.click kecitic.site kedomep.store kelotemp.fun kemopich.online kiujiru.site leboponks.online letckoon.shop leventinch.store linkteches.online lotsent.site mestec.store mongonline.shop mooneclipse.cc naptechnic.site neriyool.store norlimp.store noutec.shop oftike.store ojzrodig.shop osnodet.quest peltock.shop peqiliq.online petetech.shop pilintik.quest pipnati.fun pishoge.store poconcomp.online pracutech.store qbrefgntdxza.info raotic.online regvit.site rehonin.site riztritv.online seledigit.store shontemp.store skiltech.space spintec.site spusonline.site startech.quest stavmob.click stripe-data.com sweendigit.online td-client.online tohotic.quest tohotic.quest tucmob.pics tuitoc.site uhskleie.online vtumob.store welfent.online weltic.quest wenscomp.click xbits.site xnopatel.site yalodem.space ztimuponk.quest cdn.asiment.shop cdn.aurelec.shop cdn.bespitech.sbs cdn.cikatic.online cdn.crptohub.shop cdn.depoment.site cdn.ecosustain.digital cdn.ehatec.quest cdn.ejidigit.click cdn.ekodigit.quest cdn.empitok.online cdn.enarmob.shop cdn.fesget.store cdn.fetneicks.quest cdn.gembetec.store cdn.gemmob.online cdn.genitek.quest cdn.gimnitec.click cdn.gootelec.online cdn.hemtoc.online cdn.heqipop.space cdn.hobidoch.store cdn.holkmob.store cdn.isajlootic.online cdn.jelkintec.site cdn.jiilymob.quest cdn.jojlet.shop cdn.josetech.click cdn.kelkmet.shop cdn.kelotemp.fun cdn.kemopich.online cdn.kinteko.online cdn.leboponks.online cdn.lenupop.click cdn.letckoon.shop cdn.leventinch.store cdn.linkteches.online cdn.lotsent.site cdn.mestec.store cdn.mongonline.shop cdn.naptechnic.site cdn.neriyool.store cdn.norlimp.store cdn.noutec.shop cdn.oftike.store cdn.osnodet.quest cdn.otpusmob.shop cdn.peqiliq.online cdn.petetech.shop cdn.pilintik.quest cdn.pipnati.fun cdn.poconcomp.online cdn.pracutech.store cdn.raotic.online cdn.regvit.site cdn.riztritv.online cdn.seledigit.store cdn.skiltech.space cdn.spintec.site cdn.sqedigit.quest cdn.startech.quest cdn.stavmob.click cdn.stramdigital.yachts cdn.stripe-data.com cdn.sweendigit.online cdn.tohotic.quest cdn.tucmob.pics cdn.tuitoc.site cdn.uhskleie.online cdn.vtumob.store cdn.wenscomp.click cdn.woohtik.click cdn.xbits.site cdn.yalomob.pics # Reference: https://twitter.com/sdcyberresearch/status/1778056754636451903 alifiroozi.shop alp.vpmom.online asarec.shop asiudop.site baktac.online blenatich.quest bolmob.click bumtec.space bvemob.cyou cbytoch.fun cfarmob.cfd cheremob.click cripotec.site decadig.online dofmob.online dojtech.shop dorectop.shop efbtadigit.store erhedig.shop femnadit.store foanalytic.site gelotech.store gemynot.site gigamob.quest gjobtoc.shop gulitem.click hekgtop.fun heltonsd.fun hempentor.fun hemptic.site hentolep.store heonotemp.fun hepeton.cfd herostech.cfd hitdigit.quest hruspot.site htonlemb.store infovp.org ing-de.shop ivamtoc.store jeytop.online jlbytec.cyou kalapton.store keicop.click keltoc.site ketotops.online kjtoc.store klactec.shop koltech.yachts kolunelom.fun lauth.xyz ledmob.fun likmob.quest locoteg.space lubnet.quest luchitip.site memdig.site monetdigit.pics monetech.yachts montadigital.pics nachest.cfd nestic.shop nogonline.quest orerant.online ostanitec.pics otokrin.shop pakaytoc.store pfedegen.space picatelec.yachts sahiditoc.click saldigit.online shalomatec.site stemntic.store stiydigit.sbs stoilinc.xyz stomint.space tapetok.store tebtele.online tipov.cyou tokotech.quest umitec.online undedigit.shop utynup.cyou velusec.shop videlomot.xyz vigotec.fun vokatec.shop vpmom.online vsltytok.xyz wedetech.site wooloop.store wootok.fun xentotec.shop xepoton.shop xtvijion.site yelepot.site zrubvtoc.space cdn.arastek.online cdn.asarec.shop cdn.asiudop.site cdn.babtek.click cdn.baktac.online cdn.becasotec.site cdn.bepicetn.online cdn.bibstele.online cdn.blenatich.quest cdn.bolmob.click cdn.bolotoc.store cdn.boroshtic.click cdn.bumtec.space cdn.bvemob.cyou cdn.calcdigit.pics cdn.cbynout.online cdn.cbytoch.fun cdn.cegteh.store cdn.cfarmob.cfd cdn.cheremob.click cdn.cripotec.site cdn.cuvanil.quest cdn.decadig.online cdn.denetok.site cdn.divimob.space cdn.djutech.online cdn.dofmob.online cdn.dojtech.shop cdn.domog.shop cdn.dorectop.shop cdn.druzit.quest cdn.dvanatech.yachts cdn.effecttec.shop cdn.eitich.shop cdn.erhedig.shop cdn.femnadit.store cdn.foanalytic.site cdn.frodetraho.click cdn.galeglob.quest cdn.gambon.shop cdn.gastdigit.quest cdn.gelotech.store cdn.gemokelt.store cdn.gemynot.site cdn.genodigit.store cdn.gentop.online cdn.gjobtoc.shop cdn.golyadik.site cdn.goponl.online cdn.gulitem.click cdn.hapermob.shop cdn.hekgtop.fun cdn.heltonsd.fun cdn.hempentor.fun cdn.hempomot.space cdn.hemptic.site cdn.hentolep.store cdn.heonotemp.fun cdn.hepeton.cfd cdn.herostech.cfd cdn.heubqtec.space cdn.hitdigit.quest cdn.hoohotic.click cdn.hruspot.site cdn.htonlemb.store cdn.ifilone.site cdn.igusfil.shop cdn.irlatok.shop cdn.ivamtoc.store cdn.jeytop.online cdn.jezesec.quest cdn.jlbytec.cyou cdn.jondong.online cdn.kafaben.site cdn.kajetic.fun cdn.kalapton.store cdn.kalomob.store cdn.keicop.click cdn.keltoc.site cdn.keltsmob.shop cdn.ketotops.online cdn.kjtoc.store cdn.klactec.shop cdn.kolrmob.space cdn.koltech.yachts cdn.lauth.xyz cdn.ledmob.fun cdn.lenton.store cdn.locoteg.space cdn.lubnet.quest cdn.luktoc.online cdn.mikolec.shop cdn.monetdigit.pics cdn.monetech.yachts cdn.montadigital.pics cdn.nachest.cfd cdn.nechuvelec.click cdn.nehetech.space cdn.nepochtec.shop cdn.nestic.shop cdn.nogonline.quest cdn.oifilon.site cdn.oklasdon.online cdn.olynoo.site cdn.optemhop.shop cdn.ostanitec.pics cdn.otokrin.shop cdn.pfedegen.space cdn.picatelec.yachts cdn.pilotech.store cdn.pitamec.shop cdn.portec.shop cdn.poyaslim.space cdn.pricetool.store cdn.prihot.fun cdn.prodovjtec.shop cdn.pubupu.quest cdn.rdyttop.fun cdn.rebomob.quest cdn.resuelec.yachts cdn.rozmzhen.site cdn.sahiditoc.click cdn.saldigit.online cdn.samknut.click cdn.seletec.fun cdn.sgolen.store cdn.shalomatec.site cdn.skeltit.site cdn.smestech.shop cdn.sourite.online cdn.spilotich.online cdn.stelitech.site cdn.stelor.shop cdn.stemntic.store cdn.stenetoc.fun cdn.stiydigit.sbs cdn.stoilinc.xyz cdn.stomint.space cdn.strajit.yachts cdn.stuckers.click cdn.stuckitech.shop cdn.svzntop.online cdn.tanuatech.quest cdn.tapetok.store cdn.tebtele.online cdn.teersinc.shop cdn.telemob.click cdn.teolydigi.online cdn.tipov.cyou cdn.tokotech.quest cdn.tolinfore.shop cdn.trevago.site cdn.tromtustec.quest cdn.undedigit.shop cdn.utynup.cyou cdn.uydrdig.quest cdn.veltefre.shop cdn.velusec.shop cdn.videlomot.xyz cdn.vigotec.fun cdn.vjevec.quest cdn.vkiten.click cdn.vokatec.shop cdn.volosmob.sbs cdn.voouvdigit.site cdn.vozvrec.store cdn.vsltytok.xyz cdn.wedetech.site cdn.wooloop.store cdn.wootok.fun cdn.xentech.shop cdn.xepoton.shop cdn.xorotelec.quest cdn.xtvijion.site cdn.yelepot.site cdn.yelubin.cfd cdn.yostek.fun cdn.yukmob.store cdn.zauetc.site cdn.zizitok.shop cdn.zrubvtoc.space web.alifiroozi.shop web2.alifiroozi.shop # Reference: https://twitter.com/sdcyberresearch/status/1778050135819157859 # Reference: https://www.virustotal.com/gui/ip-address/217.117.29.120/relations 9zj.co # Reference: https://www.virustotal.com/gui/ip-address/8.209.77.40/relations jquerybox.com jquerypack.com jscripty.com linktrackr.info loggly.info pixtracker.info thetrackr.info vc.jquerybox.com # Reference: https://twitter.com/sdcyberresearch/status/1780590513852194869 nightvision.co.nz/wp-content/plugins/js/jquery-1.11.0.js # Reference: https://www.virustotal.com/gui/ip-address/185.130.45.208/relations cdnbootstrap.xyz # Generic /assets/lfg.js /cdn/ga.php?analytic= /js/ga.php?analytic= /p/ga.php?analytic= /ga.php?analytic= /5d1cbc8c073d4.js /5d4cdc4cdf344.js /5e7fa6489b31a.js /dsc-statistic.js /subscriptioninsider.com.js /adsbygoogle/ /adsbygoogle/ads.js /baypressservices/ /baypressservices/baypr.js /check_cvv2_number_script.js /code/zipboss.dev.js /gate/jquery-static.js /gtm-connect/wp-share.min.js /images/js/googleapi.js /javascript/checkcheckout.js /js/a1def6c62256906029767cb784323ab3.js /js/afterpay/checkout/idev_onestep.js /js/check_analystic.js /js/customize-gtag.min.js /js/extjs/fix-defer-after.js /js/footer-link.js /js/mage/cookies.js /js/mage/google.js /js/scriptaculous/print.js /js/dsc-statistic.js /js/varien/js.js.pagespeed.jm.aFn_GvyNS2.js /mainer/myscr109881.js /my/vmart.js /103754_tag.js /a1def6c62256906029767cb784323ab3.js /ac-analytics.js /authorze.js /markberg.dk.js /qcore.js /plugins/republicadealberdi.js /republicadealberdi.js /rimzoneonline/code.js /silver/acor.js /static/gstatic-hander.js /googletag-manager?connect= /gstatic-hander.js /zipboss.dev.js /sello-ecommerce.js /d3d3LmZjaW5nb2xzdGFkdC1zaG9wLmRl.js