# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: magecart # Reference: https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/ magentocore.net # Reference: https://www.riskiq.com/blog/labs/magecart-keylogger-injection/ abuse-js.link angular.club cdn-js.link docstart.su govfree.pw jquery-cdn.top js-abuse.link js-abuse.su js-cdn.link js-link.su js-magic.link js-mod.su js-save.link js-save.su js-start.su js-stat.su js-sucuri.link js-syst.su js-top.link js-top.su jscript-cdn.com lolfree.pw mage-cdn.link mage-js.link mage-js.su magento-cdn.top mageonline.net mipss.su mod-js.su mod-sj.link sj-mod.link sj-syst.link stat-sj.link statdd.su statsdot.eu stecker.su stek-js.link syst-sj.link top-sj.link truefree.pw # Reference: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ http://89.47.162.248 # Reference: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/ http://85.93.5.188 http://94.156.133.211 webfotce.me # Reference: https://twitter.com/bad_packets/status/1043809501516726272 gamacdn.com # Reference: https://twitter.com/hashtag/magecart?src=hash # Reference: https://twitter.com/AmiV2/status/1042988934576271360 neweggstats.com # Reference: https://otx.alienvault.com/pulse/5c9287b3b67a75234fc56b6b cdnassels.com cdnmage.com cmytuok.top configsysrc.info js-cloud.com magejavascripts.com magesecuritys.com magescripts.pw mcloudjs.com mypiltow.com secure.livechatinc.org # Reference: https://twitter.com/jeromesegura/status/1121134552158621696 # Reference: https://twitter.com/bad_packets/status/1121147936203624448 # Reference: https://otx.alienvault.com/pulse/5cd3ef4f22e204745f6672c3 magento-analytics.com # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada/ cloudmetric-analytics.com g-analytics.com ebitbr.com # Reference: https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/ googletagmanager.eu # Reference: https://twitter.com/jeromesegura/status/1128387989111853056 jqueryextd.at # Reference: https://twitter.com/bad_packets/status/1128517905765683201 fontsawesome.gq # Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/ # Reference: https://otx.alienvault.com/pulse/5ce56f2bc5bbee0a58f7073c thatispersonal.com top5value.com voodoo4tactical.com # Reference: https://twitter.com/jeromesegura/status/1133160126561394688 # Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/ modest4ever.com # Reference: https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html # Reference: https://www.virustotal.com/gui/ip-address/178.33.231.184/relations http://178.33.231.184 adorebeauty.org all-about-sneakers.org battery-force.org blackriverimaging.org braincdn.org childsplayclothing.org citywlnery.org closetlondon.org dahlie.org davidsfootwear.org dobell.su elpalaciodehierro.org etradesupply.org exrpesso.org foodandcot.com freshdepor.com greatfurnituretradingco.org hqassets.com jewsondirect.com kik-vape.org labbe.biz lamoodbighats.net mage-checkout.org misshaus.org nililotan.org oakandfort.org ottocap.org pmtonline.su replacemyremote.org safeprocessor.com sagecdn.org scriptdesire.com security-payment.su shop-rnib.org slickjs.org swappastore.com verywellfitnesse.com walletgear.org # Reference: https://blog.malwarebytes.com/threat-analysis/2019/06/magecart-skimmers-found-on-amazon-cloudfront-cdn/ cdn-imgcloud.com font-assets.com js-cloudhost.com wix-cloud.com ww1-filecloud.com # Reference: https://twitter.com/rommeljoven17/status/1144786273741107200 # Reference: https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html # Reference: https://otx.alienvault.com/pulse/5d1a08ac3f9760423c70c999 tracker-visitors.com jquery-web.com jquery-stats.com jsreload.pw routingzen.com # Reference: https://twitter.com/eComscan/status/1147077036692922368 http://89.32.251.136 # Reference: https://www.zscaler.com/blogs/research/magecart-activity-and-campaign-enhancements # Reference: https://www.virustotal.com/gui/ip-address/62.233.50.75/relations # Reference: https://www.virustotal.com/gui/domain/dnsden.biz/relations # Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/ http://93.187.129.249/gate.php developer-js.info dnsden.biz jquery-bin.com jquery-bins.com jsreload.pw jqueryextd.at routingzen.com saterday-race.com scriptvault.org /errors/default/gate.php # Reference: https://twitter.com/killamjr/status/1151142181643702277 ccprocess.review # Reference: https://twitter.com/eComscan/status/1152153363892637696 magesource.su # Reference: https://twitter.com/AffableKraut/status/1154641710653300737 googlepíng.com xn--googlepng-m5a.com # Reference: https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html # Reference: https://twitter.com/daphiel/status/1156314169492279299 invoiceservice.info lnfo.cc google-analytîcs.com xn--google-analytcs-xpb.com google.ssl.lnfo.cc # Reference: https://twitter.com/killamjr/status/1154393722777460737 googlc-analytics.cm # Reference: https://twitter.com/jeromesegura/status/1158473869029601280 mageento.com onlineclouds.cloud # Reference: https://twitter.com/rommeljoven17/status/1158657062403883008 api-googles.com facebookfollow.com gstatlcs.com qpstasis.com # Reference: https://twitter.com/rommeljoven17/status/1169124706567544832 jquerycodemagento.com # Reference: https://twitter.com/killamjr/status/1171399767240273920 trafficanalyzer.biz # Reference: https://twitter.com/MBThreatIntel/status/1171817639728934912 magentoconnectors.com # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/ # Reference: https://otx.alienvault.com/pulse/5d821c4c16cca4b63f931226 googletrackmanager.com # Reference: https://twitter.com/shotgunner101/status/1174759248703741952 bluemarineholding.com/wp-includes/locales.php # Reference: https://www.riskiq.com/blog/labs/magecart-reused-domains/ # Reference: https://otx.alienvault.com/pulse/5d836d20a4a3d90861e796e2 cdnanalytics.net cdnapis.com contextjs.info magelib.com magento-order.com nexcesscdh.net ossmaxcdn.com # Reference: https://twitter.com/shotgunner101/status/1175181663464230913 google-analyitics.org # Reference: https://www.ibm.com/downloads/cas/O3W1LZAZ cnzz.space cnzz.work jsboxcontents.com ms-akadns.com sdsyxwx.com survey-microsoft.net /runforestrun?sid=botnet # Reference: https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/ # Reference: https://otx.alienvault.com/pulse/5d9cf3671d2973bf30d2753f cdn-volusion.com volusion-cdn.com # Reference: https://twitter.com/killamjr/status/1182045635593289728 clouding.live piratefashions.com # Reference: https://twitter.com/killamjr/status/1182050912224849920 jsblom.com # Reference: https://twitter.com/xiatianguo/status/1183405035192872961 # Reference: https://twitter.com/FullM3talPacket/status/1182404667755520000 # Reference: https://pastebin.com/kqMV9vCX bks0.com cssjs.co jscss.co jspri.co pen4.co j2.is # Reference: https://twitter.com/MBThreatIntel/status/1184531791102857216 assetstorage.net fileskeeper.org # Reference: https://twitter.com/killamjr/status/1185376383180136448 mgstrs.com # Reference: https://www.group-ib.com/blog/coffemokko 3lift.org abtasty.net adaptivecss.org adorebeauty.org all-about-sneakers.org ar500arnor.com authorizecdn.com bannerbuzz.info battery-force.org batterynart.com blackriverimaging.org braincdn.org btosports.net chicksaddlery.net childsplayclothing.org christohperward.org citywlnery.org closetlondon.org coffemokko.com coffetea.org dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org energytea.org etradesupply.org exrpesso.org foodandcot.com freshchat.info freshdepor.com greatfurnituretradingco.org info-js.link jewsondirect.com kandypens.net kik-vape.org labbe.biz lamoodbighats.net link-js.link londontea.net mage-checkout.org majsurplus.com map-js.link mechat.info misshaus.org mylrendyphone.com nililotan.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su replacemyremote.org sagecdn.org security-payment.su shop-rnib.org slickjs.org slickmin.com smart-js.link swappastore.com teacoffe.net top5value.com track-js.link ukcoffe.com verywellfitnesse.com walletgear.org zapaljs.com zoplm.com # Reference: https://www.group-ib.com/blog/illum illum.pw nstatistics.com payment-line.tk paymentpal.cf payrightnow.cf requestnet.tk cdn.illum.pw sr.illum.pw records.nstatistics.com request.payrightnow.cf request.requestnet.tk # Reference: https://www.group-ib.com/blog/g-analytics # Reference: https://threatpost.com/card-skimming-google-analytics-angular/142264/ analytic.is analytic.to dittm.org g-analytics.com googlc-analytics.cm google-analytics.cm google-analytics.is google-analytics.to gooqletagmanager.com iozoz.com jquery-js.com # Reference: https://www.group-ib.com/blog/reactget adsapigate.com adsgetapi.com ajaxstatic.com aldenmlilhouse.com apitstatus.com asianfoodgracer.com balletbeautlful.com bargalnjunkie.com billgetstatus.com cloudodesc.com fbstatspartner.com geisseie.com gtmproc.com hs-payments.com livecheckpay.com livegetpay.com mageanalytics.com maxstatics.com mediapack.info mxcounter.com newrelicnet.com nr-public.com ordercheckpays.com orderracker.com payselector.com reactjsapi.com simcounter.com sydneysalonsupplies.com tagsmediaget.com tagstracking.com trust-tracker.com # Reference: https://twitter.com/AffableKraut/status/1185070871691616256 fb-seo.net # Reference: https://twitter.com/unmaskparasites/status/1185171035693441024 magento-community.org # Reference: https://twitter.com/unmaskparasites/status/1185172904276836352 fb-content.dev # Reference: https://twitter.com/unmaskparasites/status/1185256035633811463 magento-security.dev # Reference: https://twitter.com/eComscan/status/1185170381331714048 fb-pixel.com magento-protection.com # Reference: https://twitter.com/killamjr/status/1182335468425416705 # Reference: https://twitter.com/xuy1202/status/1192005820491239424 xciy.net /content/Compare/website.js # Reference: https://twitter.com/killamjr/status/1182095269418024960 google-taq.com # Reference: https://twitter.com/AffableKraut/status/1172052860378521600 magicsaphe.com questappo.com rqstpp.com yongffice.com # Reference: https://twitter.com/Totocellux/status/1165223332633022468 # Reference: https://blog.malwarebytes.com/threat-analysis/2019/08/magecart-criminals-caught-stealing-poker-face/ ajaxclick.com www-trust.com # Reference: https://twitter.com/AffableKraut/status/1159677725994622976 mage.biz.ua # Reference: https://twitter.com/AdAstra247/status/1159111119488860160 scripts-analytics.com # Reference: https://twitter.com/zombisoft/status/1152333754670755841 installw.com # Reference: https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/ cdn-c.com # Reference: https://twitter.com/unmaskparasites/status/1184571273583706112 cdn-clouds.com # Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ (# Magecart Group 5 domains) informaer.biz informaer.cc informaer.com informaer.net informaer.org informaer.pw informaer.ws informaer.xyz informaer.info # Reference: https://twitter.com/gwillem/status/1187667658642206720 hsadspixel.com # Reference: https://twitter.com/RapidSpike/status/1189882327557648386 /js/mage/adminhtml/product/composite/validate.php # Reference: https://twitter.com/xuy1202/status/1192006102969282560 jquerycdnlib.at # Reference: https://www.perimeterx.com/blog/multiple-magecart-groups-attacking-simultaneously/ mogento.info /src/upscalestripper.js /src/galeriedebeaute.js /src/deliveryathome.js # Reference: https://www.group-ib.com/blog/fakesecurity alloaypparel.com firstofbanks.com fiswedbesign.com mage-security.org magento-security.org # Reference: https://twitter.com/jknsCo/status/1192806947118092289 cdn-shopify.com # Reference: https://blog.sucuri.net/2019/11/skimmers-for-both-magento-and-wordpress.html gooqleadvstat.com gooqlemgrteg.com jquerystatic.com zendesk-chart.com # Reference: https://twitter.com/xuy1202/status/1195361991805681664 cxizi.net getprices.online gooogle-js.com installerr.site js-mini.com myexclusivediamond.com # Reference: https://twitter.com/xuy1202/status/1195290863875706881 # Reference: https://twitter.com/kyleehmke/status/1179727877488730113 cdn-zendesk.com zendesk-cdn.com # Reference: https://twitter.com/xuy1202/status/1194897841694507009 recheckcard.info # Reference: https://twitter.com/xuy1202/status/1194896618245382145 routingzen.com # Reference: https://twitter.com/xuy1202/status/1194895878181421061 script-analytics.com /js/mage/google.js # Reference: https://twitter.com/xuy1202/status/1194894864699121664 woldorf.com # Reference: https://twitter.com/xuy1202/status/1194893048817143808 statcounter.one # Reference: https://twitter.com/xuy1202/status/1194593451947356160 yxxi.net /ipost-con.4.php # Reference: https://twitter.com/xuy1202/status/1194508362903277568 jquery-script.icu # Reference: https://blog.netlab.360.com/ongoing-credit-card-data-leak-continues/ adwordstraffic.link /onestepcheckoutauthorizenet.js /onestepcheckoutccpayment.js # Reference: https://twitter.com/xuy1202/status/1196058702391861249 hilosennogada.com # Reference: https://twitter.com/xuy1202/status/1196404569137242112 securecdn.eu # Reference: https://twitter.com/unmaskparasites/status/1196934377063800832 # Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/ http://103.139.113.34 /osr-3.0.php # Reference: https://www.helpnetsecurity.com/2019/11/19/macys-online-store-compromised/ # Reference: https://otx.alienvault.com/pulse/5dd513439df4d4400824b738 barn-x.com # Reference: https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/ # Reference: https://twitter.com/jeromesegura/status/1197611010992918529 # Reference: https://otx.alienvault.com/pulse/5ddd99064d1dd4420367304b (# Fullz House) account-restrictions.com ajaxstatic.com americanexpress-secure.com appleld-verification.com authorizeplus.com checkout-sagepay.com com-protect.com deliveroosurvey.com google-analytics.top google-query.com google-smart.com googletagmanaqer.com halifax-verification.com halifaxverification.com java-query.info jquery-assets.com lightgetjs.com limited-account-panel.com limited-restriction.com limited-restrictions-paypai.com limited-restrictions.com limited-user-restrictions.com limited-user-uk.com limited-users-login.com limited-users-restrictions.com live-sagepay.com login-limited-user.com login-user-limited.com login-user-restricted.com login-users-limited.com mastercard-migs.com mediapack.info migs-mastercard.com mythreelogin.com networkreset.net online-secure-account.com onlineaccountverificationwellssfargo.com pay-u-biz.com payment-mastercard.com payment-sagepay.com payment-worldpay.com paymentfailurespotifiyj.top paypai-account-limited.com paypai-limited-user.com paypai-limited-users.com paypai-user-limited.com paypai-user-restricted.com paypal-secured.com paypl-limited-users.com paypl-users-limited.com payu-biz.com perfectmeme.info perfectmeme.us ppl-secure-uk.com ppl-user-limitation.com priceapigate.com query-manager.info rackapijs.com ref017.com ref3939-paypai.com restricted-user-panel.com roorewards.co.uk sagepay-live.com section.ws secure-alerts-halifax.com secure-users-paypai.com security-check-paypai.com securityaccountupdatewellsfargoo.info securityadvance.co securityupdateewellsfargoo.info topapigate.com uk-limited-user.com uk-restricted-user.com uk-user-limited.com uk-user-restricted.com uk-users-limitations.com updatesecuritywelllsfargo.info user-limited-login.com user-limited-restrictions.com user-login-limited.com user-restricted-uk.com user-restriction.com user-restrictions-paypai.com user-uk-restricted.com users-limited-paypai.net users-limited-uk.com users-restricted.com users-restriction.com # Reference: https://twitter.com/xuy1202/status/1197848155204640768 w00commerce.com # Reference: https://twitter.com/MBThreatIntel/status/1199010885525626890 # Reference: https://otx.alienvault.com/pulse/5ddc0e4cf94bd70658582ed8 magento-data.com mage-js.com # Reference: https://twitter.com/JCyberSec_/status/1199726915856158720 marketplace-magento.com # Reference: https://twitter.com/JCyberSec_/status/1199701208530739200 g-statistic.com # Reference: https://twitter.com/JCyberSec_/status/1197470727462641664 web-stats.net # Reference: https://twitter.com/CTI_Marc/status/1196344211890683904 magestore.online # Reference: https://twitter.com/AffableKraut/status/1196299424697331713 google-anaiytlcs.com # Reference: https://twitter.com/AffableKraut/status/1157164442829746176 googletagmanger.com # Reference: https://twitter.com/jeromesegura/status/1148358099712897024 nogaron.com write-cdn.com # Reference: https://twitter.com/rommeljoven17/status/1136555260477001728 anduansury.com frocklay.com sainester.com theresevit.com # Reference: https://twitter.com/jknsCo/status/1200061735278911488 googlemgrteg.com # Reference: https://twitter.com/eComscan/status/1200749626988662784 sanguinelab.net sansec.us # Reference: https://twitter.com/eComscan/status/1197894033772875776 iubendas.com # Reference: https://twitter.com/eComscan/status/1197097324264202240 magentohub.de # Reference: https://twitter.com/GroupIB_GIB/status/1201520226791305216 # Reference: https://www.virustotal.com/gui/domain/phplib.net/relations phplib.net # Reference: https://twitter.com/MBThreatIntel/status/1201572698545102856 googlctagmanager.com # Reference: https://twitter.com/MBThreatIntel/status/1201552839182438406 ancient-savannah-86049.herokuapp.com # Reference: https://twitter.com/MBThreatIntel/status/1189217083688738816 sharp-planet.eu # Reference: https://twitter.com/unmaskparasites/status/1201625226704015367 stark-gorge-44782.herokuapp.com # Reference: https://twitter.com/JCyberSec_/status/1201850052723052549 # Reference: https://twitter.com/JCyberSec_/status/1201850090153005056 gnogle.ru jquerycdnlib.at # Reference: https://twitter.com/jeromesegura/status/1202275080526422016 pure-peak-91770.herokuapp.com # Reference: https://twitter.com/gwillem/status/1202322985065091072 cdcc02.com # Reference: https://twitter.com/gwillem/status/1202330272164990977 magento-track.com # Reference: https://blog.malwarebytes.com/web-threats/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku/ # Reference: https://otx.alienvault.com/pulse/5de90822773402f817d5c9ab aqueous-scrubland-51318.herokuapp.com # Reference: https://twitter.com/jknsCo/status/1203453915930472448 googletage.com # Reference: https://twitter.com/unmaskparasites/status/1204080970191777795 localserver.host /app/code/core/Mage/Checkout/controllers/OnepageController.php # Reference: https://twitter.com/MBThreatIntel/status/1204093071954046976 webassetsshop.com # Reference: https://twitter.com/felixaime/status/1203959327612116995 magento-statistics.com # Reference: https://twitter.com/xuy1202/status/1204778227517935616 jguerycdn.network # Reference: https://twitter.com/killamjr/status/1204878142248235008 jquerycodemagento.com # Reference: https://twitter.com/AffableKraut/status/1204997344581881856 magecart.net # Reference: https://twitter.com/JCyberSec_/status/1206558829456048128 /payment/mage_secure/payment.js /payment/mage_secure/post.php # Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations google-payment.com # Reference: https://twitter.com/jeromesegura/status/1206713600288555010 cdnbigcommerce.com google-analycs.com # Reference: https://twitter.com/unmaskparasites/status/1206699288723697671 cdncontentserver.com impress-slides.com # Reference: https://twitter.com/killamjr/status/1207150660782657536 googlead.tech # Reference: https://twitter.com/xuy1202/status/1207164640431505408 slade-sell-shop.com # Reference: https://twitter.com/killamjr/status/1209165822939279365 opencartmodules.biz # Reference: https://twitter.com/AffableKraut/status/1210298773248696320 # Reference: https://www.virustotal.com/gui/ip-address/124.156.35.204/relations http://124.156.35.204 googieapls.com google-catalog.com googletag-manager.com gstatlcs.com jquery-js.link xn--gstatc-7va.com # Reference: https://twitter.com/killamjr/status/1212058181725114369 blockandcmqany.com chatshop.online chatstat.online clientsupport.space farmaforma.info g-statistic.com googleadservicesonline.com googleservices.online janmarlni.com jqueryservice.info mageento.com magento-check.info magestore.online megaliveonline.com onlineclick.xyz onlineclouds.cloud onlineclouds.info onlineshoptracker.info pythonservice.info shoplogs.site shopvalid.info statisticpay.info webstatvisit.com webstatvisits.com zoopim.online # Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ tawktalk.com # Reference: https://twitter.com/MBThreatIntel/status/1212889315572760577 # Reference: https://www.virustotal.com/gui/ip-address/5.188.9.61/relations googlc-analytics.net googlo-analytics.com # Reference: https://twitter.com/AffableKraut/status/1212927165454520321 googlc-analytics.com googlctagmanager.cm # Reference: https://twitter.com/xuy1202/status/1214051382178660352 newmagento.com # Reference: https://www.bleepingcomputer.com/news/security/magecart-attackers-steal-card-info-from-focus-camera-shoppers/ # Reference: https://www.virustotal.com/gui/domain/zdsassets.com/details zdsassets.com # Reference: https://twitter.com/MBThreatIntel/status/1215693928764063744 vamberlo.com # Reference: https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/ # Reference: https://twitter.com/BreachMessenger/status/1057394505266151425 # Reference: https://www.virustotal.com/gui/ip-address/124.156.210.169/relations a4c.cloud ajaxstatic.com apipack.host authorizeplus.com autojspack.com cdndeskpro.com cdnpack.net cdnpack.site dusk.net.in faceapiget.com fbpixelget.com gstaticapi.com jspack.pro kegland.top lightgetjs.com listrakjs.com olarkcdn.com perriconemd.me.uk priceapigate.com rackapijs.com section.ws sectionget.com sectionio.com topapigate.com worx.top # Reference: https://twitter.com/JCyberSec_/status/1216676671983624193 js-react.com # Reference: https://twitter.com/jeromesegura/status/1064924824336654336 bootstrap-js.com # Reference: https://twitter.com/xuy1202/status/1216951727615668224 apis-analytics.com # Reference: https://www.rapidspike.com/blog/2019-magecart-timeline/ cleor.co creditprop.com googletagstorage.com imagesengines.com # Reference: https://twitter.com/Jouliok/status/1217400178170368001 gold.platinumus.top # Reference: https://twitter.com/unmaskparasites/status/1204080970191777795 localserver.host # Reference: https://twitter.com/unmaskparasites/status/1217452290577195008 # Reference: https://www.virustotal.com/gui/domain/logistic.tw/relations logistic.tw # Reference: https://twitter.com/unmaskparasites/status/1217860398789120003 cilent-tracking.com cloudservice.tw # Reference: https://twitter.com/felixaime/status/1218135753110302720 silver-statistics.com # Reference: https://twitter.com/felixaime/status/1219175480303202307 # Reference: https://twitter.com/matr0cks/status/1220418827751763969 jqueryextplugin.com # Reference: https://www.riskiq.com/blog/labs/fullz-house/ # Reference: https://www.virustotal.com/gui/ip-address/124.156.34.157/relations # Reference: https://www.virustotal.com/gui/ip-address/47.245.55.198/relations # Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations checkout-sagepay.com google-analytics.top google-payment.com google-query.com google-smart.com google-taq.com jquery-assets.com live-sagepay.com mastercard-migs.com migs-mastercard.com pay-u-biz.com payment-mastercard.com payment-sagepay.com payment-worldpay.com payu-biz.com sagepay-live.com /ga.js?analytic= # Reference: https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/ opendoorcdn.com # Reference: https://twitter.com/jknsCo/status/1221031002564370432 hotjar.us jquery.us # Reference: https://twitter.com/AffableKraut/status/1220829096197939202 doubleclick.ws # Reference: https://www.riskiq.com/blog/labs/magecart-group-12-olympics/ # Reference: https://otx.alienvault.com/pulse/5e3d8f9c9c559a74b0c82a71 # Reference: https://malware.news/t/inside-view-of-brazzzersff-infrastructure/62431 http://45.141.86.31 cdn-content.cc content-delivery.cc deliveryjs.cc givemejs.cc jquerycdn.su storefrontcdn.com toplevelstatic.com # Reference: https://twitter.com/felixaime/status/1226292060547878913 cdnanalyze.com cdnapis.org cdnchecker.org cdnoptimize.com # Reference: https://twitter.com/gwillem/status/1227936380380119041 # Reference: https://twitter.com/gwillem/status/1231604432586125313 e4.ms http.ps # Reference: https://twitter.com/felixaime/status/1228343232649662464 amirtechet.com supermanager.space # Reference: https://twitter.com/felixaime/status/1228342963744444416 googletegmanager.com # Reference: https://twitter.com/d09r_/status/1228214041878749184 wappallyzer.com # Reference: https://twitter.com/dubstard/status/1230895567947149314 # Reference: https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf apienclave.com apisquere.com b-metric.com jquery-cycle.com ordercheck.online pridecdn.com quicdn.com # Reference: https://raw.githubusercontent.com/gwillem/magento-malware-scanner/master/rules/burner-domains.txt # Reference: https://www.virustotal.com/gui/ip-address/185.202.103.37/relations abuse-js.link account-mage.su activaguard.com adsgetapi.com advocatecdn.com afterscripts.com air-frog33.pw alabamascripts.com aleinvest.xyz alemoney.xyz alfcdn.com allacarts.com allyouwant.online amasty.biz analiticoscdn.com anduansury.com angular.club animalzz921.pw api-googles.com apismanagers.com apissystem.com apitstatus.com assetmage.com assetsbrain.com assetsbraln.com aw-test.com awscan.eu awscan.info awtest.eu baways.com bbypass.pw beforescripts.com bit.wo.tc bm24.biz bm24.info bm24.org bootstrapjs.com braincdn.org brainpayments.com braintcdn.com brainterepayments.com braintform.com braintreepaumenls.com braintreepauments.com braintreepaymenls.com bralntree.com brazersd.top bridge.industries brontocdn.com busnguard.com byte.wo.tc ccheckout.com ccvalidate.com cdn-ch.org cdn-cloud.pw cdn-imgcloud.com cdn-js-42.com cdn-js.link cdnanalytics.net cdnapis.com cdnassels.com cdnbronto.com cdnbronto.info cdngoogle.com cdnmage.com cdnpayment.com cdnppay.com cdnrfv.com cdnscriptx.com cdnwhiltelist.com cellubiue.com cellublue.info checkercarts.com ciscostats.com citwinery.com citywiners.com cl0udfiare.com cloud-jquery.com cloud-jquery.net cloud-jquery.org cloud-privacy.com cloud-update.top cloud-wp.org cloudfusion.me cloudmetric-analytics.com cloudservice.tw cloudtrusted.org cmytuok.top codesmagento.com configmage.com configsysrc.com configsysrc.info connectbootstrap.com controlmage.com crtteo.com d0ubletraffic.com directvapar.com directvaporonline.com directvaporus.com directvaprr.com dmaxjs.com dnsden.biz dobellonline.com docstart.su doublecllck.com drberg.online drberg.store duserjs.com ebitbr.com ebizmart.biz encoderform.com encrypterforms.com encryptforms.com exrpesso.org facebookfollow.com fastlscripts.com fbcommerse.com fbprotector.com fellsogood43.pw font-assets.com frameuserstat.com frashjs.com friend4cdn.com g-analytics.com gamacdn.com ganalytlcs.com gitformage.com gitformlife.com gitmage.com googieapls.com googiecloud.com googieservlce.com google-anaiytic.com google-analytisc.su googleprotectionshop.com googletagmanager.eu googletagnamager.com googlitagmanager.com googletrackmanager.com gooqleadvstat.com gooqlemgrteg.com govfree.pw gstatlcs.com gtagaffilate.com icon-base.biz info-js.link infopromo.biz informaer.com informaer.net informaer.org informaer.ws infostat.pw inst-js.su installw.com internalvaporgroup.com invisiblename.com invisiblename.pro invisiblename.pw ip.5uu8.com javascloud.com javascripts-system.com jcloudcdn.com jquery-cdn.top jquery-cdnlib.com jquery-cloud.net jquery-cloud.org jquery-code.su jquery-css.su jquery-js.com jquery-js.link jquery-libs.su jquery-main.su jquery-min.su jquery-stats.com jquery-validation.org jquery-web.com jquery.su jquerycdnlibrary.com jquerycodemagento.com jqueryextd.us jqueryexts.us jquerystatic.com jquerystorage.com js-abuse.link js-abuse.su js-cdn.link js-cloud.com js-cloudhost.com js-link.su js-magic.link js-mod.su js-react.com js-save.link js-save.su js-start.su js-stat.su js-stats.click js-stats.xyz js-storage.click js-sucuri.link js-syst.su js-top.link js-top.su jscontroller.stream jscript-cdn.com jscripts-cloud.com jscriptscloud.com jsdellvr.com jsecurely.com jsecuri.com jsmagento.com jspoi.com jsreload.pw kennedyform.com kissmetrik.com link-js.link link-js.su listrakb.com locateooo.com logisticusa.biz lolfree.pw m24js.com mage-cdn.link mage-js.link mage-js.su mage-storage.pw magecompas.com mageconfig.com magejavascripts.com magely.info magemarts.com magento-analytics.com magento-cdn.top magento-connection.com magento.name magento.ontools.net magentocore.net magentopatchupdate.com mageonline.net magescripts.info magescripts.pw magesecurely.com magesecuritys.com magesources.com magestops.com map-js.link market-stats.com maskforms.com maxijs.com mcloudjs.com mdelivry.com mediageting.com megalith-games.com minifyscripts.com minpays.com mipss.su mjs24.com mod-js.su mod-sj.link monenate.net monerate.net monestate.net msecurely.com msn-analytics.com my-braintree.com myageverify.com mycloudtrusted.com mytokeasn2s.ru netmg-cdn.com neweggstats.com newrellc.com nodejsapi.net nodejscript.net nykoa.in oh-polly.com ohpoliy.com oklahomjs.com oltratoke.ru onlineclouds.cloud onlinereserchstatistics.online onlineshopsecurity.com onlinestatus.site onlinestatus.stream optimizly.info order-security.com orealjs.com pass-js.click paymentnow.tk paymentpal.cf paymentsystem.info paypallobjects.com privacyform.com privatejs.com privatixjs.com qpstasis.com qsxjs.com realtrustsafe.com receiverinformation.com requestnet.tk resselerratings.com rlteaid.com routingzen.com s3-us-west.com safeprivatcy.com safeyouform.com sagecdn.org sainester.com samescripts.com samexsame.com saveyoujs.com scriptb.com scriptsform.com scriptsfyou.com scriptsjzone.com securecloudtrusted.com secureqbrowser.com securipayment.com security-mage.com secury-checkout.com shelljs.com shop-analytics.net simcounter.com simpiehuman.com sistem-js.su siteverification.online siteverification.site sj-mod.link sj-syst.link slickjs.org slripe.com smart-js.link specjs.com sportys.store sslbrainform.com sslpayform.com sslvalidator.com stat-sj.link statdd.su statesales.info statistic-info.me statsdot.eu stecker.su stek-js.link storemagento.info storentrust.com stormnguard.com strapform.com sucuri-cloud.com sucuri-js.com supporttech281012.tk syst-sj.link system-backup.biz tcsupport241012.tk termlifelearned.us thatispersonal.com theresevit.com top-sj.link top5value.com track-js.link track-magento.com tracker-visitors.com trafficanalyzer.biz traskedlink.com truefree.pw trustd.biz typejsx.com typekit.website typekitcloud.com typeklt.com uorineall.info upgradenstore.com ups-broker.org userinfos.com userinfos.info userlandform.com userlandpay.com uslogisticexpress.com valdatecode.com validatenyou.com validateyourinfo.com validatorcc.com vamberlo.com verifiedjs.com verpayment.com verpayments.com vmaxjs.com voodoo4tactical.com vuserjs.com web-info.me web-rank.cc web-rank.pw web-stat.biz web-stat.me web-stats.cc web-stats.pw webfotce.me webrank.ws webstat-info.ws webstat.cc webstatistic.me webstatistic.pw webstatistic.tech webstatistic.ws webstats.me webstatvisit.com whitelistjs.com wix-cloud.com wpconnect.org wpserve.org ww1-filecloud.com x-magesecurity.com xmageform.com xmageinfo.com xmagejs.com xmagesecurity.com xn--google-analytcs-xpb.com xn--gstatc-7va.com youpayme.info zendesk-chart.com zonejs.com zs.mk # Reference: https://twitter.com/xuy1202/status/1232162075285147648 ns-scripts.com # Reference: https://twitter.com/gwillem/status/1232246887367028737 # Reference: https://www.virustotal.com/gui/domain/cloudmgrtracker.com/detection cloudmgrtracker.com # Reference: https://twitter.com/MBThreatIntel/status/1232404872999231488 pluginmagento.net # Reference: https://twitter.com/xuy1202/status/1232581248083582976 data-safeguard.com # Reference: https://twitter.com/MBThreatIntel/status/1232726202281889793 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/ cdn-mediafiles.org cdn-sources.org d68344fb.ngrok.io # Reference: https://sansec.io/labs/2020/02/25/longest-skimming-operation-yet/ aleopeople.info bizlawyer.org contentequare.com cquotinent.com jackhemmingway.com joyjewell.com installerr.pw installerr.site pizdasniff.site qitcdn.net securedcdn.net thefei.com vk-a6t5h7f3k.site /5d507d3e6fdc7.js /5d55d10058c9d.js /5d570bebe00ed.js # Reference: https://twitter.com/felixaime/status/1234111603831910400 webscriptly.com # Reference: https://twitter.com/felixaime/status/1224257587555770368 jquerytxtplugin.com # Reference: https://twitter.com/unmaskparasites/status/1234536106953146369 http://163.172.136.230 # Reference: https://twitter.com/unmaskparasites/status/1234917686242619393 # Reference: https://www.virustotal.com/gui/ip-address/83.166.248.67/relations autocapital.pw http.ps xxx-club.pw y5.ms # Reference: https://twitter.com/felixaime/status/1235131517908570113 # Reference: https://www.virustotal.com/gui/ip-address/185.181.164.216/relations # Reference: https://www.virustotal.com/gui/ip-address/47.56.114.152/relations # Reference: https://www.virustotal.com/gui/domain/wp-includ.com/relations # Reference: https://twitter.com/500mk500/status/1235330678700548098 reportgns.com sucuritester.com wp-includ.com # Reference: https://web.misker.me/blog/malware/2020/03/04/Raindrop-PoppedShop.html # Reference: https://www.virustotal.com/gui/domain/googletagmanagrapis.com/detection googletagmanagrapis.com # Reference: https://twitter.com/felixaime/status/1236201312842326016 savemoneyoffice.com/js/varien/print.js # Reference: https://twitter.com/felixaime/status/1236321303902269441 imprintcenter.com/js/embed.min.js imprintcenter.com/js/flash/ # Reference: https://twitter.com/jeromesegura/status/1121811483195633670 # Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/ jquerylol.ru # Reference: https://twitter.com/rootprivilege/status/1233065094965125120 # Reference: https://pastebin.com/4seW3Aya neuro-programmer.de/e.php neuro-programmer.de/test.php # Reference: https://twitter.com/fletchsec/status/1175180643514355713 kursy.atas.pl/templates/system/html/data/red.php # Reference: https://www.virustotal.com/gui/ip-address/181.214.86.150/relations get-js.com marketplace-magento.net # Reference: https://twitter.com/d09r_/status/1238302755032166400 # Reference: https://www.virustotal.com/gui/ip-address/178.33.71.232/relations # Reference: https://www.virustotal.com/gui/domain/theresevit.com/relations jsvault.net linkedtop.com scriptopia.net # Reference: https://twitter.com/ydklijnsma/status/1232727444962107392 google-anallytic.com google--analytics.com google-analyitics.com google-anolytics.com # Reference: https://twitter.com/AffableKraut/status/1207664349634011137 bizrateservices.com j-queries.com teamsystems.info towbarchat.com twinkhelp.com # Reference: https://twitter.com/AffableKraut/status/1169489081568497664 gmagea.com # Reference: https://twitter.com/AffableKraut/status/1169458435290804225 genidaff.com strchckr.com tfalseacc.com tryuseracc.com vaccss.com # Reference: https://twitter.com/AffableKraut/status/1169458426344333312 htjar.com # Reference: https://twitter.com/AffableKraut/status/1166223620886208513 shellsn.ru # Reference: https://twitter.com/AffableKraut/status/1159677725994622976 jquery.in.ua # Reference: https://twitter.com/AffableKraut/status/1133599840544468992 jqueryes.com # Reference: https://twitter.com/MBThreatIntel/status/1238537326956933121 cookiepro.cloud # Reference: https://www.riskiq.com/blog/labs/magecart-nutribullet/ # Reference: https://otx.alienvault.com/pulse/5e72332db0bfef80752cec40 amerisleep.github.io 3lift.org abtasty.net adaptivecss.org adorebeauty.org all-about-sneakers.org ar500arnor.com authorizecdn.com bannerbuzz.info battery-force.org batterynart.com blackriverimaging.org braincdn.org btosports.net cdnassels.com cdnmage.com chicksaddlery.net childsplayclothing.org christohperward.org citywlnery.org closetlondon.org cmytuok.top coffemokko.com coffetea.org configsysrc.info dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org energytea.org etradesupply.org exrpesso.org foodandcot.com freshchat.info freshdepor.com greatfurnituretradingco.org info-js.link jewsondirect.com js-cloud.com kandypens.net kik-vape.org labbe.biz lamoodbighats.net link-js.link livechatinc.org londontea.net mage-checkout.org magejavascripts.com magescripts.pw magesecuritys.com majsurplus.com map-js.link mcloudjs.com mechat.info melbounestorm.com misshaus.org mylrendyphone.com mypiltow.com nililotan.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su prodealscenter.com replacemyremote.org sagecdn.org scriptoscript.com security-payment.su shop-rnib.org slickjs.org slickmin.com smart-js.link swappastore.com teacoffe.net top5value.com track-js.link ukcoffe.com verywellfitnesse.com walletgear.org webanalyzer.net zapaljs.com zoplm.com # Reference: https://twitter.com/felixaime/status/1241765974929530884 googletagmanage.com # Reference: https://twitter.com/MBThreatIntel/status/1241837000564428800 sucurl.net # Reference: https://www.virustotal.com/gui/domain/sucuri.pro/relations sucuri.pro # Reference: https://twitter.com/MBThreatIntel/status/1242538048044150784 # Reference: https://www.virustotal.com/gui/domain/allegrolearnings.com/relations allegrolearnings.com/blogs/media/embed.min.js allegrolearnings.com/blogs/media/common.js # Reference: https://www.virustotal.com/gui/ip-address/161.117.236.58/relations jquerrycdn.xyz # Reference: https://twitter.com/d09r_/status/1242845745218228224 # Reference: https://twitter.com/securityaffairs/status/1242873730235277313 # Reference: https://securityaffairs.co/wordpress/100449/hacking/tupperware-site-hacked.html # Reference: https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/ deskofhelp.com # Reference: https://twitter.com/felixaime/status/1243083359212969984 gocgle-analytics.com # Reference: https://twitter.com/felixaime/status/1243561946982625284 oldworldaccents.net/js/embed.min.js # Reference: https://www.virustotal.com/gui/domain/google-analytics.gq/relations google-analytics.gq # Reference: https://twitter.com/felixaime/status/1247414542759575552 google-analytc.com # Reference: https://twitter.com/unmaskparasites/status/1247886037881196547 # Reference: https://blog.sucuri.net/2020/01/web-swiper-in-image-title.html # Reference: https://www.virustotal.com/gui/domain/intljs.rmtag.net/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.161.89/relations intljs.rmtag.net pollyfill.com # Reference: https://twitter.com/d09r_/status/1247951999305302016 # Reference: https://www.virustotal.com/gui/ip-address/34.227.50.166/relations # Reference: https://www.virustotal.com/gui/ip-address/54.89.179.241/relations # Reference: https://www.virustotal.com/gui/ip-address/3.83.72.214/relations # Reference: https://www.virustotal.com/gui/ip-address/52.1.206.175/relations # Reference: https://www.virustotal.com/gui/ip-address/3.84.27.209/relations 3alesforce.com 4esla.services 4eslamotors.com 7indowsupdate.com 7ootric.com adn-apple.com akalai.net ap0see.com app3ee.com appqee.com appsae.com appsue.com aprsee.com apxsee.com arpsee.com atpsee.com bdn-apple.com calesforce.com cdf-apple.com cdj-apple.com cdl-apple.com cdn-a0ple.com cdn-ap0le.com cdn-appde.com cdn-apphe.com cdn-appla.com cdn-appld.com cdn-applg.com cdn-applm.com cdn-applu.com cdn-appme.com cdn-appne.com cdn-apqle.com cdn-aprle.com cdn-aptle.com cdn-apxle.com cdn-aqple.com cdn-arple.com cdn-atple.com cdn-axple.com cdn-cpple.com cdn-epple.com cdn-ipple.com cdn-qpple.com cdnmapple.com cdo-apple.com cen-apple.com cfn-apple.com clack-msgs.com cln-apple.com coogleanalytics.com coogleusercontent.com cppsee.com ctn-apple.com deslamotors.com eicrosoftonline.com eixpanel.com eoogleanalytics.com eoogleusercontent.com eropbox.com fgxnews.com fo8news.com fohnews.com foogleanalytics.com fopnews.com foxlews.com foxne7s.com foxneus.com foxnew3.com foxoews.com foynews.com fpnjs.com gdn-apple.com ggogleanalytics.com ggogletagmanager.com ggogleusercontent.com gindowsupdate.com gkogleanalytics.com gkogleusercontent.com gmogleanalytics.com gmogletagmanager.com gmogleusercontent.com gnogleanalytics.com gnogletagmanager.com gnogleusercontent.com goggletagmanager.com goggleusercontent.com gokgleanalytics.com gokgletagmanager.com gokgleusercontent.com gomgleanalytics.com gongleanalytics.com gongletagmanager.com gongleusercontent.com goocleanalytics.com goocletagmanager.com goocleusercontent.com gooeleanalytics.com gooeleusercontent.com goofleanalytics.com goofletagmanager.com googdeanalytics.com googdetagmanager.com googheanalytics.com googhetagmanager.com googheusercontent.com googlaanalytics.com googlatagmanager.com googlausercontent.com googldanalytics.com googldtagmanager.com googldusercontent.com google4agmanager.com google5sercontent.com googleafalytics.com googleajalytics.com googlealalytics.com googleanadytics.com googleanahytics.com googleanal9tics.com googleanalqtics.com googleanalxtics.com googleanaly4ics.com googleanalydics.com googleanalypics.com googleanalytacs.com googleanalythcs.com googleanalytias.com googleanalytibs.com googleanalytic3.com googleanalyticc.com googleanalyticq.com googleanalyticr.com googleanalyticw.com googleanalytigs.com googleanalytiks.com googleanalytiss.com googleanalytkcs.com googleanalytmcs.com googleanalytycs.com googleanalyuics.com googleanalyvics.com googleanamytics.com googleananytics.com googleanclytics.com googleanelytics.com googleanilytics.com googleanqlytics.com googleaoalytics.com googlecnalytics.com googledagmanager.com googleenalytics.com googleesercontent.com googleinalytics.com googlepagmanager.com googleqnalytics.com googleqsercontent.com googletacmanager.com googletaemanager.com googletag-anager.com googletageanager.com googletagianager.com googletaglanager.com googletagmafager.com googletagmajager.com googletagmalager.com googletagmanacer.com googletagmanaeer.com googletagmanafer.com googletagmanagar.com googletagmanagdr.com googletagmanage2.com googletagmanageapi.com googletagmanageb.com googletagmanagep.com googletagmanages.com googletagmanagev.com googletagmanagez.com googletagmanaggr.com googletagmanagmr.com googletagmanagris.com googletagmanagrs.com googletagmanagrsapi.com googletagmanagur.com googletagmanaoer.com googletagmanawer.com googletagmancger.com googletagmaneger.com googletagmaniger.com googletagmanqger.com googletagmaoager.com googletagmcnager.com googletagminager.com googletagmqnager.com googletagoanager.com googletaomanager.com googletawmanager.com googletcgmanager.com googletigmanager.com googletqgmanager.com googletsercontent.com googleu3ercontent.com googleuagmanager.com googleucercontent.com googleuqercontent.com googleurercontent.com googleusarcontent.com googleusdrcontent.com googleuse2content.com googleusebcontent.com googleusepcontent.com googleuseraontent.com googleuserbontent.com googleusercgntent.com googleuserckntent.com googleusercmntent.com googleusercnntent.com googleusercoftent.com googleusercojtent.com googleusercoltent.com googleusercon4ent.com googleusercondent.com googleuserconpent.com googleusercontant.com googleusercontdnt.com googleuserconteft.com googleusercontejt.com googleusercontelt.com googleuserconten4.com googleusercontend.com googleusercontenp.com googleusercontenu.com googleusercontenv.com googleuserconteot.com googleusercontgnt.com googleusercontmnt.com googleusercontunt.com googleuserconuent.com googleuserconvent.com googleusercootent.com googleusergontent.com googleusersontent.com googleusescontent.com googleusevcontent.com googleusgrcontent.com googleusmrcontent.com googleusurcontent.com googlevagmanager.com googlewsercontent.com googlganalytics.com googlgtagmanager.com googlgusercontent.com googlmanalytics.com googlmtagmanager.com googluanalytics.com googlutagmanager.com googluusercontent.com googmeanalytics.com googmetagmanager.com googmeusercontent.com googneanalytics.com goognetagmanager.com googneusercontent.com goooleanalytics.com goooletagmanager.com gootric.com goowleanalytics.com goowletagmanager.com goowleusercontent.com hocalytics.com iicrosoftonline.com iixpanel.com ippsee.com jpnjs.com ka3persky.com kaqpersky.com kaspepsky.com kasperqky.com kaspersk9.com kasperskq.com kaspessky.com kaspezsky.com kaspgrsky.com kaspmrsky.com kaspursky.com kastersky.com kasxersky.com kcspersky.com kdn-apple.com lgcalytics.com licrosoftonline.com lmcalytics.com lncalytics.com loaalytics.com locadytics.com locahytics.com localqtics.com localy4ics.com localydics.com localytacs.com localythcs.com localytias.com localytibs.com localytic3.com localyticc.com localyticw.com localytigs.com localytiks.com localytiss.com localytkcs.com localytmcs.com localytycs.com localyuics.com localyvics.com locamytics.com locanytics.com locclytics.com locelytics.com locqlytics.com lokalytics.com lpnjs.com mhxpanel.com mi8panel.com mibrosoftonline.com micposoftonline.com micrgsoftonline.com micrksoftonline.com microqoftonline.com microskftonline.com microsmftonline.com microsnftonline.com microsobtonline.com microsof4online.com microsofdonline.com microsoftgnline.com microsoftknline.com microsoftnnline.com microsoftofline.com microsoftojline.com microsoftolline.com microsoftonhine.com microsoftonlane.com microsoftonlhne.com microsoftonlife.com microsoftonlije.com microsoftonlile.com microsoftonlina.com microsoftonlind.com microsoftonling.com microsoftonlinu.com microsoftonlioe.com microsoftonlkne.com microsoftonlmne.com microsoftonmine.com microsoftonnine.com microsoftooline.com microsofuonline.com microsofvonline.com microsovtonline.com micsosoftonline.com micvosoftonline.com miczosoftonline.com mihpanel.com mippanel.com mix0anel.com mixpalel.com mixpanal.com mixpandl.com mixpaned.com mixpanem.com mixpanml.com mixpanul.com mixpcnel.com mixpenel.com mixpinel.com mixranel.com mixtanel.com mixxanel.com mkcrosoftonline.com mkxpanel.com mmxpanel.com mocalytics.com myxpanel.com n0njs.com npjjs.com npljs.com npnhs.com npnj3.com npnks.com npnns.com npnzs.com npojs.com nqnjs.com nrnjs.com ntnjs.com nxnjs.com oicrosoftonline.com oixpanel.com ooogleanalytics.com ooogleusercontent.com opnjs.com peslamotors.com qalesforce.com qlack-msgs.com qppsee.com qymantec.com ralesforce.com regment.io rlack-msgs.com rymantec.com s9mantec.com sadesforce.com sahesforce.com saldsforce.com sale3force.com saleqforce.com salesborce.com salesfgrce.com salesfmrce.com salesfnrce.com salesfo2ce.com salesfobce.com salesfopce.com # Reference: https://twitter.com/felixaime/status/1248154035053637632 google-analytcsapi.com # Reference: https://www.perimeterx.com/resources/blog/2020/new-stealth-magecart-attack-bypasses-payment-services-using-iframes/ # Reference: https://www.virustotal.com/gui/ip-address/83.166.250.66/relations braintreegateway24.com braintreegateway24.tech braintreegateway.services # Reference: https://twitter.com/felixaime/status/1250807334676414465 tag-css.icu # Reference: https://twitter.com/MBThreatIntel/status/1252265931088080896 vetality.site # Reference: https://twitter.com/MBThreatIntel/status/1252285343555960833 ducatigrenoble.com/skin/frontend/ves_brave/default/css/bootstrap.php # Reference: https://twitter.com/MBThreatIntel/status/1252338975265546242 clipbutton.com.br/catalog/discount.php tivents.de/media/wysiwyg/paypal4.gif # Reference: https://twitter.com/felixaime/status/1253039202465468419 # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.55/relations # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.62/detection secrityipa.club securityipa.club # Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# Skimmer) # Reference: https://www.virustotal.com/gui/domain/sunrisepromos.com/relations sunrisepromos.com/js/lib/ccard.js # Reference: https://securityaffairs.co/wordpress/98124/cyber-crime/uncovering-new-magecart-implant.html # Reference: https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/ # Reference: https://labs.sucuri.net/web-skimmer-with-a-domain-name-generator-follow-up/ # Reference: https://twitter.com/AffableKraut/status/1257937430709186560 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations ql201000.pw ql201041.pw ql201243.pw ql201456.pw ql201463.pw ql201721.pw ql202141.pw ql202412.pw ql202657.pw ql202989.pw qr201010.pw qr201089.pw qr201161.pw qr201346.pw qr201854.pw qr202004.pw qr202284.pw qr202754.pw qr202844.pw qr202960.pw q(l|r)[0-9]{5,6}\.pw /js/ar/ar906.php /js/ar/ar2497.php /js/ar/ar7938.php # Reference: https://blog.sucuri.net/2020/04/web-skimmer-with-a-domain-name-generator.html gooogletagmanager.online # Reference: https://twitter.com/Bank_Security/status/1258130762685186048 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/ # Reference: https://www.virustotal.com/gui/ip-address/83.166.242.105/relations myicons.net psas.pw # Reference: https://twitter.com/felixaime/status/1258800483524804608 jquerycdn.at # Reference: https://twitter.com/felixaime/status/1258834331163922432 jquerye.at # Reference: https://twitter.com/felixaime/status/1260822992180973572 cdnjustuno.icu manag.icu targetad.icu # Reference: https://twitter.com/felixaime/status/1260827294723170304 tags-app.icu tags-bootstrap.icu # Reference: https://twitter.com/MBThreatIntel/status/1269400469845061632 tagapp.icu # Reference: https://twitter.com/AffableKraut/status/1261157021027622912 # Reference: https://gist.github.com/krautface/c2f2d6d0c4516afc47efcbe17e561e0c priangan.com/wp-content/languages/blogid/ # Reference: https://twitter.com/tosscoinwitcher/status/1261353530465456128 # Reference: https://twitter.com/500mk500/status/1261361366339903488 # Reference: https://www.virustotal.com/gui/domain/googletagmanagr.com/detection googletagmanagr.com # Reference: https://twitter.com/MBThreatIntel/status/1262893385448210434 magentorates.com # Reference: https://twitter.com/MBThreatIntel/status/1263850035382378497 # Reference: https://twitter.com/500mk500/status/1263861204327505928 # Reference: https://twitter.com/d09r_/status/1263864711847620609 # Reference: https://www.virustotal.com/gui/ip-address/5.188.62.173/relations # Reference: https://www.virustotal.com/gui/ip-address/176.123.6.37/relations padmin.xyz hostssl.uno hostssl.xyz shopssl.xyz idtransfer.icu # Reference: https://twitter.com/MBThreatIntel/status/1263876741094727680 # Reference: https://www.virustotal.com/gui/ip-address/23.106.215.85/relations cdncontentserver.com onlineimageservices.com # Reference: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/ gocgle-analytics.cm gocgle-analytics.net gocgletagmanager.cm gocgletagmanager.com # Reference: https://www.virustotal.com/gui/ip-address/194.180.224.112/relations authcrize.net gcogle-analytics.com gocgle-analytics.net googlo-analytics.com googlo-analytics.net gooqle-analytics.com gooqle-analytics.net secure-authorize.net wanalytic.is secure.authcrize.net # Reference: https://twitter.com/kyleehmke/status/1399680399756906502 # Reference: https://www.virustotal.com/gui/ip-address/87.120.254.4/relations gooqle-login.com # Reference: https://twitter.com/felixaime/status/1264124350883602432 # Reference: https://www.virustotal.com/gui/ip-address/161.35.202.72/relations cdndoubleclick.net # Reference: https://twitter.com/felixaime/status/1264567401380753409 cdn-contentstore.com cdn-sources.com # Reference: https://twitter.com/AffableKraut/status/1265349583925841922 ads-fbstatistic.com # Reference: https://twitter.com/felixaime/status/1265175178532831237 livechatcdn.com # Reference: https://twitter.com/felixaime/status/1265176411322499072 cloudfrontapi.com cloudfrontapi.net # Reference: https://twitter.com/MBThreatIntel/status/1266397492658098176 s3.amazonaws.com/content.zipboss.com/code/zipboss.dev.js # Reference: https://twitter.com/felixaime/status/1267045708932222976 apibazaarvoice.com # Reference: https://twitter.com/benkow_/status/1267034595758833667 http://89.82.251.136/counter/index.php # Reference: https://twitter.com/felixaime/status/1267095794571792384 # Reference: https://twitter.com/dimitribest/status/1372632649496420364 # Reference: https://twitter.com/rootprivilege/status/1392119803997941762 # Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/ http://45.197.141.250 45.197.141.250:443 happykid.in/image/catalog/d_blog_module/review/jjs.js tienda.flex.cl/media/sello-ecommerce.js # Reference: https://twitter.com/eclipsepicards/status/1268240487233867778 platinumus.top # Reference: https://twitter.com/MBThreatIntel/status/1267874481113989121 googleapifs.space # Reference: https://twitter.com/felixaime/status/1267729483987062786 ssecurapi.club # Reference: https://twitter.com/MBThreatIntel/status/1268340229347270657 jquerylib.at # Reference: https://twitter.com/MBThreatIntel/status/1268982125543387136 cdnn-aws.com # Reference: https://twitter.com/unmaskparasites/status/1269005294325108738 hits-cache.com # Reference: https://blog.sucuri.net/2020/06/evasion-tactics-in-hybrid-credit-card-skimmers.html # Reference: https://www.virustotal.com/gui/ip-address/185.110.132.220/relations http://185.110.132.220 jshost.org # Reference: https://twitter.com/prsecurity_/status/1269843378088247296 http://185.4.65.69 http://185.4.65.72 http://185.4.66.82 http://37.252.0.91 http://37.252.0.115 http://37.252.0.150 http://37.252.0.149 http://37.252.0.196 http://37.252.0.199 http://5.45.80.46 http://5.45.82.166 http://5.45.82.189 http://5.45.83.202 http://5.45.83.223 # Reference: https://twitter.com/unmaskparasites/status/1270064808864419841 # Reference: https://www.virustotal.com/gui/ip-address/54.38.49.244/relations jsassets.net payprocessor.net # Reference: https://twitter.com/MBThreatIntel/status/1270150196333142016 locol.site # Reference: https://twitter.com/JWilsonSecurity/status/1270087185795026944 t.obet.us/gagal/log.php # Reference: https://twitter.com/MBThreatIntel/status/1270861231776137218 # Reference: https://twitter.com/MBThreatIntel/status/1279128778543783936 # Reference: https://twitter.com/500mk500/status/1270945615812460544 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.189/relations bootstrapmag.com chatajax.com google-adware.com jquery-apl.com jqueryalert.com jqueryapiscript.com magento-info.com magento-stores.com magento-updater.com security-magento.com securityscr.com w3schooli.com wordpress-scripts.com # Reference: https://twitter.com/felixaime/status/1271061780849209344 # Reference: https://www.virustotal.com/gui/ip-address/193.32.161.74/relations cdnxmljquerybucket.com jqueryapichecker.com tagmanagercdn.com tagmanagerxmlraw.com xmljqueryscoring.com xmlrawdataresponse.com # Reference: https://securityaffairs.co/wordpress/104776/hacking/claires-magecart-attack.html claires-assets.com # Reference: https://twitter.com/felixaime/status/1263818626114740224 # Reference: https://twitter.com/MBThreatIntel/status/1272679759126777857 # Reference: https://www.virustotal.com/gui/ip-address/185.217.92.149/relations jquerystats.com salesstatistic.com scriptstatistic.com # Reference: https://twitter.com/benkow_/status/1273214642458853376 reddotarms.com/js/infortis/jquery/jquery-1.7.2.min.js # Reference: https://twitter.com/benkow_/status/1273219665582579713 visaandpassportagency.com/js/prototype/prototype.js # Reference: https://twitter.com/felixaime/status/1273221200886587392 magento-api.icu magentolink.icu bootstrap-fronts.icu bootstrap-jquery.icu cloud-fronts.icu bootstrap-jquery.host magento-api.host cloud-fronts.host magentolink.host jqueryjs.host # Reference: https://twitter.com/MBThreatIntel/status/1273733879526903808 # Reference: https://www.virustotal.com/gui/ip-address/185.92.148.128/relations cddn.site lebs.site # Reference: https://securelist.com/web-skimming-with-google-analytics/97414/ google-anatytics.com google-analytics-js.com # Reference: https://www.virustotal.com/gui/ip-address/84.38.182.177/relations mstracking.link paypalapiobjects.com # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.50/relations googleapimanager.com # Reference: https://twitter.com/MBThreatIntel/status/1376665239647756289 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ ads-fbstatistic.com apilivechat.com bestcdnforbusiness.com bizrateservices.com cddn.site cxizi.net favicon.click j-queries.com jquery-analitycs.com jqueryanalise.xyz koinweb.site lebs.site magentorates.com pixasbay.com sonol.site teamsystems.info towbarchat.com undecoveria.com webtrans.site wosus.site xciy.net xoet.site yxxi.net yzxi.net # Reference: https://twitter.com/MBThreatIntel/status/1279651033883439105 kttape.com/pub/static/frontend/Plumtree/kttapeb2b/en_US/mage/mail.js # Reference: https://twitter.com/MBThreatIntel/status/1279523525192081408 cloud-flares.host # Reference: https://twitter.com/wwp96/status/1279551267698888704 jquerycloud.host # Reference: https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/ # Reference: https://twitter.com/MBThreatIntel/status/1280180299112919041 # Reference: https://www.virustotal.com/gui/ip-address/31.220.60.108/relations cdn-xhr.com hivnd.net hixrq.net idpcdn-cloud.com joblly.com rackxhr.com thxrq.com # Reference: https://twitter.com/unmaskparasites/status/1280569151833223168 cdn-google-analytics.com # Reference: https://twitter.com/p5yb34m/status/1111707577685991424 givemejs.cc # Reference: https://twitter.com/jeromesegura/status/1121811483195633670 # Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/ /mage/master/mage.js # Reference: https://www.symantec.com/security-center/writeup/2018-092007-1208-99 (JSCoffe domains) beachyripe.com energycoffe.org energytea.org lightbulbs-direct.org teacoffe.net ukcoffe.com # Reference: https://blog.sucuri.net/2018/12/localization-and-customization-of-credit-card-stealing-malware.html kinfirighbetted.host sales4reason.com greatwebstat.com # Reference: https://www.helpnetsecurity.com/2020/07/08/magecart-group-8/ # Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-A-3.pdf # Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-B-1.pdf adaptivecss.org adorebeauty.org anduansury.com ankese.com assethomify.com assetstorage.net blackriverimaging.org braincdn.org citywlnery.org closetlondon.org coffemokko.com coffetea.org dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org etradesupply.org exrpesso.org fileskeeper.org foodandcot.com freshchat.info freshdepor.com frocklay.com hqassets.com info-js.link jewsondirect.com js-storage.click jsvault.net labbe.biz link-js.link londontea.net mage-checkout.org majsurplus.com map-js.link mechat.info misshaus.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su replacemyremote.org safeprocessor.com sagecdn.org sainester.com scriptdesire.com scriptsparadise.com scriptvault.org security-payment.su shourve.com slickjs.org smart-js.link stairany.com swappastore.com teacoffe.net theresevit.com top5value.com track-js.link ukcoffe.com uthorizecdn.com verywellfitnesse.com walletgear.org weblibscdn.com # Reference: https://twitter.com/unmaskparasites/status/1283084460519456771 cdnlistrakbi.com # Reference: https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html # Reference: https://www.virustotal.com/gui/ip-address/8.208.19.101/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.77.10/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.99.41/relations analytics-core.com analytics-ssl.com fonts-googlemaps.com fonts-gstatic.com fontsgoogle-apis.com fontsgoogleapis.com google-conf.com google-console.com google-core.com google-sert.com dash.google-console.com fonts.fontsgoogleapis.com ssl.analytics-core.com /app/design/frontend/Magento/luma/media/mage.png /pub/media/downloadable/mage.png # Reference: https://twitter.com/felixaime/status/1287408636164284419 cdn-filestorm.com cloud-sources.com # Reference: https://twitter.com/500mk500/status/1288482532774891521 # Reference: https://www.virustotal.com/gui/ip-address/8.211.36.239/relations # Reference: https://www.virustotal.com/gui/domain/rooplancdn.com/detection rooplancdn.com # Reference: https://twitter.com/felixaime/status/1288604510802325509 shopify-sales.com # Reference: https://twitter.com/felixaime/status/1288601153400446976 # Reference: https://www.virustotal.com/gui/ip-address/47.88.14.111/relations # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.134/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.84.18/relations # Reference: https://twitter.com/felixaime/status/1301090258671542272 adw-gooqle.com blog-mage.com cailpercovers.com cheeseceke.com cioubfiare.com claristokp.top clickstrackings.com cloubfiare.com cloudflaea.com cloudfliare.com googie-seo.com google-ahatytics.com google-anatytics.com google-ssm.com gooqieapis.com jquery-doc.com jquery-magento.com jqueryupdate.com magenlo.com magento-update.com marketing-yahoo.com optimized-js.com path-magento.com script-magento.com sucuil.net tag-managers.com up-tracking.com # Reference: https://twitter.com/unmaskparasites/status/1288922935240077313 http://31.214.157.134/in.php /setup/performance-toolkit/files/search_terms.php # Reference: https://twitter.com/AffableKraut/status/1290031871670104066 # Reference: https://twitter.com/AffableKraut/status/1290031876892057600 # Reference: https://www.virustotal.com/gui/ip-address/37.252.5.111/relations # Reference: https://gist.github.com/krautface/b65cb1e717038f000d4d9dfd860830ea cdn-adsense.com # Reference: https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/ # Reference: https://otx.alienvault.com/pulse/5f2c453b5b063dda49dd855f # Reference: https://www.virustotal.com/gui/ip-address/51.83.209.11/relations cigarpaqe.com fleldsupply.com pushcrew.pw winqsupply.com zoplm.com # Reference: https://twitter.com/felixaime/status/1292567951762231299 cdncom.site # Reference: https://twitter.com/AffableKraut/status/1293104085835689984 # Reference: https://www.virustotal.com/gui/domain/googapi.com/detection googapi.com # Reference: https://twitter.com/felixaime/status/1295796245588512768 payprocessor.net # Reference: https://twitter.com/felixaime/status/1295800211416190976 # Reference: https://www.virustotal.com/gui/ip-address/188.209.49.71/relations clipboardplugin.com devtoolsforweb.com variousscripts.com topcc.biz topcc.pw topcc.store topcc.su # Reference: https://twitter.com/unmaskparasites/status/1295816804133199878 # Reference: https://twitter.com/AffableKraut/status/1295817245017493507 amastybootstrap.host amastybootstrap.online amastybootstrap.store bootstrapcd.host bootstrapcd.online bootstrapcss.host bootstrapcss.online cdnbootstrap.host cdnbootstrap.store dbbootstrap.online dbbootstrap.zip # Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations cdn-jquerystatic.ddns.net static-jquery.sytes.net # Reference: https://www.virustotal.com/gui/ip-address/91.211.247.69/relations cvv2.name # Reference: https://www.virustotal.com/gui/ip-address/47.241.7.41/relations acloudsapi.com securebnp-server.com securebnp1-update.com secureing-update.com # Reference: https://twitter.com/JCyberSec_/status/1298929497354448901 gaminpit.com # Reference: https://twitter.com/MBThreatIntel/status/1299380573966802944 # Reference: https://www.virustotal.com/gui/ip-address/108.62.12.46/detection content-analytics-server.com # Reference: https://twitter.com/felixaime/status/1300335046029606912 lighting-spot.com/pub/media/js/jscol.min.js lighting-spot.com/pub/media/js/lighting.js # Reference: https://twitter.com/sansecio/status/1304043546970927104 # Reference: https://www.virustotal.com/gui/ip-address/80.78.254.128/relations sansec.biz csp.sansec.biz # Reference: https://twitter.com/sansecio/status/1305041618744086528 # Reference: https://twitter.com/sansecio/status/1305461119314690048 # Reference: https://sansec.io/research/largest-magento-hack-to-date # Reference: https://otx.alienvault.com/pulse/5f5f9a8ba62718db52b64700 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.152/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.245.32/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.245.93/relations ajaxcloudflare.com imags.pw mcdnn.me mcdnn.net myicons.net data-id-click.ru divamoda-tds.ru justwe-track.ru # Reference: https://twitter.com/sansecio/status/1306190540963282946 facelook.no/en_US/pixel.js # Reference: https://twitter.com/unmaskparasites/status/1308419144048668672 http://94.158.244.55 # Reference: https://twitter.com/MBThreatIntel/status/1310703704396279808 static-trustpilot.com # Reference: https://twitter.com/felixaime/status/1310835184917458944 # Reference: https://www.virustotal.com/gui/ip-address/161.117.237.217/relations # Reference: https://www.virustotal.com/gui/ip-address/45.14.12.199/relations # Reference: https://www.virustotal.com/gui/ip-address/6.9.3.11/relations acdn.space ancdn.site ancdnto.site arcdn.site bcdn.space cacdn.site ccdn.space cdna.site cdna.space cdnb.site cdnb.space cdnc.site cdnc.space cdncom.site cdnd.site cdnd.space cdne.site cdne.space cdnf.site cdnf.space cdng.site cdng.space cdnh.site cdnh.space cdni.site cdni.space cdnj.site cdnj.space cdnk.site cdnk.space cdnl.site cdnl.space cdnm.site cdnm.space cdnn.site cdnn.space cdno.site cdno.space cdnp.site cdnp.space cdnq.site cdnq.space cdnr.site cdnr.space cdns.site cdns.space cdnt.site cdnt.space cdnu.site cdnu.space cdnv.site cdnv.space cdnw.site cdnw.space cdnx.site cdnx.space cdny.site cdny.space cdnz.site cdnz.space dcdn.space fcdn.space frcdn.site gcdn.space gtacdn.site gtag.site gtage.site gtamanag.site gtcdn.site gtgcdn.site gtmcdn.site hcdn.space icdn.space jcdn.space kcdn.space ncdn.space ocdn.space qcdn.space tcdn.space usacdn.site uscdn.site wcdn.space xcdn.space zcdn.space # Reference: https://www.virustotal.com/gui/ip-address/45.32.178.26/relations acache.pw adev.pw asite.pw # Reference: https://twitter.com/felixaime/status/1310840704801951744 jquerycss.online jquerycss.space jquerycss.store jquerycss.tech jquerycss.website # Reference: https://twitter.com/JWilsonSecurity/status/1311140720498147334 # Reference: https://www.virustotal.com/gui/domain/ride4speed.com/relations ride4speed.com # Reference: https://twitter.com/AffableKraut/status/1311330609546104832 googleanalytics.monster googleanalytics.buzz google-analytics.monster google-analytics.buzz googletagmanager.cyou google-analytics.icu google-analytics.club googletagmanager.top google-analytics.cyou googleanalytics.top googleanalytics.cyou statanalytic.cyou googleshopanalytic.icu gstatic.cyou gstatic.club # Reference: https://twitter.com/MBThreatIntel/status/1311423125582540802 adsojs.com cdndeskpro.com cdnprog.com faceapiget.com facecdnget.com fbpixelget.com gstaticapi.com keywestcdn.com klaviyo.host lightgetjs.com listrakjs.com mediabtracker.com meidiaplus.com section.ws sectionget.com sumome.net swiftypecdn.org uniquegetapi.com findericons.com/favicon.ico # Reference: https://unit42.paloaltonetworks.com/malicious-coinminers-web-skimmer/ metahtmlhead.com # Reference: https://twitter.com/rootprivilege/status/1311731116345237509 # Reference: https://blog.sucuri.net/2021/01/magento-php-injection-loads-javascript-skimmer.html # Reference: https://www.virustotal.com/gui/ip-address/5.135.247.140/relations underscorefw.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.90.81/relations fontsgoogle-api.com googleapis-fonts.com # Reference: https://twitter.com/MBThreatIntel/status/1313137479512276995 # Reference: https://www.virustotal.com/gui/ip-address/188.68.220.49/relations # Reference: https://www.virustotal.com/gui/ip-address/31.184.253.166/relations # Reference: https://www.virustotal.com/gui/ip-address/47.245.128.231/relations # Reference: https://www.virustotal.com/gui/ip-address/47.89.184.107/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.170.245/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.84.162/relations # Reference: https://www.virustotal.com/gui/ip-address/5.53.125.202/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.14.9/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.20.61/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.27.102/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.72.188/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.79.49/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.65.45/relations # Reference: https://www.virustotal.com/gui/ip-address/8.210.68.59/relations # Reference: https://www.virustotal.com/gui/ip-address/79.143.29.164/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.144.26/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.145.190/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.147.241/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.148.133/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.30.191/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.31.102/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.31.214/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.233/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.84/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.183.160/relations admin-autorization.com bing-analytics.com bing-insert.com bootstrap-java.com cdn-jquery.com checkout-sagepay.com connect-facebook.com google-analytics.top google-anylysis.com google-apic.com google-assignments.com google-assistant.com google-checkout.com google-connect.com google-modile.com google-money.com google-payment.com google-query.com google-sale.com google-sanek.com google-smart.com google-standard.com google-taq.com google-tasks.com google-worldpay.com jquery-assets.com jquery-assist.com jquery-insert.com jquery-migrate.com live-sagepayment.com pay-sagepay.com pay-u-biz.com payment-sagepay.com payment-worldpay.com paypal-assist.com paypal-debit.com paypal-vendor.com paypal-worldpay.com paypalapiobjects.com payu-biz.com sagepay-live.com sagepay-world.com yahoo-manager.com yahoo-tasks.com cdn.jquery-migrate.com # Reference: https://www.virustotal.com/gui/ip-address/47.245.128.230/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.181.56/relations cdnanalyticss.top google-picaso.com promakerboi.top # Reference: https://twitter.com/AffableKraut/status/1313600312045907973 shopifyst.com # Reference: https://twitter.com/unmaskparasites/status/1313913253035159553 # Reference: https://www.virustotal.com/gui/ip-address/176.123.3.85/relations ay64.club by222.site cyan24.club dynrdns.site googleanalytics.icu idssl.site shopstatanalytics.store statanalytic.site # Reference: https://twitter.com/malwareinfosec/status/1349425176983658497 # Reference: https://www.virustotal.com/gui/ip-address/8.208.102.232/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.24.81/relations facebookapimanager.com tag-manager.net tags-manager.com # Reference: https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/ # Reference: https://www.virustotal.com/gui/ip-address/198.187.31.243/relations # Reference: https://twitter.com/MBThreatIntel/status/1314298615204995072 playbacknows.com # Reference: https://twitter.com/jeromesegura/status/1137087208630833152 jquers.com jqueres.com # Reference: https://twitter.com/Jacob_Pimental/status/1316173250850942977 # Reference: https://twitter.com/Jacob_Pimental/status/1316174498073399296 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.154/relations dataprocessor.net luhnvalidator.com stairany.com # Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html polobear.shop # Reference: https://twitter.com/marcelmalware/status/1140723183584272386 # Reference: https://www.virustotal.com/gui/domain/jquery.su/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.97.167/relations certicodeplus.cn cloudflare.su cloudflareplus.com cloudflareplus.net cloudflarepro.info cloudflarepro.name cloudflareshop.com coomperative.com glohtoris.top googleexpert.name googleinfo.name googlemaster.info googlemaster.name googleplus.name googletag.info googletag.name jquery.su jquery24.com jqueryexpert.com jqueryinfo.com jsstroy.com magentoinfo.name magentoinfo.org magentoportal.com magentostore.org mycloudflare.net paypai.xyz procloudflare.com procloudflare.net # Reference: https://www.virustotal.com/gui/ip-address/195.54.167.88/relations alipayservice.top alipaysecurity.top unionpayinternational.services # Reference: https://twitter.com/AffableKraut/status/1325157786032992258 # Reference: https://twitter.com/AffableKraut/status/1325157787291168775 aws-amazon.site freshdesk.space gaming-spirit.xyz gaminpit.com googletagmanager.site gooogletagsmanage.com karovi.best kckaa.com kxotic.me newoldtime.site newoldtime.space riskified.site shipstation.space signifyd.site tiros.xyz # Reference: https://www.virustotal.com/gui/ip-address/47.91.76.198/relations google-site-verification.com googlecloud-verification.com googletags-manager.com jquerydll.com script-analytic.com script-analytics.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.76.69/relations apibaseajax.com reactjsget.com statsaps.com # Reference: https://twitter.com/EKFiddle/status/1326245935559692289 # Reference: https://www.virustotal.com/gui/ip-address/162.241.201.20/relations artichgroup.com # Reference: https://twitter.com/rootprivilege/status/1326231381169512450 # Reference: https://www.virustotal.com/gui/ip-address/194.59.40.37/relations jquerylib-min.com jquerylib-min.net onlinecdn-js.com # Reference: https://www.riskiq.com/resources/research/magecart-ant-and-cockroach-skimmer/ # Reference: https://urlscan.io/search/#google-statik.pw # Reference: https://www.virustotal.com/gui/ip-address/217.12.204.185/relations 2binary-education.pw ads2.adverline.com/retargetproduit/partntertag/103754_tag.js alexa-rank.pw batbing.com bgznnfzn.pw checkip.biz consoler.in gnwnprnf.pw google-statik.pw niywqcnp.pw pornodrive.pw pornostyle.pw portal-a.pw portal-b.pw portal-c.pw portal-d.pw portal-e.pw portal-f.pw recaptcha-in.pw search-components.pw sexrura.pw tattoopad.pw xnprnfzn.pw # Reference: https://www.virustotal.com/gui/ip-address/185.236.232.88/relations # Reference: https://www.virustotal.com/gui/ip-address/5.44.45.58/relations # Reference: https://otx.alienvault.com/indicator/domain/gtagmanagers.com # Reference: https://urlscan.io/result/fcd59e67-62ae-4d44-904a-51208ed82f3e # Reference: https://hybrid-analysis.com/sample/309d6cd27991b14cffe004ffbf3844dec6e050e2ed1604558627fa3077599032 gtagmanagers.com # Reference: https://securityaffairs.co/wordpress/111009/cyber-crime/sucuri-software-skimmer.html terminal4.veeblehosting.com/~sucurrin/i/gate.php /~sucurrin/ /sucurrin/ # Reference: https://twitter.com/rootprivilege/status/1331766420317773826 zago-store.vn/pub/health_check.php # Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ # Reference: https://twitter.com/AffableKraut/status/1333258524219072515 adsometrick.com apptegmaker.com googletage.com indesiter.com tag-metrix.com tawktalk.com # Reference: https://twitter.com/AffableKraut/status/1334745410750046208 abcanalytics.net adsymptotic.net artestfut.com artfut.net iofrontcloud.com outbrains.net upsellit.io zdassets.net # Reference: https://twitter.com/EKFiddle/status/1334908783894491138 # Reference: https://twitter.com/rootprivilege/status/1335018000227868672 # Reference: https://sansec.io/research/svg-malware budoshop.si/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css budoshop.si/pub/health_check.php myfisherstore.com/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css myfisherstore.com/pub/health_check.php # Reference: https://twitter.com/AffableKraut/status/1335501765031174145 # Reference: https://www.virustotal.com/gui/ip-address/51.89.179.232/relations jquerycdn.net jquerycss.xyz jquerysapi.com js-jquery.com jslibcdn.net # Reference: https://www.group-ib.com/blog/fakesecurity_raccoon (# FakeSecurity) cloud-js.co.za host-js.co.za magento-cloud.co.za magento-js.co.za magento-security.co.za marketplace-magento.co.za marketplacemagento.co.za node-js.co.za payment-js.co.za security-js.co.za web-js.co.za # Reference: https://twitter.com/sansecio/status/1336319799501078529 (# FakeSecurity) # Reference: https://twitter.com/AffableKraut/status/1336342947613306881 bing-statistic.co.za bing-statistic.org.za bing-statistic.web.za cdn-jquery.co.za cdn-jquery.org.za cdn-jquery.web.za cdn-js.co.za cdn-js.org.za cdn-js.web.za chrome.co.za chrome.org.za chrome.web.za font-google.co.za font-google.org.za font-google.web.za g00gle.africa g00gle.co.za g00gle.org.za g00gle.web.za godaddy.co.za godaddy.org.za godaddy.web.za google-script.co.za google-script.org.za google-script.web.za google-scripts.co.za google-scripts.org.za google-scripts.web.za javascript.co.za javascript.org.za javascript.web.za js-google.co.za js-google.org.za js-google.web.za magent0.co.za magent0.org.za magent0.web.za magento-connect.co.za magento-connect.org.za magento-connect.web.za magento-content.co.za magento-content.org.za magento-content.web.za microsoft.co.za microsoft.org.za microsoft.web.za mozilla.co.za mozilla.org.za mozilla.web.za opera.co.za opera.org.za opera.web.za yah00.co.za yah00.org.za yah00.web.za # Reference: https://www.virustotal.com/gui/ip-address/169.239.182.46/relations # Reference: https://twitter.com/AffableKraut/status/1336352752478334977 google-statistic.com google-statistic.net yahoo-statistic.com yahoo-statistic.net # Reference: https://www.virustotal.com/gui/domain/google-statistics.com/relations google-statistics.com # Reference: https://twitter.com/500mk500/status/1336333922213404673 # Reference: https://www.virustotal.com/gui/ip-address/8.208.99.195/relations comepropay54.net # Reference: https://twitter.com/sansecio/status/1336614850047381506 # Reference: https://www.virustotal.com/gui/ip-address/89.108.90.123/relations cloud-iq.net # Reference: https://www.virustotal.com/gui/ip-address/89.108.90.125/relations brandcdn.net # Reference: https://twitter.com/kyleehmke/status/1336694242685702147 google-register.com webspagestat.com # Reference: https://twitter.com/AffableKraut/status/1337485794940956675 # Reference: https://twitter.com/AffableKraut/status/1337491084960739329 # Reference: https://twitter.com/500mk500/status/1337499684370255872 # Reference: https://pastebin.com/Xf4iGu9q adrequest.xyz agrorek.site apiiiiii.com appraisalqpm.com artifacia.store bigdomain.in businesslocationfinder.org cloudfront.pro comebizframe.com evamedia.top evanalitic.com g-content.bid golecode.com gooaglesyndication.com google-stupidix.com googleadservicees.com googleais.com googlecodelibs.com googlesyndicatiofn.com googlesyndiction.com googletagmanag-er.com googlgr.com googlnalytics.com gytmoogletagmanager.com hs-script.com html5update.com javascriptcdn.stream jquerry.online jquerytutorialjs.com jss-mautic.com koobecaf.info mediapays.info ml-api.pw nearsightedraccoon.com polygons.cloud professionalcdn.com raku10shop.net realtracking.ninja removeclickfunnels.com rotate4ads.com seetestnow.com sitespy.in sublytics-5d6fcf0a813fd.com thesqt.online trackedlink.biz visitorhunter.com weathers.pw xhtmls.cc # Reference: https://twitter.com/jfslowik/status/1337465833602203648 centosupdatecdn.com jqery.net # Reference: https://twitter.com/AffableKraut/status/1337682688233398273 googie-analytisc.com google-analytisc.com google-ecommerce.com google-science.com google-trusts.com # Reference: https://www.virustotal.com/gui/domain/google-analysis.com/detection google-analysis.com # Reference: https://twitter.com/gwillem/status/1339895713405280265 # Reference: https://www.virustotal.com/gui/file/2602da2aafea7a632d69654269c923d33d23bb72176bee9b5cd2e602bd3c93c3/detection # Reference: https://www.virustotal.com/gui/file/4321b96d5ee4f89baeca39d24a7808190129b1115d1236297e191c4706444090/detection # Reference: https://www.virustotal.com/gui/file/85b74ceae400d70ab81aa8e0f1412689196e9eead3fc3dbe33df26af7fac33c9/detection # Reference: https://www.virustotal.com/gui/file/89ad715d0c924625fb4af392353e07c97b4e6a23fd65ef845690900e5d3dbb1d/detection hostreselling.com jquerysmartstack.com # Reference: https://community.riskiq.com/article/14924d61 # Reference: https://urlscan.io/search/#jquerycloud.com # Reference: https://www.virustotal.com/gui/ip-address/8.211.0.55/relations jquerycloud.com /js/dovesfarm.js # Reference: https://twitter.com/VK_Intel/status/1162434460731813893 # Reference: https://www.zscaler.com/blogs/security-research/magecart-hits-again-leveraging-compromised-sites-and-newly-registered-domains cloudflara.org googletagmanager-service.com # Reference: https://twitter.com/500mk500/status/1339707412316626945 # Reference: https://www.virustotal.com/gui/ip-address/185.154.13.210/relations # Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.129.13/relations gstatica.space gstaticc.space gstaticd.space gstatice.space gstaticf.space gstaticq.space gstaticr.space gstatics.space gstaticv.space gstaticw.space gstaticx.space gstaticz.space # Reference: https://twitter.com/rootprivilege/status/1339751739604365312 printcss.host # Reference: https://twitter.com/sansecio/status/1339914201662443520 # Reference: https://www.virustotal.com/gui/ip-address/162.241.222.203/relations hsbc-secures.com hsbcaccts.com hsbcsecuressl.com nmdatast.com ushsbcsecure.com # Reference: https://twitter.com/AffableKraut/status/1340035274450079744 # Reference: https://twitter.com/500mk500/status/1340048171779633153 paymaster-ssl.ru # Reference: https://twitter.com/makflwana/status/1341239469836357633 # Reference: https://www.virustotal.com/gui/ip-address/176.123.7.116/relations googlessl.icu idtransfer.icu idtransfer.me # Reference: https://www.group-ib.com/blog/ultrarank # Reference: https://otx.alienvault.com/pulse/5fe4cb300b0a9b6655a11de1 45.141.84.239:1443 googletagsmanager.co googletagsmanager.info s-panel.su # Reference: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce zg9tywlubmftzw5ldza.com zg9tywlubmftzw5ldze.com zg9tywlubmftzw5ldze0.com zg9tywlubmftzw5ldze1.com zg9tywlubmftzw5ldzew.com zg9tywlubmftzw5ldzex.com zg9tywlubmftzw5ldzey.com zg9tywlubmftzw5ldzez.com zg9tywlubmftzw5ldzg.com zg9tywlubmftzw5ldzi.com zg9tywlubmftzw5ldzk.com zg9tywlubmftzw5ldzm.com zg9tywlubmftzw5ldzq.com zg9tywlubmftzw5ldzu.com zg9tywlubmftzw5ldzy.com # Reference: https://www.virustotal.com/gui/ip-address/47.90.242.121/relations # Reference: https://www.virustotal.com/gui/ip-address/47.91.28.226/relations trustcdnjs.com # Reference: https://www.virustotal.com/gui/ip-address/161.117.89.16/relations # Reference: https://urlscan.io/result/2cbc4a8f-eff1-4ed2-8fcf-09514c612e19/ # Reference: https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/ # Reference: https://urlscan.io/domain/myxintad.com jsglobal.top myxintad.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.89.255/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations connecstaff.com pubmatgic.com # Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations awskit.com awsprog.com keywestapi.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.24.53/relations pixeltrack.top # Reference: https://twitter.com/p0x53/status/1343649574674550784 # Reference: https://www.virustotal.com/gui/ip-address/176.119.1.157/relations amazon-server12-cdn.com amazon-server15-cdn.com # Reference: https://twitter.com/felixaime/status/1343958003905671173 jerrysmusic.com/js/varien/validation.js # Reference: https://twitter.com/marcelmalware/status/1277615543013519362 gtows.com/wp-content/js/var.js # Reference: https://twitter.com/sinnadabueno/status/1344078328278482946 userway-api.com # Reference: https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html java-e-shop.com soulmagic.biz.fozzyhost.com # Reference: https://twitter.com/malwareinfosec/status/1347590799249219584 # Reference: https://www.virustotal.com/gui/ip-address/102.130.115.168/relations cdn-cloud.co.za cdn-jquery.biz cdn-jquery.net cdn-jquery.net.za cdn-jquery.org cdn-jquery.web.za cdn-jquery.org.za cdn-stat.co.za cdn-stat.org.za cdn-stat.web.za cdn-update.co.za # Reference: https://twitter.com/malwareinfosec/status/1347598539589709824 veterinaryconcepts.com/errors/enx.php?data= # Reference: https://twitter.com/500mk500/status/1347687209844027392 # Reference: https://urlscan.io/result/0a34d7a1-aef8-45d3-b71a-71d68d66530b/ # Reference: https://urlscan.io/result/838576c6-7d97-4821-86cd-6d463d21782b/ # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.81/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.4/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.5/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.6/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.7/relations cloudchimp.online cloudchimp.tech mail-chimp.site mailchimp.press printcss.site supportpay.club tagmanager.online tagmanager.site tagmanager.store tagmanager.tech # Reference: https://twitter.com/felixaime/status/1351456431086698498 # Reference: https://twitter.com/malwareinfosec/status/1351584550099435526 # Reference: https://twitter.com/p0x53/status/1352188052433633280 # Reference: https://www.virustotal.com/gui/ip-address/109.199.125.72/relations # Reference: https://www.virustotal.com/gui/ip-address/80.92.206.12/detection styl.click styl.host styl.press analyst.uno magento.uno publish.uno servers.uno sql.uno vms.uno # Reference: https://twitter.com/AffableKraut/status/1260829836198711296 analitic.club felers.club tags-analitic.icu tags-css.icu # Reference: https://twitter.com/AffableKraut/status/1348165316589846532 fbevents.host fbevents.site fbevents.store fbevents.tech # Reference: https://twitter.com/AffableKraut/status/1348525412415107072 # Reference: https://www.virustotal.com/gui/ip-address/45.155.38.3/relations cdn-google-cloudflare.com # Reference: https://twitter.com/AffableKraut/status/1348684891718901762 # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.139/relations # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.153/relations # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.147/relations asp-cloud.org.za google-document.co.za google-js.co.za google-js.org.za google-js.web.za google-network.co.za google-statistic.co.za google-statistic.org google-statistic.org.za google-statistic.web.za jquery.africa jquery.org.za lib-cloud.org.za lib-cloud.web.za mage.org.za mage.web.za magento.web.za node-js.org.za node-js.web.za nodejs.org.za yahoo-statistic.org.za yahoo-statistic.web.za # Reference: https://community.riskiq.com/article/5bea32aa statexplore.com jquery-dll.net # Reference: https://twitter.com/AffableKraut/status/1351390506484445184 # Reference: https://twitter.com/AffableKraut/status/1351390507759529984 # Reference: https://twitter.com/AffableKraut/status/1351390508719943680 # Reference: https://twitter.com/AffableKraut/status/1430075608143384580 # Reference: https://gist.github.com/krautface/3957a1f6d21cb201fefb8327ecb3dfdd # Reference: https://gist.github.com/krautface/8e4706bc1142f5d14c3fb15a8a17a7ed # Reference: https://gist.github.com/krautface/e80d3dbf7cbc49a6449ba3355b6af327 # Reference: https://gist.github.com/krautface/e16ad2ccf30612378e0f22699982dbf5 # Reference: https://gist.github.com/krautface/e31ca7282537ac3858a72295b7d62dad # Reference: https://gist.github.com/krautface/cd29d552cb1edd50059ae541dfda9532 01phone.uno 0days.uno 0fx.club 0night.xyz 0to1.buzz 0xand.buzz 0york.xyz 114oo.icu 189027.icu 1place.buzz 1sterr.uno 1time.buzz 1to3.buzz 1xbe.icu 221u7.cyou 24hrs.fun 2days.fun 2every.fun 2nght.xyz 2now.cyou 3dw.buzz 3dwarfs.xyz 3dworks.club 3sombreros.xyz 3x3x3x.xyz 404p.icu 4evver.buzz 4mer.buzz 4youu.buzz 5leos.xyz 5meter.fun 5star.uno 5x5x5.cyou 64bitss.club 666devil.fun 6drops.buzz 6tries.uno 7avon.beauty 7chance.xyz 7digits.us 7game.fun 7luck.buzz 80srock.club 8er.uno 8planet.xyz 8words.xyz 99of100.xyz 9gag.uno 9precept.xyz 9tuvw.xyz a42.buzz absorb.buzz abspl.xyz amads.buzz amads.uno amads.xyz amads2.xyz ambien.buzz amlog.buzz arriver.buzz ax128.icu ay64.club b17.monster babotrep.top badger.uno bbonus.xyz bcheep.biz blacktrade.net brainr.xyz broadw.xyz bx333.cyou by222.site c982.link cicadaos.top coals.fun coas.uno commv.club croat.uno cx1md.cyou cyan24.club d883.click deepe.icu demodirk.top deriv.fun dredn.uno dropz.fun dx26cmd.icu dynrdns.site e-holodilnik.com e141.icu ehrmen.xyz elobaron.top enabler.buzz errno.xyz estim.buzz ext22.icu eyes2u.site f1racing.icu f8822.buzz feandor.pm fitoteas.top floaty.buzz foldr.xyz freejob.uno frozn.xyz fx555.cyou fykes.club g8super.monster g98.monster gigo.buzz golotiras.top google-analytics.buzz google-analytics.club google-analytics.cyou google-analytics.icu google-analytics.monster googleanalytics.buzz googleanalytics.cyou googleanalytics.icu googleanalytics.monster googleanalytics.top googleshopanalytic.icu googletagmanager.cyou googletagmanager.top gravit.xyz greml.xyz grosss.club gstatic.club gstatic.cyou gx717.icu gym365.site herbo.xyz hick.buzz hihihi.cyou hija.buzz hint.fun holidaygo.ru hostssl.uno hostssl.xyz hx24.cyou hydropont.top hyper1.club iamsuch.fun ifilez.uno inits.fun intr0.cyou irrati.uno ix85.cyou iyork.club jeepp.fun jellyfoxa.top jobber.fun jockey.monster johndoe.icu joinem.uno jx22.icu jyjy.site kanken.ru keepr.buzz kilopriz.top klear.buzz klingon.monster knowit.buzz kraftz.uno kx482.icu kyat.club lassoz.xyz lazyfox.icu lemogate.in limitedd.xyz lizrd.xyz loll0l.xyz lx05.cyou lynx1.site lyxuruoce.top merph.fun miners.fun mirr.buzz misstr.xyz mongodali.top monk.monster mx11.shop mythis.store n0ne.cyou nanorich.top narrr.xyz nerol.xyz noth.buzz nozzl.uno nx44.fun nyvip.store objec.fun objen.fun om.sb oppen.icu oprataxu.top oreal.fun originel.buzz ox95.top oyer.club ozzyz.buzz padmin2.xyz pens.monster peppp.uno popcrn.icu posr.uno prods.uno propty.xyz px22.xyz pxxx.xyz pyrex.site qee.buzz quake.buzz questn.fun quickerr.xyz quicky.cyou quotez.pw qx48.buzz qyizz.store rebor.xyz rebrn.xyz reddys.icu restt.xyz rollr.buzz rxazz.uno rxbet.uno rxch.uno rxchg.uno rxdd.uno rxdex.uno rxem.uno rxemb.uno rxfff.uno rxgreed.uno rxgrow.uno rxhop.uno rxindia.uno rxint.uno rxjoke.uno rxkoz.uno rxled.uno rxmod.uno rxnop.uno rxooo.uno rxpro.uno rxquz.uno rxrch.uno rxstd.uno rxtmp.uno rxuno.uno rxvvv.uno rxwax.uno rxxx.uno rxyz.uno rxzip.uno ryanz.cyou rybbon.cyou rycycle.cyou ryddle.club ryderz.cyou ryer.club ryeseed.club ryezon.cyou ryfer.cyou ryggle.cyou rygle.cyou ryhed.cyou ryhson.cyou ryibol.cyou ryicat.cyou ryjoke.cyou rykman.cyou ryloth.cyou rymour.cyou rynder.cyou ryots.cyou ryprop.cyou ryquoko.cyou ryren.cyou ryser.cyou rytlab.cyou ryuuk.cyou ryvers.cyou ryweak.cyou ryxmas.cyou ryyyy.cyou ryzone.cyou shopssl.xyz shopstatanalytics.store sportloto.buzz sstockk.xyz sstrip.uno statanalytic.cyou steelz.uno streetrac.icu stress.buzz sub0.monster sxamp.uno sxbet.uno sxcad.uno sxdmp.uno sxerr.uno sxfnc.uno sxgear.uno sxhit.uno sxint.uno sxjump.uno sxklap.uno sxldr.uno sxmnt.uno sxnem.uno sxobj.uno sxpro.uno sxqck.uno sxrock.uno sxsok.uno sxterm.uno sxung.uno sxvid.uno sxwww.uno sxxx.uno sxyz.uno sxzz.uno sxzz.xyz syamoto.club syberian.club sycamor.club sydne.club syenna.club syfer.club sygna.club syhire.club syidim.club syjet.club sykzer.club sylamine.club symbiond.club synchros.club synjet.site syomi.club syphons.club syqqure.club syrreal.club system31.club sytcom.club syultra.club syvere.club sywang.club syxteen.club syyy.club syzu.club tanks.cyou tickis.club tremol.xyz tropicl.fun turb.buzz txarb.uno txbor.uno txcrn.uno txdln.uno txesc.uno txflt.uno txgnd.uno txhwnd.uno txinp.uno txjack.uno txkrn.uno txlist.uno txlost.uno txmag.uno txnop.uno txogr.uno txport.uno txqr.uno txred.uno txset.uno txtds.uno txuno.uno txvol.uno txweb.uno txxen.uno txyzz.uno txzer.uno tyador.club tybrown.club tyctok.club tydrew.club tyebas.club tyffoo.club tyggle.club tyhinz.club tyings.club tyjer.club tykers.club tylerz.club tympan.club tyndall.club tyosophy.club typesett.club tyquest.club tyrole.club tyssian.club tytrat.club tyultra.club tyvolume.club tywing.club tyxtyx.club tyyear.club tyzone.club ultim.fun ultrav.fun unkel.uno uoycc.cyou user42.xyz uvlamp.buzz uxand.uno uxbtn.uno uxclk.uno uxdrop.uno uxeof.uno uxfog.uno uxgot.uno uxhot.uno uxids.uno uxjob.uno uxkom.uno uxlamp.uno uxmed.buzz uxnex.buzz uyarray.club uybusiness.club uycreate.club uydamage.club uyembed.club uyfrost.club uygreat.club uyhotline.cyou uyignite.cyou uyjingle.cyou uyknight.cyou uymiddle.cyou uynight.cyou vacuum5.club vanad.uno vdr.monster versn.xyz volc.uno voltage.fun warr.club wick.buzz worldz.buzz wron.xyz wyomng.icu xchgr.xyz xfilesx.club xmass.xyz xports.xyz xrayz.buzz yellw.fun yets.xyz ynter.xyz yorkzz.buzz yoyoyo.cyou zerr.club zetas.buzz zetas.club zetas.fun zetas.monster zetas.xyz # Reference: https://twitter.com/rootprivilege/status/1352625063212666880 # Reference: https://twitter.com/unmaskparasites/status/1352743873714348033 # Reference: https://lukeleal.com/research/posts/magento2-skimmer-testserver-php/ bardven.com/testServer.php pedlitz.com/testServer.php # Reference: https://twitter.com/AffableKraut/status/1352693061336371200 # Reference: https://www.virustotal.com/gui/ip-address/169.239.183.80/relations ajax-plugin.org cdn-ajax.co.uk cdn-cloudflare.biz cdn-js.co.uk cdn-magento.com cdn-plugins.org cdn-rackspace.com cloud-plugins.org js-widget.com plugin-ajax.com widget-ajax.co.uk widget-js.co.uk # Reference: https://twitter.com/malwrhunterteam/status/1354431227802095619 # Reference: https://www.virustotal.com/gui/ip-address/34.85.13.9/relations jquery-scdn.com # Reference: https://twitter.com/jeromesegura/status/1354598447022653442 # Reference: https://www.virustotal.com/gui/ip-address/188.227.57.93/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.119.130/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.72.238/relations google-analuting.com google-conversion.com google-gateway.com google-note.com google-squery.com paypal-moneypay.com # Reference: https://twitter.com/AffableKraut/status/1355263804872024072 # Reference: https://twitter.com/AffableKraut/status/1355263805899595783 aws-amazon.site extrn.ru freshdesk.space google-analytics.su kckaa.com newoldtime.site newoldtime.space riskified.site shipstation.space signifyd.site strat-o-matic.org tolinkjpattr.com tywyvern.com # Reference: https://twitter.com/unmaskparasites/status/1356378296292806657 # Reference: https://twitter.com/AffableKraut/status/1356412371334529024 advertising-cdn.com africa-best-dating.com google-adwert.com google-adwersting.com new-adversting.com # Reference: https://twitter.com/jeromesegura/status/1356654794098626560 # Reference: https://twitter.com/MBThreatIntel/status/1357028912677613568 # Reference: https://www.virustotal.com/gui/ip-address/144.202.119.63/relations # Reference: https://www.virustotal.com/gui/ip-address/45.77.125.110/relations # Reference: https://blog.malwarebytes.com/cybercrime/2021/02/credit-card-skimmer-piggybacks-on-magento-1-hacking-spree/ auxbeam-img.cloud cdnmaeva.top costway.top crazyvaps.info hdanalyse.com hdenvironement.com hdpopulation.com motoxpricambi.top securityxx.top /costway.js /mcostway.js # Reference: https://twitter.com/virelli/status/1359465087204024325 beyondhealth.com/media/js/a1def6c62256906029767cb784323ab3.js # Reference: https://twitter.com/kyleehmke/status/1360189186578513920 # Reference: https://www.virustotal.com/gui/ip-address/45.155.37.122/relations gtmtagmanager.com # Reference: https://twitter.com/AffableKraut/status/1360319951182180355 adfast.tech getquantum.space heatmap-customer-tracking.com intellibs.net ipmarketing.biz jquery-library-code.ru jsdeliddvr.net media-rotator.net mktracking.com popstat.net push.report rotationmessage.net salesbeeapi.com statgecko.com statisticsfree.com weathermap.biz # Reference: https://twitter.com/AffableKraut/status/1360343813454245893 # Reference: https://sansec.io/research/google-apps-script # Reference: https://www.virustotal.com/gui/ip-address/91.194.11.205/relations analit.tech hotjar.host pixelm.tech # Reference: https://twitter.com/500mk500/status/1361061870061424653 # Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations # Reference: https://www.virustotal.com/gui/ip-address/91.200.85.137/relations blondescript.info blondescript.net blondescript.org coollandpage.ru # Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations # Reference: https://www.virustotal.com/gui/ip-address/89.203.198.177/relations # Reference: https://urlscan.io/result/533860b5-b101-483a-8716-d8bd19c57679/ clickandunder.com gdprmysites.co javaskript.pw json-jquery.icu statistikajsscrypt.com # Reference: https://twitter.com/benkow_/status/1222457832810991616 # Reference: https://www.virustotal.com/gui/domain/bamblbee.store/relations bamblbee.store # Reference: https://twitter.com/AffableKraut/status/1363366240039952387 google-tag.com # Reference: https://urlscan.io/result/256f6bae-84f0-488e-9e15-47ae15760cc6/ # Reference: https://www.virustotal.com/gui/ip-address/45.145.64.143/relations fbanalytic.org # Reference: https://twitter.com/unmaskparasites/status/1364675090256785411 elume.org # Reference: https://twitter.com/unmaskparasites/status/1364652993971245060 # Reference: https://www.virustotal.com/gui/ip-address/45.142.213.172/relations googlecdn-api.com jquery-in.com jquery-ini.com mastercvv.in sert-googlefonts.com # Reference: https://www.virustotal.com/gui/ip-address/34.65.43.209/relations evolutagain.ru huntes.ru manualseos.ru seocmson.ru # Reference: https://gist.github.com/krautface/b97dfcb3e07d74ebc2eab7f1051923d2 bulder.online # Reference: https://twitter.com/sansecio/status/1367404202461450244 # Reference: https://twitter.com/unmaskparasites/status/1370579966069383168 # Reference: https://urlscan.io/result/293c311f-900b-4662-9b5d-c1d0b11cead7/ # Reference: https://blog.sucuri.net/2022/06/smilodon-credit-card-skimming-malware-shifts-to-wordpress.html # Reference: https://www.virustotal.com/gui/ip-address/195.123.217.18/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.246.34/relations facedook.host javasources.net predator.host pathc.space redorn.space zeborn.pw # Reference: https://urlscan.io/result/6dea6218-8a34-4f48-931e-93fa1677faf6/ googletagmanaaer.com # Reference: https://www.virustotal.com/gui/ip-address/5.34.179.116/relations google-jquery.eu # Reference: https://twitter.com/TeamDreier/status/1368955262900592640 # Reference: https://www.virustotal.com/gui/ip-address/185.238.171.228/relations # Reference: https://www.virustotal.com/gui/ip-address/35.228.62.27/relations cloubfiare.net googiemanager.com googlemanagerads.com googlemgr.net gooqleads.net gooqlescript.com qodaddy.net # Reference: https://twitter.com/TeamDreier/status/1369617099023388672 google-codes.com google-thumbs.com google-worlds.com paypal-merchant.com paypal-merchants.com # Reference: https://twitter.com/jfslowik/status/1369745187480559617 analytics-cdn.net analytics-ssl.net # Reference: https://twitter.com/unmaskparasites/status/1370151988285992960 # Reference: https://twitter.com/rootprivilege/status/1370394651509678080 content-analytics-server.com pagemonitor-server.com templatesurvey.com # Reference: https://www.group-ib.com/blog/e1rb cdn-gstat.com cdn-host.org google-analitics.org jquery-live.com jquery-on.com telrshop.com # Reference: https://twitter.com/MBThreatIntel/status/1371877118909378568 adextech.com/tr/echo/advisor.min.js # Reference: https://twitter.com/rcwht_/status/1374016465444220932 # Reference: https://www.virustotal.com/gui/ip-address/8.209.70.103/relations ssl-authorization.com # Reference: https://twitter.com/unmaskparasites/status/1374806612611723264 wedelf.com/wip/reverse.min.js # Reference: https://twitter.com/unmaskparasites/status/1374812123562319872 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.143/relations # Reference: https://www.virustotal.com/gui/ip-address/194.87.144.10/relations agilityscripts.com amazonawscdn.com cdnforplugins.com devlibscdn.com mirasvit.net secure4d.net seoagregator.com speedtransaction.com spotforassets.com v2-zopim.com webadstracker.com # Reference: https://twitter.com/MBThreatIntel/status/1375516616243474438 un5.ffox.site # Reference: https://twitter.com/TeamDreier/status/1375149879664709638 # Reference: https://www.virustotal.com/gui/ip-address/35.228.228.1/relations bing-visitors.com googieads.com googieupdate.com google-site-verification.net googleadservlces.com googlegtm.com jquerylast.com yahoo-tracker.com # Reference: https://twitter.com/MBThreatIntel/status/1376662429229142022 # Reference: https://twitter.com/rootprivilege/status/1549799944835371008 # Reference: https://x.com/sdcyberresearch/status/1925172801259933975 # Reference: https://www.virustotal.com/gui/ip-address/185.215.113.111/relations # Reference: https://www.virustotal.com/gui/ip-address/194.61.25.77/relations # Reference: https://www.virustotal.com/gui/ip-address/77.83.36.33/relations # Reference: https://app.validin.com/detail?find=9af4e56ebcbf5cde0d3581b1900fc6ca&type=hash&ref_id=7ef8db303a5#tab=host_pairs (# 2025-05-07) gstatis.co gstatls.cc jqueri-web.at jqueri.at jqueridev.at jqueriweb.at jsdelivr.at maps-gstatic.com cdn.jsdelivr.at # Reference: https://twitter.com/unmaskparasites/status/1377383696009895939 brewtees.com/jquery/ # Reference: https://twitter.com/unmaskparasites/status/1378065215565168641 # Reference: https://twitter.com/unmaskparasites/status/1378065738422874114 # Reference: https://www.virustotal.com/gui/ip-address/198.27.64.84/relations # Reference: https://www.virustotal.com/gui/ip-address/47.91.78.128/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.69.32/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.96.5/relations # Reference: https://www.virustotal.com/gui/ip-address/80.211.41.122/relations googletagmanagers.com googletagsmanagers.com fonts-analytics.com fontsgstatic.com googlefonts-api.com googlefonts-dns.com jquery-dns.com jquery-ssl.com page2adgooglesyndication.com stackpathbootstrapcdn.com # Reference: https://urlscan.io/result/e76a66c0-403e-4099-a673-ecb322b99f7e/ # Reference: https://urlscan.io/result/14b99a92-2ec2-4327-a0f1-a0249e4513be/ # Reference: https://www.virustotal.com/gui/ip-address/203.91.116.53/relations cdnjsapis.com jquery-analytics.com # Reference: https://urlscan.io/result/a38d860f-b1a2-432c-a8ff-a4132c0f8293/ jquery-google.com # Reference: https://twitter.com/rootprivilege/status/1379096986897408001 # Reference: https://lukeleal.com/research/posts/magento2-payprocess-obj_31337-skimmer/ payprocess.org processpayment.cc # Reference: https://www.virustotal.com/gui/ip-address/8.208.78.46/relations cdn-alipearlhair.com livechatlnc.com paypalobjacts.com tagmanaqer.com # Reference: https://twitter.com/AffableKraut/status/1380022960627593216 # Reference: https://twitter.com/AffableKraut/status/1380022963160895490 # Reference: https://twitter.com/AffableKraut/status/1380022987626328065 # Reference: https://www.virustotal.com/gui/ip-address/176.9.51.172/relations aramorganstake.com cdnnetworking.com cdnnetwrk.com csscdnnett.com fivemofreegate.com fonts.services gegelanallitics.com google-analytics.org googleanalyse.website googlecashstat.com healcodes.com huggy.tech joopsjeemz.com liquidibi.com manutdfuns.com remincss.com sellait.com sixmofreegate.com snowdronedge.com # Reference: https://www.virustotal.com/gui/ip-address/144.76.57.177/relations aldyen.com braitnreegateway.com cobrosya.net cullqi.com cyberesources.com e-posnets.com epayou.net eurocommerces.net filows.com khipus.net mercadopagos.net mindbodyonlines.com oppwwa.com paypluge.com paypulatam.com redysys.net sinetesis.com stripies.com transbanks.net vivapayments.net vnmnet.net xpaymentes.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.78.196/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.92.202/relations amazon-sert.com analyticsfonts.com fontsgoogles.com googlefonts-map.com # Reference: https://www.virustotal.com/gui/ip-address/192.187.120.45/detection # Reference: https://www.virustotal.com/gui/ip-address/35.197.229.31/relations # Reference: https://urlscan.io/result/14d969b1-dc3e-4803-8b8a-9a3356f44a79/ googl-mail.com googl-service.com # Reference: https://www.virustotal.com/gui/ip-address/98.129.19.208/relations script-manager.com scriptmgr.com # Reference: https://www.virustotal.com/gui/ip-address/96.126.108.31/relations scriptdispense.com # Reference: https://twitter.com/TeamDreier/status/1383696994380648448 # Reference: https://www.virustotal.com/gui/ip-address/95.217.250.26/relations googlemanagerapi.com # Reference: https://www.virustotal.com/gui/ip-address/149.28.245.206/relations api-hotjar.com # Reference: https://twitter.com/AffableKraut/status/1383964524110245888 analistnet.site analiticnet.site analiticsnet.site analiticweb.site analylicweb.site analystclick.site analysttraffic.site analystview.site analystweb.site analyticlick.site analyticmanager.site analyticview.site clickanalyst.site clickanalytic.site foundanalyst.site foundanalytic.site managertraffic.site netanalist.site netanalitic.site netanalitics.site nettraffic.site siteanalist.site siteanalitic.site siteanalitics.site siteanalyst.site siteanalytic.site sitetraffic.site trafficanalyst.site trafficanalytics.site trafficcloud.site trafficweb.site unpkgtraffic.site viewanalyst.site viewanalytic.site webanalitic.site webanalitics.site webanalylic.site webanalyst.site # Reference: https://twitter.com/TeamDreier/status/1384089703599595526 # Reference: https://www.virustotal.com/gui/ip-address/34.125.75.72/relations ajaxtracker.com analytics-gtm.com cdn-cgi.net doubiecliick.net jquery-ui.net # Reference: https://twitter.com/rootprivilege/status/1384357710603292676 cdn-frontend.com # Reference: https://www.virustotal.com/gui/ip-address/103.232.215.140/relations jcsscpt.com jcsscpt.net sscyulept.com # Reference: https://www.virustotal.com/gui/ip-address/104.219.248.46/relations legacy-scripts.com # Reference: https://twitter.com/AffableKraut/status/1384553513842352130 conf-localhost.com facebooknetworks.com secure-conf.com # Reference: https://twitter.com/AffableKraut/status/1384546205921943552 # Reference: https://urlscan.io/search/#filename:%22google.analytics.b.js%22 /google.analytics.b.js # Reference: https://twitter.com/TeamDreier/status/1384818143156129792 coupon-popup.net dns-servers-update.net # Reference: https://www.virustotal.com/gui/ip-address/8.208.86.98/detection # Reference: https://urlscan.io/result/420f0ac5-d7b4-4417-9985-ce325c4feeb4/ ssl-center.com # Reference: https://www.virustotal.com/gui/ip-address/135.181.34.206/relations # Reference: https://www.virustotal.com/gui/ip-address/45.148.120.226/relations # Reference: https://www.virustotal.com/gui/ip-address/45.61.139.93/relations # Reference: https://www.virustotal.com/gui/ip-address/61.164.109.218/relations # Reference: https://www.virustotal.com/gui/ip-address/67.205.167.220/relations # Reference: https://www.virustotal.com/gui/ip-address/44.227.238.106/relations # Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations # Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations # Reference: https://www.virustotal.com/gui/ip-address/27.124.42.69/relations # Reference: https://www.virustotal.com/gui/ip-address/185.248.102.2/relations js-cdn.club js-cdn.host js-cdn.info js-cdn.net js-cdn.online js-cdn.org js-cdn.pw js-cdn.ru js-cdn.site js-cdn.top js-cdn.xyz # Reference: https://www.virustotal.com/gui/ip-address/45.33.20.246/relations 1001-font.com alexa-tracking.com ali-clicks.com analytics-website-services.com analytix.host cdn-hosted.com cdn-js-query.com code-scripts.com count-stats.com data-analytics.club dr-cdn.com glatrac.com goolgeapis.com jquery-custom-plugin.com js-cdn.com jscriptlibrary.org kissmetrics-analytics.com quikianalytics.site securemy-js.com staticjs-webui-library.com tagblock-analytics.com toolscript-js.com tracfb.com track-link.site trackr.website vnlyse.com yanalyics.com # Reference: https://www.virustotal.com/gui/ip-address/96.126.117.191/relations cdn-aws.com clicktracking321.com google-analytics-premium.com fonts-community.com fonts-directory.com leadcap-js.com # Reference: https://www.virustotal.com/gui/ip-address/106.187.48.151/relations # Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations # Reference: https://www.virustotal.com/gui/ip-address/162.243.186.224/relations # Reference: https://www.virustotal.com/gui/ip-address/185.12.12.191/relations # Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations # Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations # Reference: https://www.virustotal.com/gui/ip-address/83.220.168.154/relations jquery-cdn.info jquery-cdn.me jquery-cdn.net jquery-cdn.org jquery-cdn.pw jquery-cdn.ru jquery-cdn.tk # Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations jquerys.ga jquerys.ml jquerys.tk # Reference: https://www.virustotal.com/gui/ip-address/104.28.1.107/relations # Reference: https://www.virustotal.com/gui/ip-address/172.67.128.115/relations # Reference: https://www.virustotal.com/gui/ip-address/178.208.80.82/relations # Reference: https://www.virustotal.com/gui/ip-address/198.54.116.84/relations # Reference: https://www.virustotal.com/gui/ip-address/63.141.229.19/relations # Reference: https://www.virustotal.com/gui/ip-address/93.174.93.164/relations jquerys.info jquerys.net jquerys.org jquerys.ru jquerys.site jquerys.xyz # Reference: https://www.virustotal.com/gui/ip-address/141.8.226.58/relations ddcdn.pw # Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations ml-js.com peretrax-js.com # Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations cloud-js.link js-cloud.xyz scripteleven.ru # Reference: https://www.virustotal.com/gui/ip-address/202.222.31.77/detection js-cloud.net # Reference: https://www.virustotal.com/gui/ip-address/185.91.175.226/relations bootstrap-cdn.com # Reference: https://www.virustotal.com/gui/domain/cdn-magento.com/detection cdn-magento.com # Reference: https://www.virustotal.com/gui/ip-address/167.99.163.243/relations ssl-google.com # Reference: https://www.virustotal.com/gui/ip-address/34.102.136.180/relations googlefi.info ssl-facebook.com paymentssecured.com tatteredscript.com # Reference: https://www.virustotal.com/gui/ip-address/50.63.51.92/relations ssl-cloud.com # Reference: https://www.virustotal.com/gui/ip-address/185.141.25.37/relations ssl-analytics.com # Reference: https://www.virustotal.com/gui/ip-address/192.64.119.207/detection ssl-aws.com # Reference: https://www.virustotal.com/gui/ip-address/37.120.206.98/relations # Reference: https://www.virustotal.com/gui/ip-address/91.245.255.10/relations fontawesome.dev g-metrics.me jquerys.me ooolll.me # Reference: https://www.virustotal.com/gui/ip-address/64.70.19.203/relations jquerys.ws # Reference: https://www.virustotal.com/gui/ip-address/95.216.161.60/detection ssl-cloud.me # Reference: https://twitter.com/josh_larsen/status/1388892152680288262 evilcdn.com # Reference: https://twitter.com/virusbtn/status/1387795316682940421 # Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html # Reference: https://documents.trendmicro.com/assets/Appendix_Water-Pamola-Attacked-Online-Shops-Via-Malicious-Orders.pdf 77i.co auth1html.site basic-authentication.live cloudlstorage.com googleoapis.com xf6.site # Reference: https://twitter.com/unmaskparasites/status/1390027415615795200 renokonnect.com/stats/js/jcrop/jcrop.min.js # Reference: https://www.circleid.com/posts/20210506-deep-dive-into-known-magecart-iocs-connected-internet-properties/ fastmycdn.com statistik.site webinformer.biz zigzapframe.biz # Reference: https://www.virustotal.com/gui/ip-address/34.95.57.185/detection # Reference: https://www.virustotal.com/gui/ip-address/35.203.186.155/relations purechal.com # Reference: https://twitter.com/MBThreatIntel/status/1392887777902030853 houseofdesigners.in/scure.php # Reference: https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/ kermo.pw thesun.pw zolo.pw /m1_2021_force # Reference: https://twitter.com/unmaskparasites/status/1394762869233786880 bingfindapi.com bulder.online foundstyle.online fountm.online gstatcs.com jqwereid.online webfaset.com # Reference: https://twitter.com/sansecio/status/1395765199169261570 sanseclabs.com # Reference: https://twitter.com/sansecio/status/1395770562769788929 pay.mollie.nl/checkout/v3/css/global.css # Reference: https://twitter.com/unmaskparasites/status/1397030574749982722 celolum.com # Reference: https://www.riskiq.com/blog/external-threat-management/mobile-inter/ # Reference: https://otx.alienvault.com/pulse/60afd2d5ce95a296d0f9323e google-analyticss.com google-downloader.com google-pick.com google-sens.com google-turn.com gooqle.ru.oitx.xyz # Reference: https://twitter.com/MBThreatIntel/status/1398037002923110400 gstaticsfonts.com # Reference: https://twitter.com/AffableKraut/status/1398056214492291074 fonts-gstatics.com googles-analytic.com # Reference: https://twitter.com/AffableKraut/status/1398148316886491143 # Reference: https://twitter.com/AffableKraut/status/1428417456998060037 # Reference: https://gist.github.com/krautface/e213d52bbd1f6a278570afb1ae64a05e adminbox.site adminet.site adminet.space adminpan.site allforyour.site amasterweb.site analist-net.site analist-net.space analist-rete.space analistcloud.space analistnet.site analistnet.space analistnetwork.site analistnetwork.space analistpanel.site analistrete.site analistsite.site analistsite.space analisttab.site analisttab.space analistweb.site analistweb.space analitic-site.site analitic-site.space analitic-tab.site analitic-tab.space analiticnet.site analiticpanel.site analiticpanel.space analitics-panel.site analitics-site.site analitics-site.space analitics-tab.site analitics-web.space analiticsblock.site analiticsblock.space analiticsite.site analiticsite.space analiticsnet.site analiticspanel.site analiticspanel.space analiticssite.site analiticssite.space analiticstab.site analiticstab.space analiticsweb.site analiticsweb.space analitictab.site analitictab.space analiticweb.site analizeport.site analizerete.site analylicweb.site analystclick.site analysttraffic.site analystview.site analystweb.site analyticlick.site analyticmanager.site analyticview.site aneweb.site assiststore.site blockanalist.site blockanalist.space blockanalitics.site blocktestnet.space bootstrapload.site cartmainer.site cdnetworker.site cdnetworker.space cleanerjs.site clickanalyst.site clickanalytic.site cloudjs.site cloudtester.site commenter.site connectweb.space domainclean.site domainet.site domainet.space fastloader.site fastupload.space flexposter.site foundanalyst.site foundanalytic.site goodstats.site hardtester.site httpanel.site httpanel.space interage.site ipcounter.site jscleaner.site lanetester.site lanlocker.site lanlocker.space libloader.site libminifaer.site libstorage.space linkerage.site linkerange.site listmanager.space loockerweb.site lookingstore.site magengine.site managerage.site managerage.space managertraffic.site masterlinker.site masternet.space masterport.site minanalize.site minimazerjs.site minlibscdn.space net-analist.site net-analist.space net-analitic.space netanalist.site netanalist.space netanalisttest.space netanalitic.site netanalitic.space netanalitics.site netcontrol.site netpanel.site netstart.space nettestpanel.site nettinganalist.site nettinganalist.space nettingpanel.site nettingtest.site nettraffic.site networkanalist.site networkanalist.space onlinecount.site onlinecounter.site onlinerpage.site owlloader.site owlplugin.site ownerpage.site pagecacher.site pagecleaner.site pagegine.site pagelettermass.site pagenator.site pagesocket.site pagestater.site pagesupport.site pageviewer.site panel-analitic.site panel-analitic.space panelake.site panelake.space panelaker.site panelan.site panelanalist.site panelanalist.space panelanalitics.site panelanalitics.space panelblock.site panelnetting.site panelocker.site placepager.site planetspeed.site portviewer.site producteditor.site reteanalitics.site retenetweb.site saverplanel.site sectimer.site securefield.site seeweb.space sellmanager.site shoppingmetod.site showproduct.site site-analitic.site site-analitic.space site-analitics.site site-analitics.space siteanalist.site siteanalist.space siteanalitic.site siteanalitic.space siteanalitics.site siteanalitics.space siteanalyst.site siteanalytic.site sitengine.site sitesecure.space sitetraffic.site slickclean.site slotmanager.site slotshower.site spaceclean.site spacecom.site speedstress.site speedtester.site speedtester.space sslmanager.site sslsecurer.site starnetting.site statetraffic.site statsclick.site storepanel.site suporter.site tab-analitic.site tab-analitic.space tab-analitics.site tab-analitics.space tabanalist.site tabanalist.space tabanalitic.site tabanalitic.space tabanalitics.site tabanalitics.space targetag.space tawk-manger.site telanet.site trafficanalyst.site trafficanalytics.site trafficcloud.site trafficsanalist.site trafficsee.site trafficweb.site unpkgtraffic.site versionhtml.site viewanalyst.site viewanalytic.site viewonline.space web-analitics.space webanalist.site webanalist.space webanalitic.site webanalitics.site webanalitics.space webanalylic.site webanalyst.site webmode.site webtable.site woodyday.top # Reference: https://www.virustotal.com/gui/ip-address/47.91.77.83/relations google-opinion.com # Reference: https://twitter.com/AffableKraut/status/1399786791931101192 googie-analytics.online googie-analitycs.site googie-analytics.website googletagsmanager.website # Reference: https://twitter.com/TracerSpiff/status/1399840920057659404 googie.host # Reference: https://twitter.com/rootprivilege/status/1400850998063632389 # Reference: https://lukeleal.com/research/posts/analiticsweb-skimmer/ analiticsweb.site # Reference: https://www.virustotal.com/gui/ip-address/47.74.9.12/relations skin-jquery.com # Reference: https://twitter.com/rootprivilege/status/1404595455065870336 # Reference: https://lukeleal.com/research/posts/hotjar-dot-info-skimmer/ hotjar.info # Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations javasrtscript.com # Reference: https://www.virustotal.com/gui/ip-address/146.0.72.96/relations cloudappcdn.com # Reference: https://twitter.com/unmaskparasites/status/1407433077048057856 addjs.co addsc.co jss.lt jsz.lt ujl.me ujq.me vdf.me vdf.xyz # Reference: https://www.virustotal.com/gui/ip-address/64.190.62.111/relations magento.host # Reference: https://twitter.com/AffableKraut/status/1408512205289660429 cdn-doubleclick.net chimpstatic-cdn.com cloudflare-cdnjs.com cloudflare-ssl.com fontgoogleapis.com static-doubleclick.com static-zdassets.com tatic-hotjar.com widget-freshworks.com # Reference: https://twitter.com/unmaskparasites/status/1408561524235374602 renokonnect.com/stats/js/jcrop/jcrop.min.js sgtrek.com/jquery/jQuery.viewer.js # Reference: https://blog.malwarebytes.com/cybercrime/2021/06/lil-skimmer-the-magecart-impersonator/ # Reference: https://www.virustotal.com/gui/ip-address/87.236.16.107/relations bebedepotplus.site bebedepotplus.website cdnattn.site cloudfiare.site dirsalonfurniture.site dogdug.website estrategia-script.site facebookmanagers.pw ganan-script.site googie.website googleapis.website googletagmanager.space gorillawhips.site jquery.fun perfecttux.site perfecttux.website postguard.website tidio.fun win-activar.site win-script.website win-scripto.site # Reference: https://twitter.com/rootprivilege/status/1409575929165193226 # Reference: https://www.virustotal.com/gui/ip-address/89.108.116.218/relations toolser.pw # Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations googleapis.site # Reference: https://www.virustotal.com/gui/ip-address/163.172.117.25/relations googleapis.me googlfonts.com # Reference: https://www.virustotal.com/gui/ip-address/194.58.123.10/relations googleapis.tk # Reference: https://www.virustotal.com/gui/ip-address/31.187.64.40/relations analytics-scripts.ml font4u.ga googleapis.ml # Reference: https://www.virustotal.com/gui/ip-address/104.27.185.122/detection googleapis.ga # Reference: https://www.virustotal.com/gui/ip-address/193.37.212.63/relations googleapis.gq # Reference: https://www.virustotal.com/gui/ip-address/209.126.103.139/relations sites-analytic.com # Reference: https://www.virustotal.com/gui/ip-address/195.123.222.43/relations hot-jar.com hotjar-analytics.com # Reference: https://twitter.com/AffableKraut/status/1411229363685806082 # Reference: https://www.virustotal.com/gui/ip-address/8.209.68.13/relations apayments.top stripe-auth-api.com # Reference: https://twitter.com/felixaime/status/1349261822591954946 # Reference: https://twitter.com/500mk500/status/1411680465086525440 # Reference: https://www.virustotal.com/gui/ip-address/147.135.1.203/relations cdngateways.com cdncontentdelivery.com query.network jqueny.com securecontentssl.com site-counter.com # Reference: https://www.virustotal.com/gui/ip-address/165.232.142.149/relations # Reference: https://www.virustotal.com/gui/ip-address/206.81.5.96/relations # Reference: https://www.virustotal.com/gui/ip-address/37.1.204.37/relations adsclick.click apps-analytics.net awesomelytics.com bootstrapmin.website caphyon-analytics.com cdnstreamfree.com cdnstreamlive.com cdnze.com cookiebot.org cosmjs.com evolvemediametrics.com facehttpsk.net fix-fonts.com fontapis.com hatenaclick.site informesanaliticos.com jquery.im jquerycdn.top jquerynetwork.best jsdeliavr.net mage-seooptimization.com measurablemetrics.co mecontentassent.website mob-api.net owlanalytics.io owlcdn.com potokcdn.com proclaim-api.net sites-mark.com tagsrv.com webfontcdn.com webs-meter.com webs-metric.com zscript1.com ztrack1.com # Reference: https://www.virustotal.com/gui/ip-address/185.26.99.122/relations zscript.site ztrack.site # Reference: https://twitter.com/unmaskparasites/status/1413251798345736197 # Reference: https://twitter.com/Ledtech3/status/1413256014569345036 sslapis.com # Reference: https://twitter.com/unmaskparasites/status/1412932692077731841 banheirasdoka.com.br/skin/frontend/rwd/default/lib/b.js banheirasdoka.com.br/skin/frontend/rwd/default/lib/route.php design2mall.com/js/mage/translate.min.js design2mall.com/skin/frontend/rwd/default/js/lib/route.php tallerheels.com/skin/frontend/rwd/default/lib/route.php /skin/frontend/rwd/default/lib/b.js /skin/frontend/rwd/default/lib/route.php /skin/frontend/rwd/default/js/lib/route.php # Reference: https://twitter.com/AffableKraut/status/1414459135052111878 # Reference: https://www.virustotal.com/gui/ip-address/37.46.130.142/relations cdn-library.net cdn-library.su jquery-library.net # Reference: https://twitter.com/unmaskparasites/status/1414732273543356419 wooanalytics.biz # Reference: https://twitter.com/AffableKraut/status/1415734360213528581 # Reference: https://twitter.com/AffableKraut/status/1415742977083908104 # Reference: https://twitter.com/MBThreatIntel/status/1432859477271711749 # Reference: https://www.virustotal.com/gui/ip-address/47.254.184.114/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.64.30/relations # Reference: https://www.virustotal.com/gui/ip-address/87.251.79.162/relations # Reference: https://www.virustotal.com/gui/ip-address/91.219.62.215/relations # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=5.188.89.120 # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=80.66.64.230 banca-unicredit.com google-activate.com google-activated.com google-analytlc.com google-create.com google-gate.com google-merchants.com google-pays.com google-sagepay.com google-script.com jquery-migrates.com merchant-analytics.com paypal-analitics.com paypal-pays.com # Reference: https://twitter.com/p0x53/status/1415976988100096000 cdncontainer.com hottrackcdn.com shoppersbaycdn.com webscriptcdn.com # Reference: https://twitter.com/MBThreatIntel/status/1416169274641510400 pagegine.site # Reference: https://twitter.com/AffableKraut/status/1416854101246291969 # Reference: https://www.virustotal.com/gui/ip-address/195.54.160.61/relations cdn-plugin.co.uk cdn-plugin.us cdnplugin-info.cloud data-cdn.site data-log.site data-update.site dev-connect.cloud dev-connect.co.uk dev-connect.com.de dev-connect.one dev-connect.us dev-connect.work formstats.us google-info.us google-stats.work nice-cdn.site plugin-app.cloud plugin-app.org plugin-connect.one plugin-connect.us pro-cdn-data.site pro-cdn2.site ticket-stat.site trafficstats.business trafficstats.co trafficstats.company trafficstats.us # Reference: https://twitter.com/AffableKraut/status/1416865169326673925 adminbox.site adminpan.site analist-net.site analist-net.space analist-rete.space analistpanel.site analistrete.site analiticpanel.site analiticpanel.space analitics-panel.site analitics-site.site analitics-site.space analitics-web.space analiticspanel.site analiticspanel.space analiticsweb.space blockanalitics.site cloudjs.site fastloader.site ipcounter.site net-analist.site net-analist.space net-analitic.space onlinecount.site panel-analitic.site panel-analitic.space panelanalist.site panelanalist.space panelanalitics.site panelanalitics.space reteanalitics.site web-analitics.space webanalitics.space # Reference: https://twitter.com/tiketiketikeke/status/1417072955675144194 # Reference: https://twitter.com/AffableKraut/status/1417141954186465285 # Reference: https://www.virustotal.com/gui/ip-address/159.69.209.43 goolgestats.com gstaticnets.com mtdnsstatic.com mtndnsstatec.com mtndnsstatecs.com mtndnsstatic.com ntndnsstatic.com # Reference: https://twitter.com/felixaime/status/1417134452103335936 # Reference: https://www.virustotal.com/gui/ip-address/69.175.91.242/relations # Reference: https://imp0rtp3.wordpress.com/2021/08/12/tetris/ # Reference: https://otx.alienvault.com/pulse/611d0d9877560b71ff3f7e59 google-drivers.com googledrivers.com # Reference: https://twitter.com/felixaime/status/1418119972858044422 # Reference: https://twitter.com/matthieu_faou/status/1471600401183084550 hotjar.net visitortrack.net webfx.bz webffx.bz # Reference: https://twitter.com/AffableKraut/status/1420424683758002178 # Reference: https://twitter.com/AffableKraut/status/1420424686366756870 # Reference: https://www.virustotal.com/gui/ip-address/158.160.129.176/relations api-facebook.net api-localhost.com backstagecontacts.com cdn-bootstrapcdn.com conect-facebook.net core-static.com hollandtrees.com ssl-doubleclick.net tr-snapchat.com uc-widget-freshworks.com webstatistisc.org proxy.cdn-bootstrapcdn.com store.cdn-bootstrapcdn.com # Reference: https://twitter.com/p0x53/status/1420758015884488711 roi-traffic.icu # Reference: https://www.virustotal.com/gui/ip-address/139.59.66.9/relations # Reference: https://www.virustotal.com/gui/ip-address/179.43.160.43/relations corejquery.com js-jquery.org sjquery.com # Reference: https://twitter.com/unmaskparasites/status/1422681441146605570 # Reference: https://www.virustotal.com/gui/ip-address/185.246.130.169/relations adwords-track.com adwords-track.top clickinks-api.com drhorveys.com drnarveys.com font-staticx.com fontsctatic.com fontsctaticx.com fontstatics.com fontstaticx.com frontstatics.com g-staticx.com gctatic.com gctatics.com google-tagmanager.com googlestaticx.com googlestatix.com googletagmahager.com googletagnamager.com gstaticx.com gstaticxs.com scaraabresearch.com staticzd-assets.com # Reference: https://twitter.com/AffableKraut/status/1422819706394882051 # Reference: https://www.virustotal.com/gui/ip-address/193.105.134.147/relations ga-track.com hs-scrlpts.com # Reference: https://www.virustotal.com/gui/ip-address/217.8.117.66/relations jqueryui.at # Reference: https://www.perimeterx.com/tech-blog/2021/evolution-of-a-magecart-attack-leveraging-recaptcha-tech-domain/ recaptcha.tech # Reference: https://twitter.com/MBThreatIntel/status/1433104999152697344 cloud-app.shop trafficapps.business trafficapps.org trafficapps.quest trafficapps.us wp-extension.cloud wp-extension.work xenapp.blog # Reference: https://twitter.com/p0x53/status/1438147940103581699 googletagmanager.info # Reference: https://www.virustotal.com/gui/ip-address/185.198.56.73/relations adwalte.info cdjs.online cdn3.info cdncloud.space cloudapi.online cookies.coffee domclick.network go111111ogleapis.com golesyndication.com google-anailyticss.com googleapis.net googecode.com googleftagmanager.com googletagmanager.xyz googletagmanagerdservices.com googlesyndicatio.com googlesyndiation.com googlesyndicatiofn.com googlesyndicatsion.com googletongji.com gooogletagmanager.com gotitlogle-analytics.com gugle.cf javscript.pw jquery-uim.download jsunifile.bid my-seo.top netcdn-cdn.com netanalitics.space soogletagmanager.com aaa.gooogletagmanager.com cdn.gooogletagmanager.com ws.gooogletagmanager.com ww12.gooogletagmanager.com # Reference: https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/ adaptivestyles.com carders.best csjquery.com faviconx.com fonts-googleapi.com fontsgoooglestatic.com googleatagmanager.com googlestag.com googletagmamager.com googletagmanagen.com googletaqmanager.com googletaqmanaqer.com jquery-statistika.info panelsaveok.com v2zopim.com validbins.su validcvv.ru validshop.sx # Reference: https://www.virustotal.com/gui/ip-address/72.52.179.174/relations google-anayltics.com # Reference: https://twitter.com/unmaskparasites/status/1438262156298911744 intexys.fr/js/mirasvit/mira.js intexys.fr/js/tbt/trl.js intexys.fr/js/tiny_mce/tiny_mce_popup.php # Reference: https://twitter.com/unmaskparasites/status/1445488898365214733 # Reference: https://www.virustotal.com/gui/ip-address/85.192.56.45/relations # Reference: https://www.virustotal.com/gui/ip-address/46.173.214.126/relations adslstickerfi.world authnetcim.net authorlze.net bralntree.com strlpe.net # Reference: https://twitter.com/sansecio/status/1445748280118317073 # Reference: https://www.virustotal.com/gui/ip-address/185.251.90.109/relations # Reference: https://www.virustotal.com/gui/ip-address/217.12.204.185/relations # Reference: https://www.virustotal.com/gui/ip-address/46.173.214.113/relations # Reference: https://www.virustotal.com/gui/ip-address/46.173.214.126/relations apiscaptcha.com batbings.com chimpstatics.com chimpstatics.xyz clearfix.xyz express-pay-online.com gtagstatic.com payp-express.com re-captha.com recaptcha-analytics.com recaptcha-in.pw recaptcha.tech recaptha.com # Reference: https://www.virustotal.com/gui/ip-address/176.113.81.124/relations log-inmember.com loginclient.net # Reference: https://www.virustotal.com/gui/ip-address/195.22.149.186/relations googietagmanager.com # Reference: https://www.virustotal.com/gui/ip-address/194.87.253.36/relations jquerydll.net googlensmanager.com # Reference: https://www.virustotal.com/gui/ip-address/46.8.158.191/relations easy-wb1auth.com easy1-webca.net # Reference: https://www.virustotal.com/gui/ip-address/46.172.91.28/relations js-inst.su js-sistem.su js-star.su save-js.su star-js.su # Reference: https://twitter.com/AffableKraut/status/1450109837543628805 dyadonline.monster # Reference: https://twitter.com/MBThreatIntel/status/1452690744544665601 # Reference: https://www.virustotal.com/gui/ip-address/185.186.142.69/relations # Reference: https://www.virustotal.com/gui/ip-address/185.204.3.48/detection jquerylibs.net jqueryllc.net magento-plugin.com trustdomains.net # Reference: https://twitter.com/AffableKraut/status/1451622631715835904 # Reference: https://www.virustotal.com/gui/ip-address/89.108.109.237/relations sentry-cdn.io # Reference: https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/ abtasty.net adsrvr.biz alligaturetrack.com artesfut.com brands-watch.com clickcease.biz climpstatic.com cloud-chart.net cookieslaw.org crisconnect.net dc-storm.org demo-metrics.net digital-speed.net getambassador.net hal-data.org iofrontcloud.com librarysetr.com libsconnect.net listrakbi.biz mantisadnetwork.org marklibs.com megalixe.org murdoog.org opendwin.com rawgit.net rolfinder.com sleefnote.com speed-metrics.com tevidon.com troadster.com webflows.net api.abtasty.net apis.murdoog.org app.iofrontcloud.com app.rolfinder.com cdn.cookieslaw.org cdn.getambassador.net cdn.megalixe.org con.digital-speed.net css.tevidon.com dev.crisconnect.net graph.cloud-chart.net js.artesfut.com js.demo-metrics.net js.librarysetr.com js.rawgit.net js.speed-metrics.com m.brands-watch.com nypi.dc-storm.org st.adsrvr.biz stage.libsconnect.net stage.sleefnote.com static.mantisadnetwork.org static.opendwin.com stst.climpstatic.com tag.listrakbi.biz web.webflows.net # Reference: https://twitter.com/MBThreatIntel/status/1457804685327224833 # Reference: https://twitter.com/MBThreatIntel/status/1469023858569089031 static1.xyz static2.xyz # Reference: https://twitter.com/MBThreatIntel/status/1472995976507916290 bootstrap1.xyz bootstrap2.xyz /s/us_cdl.js # Reference: https://twitter.com/MBThreatIntel/status/1458185084201148416 bludigital.cyou # Reference: https://twitter.com/unmaskparasites/status/1457896674374815750 firchtech.xyz # Reference: https://twitter.com/unmaskparasites/status/1458905989130829832 webcachespace.net # Reference: https://www.virustotal.com/gui/ip-address/45.146.166.186/relations webcachespace.com webprohoster.com # Reference: https://www.virustotal.com/gui/ip-address/8.209.65.75/relations # Reference: https://www.virustotal.com/gui/ip-address/8.211.6.123/relations analythics.com analythics.xyz cdn-manager.com cdn-manager.me cdn-manager.xyz spotifylatepayment.com # Reference: https://twitter.com/unmaskparasites/status/1460424711825887236 # Reference: https://www.virustotal.com/gui/ip-address/91.132.139.192/relations googletrackevent.com # Reference: https://decoded.avast.io/threatresearch/avast-q321-threat-report/ # Reference: https://www.virustotal.com/gui/ip-address/193.203.203.240/relations ganalitics.com # Reference: https://www.virustotal.com/gui/ip-address/80.211.182.208/relations ganalitics.site # Reference: https://twitter.com/unmaskparasites/status/1448408373863403520 corpanalytics.info # Reference: https://twitter.com/unmaskparasites/status/1435749969105874947 # Reference: https://twitter.com/unmaskparasites/status/1458241033058222081 # Reference: https://www.virustotal.com/gui/ip-address/174.138.117.217/relations # Reference: https://www.virustotal.com/gui/ip-address/45.55.224.107/relations cgtag.com cgtags.com curenciesapp.com icosenses.com tags.ws # Reference: https://sansec.io/research/ecommerce-malware-linux-avp # Reference: https://www.virustotal.com/gui/file/2d422affb9727b71b0e1610568bea8643892d99bdaed99269a10e7554c88437b/detection http://103.233.11.28 103.233.11.28:443 /jQuery_StXlFiisxCDN.php # Reference: https://twitter.com/felixaime/status/1462512317405536262 inslco.bar # Reference: https://twitter.com/0xbadad/status/1462913839381504007 booctstrap.com # Reference: https://twitter.com/rootprivilege/status/1465763408901337092 convert-server.com # Reference: https://twitter.com/sansecio/status/1467865884362346500 nekrva6s.beget.tech # Reference: https://community.riskiq.com/article/2efc2782 woocheck.tk # Reference: https://www.virustotal.com/gui/domain/validcc.su/relations validcc.su # Reference: https://twitter.com/AffableKraut/status/1472959218823090178 # Reference: https://gist.github.com/krautface/8f2196c9aad5d4f5cc91237eb9c71205 allofussoupdip.buzz allofussoupdip.xyz alloyz.xyz broadcas.buzz bunnyy.buzz cradle.uno crowcrown.fun denwr.uno diggr.fun epsilon.buzz excelnt.buzz foamfoam.xyz focuss.xyz gratiss.buzz growlz.xyz hairbarnyc.xyz homini.xyz hoppr.buzz indee.fun interes.uno joggl.uno jumpr.fun kemp.buzz klerna.buzz lazylee.xyz leakg.xyz modrn.buzz moette.buzz moette.uno moette.xyz mozes.buzz nerox.xyz newral.xyz oppos.uno oppress.fun prework.uno prodo.fun quento.xyz quinz.xyz ratino.buzz rockman.buzz stuckr.xyz swisz.xyz teamlead.buzz thefthing.xyz trollo.buzz uniteds.uno unsubscr.uno uxong.buzz uxprot.buzz uxqez.buzz uxrod.buzz uxsad.buzz uxtom.buzz uxuvl.buzz uxvol.buzz uxwww.buzz uxxen.buzz uxyes.buzz uxzone.buzz uyoper.cyou uypartial.cyou uyquest.cyou uyronder.cyou uystatic.cyou uytrial.cyou uyunion.cyou uyverified.cyou uyworld.cyou uyxenon.cyou uyyellow.cyou uyzambia.cyou verygood.fun voluntee.fun vxart.buzz vxbin.buzz vxcom.buzz vxdig.buzz vxegg.buzz vxfog.buzz vxgoto.buzz vxhop.buzz vximg.buzz vxjan.buzz vxkap.buzz vxliz.buzz vxman.buzz vxnix.buzz vxogr.buzz vxpro.buzz vxqck.buzz vxrok.buzz vxsom.buzz vxtyp.buzz vxuno.buzz vxvax.buzz vxwid.buzz vxxor.buzz vxyes.buzz vxzet.buzz vyanswer.cyou vybroken.cyou vycricket.cyou vydeal.cyou vyeconomy.cyou vyfridge.cyou vygamma.cyou vyheal.cyou vyident.cyou vyjeep.cyou vykeep.cyou vylead.cyou vymoon.cyou vynoble.cyou vyopress.cyou vypromo.cyou vyqueer.cyou vyrebel.cyou vysocket.cyou vytrail.cyou vyultimate.cyou vyverify.cyou vyworld.cyou vyxerox.cyou vyyoung.cyou vyzummer.cyou wermnt.buzz wrack.buzz wxano.buzz wxbuf.buzz wxcop.buzz wxdom.buzz wxext.buzz wxfom.buzz wxgon.buzz wxhop.buzz wximb.buzz wxjob.buzz wxkit.buzz wxlot.buzz wxmac.buzz wxnil.buzz wxorg.buzz wxpro.buzz wxqot.buzz wxred.buzz wxsot.buzz wxtod.buzz wxuvl.buzz wxvid.buzz wxwww.buzz wxxor.buzz wxyer.buzz wxzet.buzz wyadoo.cyou wybeeper.cyou wycrock.cyou wydeer.cyou wyerrn.cyou wyfloating.cyou wygreat.cyou wyhidden.cyou wyinternet.cyou wyjoker.cyou wykombo.cyou wyleaf.cyou wymoney.cyou wyndzor.cyou wyobject.cyou wyproduct.cyou wyquote.cyou wyroller.cyou wysocket.cyou wytrade.cyou wyulkar.cyou wyvolcano.cyou wywear.cyou wyxellent.cyou wyyear.cyou wyzummer.cyou xcelnt.xyz xmess.xyz xxand.buzz xxbit.buzz xxcom.buzz xxdoc.buzz xyareno.cyou xybombero.cyou xycryxes.cyou xydripper.cyou ypsilon.buzz zetas.quest # Reference: https://geminiadvisory.io/magecart-google-tag-manager/ ganalitis.com pixupjqes.tech googleadwordstrack.com googleadwordswidget.com googletagstorage.com googletagswidget.com googletagwidgets.com googletrackevent.com # Reference: https://www.virustotal.com/gui/ip-address/91.242.229.96/relations gstatsc.com gstatuslink.com # Reference: https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html apiujquery.com # Reference: https://www.virustotal.com/gui/domain/gstatic-cn.com/relations # gstatic-cn.com # Note: under investigation # Reference: https://twitter.com/rootprivilege/status/1476671161073541122 dyneff.fr/health_check.php # Reference: https://twitter.com/unmaskparasites/status/1476741426633265157 cdn-s11.azureedge.net # Reference: https://twitter.com/unmaskparasites/status/1424805950645358593 # Reference: https://twitter.com/unmaskparasites/status/1424805639214157827 aathitiyapravash.in/image/jquery_v14v.js aathitiyapravash.in/image/jQuery_v176.js avir.ir/image/favicon.js # Reference: https://twitter.com/brianlinux/status/1478249807558885379 # Reference: https://www.virustotal.com/gui/ip-address/5.230.28.78/relations googleadwordstrack.com # Reference: https://www.virustotal.com/gui/ip-address/45.142.212.194/relations fonts-cdn.com # Reference: https://www.virustotal.com/gui/ip-address/194.156.99.212/relations fonts-static.com # Reference: https://www.virustotal.com/gui/ip-address/45.142.212.243/relations zdassets-static.com # Reference: https://twitter.com/AffableKraut/status/1479641280040902661 # Reference: https://twitter.com/AffableKraut/status/1488262668091805697 # Reference: https://www.virustotal.com/gui/ip-address/176.97.70.103/relations # Reference: https://www.virustotal.com/gui/ip-address/5.252.177.247/relations brilliantclub.website interclub.website siing-amoueon.top sing-amoeuon.top sombo.top # Reference: https://twitter.com/500mk500/status/1482310341711347713 # Reference: https://urlscan.io/result/11a16239-5de7-412a-af89-5f0e1dd3cc22/ cdntraff.info # Reference: https://www.virustotal.com/gui/domain/jsfeedadsget.com/detection jsfeedadsget.com # Reference: https://ti-research.io/ioc_extender/?name=ET_Magecart sauvage-paysage.com # Reference: https://ti-research.io/ioc_extender/?name=ET_Magecart g00glestatic.com gaelytics.com # Reference: https://www.virustotal.com/gui/ip-address/190.2.139.23/relations cdn-binteractive.com cdn1-comingsoon.net cdn8.info cdndore.com cdnpage.net cloud-info.email cloud-info.express clodoudfront.net clusterscloud.com cooogle.net # Reference: https://www.virustotal.com/gui/ip-address/179.177.63.84/relations # Reference: https://www.virustotal.com/gui/ip-address/47.251.42.9/relations # Reference: https://www.virustotal.com/gui/ip-address/8.218.22.193/relations jquerylab.com jquerymedia.com jquerypulse.com jquerypure.com jqueryspace.com staticpolars.com # Reference: https://twitter.com/sansecio/status/1485598267975114762 # Reference: https://twitter.com/sansecio/status/1485598270554529794 jsallow.com reqsolutions.org # Reference: https://www.virustotal.com/gui/ip-address/47.88.27.175/relations # Reference: https://www.virustotal.com/gui/ip-address/5.53.125.150/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.77.82/relations assets-protect.com google-analuzing.com google-boom.com google-globals.com # Reference: https://twitter.com/sansecio/status/1486000220647444491 # Reference: https://twitter.com/sansecio/status/1486258634409623552 naturalfreshmall.com # Reference: https://twitter.com/rootprivilege/status/1486419929720967168 # Reference: https://www.virustotal.com/gui/ip-address/212.224.124.86/relations # Reference: https://www.virustotal.com/gui/ip-address/54.86.140.52/relations # Reference: https://lukeleal.com/research/posts/tracking-pixel-phishing-countermeasure/ content-cdn.com images-cdn.info nextstatic-cdn.com trans-cdn.com # Reference: https://twitter.com/AffableKraut/status/1487939215774081026 # Reference: https://twitter.com/AffableKraut/status/1487939224145993730 chaosfab.com/2020/data1/images/data/ppbtns.html fraudlabpros.at # Reference: https://twitter.com/AffableKraut/status/1488240428734365701 # Reference: https://www.virustotal.com/gui/ip-address/185.234.247.55/relations # Reference: https://urlscan.io/result/32d776df-c57e-492f-ac09-0f17f197059e/ bootstraplaver.online # Reference: https://twitter.com/MBThreatIntel/status/1488241823378075649 getfrontendlib7.xyz # Reference: https://twitter.com/AffableKraut/status/1488376093254029313 http://185.4.65.144 http://37.1.211.211 http://37.1.217.23 http://5.45.83.223 http://66.11.117.40 aqaja.com checkouts.best # Reference: https://twitter.com/AffableKraut/status/1488375539421306882 # Reference: https://www.virustotal.com/gui/ip-address/37.120.234.105/relations avalong-analytics.org communigate.icu earlymorningcigarette.com fontawesome.dev golt.xyz indesiter.com jquerymain.com recaptcha.cc rxtds.com seoanalitycs.com seostat.org yoursafepayments.com # Reference: https://twitter.com/MBThreatIntel/status/1488954638103547904 # Reference: https://www.virustotal.com/gui/ip-address/78.47.155.179/relations analiticash.com analiticmanager.com analiticsstat.com cashgooglestat.com cdncashcontent.com cdncashcontents.com cdncssontents.com cdnfastcss.com cdngcontents.com cdngconts.com cdnjsontents.com cssdataf.com cssimghost.com googlestatanal.com googlestatanale.com imagescdns.com imgcssnet.com jsdataf.com jsdatastat.com mediasdnb.com mediasdnnet.com mediasdnnets.com mtdnsstatic.icu mtndnsstaticser.com mtndnsstaticx.com mxdnsstateces.icu mxdnsstatecs.icu nnetsmedias.com ntnpstatica.com ntpstatica.com ntsndnsstatics.com ntxndnsstatics.com pagofacily.com statetsmedias.com staticcash.com staticocontents.com js.analiticash.com js.analiticmanager.com js.analiticsstat.com js.cashgooglestat.com js.cdncashcontent.com js.cdncashcontents.com js.cdncssontents.com js.cdngcontents.com js.cdngconts.com js.cdnjsontents.com js.cssdataf.com js.cssimghost.com js.googlestatanal.com js.googlestatanale.com js.imagescdns.com js.imgcssnet.com js.jsdataf.com js.jsdatastat.com js.mediasdnb.com js.mediasdnnet.com js.mediasdnnets.com js.mtdnsstatic.icu js.mtndnsstaticser.com js.mtndnsstaticx.com js.mxdnsstateces.icu js.mxdnsstatecs.icu js.nnetsmedias.com js.ntnpstatica.com js.ntpstatica.com js.ntsndnsstatics.com js.ntxndnsstatics.com js.statetsmedias.com js.staticcash.com js.staticocontents.com # Reference: https://twitter.com/MBThreatIntel/status/1489007692240752641 cdn-cloudmedia.com # Reference: https://www.virustotal.com/gui/domain/cdn-yahoo.com/relations cdn-yahoo.com # Reference: https://twitter.com/felixaime/status/1498055426230738944 tagmanagerstatic.com # Reference: https://twitter.com/felixaime/status/1500812201262829568 633786e01e.nxcli.net # Reference: https://twitter.com/sansecio/status/1502322526709551104 stylesfound.com # Reference: https://community.riskiq.com/article/a472ec2d # Reference: https://www.riskiq.com/blog/external-threat-management/magecart-group8-hosting-patterns/ # Reference: https://www.virustotal.com/gui/ip-address/190.2.139.23/relations # Reference: https://otx.alienvault.com/pulse/6142f70ea663fff6bc350288 impressart.net lastdaysonlines.com palletforks.net webtoolsapp.com # Reference: https://twitter.com/unmaskparasites/status/1519784855730499585 # Reference: https://www.virustotal.com/gui/ip-address/188.68.222.146/relations # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.140/relations # Reference: https://www.virustotal.com/gui/ip-address/5.53.124.42/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.145.91/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.69/relations app-cloudflare.com appcloudflare.com cdn-optimizely.com cdn-trackjs.com get-bootstrap.com livehotjars.com static-affilate.com # Reference: https://twitter.com/EKFiddle/status/1522282636542197762 # Reference: https://www.virustotal.com/gui/ip-address/194.104.136.113/relations accsbapp.com cloudflaes.com # Reference: https://twitter.com/AvastThreatLabs/status/1499347571969511426 # Reference: https://decoded.avast.io/pavlinakopecka/web-skimming-attacks-using-google-tag-manager/ # Reference: https://www.virustotal.com/gui/ip-address/77.75.230.130/relations cloudgstats.com cdncscloud.com gtagmagr.com pixstatics.com # Reference: https://www.virustotal.com/gui/ip-address/47.88.218.85/relations # Reference: https://www.virustotal.com/gui/ip-address/95.213.204.180/relations analyzer-js.com # Reference: https://twitter.com/AffableKraut/status/1523693678551740418 # Reference: https://twitter.com/EKFiddle/status/1523714436896202752 # Reference: https://www.virustotal.com/gui/ip-address/206.188.197.50/relations google-tags.com tag-google.com # Reference: https://twitter.com/unmaskparasites/status/1523791136988352512 # Reference: https://www.virustotal.com/gui/ip-address/223.252.173.166/relations issuspsorry.online # Reference: https://twitter.com/EKFiddle/status/1526684723149344768 # Reference: https://www.virustotal.com/gui/ip-address/198.54.115.32/relations # Reference: https://www.virustotal.com/gui/ip-address/37.19.192.30/relations jamescjonas.top socialanalyticweb.com gorlon.in.ua napas.biz.ua # Reference: https://twitter.com/unmaskparasites/status/1526659924058460160 pixelgoogle.xyz # Reference: https://twitter.com/sansecio/status/1526518050865954816 # Reference: https://twitter.com/unmaskparasites/status/1530405066590474240 papershoppers.com /js/3uPop.js # Reference: https://twitter.com/sansecio/status/1526490490497032193 # Reference: https://twitter.com/sansecio/status/1541345598007193605 sanguinelab.net sansec.biz sansec.us sanseclabs.com sanzsec.com /gate.php?card_num= # Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030663.html # Reference: https://www.virustotal.com/gui/ip-address/89.36.224.122/relations authorizen.net js.authorizen.net # Reference: https://twitter.com/sansecio/status/1529146291535634438 arnottindustries.com/js/tiny_mce/plugins/contextmenu/editor_plugin_scr.js # Reference: https://www.virustotal.com/gui/ip-address/185.150.162.28/relations # Reference: https://www.virustotal.com/gui/ip-address/209.250.244.63/relations # Reference: https://www.virustotal.com/gui/ip-address/95.179.179.138/relations brbr.buzz jquery-analytics.xyz jquery-common.xyz jquerystatic.xyz staj.xyz tokenkit.tk # Reference: https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/ 106.15.179.255:443 dratserv.bar sotech.fun techlok.bar /jQuery_StXlFiisxCDN.php # Reference: https://twitter.com/sansecio/status/1532361233365598209 cdn.stripe.ngrok.io # Reference: https://twitter.com/sansecio/status/1532763512887459841 pluginmagento.com # Reference: https://twitter.com/sansecio/status/1534862125470035970 # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.184/relations scanalytic.org cdn.scanalytic.org # Reference: https://twitter.com/rootprivilege/status/1536197955728048128 # Reference: https://lukeleal.com/research/posts/staticounter/ staticounter.net js.staticounter.net # Reference: https://twitter.com/unmaskparasites/status/1536454343280340992 biftick.com # Reference: https://twitter.com/felixaime/status/1536999558823219200 ambrosia-solingen.de/js/prototype/form.js ariaperfume.com/js/extjs/ext.js textilia.be/flash/accept.js # Reference: https://twitter.com/felixaime/status/1537327680345063425 # Reference: https://www.virustotal.com/gui/ip-address/172.86.75.152/relations # Reference: https://www.virustotal.com/gui/ip-address/45.61.137.105/relations ads-google-analytics-shop.info googleadsanalytics.info usaayurveda.com/js/prototype/form.js # Reference: https://twitter.com/felixaime/status/1537458621726052354 google-track.com cdn.google-track.com # Reference: https://twitter.com/rootprivilege/status/1537799222681956352 cdn-fonts.com # Reference: https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ abtasty.net accutics.org adsrvr.biz alexametrics.net alligaturetrack.com artesfut.com base-code.org bayforall.biz boxsearch.org brands-watch.com celebrosnlp.org clarlity.com clickcease.biz cloud-chart.net cookieslaw.org crisconnect.net dc-storm.org demo-metrics.net digital-metric.org digital-speed.net druapps.org dwin-co.jp dwin1.org etakeawaymax.biz feedaty.org g-livestatic.com getambassador.net global-search.net hal-data.org hs-analytics.org imagero.org iofrontcloud.com jsdelivr.biz klarnacdn.org librarysetr.com libsconnect.net listrakbi.io listrakbi.org livechatsinc.net lookmetric.com lookmind.net lpsnmedia.org mantisadnetwork.org marklibs.com moonflare.org mosindup.com murdoog.org newrelc.net nomalert.org nosto.org opendwin.com outbrains.net owneriq.org pepperjams.org pinnaclecart.io purechat.org quatserve.com rawgit.net rolfinder.com shopvisible.org sjsmartcontent.org sleefnote.com sleeknote.org snapengage.io speedcurve.org speedstester.com stat-analytics.org tevidon.com tomafood.org trackedlink.org troadster.com trustedport.org webflows.net accdn.lpsnmedia.org amplify.outbrains.net apis.murdoog.org app.iofrontcloud.com app.mosindup.com app.nomalert.org app.purechat.org app.rolfinder.com cdn.accutics.org cdn.alexametrics.net cdn.alligaturetrack.com cdn.base-code.org cdn.boxsearch.org cdn.cookieslaw.org cdn.getambassador.net cdn.hs-analytics.org cdn.jsdelivr.biz cdn.nosto.org cdn.pinnaclecart.io cdn.speedcurve.org cdn.tomafood.org cdn.trustedport.org common.quatserve.com con.digital-speed.net content.digital-metric.org css.tevidon.com dev.crisconnect.net epos.bayforall.biz graph.cloud-chart.net h.lookmind.net img.etakeawaymax.biz js.artesfut.com js.g-livestatic.com js.imagero.org js.librarysetr.com lp.celebrosnlp.org m.brands-watch.com m.sleeknote.org nypi.dc-storm.org px.owneriq.org r.klarnacdn.org s1.listrakbi.org sdk.moonflare.org search.global-search.net st.adsrvr.biz stage.sleefnote.com static.clarlity.com static.druapps.org static.lookmetric.com static.mantisadnetwork.org static.newrelc.net static.opendwin.com t.trackedlink.org web.dwin-co.jp web.livechatsinc.net web.speedstester.com web.webflows.net xn--v1a.lookmind.net # Reference: https://twitter.com/sansecio/status/1539252937486127104 # Reference: https://www.virustotal.com/gui/ip-address/185.253.33.190/relations cdn-fastimages.net quickespark.net cdn.quickespark.net # Reference: https://twitter.com/felixaime/status/1539539440942686208 apipauy.com # Reference: https://twitter.com/EKFiddle/status/1540019849581105152 apfeltee.de/js/prototype/form.js # Reference: https://twitter.com/EKFiddle/status/1540094462340108289 hubberstore.com # Reference: https://twitter.com/EKFiddle/status/1540070708377559040 ariaperfume.com/errors/default/403.php cafeunido.com/pub/errors/default/403.php cafeunido.com/pub/media/flag/flag.js candlemaking.com/media/email/logo/default/az1.js # Reference: https://twitter.com/EKFiddle/status/1540377960351293442 contactsform.com # Reference: https://twitter.com/sansecio/status/1540742673094438913 cdn-mediacloud.com cdn-webhub.com # Reference: https://twitter.com/sansecio/status/1541375801387614212 affirmcdn.com t.affirmcdn.com # Reference: https://twitter.com/EKFiddle/status/1541447869491601408 bsvholdingsa.com/js/lib/ico.svg code2a.com/js/lib/translate.js # Reference: https://twitter.com/MBThreatIntel/status/1541549810150346752 cloudflareinside.com nortonpost.net rimpstatic.net ping.rimpstatic.net tag.nortonpost.net # Reference: https://twitter.com/unmaskparasites/status/1542237945779826688 # Reference: https://www.virustotal.com/gui/ip-address/149.56.118.126/relations cdntaggoogle.com pringleshop.cc # Reference: https://twitter.com/sansecio/status/1542508263064932352 # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.203/relations tempeasy.net s.tempeasy.net # Reference: https://twitter.com/felixaime/status/1542531512758837249 # Reference: https://www.virustotal.com/gui/ip-address/185.215.113.20/relations apigstatic.com # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.210/relations gatestatic.com js.gatestatic.com # Reference: https://twitter.com/EKFiddle/status/1543997043546341376 # Reference: https://www.virustotal.com/gui/ip-address/185.253.33.176/relations # Reference: https://www.virustotal.com/gui/ip-address/185.63.190.141/relations # Reference: https://www.virustotal.com/gui/ip-address/89.108.109.26/relations geotac.net knowledgecdn.org sale-alerts.com js.knowledgecdn.org m.sale-alerts.com s.geotac.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.45/relations cenbase.org cdn.cenbase.org # Reference: https://twitter.com/MBThreatIntel/status/1544019143841574913 # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.47/relations omniworked.com h.omniworked.com # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.48/relations contmount.net p.contmount.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.53/relations sentrymap.net h.sentrymap.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.55/relations anyonecdn.net s.anyonecdn.net # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.36/relations jmpduco.jp co.jmpduco.jp # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.35/relations signefyd.com js.signefyd.com # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.254/relations claritycdn.com c.claritycdn.com # Reference: https://www.virustotal.com/gui/ip-address/185.253.32.157/relations transitfex.com static.transitfex.com # Reference: https://twitter.com/EKFiddle/status/1544076272694743040 # Reference: https://x.com/sdcyberresearch/status/1850896710656049409 # Reference: https://www.virustotal.com/gui/ip-address/141.98.82.244/relations # Reference: https://www.virustotal.com/gui/ip-address/5.188.62.10/relations 0hero.xyz 0nero.xyz 0troll.pics 0versn.xyz 0zero.club 1clan.buzz 1done.lol 1fun.buzz 1plac.buzz 1time.fun 2blu.cloud 2blue.xyz 2moon.buzz 2morrow.fun 2send.pics 3bri.lol 3free.lol 3mmer.uno 3ster.xyz 3tree.buzz 4cast.fun 4core.buzz 4door.one 4eign.fun 4give.xyz 4tune.buzz 5dive.one 5goods.xyz 5hive.homes 5hive.xyz 5starz.uno 5strz.buzz 6brix.quest 6sixsix.buzz 6tier.xyz 6trix.buzz 6trix.cloud 6tweaks.xyz 7day.buzz 7down.xyz 7dwarfs.one 7raven.fun 7raven.uno 8er.fun 8great.xyz 8height.buzz 8mate.buzz 8orz.buzz 8rate.xyz 9dime.buzz 9line.lol 9prime.buzz 9st.uno 9time.buzz 9unit.xyz abesolan.top allegry.xyz anaconda.buzz analyticz.monster anarch.buzz arnoldzz.xyz aromax.xyz axaro.buzz axbit.buzz axcat.buzz axdiv.buzz axelf.buzz axfin.buzz axgit.buzz axhog.buzz axist.buzz axjmp.buzz axkid.buzz axlok.buzz axmem.buzz axnxt.buzz axord.buzz axpot.buzz axqrt.buzz axrub.buzz axsil.buzz axtik.buzz axund.buzz axvac.buzz axwok.buzz axxor.buzz axyes.buzz axzet.buzz ayarro.cyou aybrandy.cyou aycopper.cyou aydigger.cyou ayeffort.cyou ayformal.cyou aygopher.cyou ayharmony.cyou ayimbue.cyou ayjacker.cyou aykernel.cyou aylizard.cyou aymoment.cyou aynickel.cyou ayobject.cyou ayprotect.cyou ayquiz.cyou ayremote.cyou aystraight.cyou aytoken.cyou ayunion.cyou ayversion.cyou aywicked.cyou ayxenoz.cyou ayyield.cyou ayzorro.cyou birdsmans.xyz brewnow.buzz brizzer.xyz brokery.cyou buzzardd.buzz bxant.buzz bxbot.buzz bxcit.buzz bxdoc.buzz bxelf.buzz bxfog.buzz bxgit.buzz bxhit.buzz bxirc.buzz bxjog.buzz bxkop.buzz bxled.buzz bxmod.buzz bxnor.buzz bxost.buzz bxpic.buzz bxqol.buzz bxred.buzz bxsot.buzz bxtik.buzz bxuno.buzz bxviz.buzz bxwok.buzz bxxtr.buzz bxyes.buzz bxzil.buzz byathlone.cyou byballoon.cyou bycoffee.cyou bydriver.cyou byelaw.cyou byffalo.cyou bygdata.cyou byhello.cyou byindex.cyou byjacker.cyou bykrafter.cyou byladder.cyou bymiddle.cyou bynothing.cyou byoxide.cyou byprimary.cyou byqueen.cyou byrocket.cyou bystrict.cyou bytropics.cyou byuniform.cyou byvictory.cyou bywerner.cyou byxenos.cyou byyttrium.cyou byzitter.cyou calcz.fun candyz.fun clickr.cyou crabbery.sbs craftor.fun cxand.buzz cxbet.buzz cxcip.buzz cxdex.buzz cxelc.buzz cxfat.buzz cxgit.buzz cxhat.buzz cxirc.buzz cxjmp.buzz cxkid.buzz cxlot.buzz cxmix.buzz cxnix.buzz cxopt.buzz cxpet.buzz cxqip.buzz cxred.buzz cxsum.buzz cxtik.buzz cxunk.buzz cxvec.buzz cxwik.buzz cxxor.buzz cxyob.buzz cxzet.buzz cyanide.cyou cybinary.cyou cyclonez.cyou cydrix.cyou cyentrance.cyou cyfrix.cyou cygwin.cyou cyhrono.cyou cyirrevoke.cyou cyjabber.cyou cykatering.cyou cylunar.cyou cymanner.cyou cynexus.cyou cyonide.cyou cyprobe.cyou cyquery.cyou cyreader.cyou cysoccer.cyou cytracker.cyou cyunique.cyou cyviral.cyou cywonder.cyou cyxinet.cyou cyyellow.cyou cyzapper.cyou deeer.uno domin.uno drawnd.quest dreamcas.cfd dresso.uno dxarc.buzz dxbit.buzz dxcop.buzz dxdel.buzz dxext.buzz dxfog.buzz dxget.buzz dxhit.buzz dxirc.buzz dxjog.buzz dxkit.buzz dxloc.buzz dxman.buzz dxnox.buzz dxorg.buzz dxpig.buzz dxqck.buzz dxred.buzz dxsit.buzz dxtea.buzz dxund.buzz dxvin.buzz dxwok.buzz dxxen.buzz dxyes.buzz dxzoc.buzz dyaroses.cyou dybreaker.cyou dyction.cyou dydactic.cyou dyecins.cyou dyflector.cyou dygger.cyou dyhromic.cyou dyincludes.cyou dyjital.cyou dykracker.cyou dylorean.cyou dymanager.cyou dynamites.cyou dyoxise.cyou dyprecate.cyou dyquiz.cyou dyrector.cyou dystrict.cyou dytergent.cyou dyurgent.cyou dyving.cyou dyworking.cyou dyxiland.cyou dyyourself.cyou dyzraptor.cyou eagly.online echoz.lol ergonom.buzz essencyx.xyz examn.buzz exbit.buzz excal.buzz exdop.buzz execs.buzz exfin.buzz exgrw.buzz exhit.buzz exigl.buzz exind.buzz exjob.buzz exkal.buzz exlic.buzz exmid.buzz exner.buzz exodig.xyz exods.buzz exprt.buzz exqod.buzz exrit.buzz exset.buzz extrm.buzz exurc.buzz exvol.buzz exwin.buzz exxen.buzz exytd.buzz exzip.buzz eyarrange.cyou eybrillow.cyou eychmann.cyou eydread.cyou eyeseeker.cyou eyffell.cyou eygreement.cyou eyhenmann.cyou eyirrigate.cyou eyjoyeer.cyou eykermann.cyou eyleyrz.cyou eymixer.cyou eyngineer.cyou eyorganic.cyou eyphemery.cyou eyquickly.cyou eyrental.cyou eysocket.cyou eytoken.cyou eyusual.cyou eyvisual.cyou eyworker.cyou eyxorux.cyou eyyesterday.cyou eyzolter.cyou famouz.store forbird.buzz formals.buzz fromusa.xyz frozzen.buzz fxalt.pics fxbet.pics fxcit.pics fxdwl.pics fxeho.pics fxfog.pics fxget.pics fxhot.pics fxink.pics fxjet.pics fxkid.pics fxlot.pics fxmid.pics fxnix.pics fxopt.pics fxpit.pics fxqub.pics fxrot.pics fxsed.pics fxtok.pics fxund.pics fxvet.pics fxwok.pics fxxid.pics fxyep.pics fxzip.pics fyallow.cyou fybrillic.cyou fyction.cyou fydback.cyou fyerwall.cyou fyfrogs.cyou fygures.cyou fyhronicle.cyou fyintero.cyou fyjimoto.cyou fyktions.cyou fyllerman.cyou fymarito.cyou fyngicide.cyou fyopacity.cyou fyprivacy.cyou fyquestn.cyou fyrocket.cyou fysicals.cyou fytprint.cyou fyurbanic.cyou fyworkout.cyou fyxious.cyou fyyellow.cyou fyzionics.cyou gottas.buzz grapez.buzz greetin.buzz griver.quest grossry.site gxarc.pics gxbit.pics gxcut.pics gxdoc.pics gxemp.pics gxfog.pics gxgot.pics gxhop.pics gximp.pics gxjog.pics gxkit.pics gxliz.pics gxmod.pics gxnop.pics gxorg.pics gxpet.pics gxqus.pics gxrop.pics gxsof.pics gxtok.pics gxuno.pics gxvin.pics gxweb.pics gxxen.pics gxyes.pics gxzip.pics gyaranaz.cyou gybreaking.cyou gycookies.cyou gydmanic.cyou gyeffort.cyou gyfrozery.cyou gygenotes.cyou gyhamster.cyou gyinterest.cyou gyjumper.cyou gyktionary.cyou gyleading.cyou gymorning.cyou gynothing.cyou gyography.cyou gypnothic.cyou gyquestn.cyou gyroscope.cyou gysmalltalk.cyou gytraulic.cyou gyurbanic.cyou gyvocabulary.cyou gyweekend.cyou harmoon.xyz heartyz.xyz herbalz.xyz hovr.monster hubbble.buzz hxarm.pics hxbic.pics hxcit.pics hxdot.pics hxfel.pics hxgot.pics hxhop.pics hxint.pics hxjet.pics hxkit.pics hxlot.pics hxmax.pics hxnop.pics indid.buzz internl.xyz intrst.sbs iqtester.xyz istat.buzz jeepper.buzz jeepr.cfd jekel.xyz joggle.buzz justdo.cyou kampaign.fun komby.uno komodor.sbs kopper.uno krown.buzz lampz.fun leoprd.fun linguic.pics lordsofrock.uno lynxer.monster mammt.buzz megaz.space mickeym.buzz microz.xyz mixtrz.online nazaretz.xyz nickelz.xyz nickl.store nockk.cfd nopp.buzz oblivio.buzz oppressr.cfd orego.buzz orx.buzz oxmid.xyz picos.pics pigin.xyz precisel.buzz preparic.site projer.xyz qolls.buzz quanto.sbs qubic.fun questnz.xyz quickl.online razo.quest restor.uno restorat.sbs revolve.buzz rikroll.xyz secondry.autos statanalytics.xyz strangr.fun strifer.fun strimmr.buzz stubb.buzz tokend.space torquse.uno trickly.xyz trimmr.club trytogo.online ultimatez.cfd undone.buzz unforg.fun unrel.lol untell.xyz varname.buzz vectr.quest vizrd.xyz vorm.buzz warrant.sbs widgt.xyz wizrd.cloud wondr.buzz wormz.buzz xeno.buzz xtremo.lol xtrict.xyz xtrim.fun xxfor.buzz xxgot.buzz xxhit.buzz xxirc.buzz xxjog.buzz xxkep.buzz xxlid.buzz xxmod.buzz xxnex.buzz xxorg.buzz xxpos.buzz xxqck.buzz xxred.buzz xxset.buzz xxtec.buzz xxund.buzz xxvec.buzz xxwex.buzz xxxyz.buzz xxyop.buzz xxzet.buzz xyforward.cyou xygrabber.cyou xyhover.cyou xyinterrupt.cyou xyjumper.cyou xykombo.cyou xylesson.cyou xymoon.cyou xyneedle.cyou xyopera.cyou xypromo.cyou xyquest.cyou xyroman.cyou xystream.cyou xytracker.cyou xyunique.cyou xyvery.cyou xyworld.cyou xyxylene.cyou xyyclept.cyou xyzigzag.cyou yankeyz.cfd yeartwo.buzz yellw.xyz yesllow.homes yester.uno yttrim.uno zetas.cfd zetas.me zetas.shop zxarc.buzz zxbod.buzz zxchk.buzz zxdoc.buzz zxext.buzz zxfog.buzz zxgod.buzz zxhog.buzz zxind.buzz zxjep.buzz zxkid.buzz zxlex.buzz zxmid.buzz zxnix.buzz zxopr.buzz zxpro.buzz zxqud.buzz zxrop.buzz zxset.buzz zxtok.buzz zxund.buzz zxvoc.buzz zxwww.buzz zxxer.buzz zxymb.buzz zxzip.buzz zyambient.cyou zybridge.cyou zycross.cyou zydrive.cyou zyeffort.cyou zyfrozen.cyou zygophyte.cyou zyhandle.cyou zyinternal.cyou zyjumper.cyou zykenia.cyou zyluss.cyou zymase.cyou zynarrow.cyou zyomide.cyou zypper.cyou zyquick.cyou zyrock.cyou zyslave.cyou zytrick.cyou zyultimate.cyou zyvictory.cyou zyworker.cyou zyxpert.cyou zyypper.cyou zyzeolite.cyou # Reference: https://www.virustotal.com/gui/ip-address/185.253.33.181/relations freellock.com cdn.freellock.com # Reference: https://twitter.com/EKFiddle/status/1544348118593941504 # Reference: https://twitter.com/MBThreatIntel/status/1544743417745289216 collectingstatistics.net javascriptmagneto.net jsconfigur.net jsconfigur.org # Reference: https://twitter.com/sansecio/status/1545097814945845248 # Reference: https://www.virustotal.com/gui/ip-address/38.132.99.214/relations # Reference: https://www.virustotal.com/gui/ip-address/85.239.55.67/relations cloudestreem.com systemcloud.in /api/id/IEKAOIEKAOIEKAO /IEKAOIEKAOIEKAO # Reference: https://twitter.com/sansecio/status/1545159974254362626 html5decode.net /redirect-non-site.php?datasend= # Reference: https://twitter.com/unmaskparasites/status/1545463671492681731 pingurlx.com # Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_Magecart.json 01scambiomoda.net 2015onlineshop.com 20180426.com 24sevenprinting.org 24wp.org 29wp.org 2nt6.com 3-easy.xyz 360-3d.info 360popads.com 360popunderfire.com 36obuy.org 38027.info 3dartevideo.com 3hourweb.com 3rfm.com actual-textile.com artistgossip.info asamtechnologies.com asapmobilelocksmithsny.com assistmail.net autocustomcarpets.org autodealerjournal.com autoricambiteam.com bantin113online.com besttowerfanreview.com blossomdigital.net bmoar.com borac.org borderleads.net bournelegacy2012.com bournelegacy2012.info bovyc.info bowobcloud1.com boxmovihd.com cartix.org cartme.org casadellaturadio.com casamadeleine.info casaspremoldadas.net case-lagodorta.com cashpeels.com casino-pokerdom.com casitasduquesa.com casquebeatsspascherr.com cassandragraisford.com cat-lovely.com causeun.com cbtagclouds.com cdtk9.com celeb2vote.com celltheraphy.net click-fraud-detection.com clicktictac.com clipsexteen.com clixapper.com cloud-info.click clunder.net cms-skin.com cmsucoz.com codecomplete4u.com codelessay.info codingbutler.com codnetnewsletter.com coffeebrewerdenver.info coffeemakercolumbus.info coffeeshoprestaurant.info consultabotox.com consultoriocanino.com contextrtb.com contribusourcesyndication.com controlwebadmin.com conversiongold2.com conversioninabox.com convertizrds.com cookiescript.cdn8.info cookingequipmentguides.com cool-board.info cool-cool.info cool-fashion.info cool-her.info cool-herstyle.info cool-key.info cool-mystyle.info cool-top.info coolcounters.net coordenadas-gps.info cople.info corissapoley.com cosmicvent.net cosmosoftsolutions.com countybuck.com coureleads.com cppgf.com cracks4free.info crackthecode.info custom-webdesigns.net customgaugepanelsinhampsteadnc.com cyber-25.info cyberstampedeinc.com cykahax.net cyklist.info cyzyk.info d-artchitex.com da-redirect.info daftar-pokeronline.com daoblockscenter.com dev-extension.cloud dfdffgff.kitewhite.online downloadreview.net dressforyouka.com elunlversal.com freeaudiovideodelivery.com freechoiceact.net freedominvestingsystem.com freedownloadreviewed.com freeinternetvideopoker.com freelancerfree.com freepokercostarica.com freesearchworld.com freewebsitetrafic.com freitagautomobile.com friendpetsclub.com fromtheendzone.com fruitybarre.com fushigi-yume.com gacsapps.com gadgea.com gadget-solutions.com gallerialabronica.com galloom.com getleadfeeder.com grandriverinspection.com graycardinals.com greetingsfromhb.com imzaj.com in-management.info inard.info incinflorida.com includejs.net indatwa.net india-luxury-travel-packages.com indobacklinks.com indovertiser.com inferactive.net info-angebote.info info-circle-area.com info-e-cigarette.com infocirclearea.com infocus52.com infoeduonline.info infoguiaguadalajara.com infomusculacao.com infoserveconsultants.com infpoker.com ingilteredilokulu.org inieshop1.com inlscorp.com inspirationalquotesandsayings.com jogja-handycraft.info johngoodmandesign.com johnsbogers.com jople.info joshuahunt.info joyeriaenpontevedra.com jqwp.org jscrpt.info kimchisan.com kimhuetea.com kimiawebsitedesign.com kinoskachka.com kiralikgunlukdaire.net klasfm.info klin9.info koddostu.net kolnossystems.com konkhmer8.info kvazis.fvds.ru mfhfeeds.com mgtct02.net miamimuseum.info microfin.info miderea.com mybestmediadownloads.com myclickmonitor.com mycrews.info mydearmishima.com mydon.org myhurtbaby.com myluckymarriage.com myogisaputra.info myprestatheme.com myreklama.org mysimplename.com myskop.com myweb-tools.info myxomop.net n1te1337.com n284adserv.com n285adserv.com nannieroth.info navegaengalego.com naverle.com ndezo.net nekretnine365.info neley888.info neohealthnews.com nerds-down.com net-city.info net-fortune-telling.info netrotator.net newimagemagazine.info newm33arads.com newrooseveltinitiave.com newrus.net newsvidnews.info nfsgames.info nfwebminer.com nguoiay.info nguyenthikieuquan.com nhacaipoker.com niaz22.com nikscenes.info nimbuzzer-java.com nitrostats.com njsa-assignments.com nntindia.org nosleeppress.com noticiasnicaragua.info notno.info notraff.com optionsm-stats.com optom-iz-kitaya.com opvar.com oracleinsider.com oracyweb.com orangewebscape.com orc-my.com organicvillagenyc.com organizingdealers.info orthodontistqld.com osatjobs.info otitez.org plugin-connect.cloud pokerdestek.com polskiandi.com pommenoir.com popads.info porno-hab.com pos-in-dubai.com potteryandglasscollectiblesx16.info ppcindonesia.net practicefieldadv.com praguemost.info pralilipiped.net preferredbenefitpartners.com premium-software.info prentissw.com pressing-arcenciel.com pricefeel.info pricesee.info pricesix.info prim-vod.com printerkaosmurah.com prizrakov.net puzzlesgamesplusb3.info radio-constantine.org radiovideoads.com ragonese.net ralphsells.info randompatternsmusic.com raymond-mill.org rdrbackup.com reachingforyourhand.com reportersinc.info reptibious.com reviewerplus.info reyfiles.com rezekidarisms.com rhythm9.com ricondamaintenance.com ridewithtraiv.com ridingmowersendofseason.info ripsawdesign.com rispostaindia.info ristorantedabeni.com riverfrontgrumble.com rjmungo.com rmrefer.com robertostrizzi.com rotation-media.net skolske-knjige.net # Reference: https://twitter.com/MBThreatIntel/status/1549086388024254465 # Reference: https://twitter.com/unmaskparasites/status/1549172191572267008 # Reference: https://www.virustotal.com/gui/ip-address/223.252.173.12/relations # Reference: https://www.virustotal.com/gui/ip-address/85.239.41.205/relations checkmag.shop clientswebstat.online finteza.online funeldata.com help-chat.shop jstat.shop issuspsorry.online kgrs.shop online-chat.shop online-support.best paymentpay.shop visualwebsiteoptimizer.online /api/id/854OIEKAOIEKAOIEKA /854OIEKAOIEKAOIEKA # Reference: https://www.virustotal.com/gui/ip-address/223.252.173.168/relations googlecom.click # Reference: https://twitter.com/sansecio/status/1554902168108294144 # Reference: https://www.virustotal.com/gui/ip-address/103.253.43.232/relations # Reference: https://www.virustotal.com/gui/ip-address/195.54.174.154/relations clickstat.eu cloud-zdassets.com crprtd.com drubofast.com flexchat.shop ghtrs.com gtpely.com hstatbuy.shop iocloud.shop liveclick.shop masmag.shop msft-tools.net stopyfy.com webmastersite.shop zitye.com # Reference: https://twitter.com/MalwareInfosec/status/1559281030283939841 # Reference: https://www.virustotal.com/gui/ip-address/23.106.215.227/relations webtemplatedelivr.com # Reference: https://twitter.com/rootprivilege/status/1559238666077081600 # Reference: https://www.virustotal.com/gui/ip-address/167.235.20.31/relations # Reference: https://www.virustotal.com/gui/ip-address/49.12.223.222/relations 101request.com 99request.com drrequest.com request101.com requestbee.com ab.ro.lt # Reference: https://blog.group-ib.com/switching-side-jobs # Reference: https://www.virustotal.com/gui/ip-address/82.180.173.146/relations # Reference: https://www.virustotal.com/gui/ip-address/82.180.173.187/relations designestylelab.com congolo.pro gvenlayer.com metahtmlhead.com nmdatast.com seclib.org vamberlo.com winsiott.com # Reference: https://twitter.com/rootprivilege/status/1562998526329495553 # Reference: https://www.virustotal.com/gui/ip-address/85.239.54.210/relations united81.com # Reference: https://twitter.com/MBThreatIntel/status/1567533004297490437 stripefaster.com # Reference: https://twitter.com/unmaskparasites/status/1567604988750483457 # Reference: https://www.virustotal.com/gui/ip-address/77.91.74.92/relations gtmapicss.com gtsmapicss.com jqstylemin.com jqstylemini.com jqstyleminjs.com sanapicss.com # Reference: https://twitter.com/MBThreatIntel/status/1572316461615677440 # Reference: https://www.virustotal.com/gui/ip-address/192.236.209.185/relations # Reference: https://www.virustotal.com/gui/ip-address/51.75.49.254/relations stats-doubleclick.com # Reference: https://www.virustotal.com/gui/ip-address/195.22.149.218/relations # Reference: https://www.virustotal.com/gui/ip-address/91.203.192.227/relations cloudfsnbg.cc google-application.com google-bootstrap.com google-clipboard.com google-font.com google-ltag.com google-manager.com google-portal.com google-server.com google-work.com static-create.com static-js.com static-migrate.com static-portal.com # Reference: https://twitter.com/unmaskparasites/status/1572635560153612288 # Reference: https://www.virustotal.com/gui/ip-address/94.131.107.62/relations gjsmini.com goojsytle.com stylecssmini.com # Reference: https://twitter.com/MBThreatIntel/status/1573059941619081221 guyacave.fr/js/tiny_mce/themes/modern/validate.js # Reference: https://twitter.com/MBThreatIntel/status/1577039325157822464 # Reference: https://www.virustotal.com/gui/ip-address/142.11.211.60/relations # Reference: https://www.virustotal.com/gui/ip-address/178.20.40.156/relations assetsclick.com assetsfind.com assetspower.com assetsspace.com megaebun.ru stripecheck.com # Reference: https://twitter.com/MBThreatIntel/status/1578483645568147456 # Reference: https://twitter.com/EKFiddle/status/1578497647857762304 fleuriste.ca/static/version1664884145/_cache/merged/510ae23a9c13df084a8608806e1bb5be.min.js gs27usa.com/translations/tw/mails.php # Reference: https://twitter.com/MBThreatIntel/status/1579869056819396609 cdn-mediahub.com # Reference: https://www.virustotal.com/gui/ip-address/103.109.101.137/relations payce-google.com payse-google.com # Reference: https://twitter.com/sansecio/status/1587034728292646913 # Reference: https://www.virustotal.com/gui/ip-address/176.99.6.185/relations altersave.org js.altersave.org # Reference: https://twitter.com/AffableKraut/status/1587457210564726791 # Reference: https://urlscan.io/result/f14c5092-9bec-4985-91be-a4601d39ddac/ lalalatatata.com # Reference: https://www.virustotal.com/gui/ip-address/188.114.97.3/relations jscdnstore.pw # Reference: https://twitter.com/unmaskparasites/status/1593321085323595776 aspoln.info # Reference: https://twitter.com/c0d3inj3cT/status/1594974179463499778 # Reference: https://www.zscaler.com/blogs/security-research/black-friday-scams-4-emerging-skimming-attacks-watch-holiday-season artmodecssdev.art cdn-common.com cdn-webcloud.com devjs.biz html5decode.biz html5decode.com html5decode.org java-cloud.biz java-cloud.net java-cloud.org magento-cloud.biz magento-cloud.com magento-cloud.net magento-cloud.org modersecure.com mozillajs.biz mozillajs.net mozillajs.org payment-analytics.info stirepoint.com # Reference: https://twitter.com/SinghSoodeep/status/1598320639961710596 # Reference: https://www.virustotal.com/gui/ip-address/46.30.40.108/detection cdn-jsnode-call.com cvv-news.store cvv-private.online cvv-private.space cvv24.cc cvv24.site cvv24.store cvvamoggrcopaeehscyic6xu3q5lbameo3kv3q3ptpfa5bsq2vrbjsad.onion cvvhub.at cvvhub.in cvvhub.site cvvhub.store cvvhub.su www-cvvhub.ru # Reference: https://www.virustotal.com/gui/ip-address/34.171.171.32/relations # Reference: https://www.virustotal.com/gui/ip-address/51.91.209.190/relations jquerystatistik.com jqurystatistic.com statistiktrafiktrubest.com statistiktrafiktrubest.net # Reference: https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.36/relations 2blu.cloud 7raven.uno add222.golf bind853.me blind227.boutique block714.mobi bus527.cfd composition375.digital depth305.digital dig159.digital door111.network earn454.live follow707.cloud gymorning.cyou heavy689.immo hinder799.cyou hovr.monster literature539.space lynxer.monster mn-vps.art nothing536.loan operator595.city passenger210.bar reduction925.cc rere.live rfer.co rtrk.be salt204.me slavery588.biz someone332.bond strimmr.buzz supper728.gifts temple321.bar wa-track.com war740.engineer web-cockpit.jp zizy.lt bx46558954.block714.mobi 6383573447.dig159.digital a139127292.dig159.digital ad51503046.dig159.digital au54908186.add222.golf b752190403.dig159.digital bu4177319.passenger210.bar ck40780353.hinder799.cyou cn24778728.composition375.digital dr16228601.party257.engineer ei18376437.operator595.city fe50866349.operator595.city ga71625840.door111.network ic28610131.door111.network kv6922771.door111.network mq16264526.temple321.bar oe45905490.reduction925.cc temple321.earn454.live tracker.web-cockpit.jp w4451.wa-track.com w7415.lb.wa-track.com wl63518921.nothing536.loan yq40826.bind853.me yv32724828.operator595.city # Reference: https://www.virustotal.com/gui/ip-address/172.64.80.1/relations cdnjs.pw # Reference: https://www.mertsarica.com/magecart-ile-mucadele/ /js/6cb1e31ff2f343a9d576d889bfcbde0e.js /6cb1e31ff2f343a9d576d889bfcbde0e.js # Reference: https://www.virustotal.com/gui/ip-address/162.19.175.7/relations jquery-mobile.com # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven 2xdepp.com # Reference: https://www.virustotal.com/gui/ip-address/185.157.160.171/relations magento-cdn.net # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336 antohub.shop app-stat.com jquery-node.com nebiltech.shop okqtfc1.org rithdigit.cyou yachtbars.fun cdn.antohub.shop cdn.nebiltech.shop # Reference: https://twitter.com/unmaskparasites/status/1633894598908219392 git-authorize.net # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/03/hunter-skimmer # Reference: https://otx.alienvault.com/pulse/641b199b876ff4d23aab375c 1537la.buzz 1537li.buzz 1537lx.buzz 1568la.buzz 1568li.buzz 1568lx.buzz 1599la.buzz 1599li.buzz 1599lx.buzz 1599lz.buzz 1630lz.buzz appcloud1.buzz appcloud19.buzz appcloud2.buzz appcloud20.buzz appcloud3.buzz appcloud5.buzz araboxtv.sbs blindsmax.sbs bubapeq.quest dev-extension.one dev-extension.us hedeya.sbs inspirefitness.sbs motherearthlabs.sbs nasaservers.sbs newarriwal.quest paramountchemicals.sbs peqart.sbs remediadigital.sbs roboshop.sbs schmerzfrei-shop.sbs swsgswsg.sbs thecornerstoreau.sbs ultracoolfl.sbs # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/03/new-kritec-skimmer # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/11/credit-card-skimming-on-the-rise-for-the-holiday-shopping-season # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.76/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.78/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.80/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.82/relations # Reference: https://otx.alienvault.com/pulse/641c8658102b428a20157ffc # Reference: https://otx.alienvault.com/pulse/6555e85408ac74ea956c5471 accotech.quest aifanul.yachts androton.online animtech.quest apexit.yachts arastek.online aurelec.shop autotec.shop avergonzareis.dev avordic.site avtomob.sbs babtek.click bachitech.pics balacdigit.pics bantec.pics basewhit.quest beatmob.pics becasotec.site bednedigit.quest begistic.site belmrs.click bereelec.quest beresor.store bespitech.sbs bibstele.online biposou.online birtec.quest bolotoc.store boroshtic.click bufelec.yachts bulkmob.store calcdigit.pics canecieseis.contact cegteh.store centridig.store changeyellow.cfd chasoc.quest chekeelec.quest chelotec.quest chokdigit.pics chutech.works cloud-cdn.org cloveselec.quest comepetec.click cosmafit.click cutele.shop cuvanil.quest daisnetech.site dayspiselec.quest defimob.bar dekrenof.quest deletouch.shop deliverclos.online deliverclos.sbs denetok.site denlog.shop depeyo.online deshvoc.store digitstel.site divimob.space djutech.online domelec.shop domog.shop donashhack.online dorojet.store dowonderful.store druzit.quest dujetech.yachts dvanatech.yachts dvojnatech.sbs dychtech.shop dzelonline.shop ecosustain.digital effecttec.shop efromob.site eleconuch.click elenots.site eluntec.info encit.yachts enisemol.click ensdigit.quest entrydelt.sbs etibuz.shop fadyit.pics fantodelt.sbs fasfad.site feerkin.store felestech.click flagmob.quest flattec.sbs fletmob.sbs flowit.pics followmilitry.cfd frikctictempo.fun frodetraho.click funkomob.sbs gachit.yachts galeglob.quest gambon.shop gapsink.shop garnimob.sbs gastdigit.quest gawtech.site gelenhan.online gelimog.online gemdigit.pics gemofab.store gemstec.yachts genertech.pw genimmob.online genodigit.store genstech.shop gentop.online gerelec.site golyadik.site golyter.shop goponl.online greentechify.digital gretit.yachts hapermob.shop hasekytop.click heeopink.shop helinit.yachts helostop.shop helotec.pics hemidigit.click hemogom.online hempomot.space henove.store heptombo.store hhfnsfsga.sbs hoohotic.click hovarelec.shop hustiontec.store idopos.shop ietinlc.store ifilone.site igusfil.shop imhoelec.yachts imperel.site inlinedigital.pics innovate360.digital inspireworks.digital intescon.store intesres.quest irlatok.shop istoretc.shop jantech.quest jartlink.site jestmob.pics jetomob.shop jezesec.quest jondong.online jujoc.online justlice.store kafaben.site kajetic.fun kalomob.store kamitac.shop karadigit.quest keistodigit.pics kiligob.site kinotec.pics klstech.shop kolrmob.space kontec.quest koremob.site kouelec.cyou krasoticmob.space kritec.pics kruktech.shop kurkumin.click lavutele.yachts ledeehub.shop lehelec.yachts lemnidig.shop lemtok.store lenosmac.shop lenton.store leritgo.sbs lielecef.cyou lishetoc.shop livepolitical.sbs lokotec.quest luktoc.online luterylpen.online mageants.sbs metsimob.yachts mihayam.shop miskotec.store moboed.icu moldmob.site musatech.quest mutelec.quest mylase.click nadoelec.space najitel.quest nasnamob.quest nechuvelec.click nemojmob.online nepochtec.shop nevomob.quest noanotech.sbs nogtech.site nujtec.shop obfuscator.io obogtec.quest obomob.site odintech.sbs odnydigit.quest oifilon.site oklasdon.online oleketec.store olinmasot.click omamint.click onitzech.sbs optemhop.shop osobtech.yachts otkridigit.quest otpusmob.shop oumymob.shop paunit.pics peeyol.click pelstec.online pershtec.click perstech.shop petlelec.quest pilozol.quest pitamec.shop plactech.quest plasmob.pics podbotec.sbs podobadigit.quest poidelt.sbs poptec.sbs povomob.shop pracelec.yachts pricetool.store prihot.fun prijetech.shop prodovjtec.shop projectmob.sbs provtec.shop psyhomob.sbs pubupu.quest ragutech.shop rebomob.quest regtech.sbs resuelec.yachts retpin.online ribtech.shop rozkatech.yachts ruepliz.click sakwohub.shop samknut.click samopotele.yachts sanpatech.shop sasaiso.cfd schetdigit.pics screenmet.sbs secreelec.shop selentech.click seletech.markets seletmob.online semebit.online sewit.quest sgolen.store shakorot.site shareeffectiv.yachts shellmob.fun shestiteek.quest shokomob.sbs shonowor.site shotsmob.sbs shpitech.quest shumocom.site sintec.store sipletoc.site smestech.shop soplelec.pics sorotele.yachts sotkelec.yachts sourite.online spilotich.online startculturl.site statemob.yachts stelor.shop stemtec.click stiildig.store stimob.pics stiornec.store stonworks.vip stopfurther.sbs strajit.yachts stramdigital.yachts supermob.network sviisdigit.quest tanuatech.quest tastmob.yachts tekeiteh.quest teledomn.quest telehub.shop teletoch.pics teletouch.click temtoch.site tenastoc.click timetok.online tiopot.shop tisimy.quest tochdigital.pics tochelec.quest topostock.shop trepmob.sbs trevago.site tromtustec.quest tuchtoch.shop tuchtok.site tuctec.site tululudoc.online uakachumob.store udamos.online ukatec.pics ulyatec.quest undedigit.site usespecial.quest uznatec.shop valetec.pw vdoxdigit.pics vedldeno.store verecey.quest vetitec.quest vinalink.click vitalmob.pics vjevec.quest vkiten.click volonmob.sbs volosmob.pics volosmob.sbs vonderdigit.quest voouvdigit.site votedigit.shop vozvrec.store vuroselec.quest vushtech.sbs wegvilt.site weitmob.shop wellbeingtech.digital writefederal.click wudutec.shop xentech.shop xiloditg.yachts xorotelec.quest yaknatec.pics yamatel.store yavipustec.online yedelec.sbs yelobit.online yelyotech.pics yololive.sbs yukmob.store zahidelt.sbs zamlmob.pics zizitok.shop zlakovos.click cdn.avergonzareis.dev cdn.birtec.quest cdn.canecieseis.contact cdn.chelotec.quest cdn.donashhack.online cdn.dorojet.store cdn.elenots.site cdn.feerkin.store cdn.gawtech.site cdn.heeopink.shop cdn.ietinlc.store cdn.imperel.site cdn.koremob.site cdn.kurkumin.click cdn.omamint.click cdn.oumymob.shop cdn.podobadigit.quest cdn.retpin.online cdn.shestiteek.quest cdn.tiopot.shop cdn.uakachumob.store cdn.udamos.online cdn.ukatec.pics cdn.undedigit.site cdn.vedldeno.store cdn.vinalink.click cdn.yelobit.online ww12.podobadigit.quest # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.130/relations nespomob.sbs cdn.shotsmob.sbs # Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ info-stat.ws # Reference: https://cyberweek.ae/materials/D4%20TRACK%202%20-%20APT%20Attacks%20On%20Crypto%20Exchange%20Employees%20-%20Heungsoo%20Kang.pdf analyticsfit.com # Reference: https://www.virustotal.com/gui/ip-address/23.88.97.138/relations js-jquerylibs.com # Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art # Reference: https://otx.alienvault.com/pulse/644ba6b9255f619b29fc7ac3 daichetmob.sbs genlytec.us interytec.shop pyatiticdigt.shop shumtech.shop stacstocuh.quest zapolmob.sbs # Reference: https://unit42.paloaltonetworks.com/internet-threats-late-2022/ # Reference: https://www.virustotal.com/gui/file/eaadde9a724180a0318c13a9399ec30bda7a3ec6399ff43b8b7207bf0e74332b/detection personallydeliver.com # Reference: https://twitter.com/unmaskparasites/status/1653895004287537152 # Reference: https://www.virustotal.com/gui/ip-address/194.4.49.208/relations codesejquery.com codesjquery.com gojqswejs.com gojqueryajax.com gojqwejs.com gojqwerjs.com jspixjqurey.com jspqurey.com # Reference: https://sansec.io/research/postponed-exfiltration-evades-detection # Reference: https://www.virustotal.com/gui/ip-address/185.142.238.71/relations # Reference: https://www.virustotal.com/gui/ip-address/185.142.238.77/relations # Reference: https://www.virustotal.com/gui/ip-address/198.54.117.242/relations gogletags.click gtag-analytics.com pickuptestold.site cdn.gogletags.click cdn.gtag-analytics.com cdn.pickuptestold.site gt473829.pickuptestold.site # Reference: https://twitter.com/threatcat_ch/status/1661006743340724224 # Reference: https://twitter.com/unmaskparasites/status/1661052684366143489 # Reference: https://www.virustotal.com/gui/ip-address/91.202.5.222/relations cdnjsbrt.com cdnjstat.com marhamteb.com miagw1b-1.net vk-0y7l5hkf.ru webstatlstics.net www111.site # Reference: https://twitter.com/unmaskparasites/status/1673811920263208960 # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=49.12.201.215 fedgeat.com fwldewr.com giberuz.com harilov.com hdrequest.com htmesed.com letoloh.com pattepr.com requesthd.com requesttip.com sacarie.com tusunal.com varcinu.com velenzy.com velioan.com # Reference: https://www.virustotal.com/gui/ip-address/188.114.96.4/relations cloudfarle.com cdn.cloudfarle.com # Reference: https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains # Reference: https://www.virustotal.com/gui/ip-address/194.50.153.45/relations # Reference: https://www.virustotal.com/gui/ip-address/51.250.22.129/relations # Reference: https://www.virustotal.com/gui/ip-address/80.66.64.143/relations byvlsa.com cdnreport.net chatwareopenalgroup.net woocommerce.im woocomnnerce.com yoursmartpanel.com cpanel.woocomnnerce.com emv1.byvlsa.com emv1.google-site-verification.com puzygqxxsdu.woocomnnerce.com # Reference: https://threatfox.abuse.ch/browse/malware/js.magecart/ lemodigit.online macsetech.online mopedigit.shop olimpsport.org ttewe.quest yalomob.pics # Reference: https://www.virustotal.com/gui/ip-address/195.80.51.59/relations # Reference: https://www.virustotal.com/gui/ip-address/34.88.77.180/relations script-hotjar.com cpanel.script-hotjar.com random.script-hotjar.com 9dac4f19-6e96-4470-974c-73ca48c6c0cc.random.script-hotjar.com # Reference: https://www.virustotal.com/gui/ip-address/107.158.94.87/relations google-analytics.publicvm.com # Reference: https://www.virustotal.com/gui/ip-address/193.106.174.210/relations dwww.script-analytics.com ipfs.script-analytics.com mail.script-analytics.com # Reference: https://sansec.io/research/malware-persistence-via-telegram-and-github # Reference: https://www.virustotal.com/gui/ip-address/51.161.204.249/relations kissupme.life # Reference: https://otx.alienvault.com/pulse/64d69f098146e2b80ae306a3 xurum.com mail.xurum.com mx.xurum.com # Reference: https://threatfox.abuse.ch/ioc/1152655/ dispatchweekly.com/wp-admin/admin-ajax.php yamtorrecampo.com/wp-includes/card.js # Reference: https://www.virustotal.com/gui/ip-address/193.106.174.126/relations # Reference: https://www.virustotal.com/gui/ip-address/51.250.66.41/relations cdn-report.com fsxtwuuitax.cdnreport.net mail.cdnreport.net mta-sts.cdn-report.com mta-sts.google-site-verification.com mvwsggyjwgk.woocomnnerce.com thsid.megaebun.ru sber.megaebun.ru smtp.cdnreport.net smtp.woocomnnerce.com # Reference: https://www.virustotal.com/gui/ip-address/31.44.184.200/relations googleapicert.com # Reference: https://twitter.com/Gi7w0rm/status/1705319428802449846 http://155.133.7.22 # Reference: https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer # Reference: https://www.virustotal.com/gui/ip-address/37.1.220.159/relations adsometric.com anality-cdn.com cngresearch.com pmdresearch.com secures-tool.com tool-cdn.net # Reference: https://sansec.io/research/is-your-stores-newsletter-being-used-for-phishing pub-7f69134e44ab4a03bb5e13c4894ffb4f.r2.dev # Reference: https://twitter.com/sucurisecurity/status/1732865318903505168 # Reference: https://twitter.com/unmaskparasites/status/1732880913359585670 # Reference: https://blog.sucuri.net/2023/12/40-new-domains-of-magecart-veteran-atmzow-found-in-google-tag-manager.html artdataharvest.com artisticexpressiondb.com artisticpatterndata.com artistictrendsmap.com artistictrendsprobe.com artprofilingtool.com artstattracker.com arttrendtrackers.com artworkanalytics.com brushstrokemetrics.com canvastrendstracker.com colorpalettemetrics.com colorschemeobserver.com drawdatahub.com drawinginfopro.com drawninfoinspector.com drawnstatsgather.com gallerydatainsight.com gallerytrendstracker.com imageinsightvault.com imagepatternprofiler.com imagestatistician.com paintedvisionsstats.com paintedworldstats.com paintinfoanalyzer.com picinfometrics.com picturedataminer.com picturetrendsdb.com picturetrendsmonitor.com sketchanalyticsvault.com sketchdataanalytics.com sketchdataharbor.com sketchinsightswatch.com sketchmetrics.com sketchtrendsmonitor.com strokeanalysislab.com strokepatternanalysis.com visualartexplorer.com visualartinsights.com visualdatacollector.com cdn.artdataharvest.com cdn.artisticexpressiondb.com cdn.artisticpatterndata.com cdn.artistictrendsmap.com cdn.artistictrendsprobe.com cdn.artprofilingtool.com cdn.artstattracker.com cdn.arttrendtrackers.com cdn.artworkanalytics.com cdn.brushstrokemetrics.com cdn.canvastrendstracker.com cdn.colorpalettemetrics.com cdn.colorschemeobserver.com cdn.drawdatahub.com cdn.drawinginfopro.com cdn.drawninfoinspector.com cdn.drawnstatsgather.com cdn.gallerydatainsight.com cdn.gallerytrendstracker.com cdn.imageinsightvault.com cdn.imagepatternprofiler.com cdn.imagestatistician.com cdn.paintedvisionsstats.com cdn.paintedworldstats.com cdn.paintinfoanalyzer.com cdn.picinfometrics.com cdn.picturedataminer.com cdn.picturetrendsdb.com cdn.picturetrendsmonitor.com cdn.sketchanalyticsvault.com cdn.sketchdataanalytics.com cdn.sketchdataharbor.com cdn.sketchinsightswatch.com cdn.sketchmetrics.com cdn.sketchtrendsmonitor.com cdn.strokeanalysislab.com cdn.strokepatternanalysis.com cdn.visualartexplorer.com cdn.visualartinsights.com cdn.visualdatacollector.com # Reference: https://twitter.com/ViriBack/status/1737215413715361833 http://91.92.250.214 # Reference: https://blog.sucuri.net/2023/12/magecart-wordpress-plugin-injects-malicious-user-credit-card-skimmer.html fbplx.com lin-cdn.com # Reference: https://threatfox.abuse.ch/browse/tag/Magecart/ http://37.252.1.225 http://45.153.48.176 http://5.252.177.247 37.1.213.121:8080 37.252.1.225:443 45.153.48.176:443 5.45.83.223:443 # Reference: https://www.virustotal.com/gui/ip-address/80.78.25.165/relations js-utilities.com # Reference: https://www.virustotal.com/gui/ip-address/80.78.22.139/relations liquisync.com # Reference: https://www.virustotal.com/gui/ip-address/91.206.178.221/relations dexpols.tech con-next.tech coreallbridges.tech octusbridges.tech doogle-analytics.online doogle-analytics.site doogle-analytics.store # Reference: https://twitter.com/Gi7w0rm/status/1746907826511851668 /dcce10/stat.php # Reference: https://twitter.com/Gi7w0rm/status/1746905252744294853 # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.36/relations 0ad.g-content.bid 0c72099354.dig159.digital 1clicktracker.com 1d88817234.dig159.digital 1f47719105.dig159.digital 2ftracker.web-cockpit.jp 3043890602.dig159.digital 3043890602.mn-vps.info 3282978873.dig159.digital 3282978873.mn-vps.info 3659627184.dig159.digital 45447314.dig159.digital 4693606354.mn-vps.info 4gods.nl 5441551fdd.com 55.forjs.online 5880298611.dig159.digital 5880298611.mn-vps.info 5b89443922.dig159.digital 5d87691157.dig159.digital 6c12149180.dig159.digital 722a9c3988.5441551fdd.com 788555.vip 7e59911148.dig159.digital 7tor.fun 8252261061.dig159.digital 9227543145.dig159.digital 9227543145.mn-vps.info 9379155332.dig159.digital 9a57017380.dig159.digital a636377283.dig159.digital ab48478730.mn-vps.info ab88188560.bind853.me ad.g-content.bid ad83067819.politician407.cc adutler-fermion.com advice875.kaufen af31462241.little574.dog af79129622.heavy689.immo affilprofinetwork.cz africangirl.top ah12307213.hole579.info ah24319910.little574.dog ah48793979.follow707.cloud ak14365841.reduction925.cc al98798321.operator595.city always609.me an42494030.slavery588.biz analytics.bncapp.net analytics.brinelab.com analytics.dogpower-news.it analytics.dynamit.space analytics.skyliumradio.de analytics.youlindo.eu anglerfox.design anti-bot.buzz api.getreviews.app api.getshar.es apiu.ru apiwm.link app.calldrive.io app.conversionratebooster.com app.custiom.com app.eshop-ads.online app.isflm.com app.neunetic.com app.notifendo.com app.notifyer.pro app.viralproof.co apps.poln.co aq74359105.mnvps.cc arbitko.ru arch535.industries as64897077.blind227.boutique au93566707.supper728.gifts auglstats.net av78696081.salt204.me awebcommerce.com ax82528484.paste518.cyou ay41005849.hand995.camp azjs.win b252188235.dig159.digital ba86862616.supper728.gifts barber462.space bcmid.eu be17524253.slavery588.biz be28299789.dig159.digital best-developer-work.com beyond426.gold bh42322336.party257.engineer bi43350504.mnvps.live bi77461158.reduction925.cc bi98398831.mnvps.click bisn.manqi.app bit681.center bj49908013.slavery588.biz blame303.download bm32148204.mn-vps.click bm62997213.add222.golf bn99972963.reduction925.cc bncapp.net boswelling.com bp61431860.weekend956.agency bq20940184.hole579.info brandsale.website brinelab.com bro.kim bs46335192.little574.dog bt82594660.door111.network bu18998023.earn454.live bu28836450.door111.network bugherd.sg bunneumetcea.tk buoy.bz bx44819218.party257.engineer byggonline_gotenehus_se.cdpx-eu.com bz56223611.supper728.gifts ca70104711.party257.engineer cad-constructor.de cafe24.instashoppick.com caishenlailai.com calldrive.io canecto.info cb6956786.dig159.digital cdn.cloudnxd.com cdn.micspanel.net cdn.obisonesrl.com cdn.omapapi.com cdn.oryxcommerce.com cdn.pushdialog.com cdpx-eu.com cg26555208.temple357.careers ch27390466.operator595.city checkouau93566707.supper728.gifts checkout-cdn.net chicocanvas.com chillzone.pm ci85339965.mnvps.art ciasnafurta.pl circle504.shop cj90473967.classify321.jewelry cj90473967.instant768.cheap cj90473967.party257.engineer ck36970538.keep822.cam ck38055632.operator595.city ck44111745.keep822.cam classify321.jewelry cloud.optimizer.systems cloud.site22.hk.luocheng.site cloudfare.tech cloudnxd.com cm35012446.bus527.cfd compteurgratuit.net connect.faceboooooooooooooooooook.net console.naomi.chat conversionratebooster.com copoetry.com cq69947833.laugh687.delivery cqtw22699791.herbalsolutionsource.com cr61571145.eastern305.space credit-cashback.net cs70855524.reduction925.cc cta.shopgear.io custiom.com cx51318470.bus527.cfd cz72358199.temple321.bar d.g-content.bid d140273217.dig159.digital da32858492.supper728.gifts da9495731.mn-vps.art data-stat.info datbinhduongdep.net dc30117151.wide227.dog delay994.cc demospalabanda.com detect.redirectron.com dh55trk.com diamond674.digital dj20331469.blind227.boutique dk13597652.block714.mobi dl.jscript.cloud dogpower-news.it doogle-analytics.online doogle-analytics.site doogle-analytics.store dp26034124.follow707.cloud dp66758414.temple321.bar ds88277251.earn454.live dshost.pro dsncs55ms.xyz dssdsdaas.xyz dt31380469.block714.mobi dynamit.space e.slimfy.net e313588511.dig159.digital eastern305.space eba18.ffox.site ec12544429.heavy689.immo ec22129369.dig159.digital ef27127706.door111.network eh54560443.party257.engineer eh74850685.reduction925.cc ei23992012.passenger210.bar elitemail.monster em89206696.arch535.industries em92287661.supper728.gifts email2marketing.com embed.tawkto.bid en.bro.kim eo5162594.nothing536.loan eq53211622.salt204.me er70536089.follow707.cloud erikawraps2015.com eshop-ads.online estats.live eu20976880.bit681.center ew26641374.mn-vps.click ew90072292.add222.golf extenmap.com f279509202.dig159.digital fa57865601.dig159.digital faceboooooooooooooooooook.net fasten466.golf fb28343398.temple321.bar fb8353087.bind853.me fbmarketing.top fd14727926.heavy689.immo fd602061.bind853.me fd76829342.depth305.digital fh51299271.passenger210.bar fi2550286.diamond674.digital fifsupport.com firsaturunleri.net fk38210998.circle504.shop flavor540.info fn22214993.hinder799.cyou follow.hk forjs.online fp8565340.temple321.bar fq37456017.hole579.info fq9451830.circle504.shop frame185.kim frankdocs.biz freeblowjob.online frighten164.men ftracker.web-cockpit.jp fy18161208.bus527.cfd fz11934809.mn-vps.cc fz19876324.circle504.shop fz97829124.operator595.city ga92626343.salt204.me gablr.me get-statics.live getreviews.app getshar.es giftblink.top gk66765425.hole579.info globalmiglog.com go.rere.live goat420.football gojinji.com gojoglesyndication.com gonulkomur.wv535171.war740.engineer googieplay.info gp71233739.war740.engineer gq77935519.supper728.gifts gq97717721.blind227.boutique gralek.pl great-news2.club group-bif.com gt36830018.arch535.industries gtagagent.org gulandsonshotel.com gw3344224.war740.engineer gw47326997.blind227.boutique gz42908556.circle504.shop gz52395619.weekend956.agency hand995.camp he95169012.earn454.live heapstatic.com helpdesk.minkundservice.se herbalsolutionsource.com hk.luocheng.site hm9219478.mnvps.live ho37690430.little574.dog hole579.info hope903.quest hp3345578.slavery588.biz hr66074833.block714.mobi hu6086129.follow707.cloud humorhunter.net hunger605.online hw27367815.severe373.asia hy89263832.hole579.info hydrahydra.ir hydrahydra.kim hz86232397.mnvps.live ic10353896.slavery588.biz ie92799119.hinder799.cyou if10917833.earn454.live if40149807.little574.dog ij85301239.circle504.shop ik38902469.bind853.me il44395769.mnvps.club im33413012.slavery588.biz imatone-hosting.com imstats.imatone-hosting.com in640600.mn-vps.click inflow.humorhunter.net informatykadlafirm.pl instant768.cheap instashoppick.com investearners.com iq71846426.blind227.boutique iq85570406.bind853.me isflm.com it38469760.passenger210.bar iv20033491.she583.info iv30616081.war740.engineer iz83661546.fasten466.golf j-nic.jp ja.bro.kim ja42590609.party257.engineer jab.shopping javaskript.xyz jc48870821.salt204.me jd56933392.hand995.camp jd66321716.war740.engineer jg72225657.earn454.live jl59722347.keep822.cam jo94315710.bind853.me jq81278204.depth305.digital jqbs-cdn.store jqbs-checker.store jqbs-cloud-cdn.xyz jqbs-cloud-min.xyz jqbs-min.store jqbs-rest.store jqueurystatic.com js78281653.always609.me jscript.cloud json.gdn jspcss.com jx16629495.party257.engineer jx20957303.war740.engineer ka57680696.mnvps.live kb74503782.passenger210.bar kb99948025.operator595.city kd37039685.severe373.asia keep822.cam keit.master-tds.com kejnojd7.ru kg54544974.bind853.me kh40424217.operator595.city khobanthodep.vn kitchenventsystem.com kj37309760.little574.dog kj96485300.blind227.boutique km85530062.blind227.boutique kn6199553.diamond674.digital kp96190005.laugh687.delivery kw2199162.hand995.camp ky72778169.nothing536.loan laboratorio-salvadori.com laugh687.delivery lcvy25944673.herbalsolutionsource.com leadfeedssl.com li75628279.reduction925.cc likemytests.pw link.luocheng.site linkdonations.com listen884.digital little574.dog livechat.copoetry.com lk19006130.salt204.me lk45801402.nothing536.loan load587.date lobo2.pink log.nuserv.eu lowhost.ru lp37095324.reduction925.cc lr28711659.block714.mobi ls7010884.add222.golf lu32159822.bind853.me lu33625959.permanent875.center lu37005322.operator595.city lu37152750.block714.mobi lu76955282.earn454.live lu96707629.hinder799.cyou luocheng.site lw21955709.circle504.shop ma16394068.arch535.industries mail.africangirl.top mail.g-content.bid mail.instashoppick.com mail.jquerycdn.at mail.jquerylib.at mail.json.gdn mail.kinfirighbetted.host mail.medownet.xyz mail.toplevelstatic.com mail.veotracking.com mail.ws2.g-content.bid mail.ws3.g-content.bid manqi.app manyvps.online maskado.art master-tds.com mautic.gralek.pl mb73969123.passenger210.bar medownet.xyz meligue.online menzilmobilya.com mere836.digital mf57071519.bind853.me micspanel.net militarymini.club minijs.website minijs.xyz minkundservice.se miwolib.com mj13915057.diamond674.digital mju.dsncs55ms.xyz mn-vps.cc mn-vps.click mn-vps.club mn-vps.info mn42303470.mnvps.live mn46368989.put361.blog mnvps.art mnvps.cc mnvps.click mnvps.club mnvps.info mnvps.live moi.sivuseuranta.fi mother227.cc mp.lobo2.pink mq2668236.depth305.digital mx36218168.earn454.live my49898597.party257.engineer mywidget.me n.bro.kim na98470849.severe373.asia nad.g-content.bid naomi.chat nb70893594.bus527.cfd nd11950863.bind853.me ne13599891.slavery588.biz network.wiy.ro neunetic.com ng79410170.earn454.live ng88644832.passenger210.bar nj38996860.salt204.me nj42584278.salt204.me nl96544673.block714.mobi notifendo.com notifyer.pro notiv.id nq54555111.little574.dog nr57072098.nothing536.loan ns1.advice875.kaufen ns1.beyond426.gold ns1.blame303.download ns1.classify321.jewelry ns1.delay994.cc ns1.frame185.kim ns1.goat420.football ns1.mere836.digital ns1.plain923.me ns1.reach183.online ns1.someone332.bond ns1.spirit500.clinic ns1.star374.live ns1.stiff551.quest ns1.use635.coffee ns1.worry257.ink ns13102412.circle504.shop ns2.advice875.kaufen ns2.beyond426.gold ns2.blame303.download ns2.classify321.jewelry ns2.delay994.cc ns2.frame185.kim ns2.goat420.football ns2.manyvps.online ns2.mere836.digital ns2.plain923.me ns2.someone332.bond ns2.spirit500.clinic ns2.star374.live ns2.stiff551.quest ns2.use635.coffee ns2.worry257.ink nstp.erikawraps2015.com nt24321600.operator595.city nuserv.eu nw22767877.party257.engineer nz22993409.earn454.live oa87423576.follow707.cloud obisonesrl.com oc427773.slavery588.biz of98134012.passenger210.bar off301.space oh43208413.door111.network ohric.east1.pmrockettools.app oj83725790.hinder799.cyou oj88912451.mn-vps.cc omapapi.com onlinewebtracking.de onto566.shop oownik.com op10194629.mn-vps.art op89216989.flavor540.info optimizer.systems optimumtrade.online oq67557328.depth305.digital or64384422.temple321.bar oryxcommerce.com ou26382554.flavor540.info ov52235842.nothing536.loan ow72853614.add222.golf owa.ws2.g-content.bid owa.ws3.g-content.bid owaspi.info owaspi.me ox42878257.blind227.boutique oxusinfotec.com p7z912.bro.kim pagead2.gojoglesyndication.com pakistancloudservers.com part-time-job.biz paste518.cyou pd87452203.listen884.digital pe32628866.earn454.live pe3839026.subject403.quest pegasobooking.it permanent875.center pg86372135.flavor540.info pj69707064.bus527.cfd pk11855309.circle504.shop plain923.me pm11996024.composition375.digital pmrockettools.app pn81543304.nothing536.loan podpora.support politician407.cc poln.co pr25058134.composition375.digital pr78855440.follow707.cloud premiumstoreoutlet.com prestashop-demos.org printserviceroma.it profiyou.ffox.site pt27484752.she583.info pt30120535.circle504.shop pushdialog.com put361.blog pw06.woibs.net py99764136.bind853.me qa88445857.bind853.me qb47154533.hope903.quest qd94153140.operator595.city qdtn36019268.herbalsolutionsource.com qi32775626.subject403.quest qi85741768.bus527.cfd qn37470165.war740.engineer qo14322810.paste518.cyou qo63839594.depth305.digital quot-now.com qx13279925.subject403.quest qz71358249.diamond674.digital r.buoy.bz ra78188285.bind853.me reach183.online redirectron.com resource.canecto.info rh95617864.composition375.digital rose-musquee.eu rq38017361.bind853.me rq56823917.she583.info rs92227615.war740.engineer ru35757716.supper728.gifts rw2678233.hole579.info rw77183276.little574.dog rx74588942.blind227.boutique rxfg73700013.herbalsolutionsource.com s.apiu.ru sa41989673.mn-vps.art sa46349005.war740.engineer sa78782323.reduction925.cc salesurfboard.club sam2ur5.ffox.site sb31247426.earn454.live sb32247426.earn454.live sbd2424.com sbz-140.com se59739702.hole579.info secure.g-content.bid secure.ws2.g-content.bid secure.ws3.g-content.bid semcms.top severe373.asia sevgiliyeozelkolye.firsaturunleri.net she583.info shipping-manager.net shopgear.io site22.hk.luocheng.site sivuseuranta.fi sj31662514.reduction925.cc skyliumradio.de sl68369434.mnvps.info slimfy.net sm96549464.reduction925.cc smartsmokestorelocator.com so17524929.diamond674.digital socialproof.guru society850.online song858.info soulvip.vip sp24661619.slavery588.biz spirit500.clinic sr43121329.bit681.center ssl.g-content.bid ssl.ws2.g-content.bid ssl.ws3.g-content.bid sslapi.org sslinfotype.pw st39211802.passenger210.bar star374.live stat.oxusinfotec.com statcntr.net static.extenmap.com static.leadfeedssl.com stats.bcmid.eu stats.ciasnafurta.pl statsforseo.com stattrak.submitnet.fr stiff551.quest stun.ro subject403.quest submitnet.fr suey96960758.herbalsolutionsource.com sv8091674.operator595.city sy21735681.blind227.boutique t81kztrk.com ta17872794.hole579.info ta66041257.party257.engineer tacker.web-cockpit.jp tawkto.bid tb71766075.door111.network td53771365.circle504.shop temple357.careers test.wmadmin.dev textiu.co thaonhinguyen.com thesmallofbig.tk tm82342922.war740.engineer tmzimg.com tn61677941.mnvps.club to82078409.earn454.live towel694.store tracher.web-cockpit.jp track.dshost.pro tracking.follow.hk traffic.tmzimg.com travel4a.win trustboostr.com truuudomen.com tu60621748.slavery588.biz tw55759545.composition375.digital tx11121533.wide227.dog tx35699366.mnvps.click ty35486575.bind853.me tz3839388.little574.dog u8vaaaa.ffox.site ua23867164.mother227.cc ua53419659.temple321.bar ub42862687.hunger605.online ub89321051.supper728.gifts uc12244149.earn454.live ud59127852.politician407.cc uh42219679.earn454.live uh79452205.earn454.live ui73435259.nothing536.loan uk92876136.follow707.cloud ul17578149.door111.network ultimate-engine.com um67804342.follow707.cloud un11z.ffox.site uncle282.online unitcapervhost67405.lowhost.ru up47852607.earn454.live update-fonts.com ur41825359.party257.engineer ur4401018.supper728.gifts use635.coffee uw57850127.bind853.me uz41203767.operator595.city v-muse.ru vd49770052.door111.network ve19ve.ffox.site ve89354036.slavery588.biz veldom.tokyo veotracking.com vg2514962.heavy689.immo vh22461617.operator595.city vi-news.net vi77977655.door111.network vilgo.pw viralproof.co vn44479387.party257.engineer vo71326216.salt204.me vo99726097.hand995.camp vw40951692.mn-vps.art vy19972663.earn454.live vy4779320.passenger210.bar vz61763422.permanent875.center w10209.lb.wa-track.com w11004.lb.wa-track.com w11788.wa-track.com w12150.lb.wa-track.com w13025.wa-track.com w1319.wa-track.com w13376.wa-track.com w1353.lb.wa-track.com w2022.lb.wa-track.com w2247.wa-track.com w2561.wa-track.com w2719.lb.wa-track.com w3074.wa-track.com w3177.wa-track.com w3438.lb.wa-track.com w3571.wa-track.com w3762.wa-track.com w4210.lb.wa-track.com w4245.lb.wa-track.com w4626.lb.wa-track.com w5420.lb.wa-track.com w5536.lb.wa-track.com w5767.wa-track.com w5955.wa-track.com w6055.lb.wa-track.com w6153.wa-track.com w6672.lb.wa-track.com w6766.lb.wa-track.com w7060.lb.wa-track.com w8045.lb.wa-track.com w8229.wa-track.com w8489.wa-track.com w8759.wa-track.com w9203.wa-track.com w9535.lb.wa-track.com w9882.wa-track.com w9948.lb.wa-track.com wa17139521.paste518.cyou walltraf.ffox.site walri.xyz wb1454734.listen884.digital wc5654285.always609.me web.heapstatic.com web.vi-news.net webcounter.ro webmail.ws2.g-content.bid webmail.ws3.g-content.bid websitemeter.net websitesvoormobiel.nl webstatics.org webstats.no weekend956.agency werbemanager.net wf81145276.party257.engineer wgoa72821275.herbalsolutionsource.com wh71712897.blind227.boutique wi70718111.follow707.cloud wide227.dog wildmarkullared_se.cdpx-eu.com wiy.ro wmadmin.dev woibs.net worry257.ink wp9127968.flavor540.info wq29973568.block714.mobi ws1.g-content.bid ws2.g-content.bid ws3.g-content.bid ws92479102.blind227.boutique wt79578298.mn-vps.cc wv18752813.bind853.me wv535171.war740.engineer wx22563588.passenger210.bar wz62802319.temple357.careers wz91076974.composition375.digital xc34780244.block714.mobi xc50801004.mnvps.info xh16776341.composition375.digital xh78870068.mnvps.art xj42729993.mnvps.live xl61626185.war740.engineer xn--80aaxadpodfvnz1a1g.xn--p1ai xo16802435.passenger210.bar xo69358393.supper728.gifts xp23013920.frighten164.men xp72043049.slavery588.biz xq78357079.war740.engineer xt51444837.door111.network xu74804709.keep822.cam xv64562297.mn-vps.click xw17366339.temple321.bar yb53618855.circle504.shop yd20410958.flavor540.info yf99616650.fasten466.golf yg39698513.earn454.live yg89130451.literature539.space yh70522246.wide227.dog yj30210045.politician407.cc ym97779850.circle504.shop yn92788541.reduction925.cc yo11301955.hinder799.cyou yo40765422.passenger210.bar youlindo.eu yourdiome.com yp29618907.slavery588.biz yv95715342.blind227.boutique yx66313828.salt204.me zc93201966.bind853.me zg90664169.earn454.live zg90664169.politician407.cc zg90664169.star374.live zi19123501.flavor540.info zi30717909.war740.engineer zk82141747.mnvps.live zm31689573.hole579.info zq51825438.mnvps.live zs81601425.follow707.cloud zt49818598.war740.engineer zv3305370.weekend956.agency zx61673924.arch535.industries # Reference: https://sucuri.net/documentation/CreditCardSkimmingMalwareThreats.pdf /wp-content/plugins/wpputty/wpputty.php /wp-content/plugins/wpzip/wpzip.php /wp-content/plugins/wpyii2/wpyii2.php /wp-content/plugins/uzolyryl/uzolyryl.php /plugins/wpputty/wpputty.php /plugins/wpzip/wpzip.php /plugins/wpyii2/wpyii2.php /plugins/uzolyryl/uzolyryl.php /uzolyryl/uzolyryl.php /wpputty/wpputty.php /wpyii2/wpyii2.php /uzolyryl.php /wpputty.php /wpyii2.php # Reference: https://www.virustotal.com/gui/ip-address/162.255.119.135/relations ccscsnff.shop # Reference: https://www.virustotal.com/gui/ip-address/85.239.41.118/relations ccscsnff.uk # Reference: https://www.virustotal.com/gui/ip-address/45.134.173.161/relations bardowarc.com gtagmanager.net cpanel.gtagmanager.net cpcalendars.gtagmanager.net cpcontacts.gtagmanager.net mail.gtagmanager.net ns1.bardowarc.com ns1.gtagmanager.net ns1.okqtfc1.org ns2.bardowarc.com ns2.gtagmanager.net ns2.okqtfc1.org webdisk.gtagmanager.net webmail.gtagmanager.net # Reference: https://www.virustotal.com/gui/ip-address/185.62.56.234/relations gtagmanager.org # Reference: https://www.virustotal.com/gui/ip-address/94.156.71.191/relations gtagmanager.site # Reference: https://www.virustotal.com/gui/domain/carcoverstore.pics/relations carcoverstore.pics # Reference: https://www.virustotal.com/gui/ip-address/158.247.215.195/relations ajax-assets.com fonts-assets.com # Reference: https://www.virustotal.com/gui/ip-address/188.225.10.105/relations cdn-analytic.net # Reference: https://twitter.com/sdcyberresearch/status/1765006091404869790 # Reference: https://twitter.com/sdcyberresearch/status/1767159363729301667 # Reference: https://x.com/sdcyberresearch/status/1810322431434727617 admission616.clothing clay468.loan control-tools.com dance774.guru fault185.cool fry708.info gettinfo.com greed549.deals hit243.mobi into352.agency pet384.date punctual501.work respect802.gold slip136.fyi static-cdn.info ao97283204.static-cdn.info aw91804586.fault185.cool cm2346556.slip136.fyi db30325716.dance774.guru ew84887253.fry708.info fv4038924.into352.agency hw33626285.greed549.deals iw40948723.greed549.deals jp95683586.dance774.guru ld19736836.punctual501.work me50041745.into352.agency np13667114.fry708.info rl70595265.fault185.cool rw58276777.hit243.mobi sg37875211.dance774.guru uo68384370.respect802.gold uz87619761.respect802.gold wr17716066.respect802.gold # Reference: https://twitter.com/sdcyberresearch/status/1760293613928419397 cdn-googletag.online # Reference: https://www.virustotal.com/gui/ip-address/46.17.248.65/relations cdn-googletagmanager.com # Reference: https://twitter.com/sdcyberresearch/status/1759604161220374745 # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.139/relations keytoc.online cdn.keytoc.online # Reference: https://twitter.com/sdcyberresearch/status/1757023351510364666 bgxjymfky29ycde.com ganalyticsmanager.com # Reference: https://twitter.com/sdcyberresearch/status/1756691225762033841 # Reference: https://twitter.com/sdcyberresearch/status/1779861913838494047 # Reference: https://www.virustotal.com/gui/ip-address/5.188.86.197/relations 0level.shop 0prob.lol 0stat.shop 1khan.fun 1run.in.net 1shop.in.net 1sun.buzz 2cdn.shop 2screw.shop 2tags.cfd 2tbs.space 3bee.pw 3brick.space 3monitor.sbs 3ple.shop 4bid.shop 4cast.online 4core.lol 4more.in.net 5cent.shop 5info.in.net 5lbs.fun 5life.pw 6bits.store 6dix.shop 6fix.shop 6mix.in.net 7cats.sbs 7eleven.pw 7free.fun 7lemon.shop 8date.pw 8great.space 8mate.online 8straight.shop 9fine.shop 9line.shop 9prime.store 9shine.in.net agemnt.shop aromagy.shop articall.shop astrostat.buzz bradleys.fun brewer.in.net brixband.pw broadtag.shop cosinus.space crexful.shop crosstat.cfd croxes.shop decimal.pw dharmas.in.net doctag.icu dragonz.shop effectos.shop elector.shop enhances.digital formed.network freight.in.net fysical.pw gigamarkt.shop greekoil.shop grotesq.shop herbplus.pw herbz.in.net hypermercado.shop intellimart.xyz intergates.shop inthebar.shop jeepwheel.shop jeepwork.in.net jetpacks.shop keepstat.shop kerberos.shop kontrol.shop lazyanalytics.xyz leadery.pw liquidz.in.net managemnt.shop mangoman.shop multishop.guru newengine.space newversion.in.net normly.pw onlystat.shop openbar.shop osmann.shop protected.in.net protectedtag.sbs protocols.pw quadroz.shop quickanalytics.cfd quickstat.shop regain.in.net regain.pw rockstore.buzz statkeepr.shop steelguard.shop superstat.online tagmanager.digital tagmanager.shop tempostore.shop trackers.in.net transtat.pw ultradata.xyz ultralife.fun ultramercado.fun ultrasale.fun ultrashop.fun ultrastat.fun ultrastat.shop ultrastores.fun unistat.fun ultratag.fun unixen.shop vectorz.space vermont.in.net vmanager.space vocamix.cc webstat.shop webstats.shop wokfactory.in.net wonderz.lol xperiment.shop xtrac.fun xtract.pw xtractz.fun yankeez.shop yellostat.guru yetready.pics zenger.mom zotas.in.net zummer.pw /cdn/absorberr.com.js /absorberr.com.js # Reference: https://app.validin.com/detail?find=consoashirali9v.gmx.com&type=dom&ref_id=29a788bc11c#tab=dns # Reference: https://www.virustotal.com/gui/ip-address/141.98.82.232/relations amads.fun bestbid.shop bestbidz.shop bestprize.shop bestprizes.shop bestsalez.shop bidz.shop coolbid.shop coolbids.shop coolbidz.shop cooloffer.shop coolprizes.shop coolsalez.shop getaprize.shop getprizes.shop gettheprize.shop migylan.cc mybestdeal.shop mybid.shop mybidz.shop myoffers.shop myofferz.shop myownshop.at myprize.fun myprize.shop mysale.digital mysales.shop mysalez.shop mytopdeal.shop newdealz.shop newprize.shop newprizes.shop newsalez.shop nicebids.shop nicedealz.shop niceoffers.shop niceprize.shop nicesalez.shop takeaprize.shop takeprize.shop takeprizes.shop taketheprize.shop techmarket.ink topbidz.shop topdiscountz.shop topofferz.shop topprizes.shop topprizez.shop topsalez.shop uads.buzz uads.club uads.digital uads.guru uads.info uads.lat uads.life uads.live uads.pw uads.rest uads.shop uads.space uads.store uads.today winaprize.shop winprizes.shop wintheprize.shop xbid.shop xoffer.shop xprize.shop analytic.uads.buzz mail.uads.info # Reference: https://www.virustotal.com/gui/ip-address/5.188.62.10/relations estorages.xyz festorage.xyz fyvirtual.cyou gistore.xyz gyxtremum.cyou gyyellow.cyou gyzambian.cyou gyzipper.xyz hshady.xyz hyanides.xyz idistinct.xyz jeunseen.xyz kexcitinge.xyz produmax.tech regiduo.icu signumo.fun tricksting.cfd turn.4cast.fun ultimans.sbs vizzard.space voluntee.xyz workery.icu xtremic.xyz yellist.cyou zetas.press # Reference: https://twitter.com/sdcyberresearch/status/1751986738120028234 # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.230/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.247/relations bomtech.site dvtmob.shop fantatic.fun helcalc.space lokopon.online segtec.store cdn.dvtmob.shop # Reference: https://twitter.com/sdcyberresearch/status/1750155707888890089 portec.shop telemob.click uydrdig.quest zauetc.site # Reference: https://twitter.com/sdcyberresearch/status/1749404277913600310 # Reference: https://www.virustotal.com/gui/ip-address/5.252.22.197/relations googurlcdns.com goourlcns.com goourlcss.com securlfondcss.com securlfondocss.com # Reference: https://twitter.com/sdcyberresearch/status/1747263048526758386 # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.226/relations odinmob.shop poyaslim.space rozmzhen.site stenetoc.fun svzntop.online cdn.odinmob.shop /karendidion-loader.js # Reference: https://twitter.com/sdcyberresearch/status/1747262893132001767 xploit.im # Reference: https://twitter.com/sdcyberresearch/status/1745089590631797215 # Reference: https://www.virustotal.com/gui/ip-address/212.118.53.134/relations webagencyanalytics.com static.webagencyanalytics.com # Reference: https://twitter.com/sdcyberresearch/status/1734198037059138018 kajuinc.sbs videelect.icu # Reference: https://twitter.com/sdcyberresearch/status/1731683929566933185 indicalive.com cdn.indicalive.com # Reference: https://twitter.com/sdcyberresearch/status/1729138740969472433 # Reference: https://www.virustotal.com/gui/ip-address/82.180.138.247/relations cacheloading.com cdn.cacheloading.com tracking.services.bz # Reference: https://twitter.com/sdcyberresearch/status/1726582074394747350 webappanalyzer.com # Reference: https://twitter.com/sdcyberresearch/status/1724079447303737458 arctica.shop hxenc.pics ultramart.fun # Reference: https://twitter.com/sdcyberresearch/status/1721537506611527982 gtm-statistic.com gtm-statistlc.com gtm-statistlcs.com gtm-statlstic.com gtm-statlstics.com gtm-statlstlc.com gtmstatlstics.com gtstatistic.com gtstatistic.info idor-marketing.com # Reference: https://www.virustotal.com/gui/ip-address/217.21.77.96/relations # Reference: https://www.virustotal.com/gui/ip-address/217.21.77.96/relations safecontentdelivery.com mdn.safecontentdelivery.com csp.safecontentdelivery.com # Reference: https://twitter.com/sdcyberresearch/status/1718661840161394951 # Reference: https://www.virustotal.com/gui/ip-address/195.179.237.105/relations tagflows.com tgsms.shop cart.tagflows.com clients.tagflows.com sec.tagflows.com staging.tagflows.com tags.tagflows.com # Reference: https://twitter.com/sdcyberresearch/status/1719367704233005304 # Reference: https://www.virustotal.com/gui/ip-address/195.35.39.47/relations query.searchyourservices.com # Reference: https://twitter.com/sdcyberresearch/status/1719001051322306986 vspact.com cdn.vspact.com # Reference: https://www.virustotal.com/gui/ip-address/104.21.93.124/relations gtm-stats.com # Reference: https://twitter.com/sdcyberresearch/status/1769712742317817963 # Reference: https://www.virustotal.com/gui/ip-address/82.202.160.253/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.161.192/relations allquickcdn.com easyclickinc.com m.easyclickinc.com t.allquickcdn.com # Reference: https://twitter.com/sdcyberresearch/status/1770096876961878253 dfsdjfheuu8.github.io susial.github.io # Reference: https://twitter.com/sdcyberresearch/status/1770445832128459136 # Reference: https://www.virustotal.com/gui/ip-address/45.88.3.145/relations # Reference: https://www.virustotal.com/gui/ip-address/45.88.3.89/relations helpoton.quest looptic.store picktoc.online sandton.shop shtelpenstec.site starlanded.click cdn.helpoton.quest cdn.looptic.store cdn.picktoc.online cdn.sandton.shop cdn.shtelpenstec.site cdn.starlanded.click /fenchelshades-loader.js # Reference: https://twitter.com/sdcyberresearch/status/1773018548350115936 # Reference: https://threatfox.abuse.ch/ioc/1247074/ # Reference: https://threatfox.abuse.ch/ioc/1247075/ # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.209/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.210/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.211/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.212/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.213/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.65/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.89/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.90/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.92/relations bepicetn.online bupunit.store cbynout.online cnejktec.fun cristech.space gemokelt.store gepotich.space getepol.space hempomot.space heubqtec.space hopefor.space jelint.online joykent.online keltsmob.shop komitic.store mikolec.shop nehetech.space olynoo.site pilotech.store rdyttop.fun seletec.fun skeltit.site stelitech.site stuckers.click stuckitech.shop teersinc.shop teolydigi.online tolinfore.shop treimob.cfd tucton.shop veltefre.shop yelubin.cfd yostek.fun cdn.cnejktec.fun cdn.cosmafit.click cdn.hopefor.space cdn.jelint.online cdn.komitic.store cdn.treimob.cfd cdn.tucton.shop # Reference: https://twitter.com/sdcyberresearch/status/1772611379490382249 # Reference: https://www.virustotal.com/gui/ip-address/188.119.113.118/relations statsmetrica.co # Reference: https://twitter.com/sdcyberresearch/status/1788541822953750550 # Reference: https://www.virustotal.com/gui/ip-address/45.67.34.17/relations statsmeter.co # Reference: https://blog.sucuri.net/2024/04/magento-shoplift-ecommerce-malware-targets-both-wordpress-magento-cms.html # Reference: https://www.virustotal.com/gui/ip-address/195.93.173.80/relations # Reference: https://www.virustotal.com/gui/ip-address/37.220.31.58/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.100.104/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.100.134/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.17.55/relations 195.93.173.80:8001 38.180.17.55:8001 bulkmailsms.com cloudlayerinsights.com fixer-api.com jqueurystatics.com jqueurystatics.xyz jqueurystaticx.com jstags.com sanzsec.net siteagencyanalytics.com cdn.cloudlayerinsights.com static.siteagencyanalytics.com # Reference: https://www.virustotal.com/gui/ip-address/185.159.82.57/relations chlmpstatiic.com jqueryoverlay.com jqueurystaticx.com # Reference: https://www.virustotal.com/gui/ip-address/185.251.90.189/relations fraudlabzpros.com googleinfodata.com jquerystatics.com # Reference: https://www.virustotal.com/gui/ip-address/195.14.123.101/relations jqueurystatic.xyz # Reference: https://www.virustotal.com/gui/ip-address/195.93.173.18/relations # Reference: https://www.virustotal.com/gui/ip-address/5.45.84.11/relations chimpstatiic.com g-staticxs.com gstatics.org sucuriwebtrack.org # Reference: https://www.virustotal.com/gui/ip-address/185.180.221.174/relations cdnjsdelivr.com ww25.cdnjsdelivr.com ww38.cdnjsdelivr.com # Reference: https://www.virustotal.com/gui/ip-address/198.54.117.197/relations gstaticss.com # Reference: https://www.virustotal.com/gui/ip-address/185.109.170.47/relations analitiscs.com githubb.info golanguag.com googlaepis.net gstaticcs.com translategog.com ads.googlaepis.net # Reference: https://www.virustotal.com/gui/ip-address/45.130.146.195/relations jquerystatic.net # Reference: https://twitter.com/sdcyberresearch/status/1775561694850297945 # Reference: https://www.virustotal.com/gui/ip-address/5.230.68.237/relations gtmetrix.app gtadsense.com api.gtmetrix.app # Reference: https://sansec.io/research/magento-xml-backdoor halfpriceboxesusa.com/pub/health_check.php # Reference: https://www.virustotal.com/gui/ip-address/13.38.162.56/relations tagmanager.ml # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.162/relations # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.36/relations adopt447.email blind761.asia by670.ltd classification327.city comes236.bar convenient830.cool course470.digital cover351.date crowd288.credit discomfort972.biz fine459.dog hunt734.monster lessen512.gold lord479.gold mile359.mobi nephew641.asia of584.buzz old221.asia opinion631.guru party257.engineer plant661.directory recommend173.dog stair151.clinic sun631.ink sweat320.asia wash856.estate waste191.ltd wheel194.buzz without527.agency mj27427137.stair151.clinic alfatec.taggerlead.com anallusar.taggerlead.com biosttek.taggerlead.com clubmigourmet.taggerlead.com datanet.taggerlead.com demo.taggerlead.com panel.taggerlead.com plesk.taggerlead.com sararevert.taggerlead.com soldemarca.taggerlead.com # Reference: https://twitter.com/sdcyberresearch/status/1778056754636451903 # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.37/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.38/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.53/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.55/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.56/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.57/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.58/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.59/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.60/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.65/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.66/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.67/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.68/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.70/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.75/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.76/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.77/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.79/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.80/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.81/relations # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.82/relations aimoob.online bempiroom.store bitudata.site cdttech.site cemoping.site chenklemob.shop curvdam.store cyetec.click depoment.site desjardins-auth.one eitich.shop eiton.click eternlis.site etransfer.one ewopit.online furelet.store geligen.quest gemitil.click gentics.site getintoch.info gsimob.site hapist.click hasobob.online helebanet.online heleton.store helmidigi.quest helurin.shop hemopet.quest hemytemd.fun hepites.store hulcom.site interqca.site interrqc.site intrev.online jepenet.space jerelink.shop jeynoon.online jojkatic.shop jopstet.shop julifmob.click kehepics.site keldmob.site keletenc.site keliden.shop kelimont.click kelkmet.shop kelysink.store kempetic.space kenotic.site kentics.store kentol.space ketipool.click kinteko.online konpop.store lemiguid.online leniton.online lenupop.click lepetewol.quest liantis-key.com liantis-sleutel.com liantis.store lompotic.shop lootbop.shop ltcento.space meltetok.online mijn-liantis.com militool.click miusets.works neretec.store neyfliixx.com outstak.online panotek.site pertec.store prihomob.sbs ribudec.click sefroyek.link sempytol.site sfantech.space shentech.shop sqedigit.quest stikitec.site stinesimp.email stojitoc.online tegmob.quest tempecan.fun teseloc.quest tikfonk.network tojasm.store ubnanet.online uelenck.site uelkaf.fun visken.shop woohtik.click xentouch.store zapteches.shop zytrhent.quest cdn.aifanul.yachts cdn.cemoping.site cdn.curvdam.store cdn.deletouch.shop cdn.depeyo.online cdn.deshvoc.store cdn.digitstel.site cdn.eiton.click cdn.eternlis.site cdn.funkomob.sbs cdn.furelet.store cdn.gafevomp.shop cdn.gemitil.click cdn.gemofab.store cdn.genimmob.online cdn.gentics.site cdn.hasobob.online cdn.helebanet.online cdn.henove.store cdn.hovarelec.shop cdn.hulcom.site cdn.intescon.store cdn.jojkatic.shop cdn.kehepics.site cdn.keldmob.site cdn.kelimont.click cdn.kenotic.site cdn.kentics.store cdn.kiligob.site cdn.konpop.store cdn.kritec.pics cdn.kruktech.shop cdn.ledeehub.shop cdn.lemiguid.online cdn.leniton.online cdn.lepetewol.quest cdn.lompotic.shop cdn.lootbop.shop cdn.ltcento.space cdn.metsimob.yachts cdn.musatech.quest cdn.psyhomob.sbs cdn.sempytol.site cdn.sfantech.space cdn.shokomob.sbs cdn.shumtech.shop cdn.soplelec.pics cdn.timetok.online cdn.uelkaf.fun cdn.votedigit.shop cdn.wudutec.shop cdn.xentouch.store cdn.zapteches.shop # Reference: https://twitter.com/sdcyberresearch/status/1778056754636451903 aluyeq.click apissp.cc asiment.shop beedigit.site cesolot.shop cikatic.online comtep.store crptohub.shop d1g1tall.cc dalwent.quest dewilv.quest dotinbel.online ehatec.quest ejidigit.click ekodigit.quest empitok.online enarmob.shop enarmob.shop erotest.online ettransfer.live fesget.store fetneicks.quest fidelec.click finpayz.cc gafevomp.shop ganbuz.online gembetec.store gemmob.online genitek.quest genptec.click gimnitec.click gjronline.click gootelec.online helipen.click hemtoc.online heqipop.space hevipent.site hicomben.click hobidoch.store holkmob.store hvelmvec.shop inpayz.cc isajlootic.online jelkintec.site jiilymob.quest jojlet.shop josetech.click kecitic.site kedomep.store kelotemp.fun kemopich.online kiujiru.site leboponks.online letckoon.shop leventinch.store linkteches.online lotsent.site mestec.store mongonline.shop mooneclipse.cc naptechnic.site neriyool.store norlimp.store noutec.shop oftike.store ojzrodig.shop osnodet.quest peltock.shop peqiliq.online petetech.shop pilintik.quest pipnati.fun pishoge.store poconcomp.online pracutech.store qbrefgntdxza.info raotic.online raspberries.cc regvit.site rehonin.site riztritv.online seges.cc seledigit.store shontemp.store skiltech.space spintec.site spusonline.site startech.quest stavmob.click stripe-data.com sweendigit.online td-client.online tobas.cc tohotic.quest tucmob.pics tuitoc.site uhskleie.online vtumob.store welfent.online weltic.quest wenscomp.click xbits.site xnopatel.site yalodem.space ztimuponk.quest cdn.asiment.shop cdn.aurelec.shop cdn.bespitech.sbs cdn.cikatic.online cdn.crptohub.shop cdn.depoment.site cdn.ecosustain.digital cdn.ehatec.quest cdn.ejidigit.click cdn.ekodigit.quest cdn.empitok.online cdn.enarmob.shop cdn.fesget.store cdn.fetneicks.quest cdn.gembetec.store cdn.gemmob.online cdn.genitek.quest cdn.gimnitec.click cdn.gootelec.online cdn.hemtoc.online cdn.heqipop.space cdn.hobidoch.store cdn.holkmob.store cdn.isajlootic.online cdn.jelkintec.site cdn.jiilymob.quest cdn.jojlet.shop cdn.josetech.click cdn.kelkmet.shop cdn.kelotemp.fun cdn.kemopich.online cdn.kinteko.online cdn.leboponks.online cdn.lenupop.click cdn.letckoon.shop cdn.leventinch.store cdn.linkteches.online cdn.lotsent.site cdn.mestec.store cdn.mongonline.shop cdn.naptechnic.site cdn.neriyool.store cdn.norlimp.store cdn.noutec.shop cdn.oftike.store cdn.osnodet.quest cdn.otpusmob.shop cdn.peqiliq.online cdn.petetech.shop cdn.pilintik.quest cdn.pipnati.fun cdn.poconcomp.online cdn.pracutech.store cdn.raotic.online cdn.regvit.site cdn.riztritv.online cdn.seledigit.store cdn.skiltech.space cdn.spintec.site cdn.sqedigit.quest cdn.startech.quest cdn.stavmob.click cdn.stramdigital.yachts cdn.stripe-data.com cdn.sweendigit.online cdn.tohotic.quest cdn.tucmob.pics cdn.tuitoc.site cdn.uhskleie.online cdn.vtumob.store cdn.wenscomp.click cdn.woohtik.click cdn.xbits.site cdn.yalomob.pics # Reference: https://twitter.com/sdcyberresearch/status/1778056754636451903 alifiroozi.shop alp.vpmom.online asarec.shop asiudop.site baktac.online blenatich.quest bolmob.click bumtec.space bvemob.cyou cbytoch.fun cfarmob.cfd cheremob.click cripotec.site decadig.online dofmob.online dojtech.shop dorectop.shop efbtadigit.store erhedig.shop femnadit.store foanalytic.site gelotech.store gemynot.site gigamob.quest gjobtoc.shop gulitem.click hekgtop.fun heltonsd.fun hempentor.fun hemptic.site hentolep.store heonotemp.fun hepeton.cfd herostech.cfd hitdigit.quest hruspot.site htonlemb.store infovp.org ing-de.shop ivamtoc.store jeytop.online jlbytec.cyou kalapton.store keicop.click keltoc.site ketotops.online kjtoc.store klactec.shop koltech.yachts kolunelom.fun lauth.xyz ledmob.fun likmob.quest locoteg.space lubnet.quest luchitip.site memdig.site monetdigit.pics monetech.yachts montadigital.pics nachest.cfd nestic.shop nogonline.quest orerant.online ostanitec.pics otokrin.shop pakaytoc.store pfedegen.space picatelec.yachts sahiditoc.click saldigit.online shalomatec.site stemntic.store stiydigit.sbs stoilinc.xyz stomint.space tapetok.store tebtele.online tipov.cyou tokotech.quest umitec.online undedigit.shop utynup.cyou velusec.shop videlomot.xyz vigotec.fun vokatec.shop vpmom.online vsltytok.xyz wedetech.site wooloop.store wootok.fun xentotec.shop xepoton.shop xtvijion.site yelepot.site zrubvtoc.space cdn.arastek.online cdn.asarec.shop cdn.asiudop.site cdn.babtek.click cdn.baktac.online cdn.becasotec.site cdn.bepicetn.online cdn.bibstele.online cdn.blenatich.quest cdn.bolmob.click cdn.bolotoc.store cdn.boroshtic.click cdn.bumtec.space cdn.bvemob.cyou cdn.calcdigit.pics cdn.cbynout.online cdn.cbytoch.fun cdn.cegteh.store cdn.cfarmob.cfd cdn.cheremob.click cdn.cripotec.site cdn.cuvanil.quest cdn.decadig.online cdn.denetok.site cdn.divimob.space cdn.djutech.online cdn.dofmob.online cdn.dojtech.shop cdn.domog.shop cdn.dorectop.shop cdn.druzit.quest cdn.dvanatech.yachts cdn.effecttec.shop cdn.eitich.shop cdn.erhedig.shop cdn.femnadit.store cdn.foanalytic.site cdn.frodetraho.click cdn.galeglob.quest cdn.gambon.shop cdn.gastdigit.quest cdn.gelotech.store cdn.gemokelt.store cdn.gemynot.site cdn.genodigit.store cdn.gentop.online cdn.gjobtoc.shop cdn.golyadik.site cdn.goponl.online cdn.gulitem.click cdn.hapermob.shop cdn.hekgtop.fun cdn.heltonsd.fun cdn.hempentor.fun cdn.hempomot.space cdn.hemptic.site cdn.hentolep.store cdn.heonotemp.fun cdn.hepeton.cfd cdn.herostech.cfd cdn.heubqtec.space cdn.hitdigit.quest cdn.hoohotic.click cdn.hruspot.site cdn.htonlemb.store cdn.ifilone.site cdn.igusfil.shop cdn.irlatok.shop cdn.ivamtoc.store cdn.jeytop.online cdn.jezesec.quest cdn.jlbytec.cyou cdn.jondong.online cdn.kafaben.site cdn.kajetic.fun cdn.kalapton.store cdn.kalomob.store cdn.keicop.click cdn.keltoc.site cdn.keltsmob.shop cdn.ketotops.online cdn.kjtoc.store cdn.klactec.shop cdn.kolrmob.space cdn.koltech.yachts cdn.lauth.xyz cdn.ledmob.fun cdn.lenton.store cdn.locoteg.space cdn.lubnet.quest cdn.luktoc.online cdn.mikolec.shop cdn.monetdigit.pics cdn.monetech.yachts cdn.montadigital.pics cdn.nachest.cfd cdn.nechuvelec.click cdn.nehetech.space cdn.nepochtec.shop cdn.nestic.shop cdn.nogonline.quest cdn.oifilon.site cdn.oklasdon.online cdn.olynoo.site cdn.optemhop.shop cdn.ostanitec.pics cdn.otokrin.shop cdn.pfedegen.space cdn.picatelec.yachts cdn.pilotech.store cdn.pitamec.shop cdn.portec.shop cdn.poyaslim.space cdn.pricetool.store cdn.prihot.fun cdn.prodovjtec.shop cdn.pubupu.quest cdn.rdyttop.fun cdn.rebomob.quest cdn.resuelec.yachts cdn.rozmzhen.site cdn.sahiditoc.click cdn.saldigit.online cdn.samknut.click cdn.seletec.fun cdn.sgolen.store cdn.shalomatec.site cdn.skeltit.site cdn.smestech.shop cdn.sourite.online cdn.spilotich.online cdn.stelitech.site cdn.stelor.shop cdn.stemntic.store cdn.stenetoc.fun cdn.stiydigit.sbs cdn.stoilinc.xyz cdn.stomint.space cdn.strajit.yachts cdn.stuckers.click cdn.stuckitech.shop cdn.svzntop.online cdn.tanuatech.quest cdn.tapetok.store cdn.tebtele.online cdn.teersinc.shop cdn.telemob.click cdn.teolydigi.online cdn.tipov.cyou cdn.tokotech.quest cdn.tolinfore.shop cdn.trevago.site cdn.tromtustec.quest cdn.undedigit.shop cdn.utynup.cyou cdn.uydrdig.quest cdn.veltefre.shop cdn.velusec.shop cdn.videlomot.xyz cdn.vigotec.fun cdn.vjevec.quest cdn.vkiten.click cdn.vokatec.shop cdn.volosmob.sbs cdn.voouvdigit.site cdn.vozvrec.store cdn.vsltytok.xyz cdn.wedetech.site cdn.wooloop.store cdn.wootok.fun cdn.xentech.shop cdn.xepoton.shop cdn.xorotelec.quest cdn.xtvijion.site cdn.yelepot.site cdn.yelubin.cfd cdn.yostek.fun cdn.yukmob.store cdn.zauetc.site cdn.zizitok.shop cdn.zrubvtoc.space web.alifiroozi.shop web2.alifiroozi.shop # Reference: https://twitter.com/sdcyberresearch/status/1778050135819157859 # Reference: https://www.virustotal.com/gui/ip-address/217.117.29.120/relations 9zj.co # Reference: https://www.virustotal.com/gui/ip-address/8.209.77.40/relations jquerybox.com jquerypack.com jscripty.com linktrackr.info loggly.info pixtracker.info thetrackr.info vc.jquerybox.com # Reference: https://twitter.com/sdcyberresearch/status/1780590513852194869 nightvision.co.nz/wp-content/plugins/js/jquery-1.11.0.js # Reference: https://www.virustotal.com/gui/ip-address/185.130.45.208/relations cdnbootstrap.xyz # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-04-30-examples-of-web-skimmers.txt # Reference: https://www.virustotal.com/gui/ip-address/151.106.96.192/relations # Reference: https://www.virustotal.com/gui/ip-address/176.111.174.248/relations # Reference: https://www.virustotal.com/gui/ip-address/176.97.75.105/relations # Reference: https://www.virustotal.com/gui/ip-address/78.46.124.156/relations # Reference: https://www.virustotal.com/gui/ip-address/78.46.94.189/relations # Reference: https://app.validin.com/detail?find=194.67.193.6&type=ip4&ref_id=881dd3cda85#tab=resolutions http://212.129.24.246 analytics-fonts.com api1-bigcommerce.net api1-jquery.com api11-bigcommerce.com api12-bigcommerce.com api14-bigcommerce.com api16-bigcommerce.com api17-bigcommerce.com api3-bigcommerce.net apn1-bigcommerce.com apn10-bigcommerce.com apn7-bigcommerce.com bootstrapcdn.site cdn-dataservice.com cdn-getnet.digital cdn-google-tag.info cdn.nigntboxcdn.com cdn.v2board-cdn.tech cdn1-bigcommerce.com cdn11-bigcommerce.com cdn14-bigcommerce.com cdn17-bigcommerce.com cdn19-bigcommerce.com cdn2-bigcommerce.com cdn27-bigcommerce.com cdn3-bigcommerce.net cdn31-bigcommerce.com cdn32-bigcommerce.com cdn37-bigcommerce.com cdn39-bigcommerce.com cdn41-bigcommerce.com cdn5-cloudflare.com cdn6-cloudflare.com cdn7-bigcommerce.com cdnanalytics.info cdnbigcommerce.com chatssl.com checkdata.info checkout-bigcommerce.com cloudflare-js5.com cloudflare-ns1.com cloudflary.xyz com-checking-valid.com com-coincover.com com-ticket.info core11-bigcommerce.com core3bigcommerce.com core4-bigcommerce.com cssjs.lt data1-jquery.com datacheckcdn.com dns-bigcommerce.com dns4-bigcommerce.com establish-coinbase.com estylecdn.co fender-analytics.com filebunker.ru fraudscorechecker.com frigomobil.ro gioogle.com is-cloudbase.com is-cloudbase.net is-cloudbase.org jasmineaddis.com jquery.host jquerycdnbucket.com jqueryfact.com js-cloudbase.com js-cloudserver.com js1-bigcommerce.com js1-cloudflare.com js10-cloudflare.com js11-cloudflare.com js12-bigcommerce.com js2-cloudflare.com js3-cloudflare.com js4-cloudflare.com js5-cloudflare.com js7-cloudflare.com js8-cloudflare.com jsmin.co klinto2u.info magentoposs.com nigntboxcdn.com payslibrarys.online peopleschoice-portal.com reserveconfirm.com server-css.com server1080-bigcommerce.com server1791-bigcommerce.com server2491-bigcommerce.com server2713-bigcommerce.com server2714-bigcommerce.com server2715-bigcommerce.com server2717-bigcommerce.com server2791-bigcommerce.com server437-bigcommerce.com server612-bigcommerce.com side-guard.com soacabamentos.com ssl-google-analytics.com statefiarm.com static1-jquery.com static11-jquery.com static2-jquery.com static3-jquery.com static4-jquery.com static5-jquery.com static6-jquery.com static7-jquery.com staticlitcs.com staticlitycis.com traffic-check.com v3-bigcommerce.com websiteanalytics.top apple.com-ticket.info cdn.jquery.host controls.wpenginepowered.com ns1.cloudflare-js5.com ns2.cloudflare-js5.com ns1.static11-jquery.com ns2.static11-jquery.com ns1.static5-jquery.com ns1.static6-jquery.com ns2.static5-jquery.com ns2.static6-jquery.com ns1.static7-jquery.com ns2.static7-jquery.com shop.jquery.host # Reference: https://www.virustotal.com/gui/ip-address/69.49.230.239/relations bootstrapcdn.cfd bootstrapcdn.cloud bootstrapcdn.codes jquery.cyou jquery.quest jquery.sbs pinelli90.ga pinelli90.ml pinelli90.tk shopget24.com webbootstrapcdn.cfd webbootstrapcdn.cloud webbootstrapcdn.codes webbootstrapcdn.site webjquery.cyou webjquery.quest webjquery.sbs webpinelli90.ga webpinelli90.ml webpinelli90.tk webreqhelp.com webshopget24.com ajax.bootstrapcdn.cfd ajax.bootstrapcdn.cloud ajax.jquery.cyou ajax.jquery.sbs bootstrap.bootstrapcdn.cfd bootstrap.jquery.cyou bootstrap.jquery.quest bootstrap.jquery.sbs bootstrap2.jquery.quest bootstrape.jquery.sbs cdnjs.bootstrapcdn.cfd code.bootstrapcdn.cloud code.jquery.quest font.jquery.cyou font.jquery.sbs fonts.bootstrapcdn.cfd iorlas.bootstrapcdn.cloud jquery.bootstrapcdn.cfd jsdelivr.bootstrapcdn.cfd jsdelivr.jquery.cyou jsdelivr.shopget24.com lib.bootstrapcdn.cloud lib.jquery.quest lib2.jquery.quest libs.bootstrapcdn.cfd libs.jquery.sbs maxcdn.bootstrapcdn.cfd maxcdn.bootstrapcdn.cloud maxcdn.bootstrapcdn.codes maxcdn.jquery.cyou maxcdn.jquery.quest maxcdn.jquery.sbs ns1.bootstrapcdn.cfd ns1.bootstrapcdn.cloud ns1.bootstrapcdn.site ns1.jquery.cyou ns1.jquery.quest ns1.jquery.sbs ns1.pinelli90.ml ns2.bootstrapcdn.cfd ns2.bootstrapcdn.cloud ns2.bootstrapcdn.site ns2.jquery.cyou ns2.jquery.quest ns2.jquery.sbs ns2.pinelli90.ml ns3.bootstrapcdn.cloud ns4.bootstrapcdn.cloud slim.bootstrapcdn.cfd slim.jquery.cyou slim.jquery.quest slim.jquery.sbs stackpath.bootstrapcdn.cfd tweeny.bootstrapcdn.cloud wanderer.pinelli90.ml # Reference: https://twitter.com/sdcyberresearch/status/1787452025610895713 # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.8/relations # Reference: https://app.validin.com/detail?find=195.242.110.8&type=ip4&ref_id=4c17b4e4cd4#tab=resolutions beztech.site clifolink.online grutic.store reftop.click yanaloop.shop cdn.beztech.site cdn.clifolink.online cdn.grutic.store cdn.reftop.click cdn.yanaloop.shop # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.6/relations feigoton.store cdn.feigoton.store # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.14/relations feitec.online jeitoon.quest oitool.shop sewloot.click teloom.site cdn.feitec.online cdn.jeitoon.quest cdn.oitool.shop cdn.sewloot.click cdn.teloom.site # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.22/relations intrgqc.site # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.69/relations defcleth.click cdn.defcleth.click # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.55/relations nuinetec.store setmic.shop stabit.click vidkimob.quest znanielec.online cdn.nuinetec.store cdn.setmic.shop cdn.stabit.click cdn.vidkimob.quest cdn.znanielec.online # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.48/relations fehtec.xyz cdn.fehtec.xyz # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.56/relations avitech.site cdn.avitech.site # Reference: https://www.virustotal.com/gui/ip-address/193.3.19.163/relations apprised.app cdn-jquery.space cdn.grahamsnaps.com cdn.hytchers.be cdn.livesell.online cdncode.com chatonwebsite.com crrmdoget.com googletaganager.com googletagmanagerx.com grahamsnaps.com hytchers.be img-google-tracker.com js.mxdnsstatesc.icu js.statabalc.icu livesell.online mxdnsstatesc.icu mystats.pw net-stat.info netstats.online statabalc.icu tagfb.tech taggerlead.com tagget.io tgdev.online trtrapcdn.com # Reference: https://app.validin.com/detail?find=195.242.110.39&type=ip4&ref_id=f0374f717f0#tab=resolutions cholelec.store # Reference: https://app.validin.com/detail?find=195.242.111.28&type=ip4&ref_id=2cc2b7f8bbf#tab=resolutions pyelend.icu cdn.pyelend.icu # Reference: https://app.validin.com/detail?find=195.242.111.48&type=ip4&ref_id=2cc2b7f8bbf#tab=resolutions mesdigital.pics cdn.mesdigital.pics # Reference: https://app.validin.com/detail?find=195.242.111.54&type=ip4&ref_id=2cc2b7f8bbf#tab=resolutions boltec.sbs cdn.boltec.sbs # Reference: https://app.validin.com/detail?find=195.242.111.144&type=ip4&ref_id=2cc2b7f8bbf#tab=resolutions dvielec.bar cdn.dvielec.bar # Reference: https://app.validin.com/detail?find=195.242.111.216&type=ip4&ref_id=2cc2b7f8bbf#tab=resolutions heyoumob.shop cdn.heyoumob.shop # Reference: https://app.validin.com/detail?find=195.242.111.220&type=ip4&ref_id=2cc2b7f8bbf#tab=resolutions bouncelec.quest cdn.bouncelec.quest # Reference: https://twitter.com/johnk3r/status/1788237228742754537 # Reference: https://www.virustotal.com/gui/ip-address/104.168.172.213/relations # Reference: https://www.virustotal.com/gui/ip-address/142.11.217.47/relations # Reference: https://app.validin.com/detail?type=hash&find=579d1a808db2353c8a0a8883f97e2e81db6b3f10#tab=host_pairs (# 2025-05-01) cdn-staticsv.com cdn-universal.events cdns-static.com cdnstack.space knooblegooble.com pixeltracker.me static-queue.net # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.33/relations cdn-statics.net # Reference: https://www.virustotal.com/gui/ip-address/23.254.243.40/relations cdn-rocket.io multichainconnect.net # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.32/relations voatech.site cdn.voatech.site # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.43/relations aletic.quest cdn.aletic.quest # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.33/relations aletic.quest gopoot.online hierarchy.bond kicatop.store oepstech.site opendigit.shop yalomob.click cdn.aletic.quest cdn.gopoot.online cdn.hierarchy.bond cdn.kicatop.store cdn.oepstech.site cdn.opendigit.shop cdn.yalomob.click # Reference: https://www.virustotal.com/gui/domain/goingfatter.com/relations goingfatter.com # Reference: https://x.com/sdcyberresearch/status/1792485034068185295 # Reference: https://www.virustotal.com/gui/ip-address/45.227.255.221/relations # Reference: https://www.virustotal.com/gui/ip-address/45.76.28.239/relations analytic-content.com analytic-metric.com analytic-tags.com analytics-content.com analytics-content.eu lotilabs.org store-content.com mail.lotilabs.org mail.olimpsport.org static.store-content.com # Reference: https://x.com/sdcyberresearch/status/1792485034068185295 # Reference: https://x.com/sdcyberresearch/status/1959983743239676217 # Reference: https://www.virustotal.com/gui/ip-address/5.188.86.230/relations # Reference: https://app.validin.com/detail?find=d6b2747cc7a010c50b34119e9c98947e&type=hash&ref_id=71d565febed#tab=host_pairs (# 2025-02-19) # Reference: https://app.validin.com/detail?find=179.60.147.85&type=ip4&ref_id=b8cf6bcc858#tab=resolutions (# 2025-02-19) cdnjs.st cdnjs.us cdnjs.ws esicm.biz lgstd.io lgstd.net logstash.in logstorage.in pubanalytics.net sitegateproxy.net siteimproveanalytic.net siteimproveanalytics.net stores-content.com static.stores-content.com # Reference: https://x.com/sdcyberresearch/status/1792880699164291143 # Reference: https://www.virustotal.com/gui/ip-address/109.120.134.52/relations cloud-faststart.com emblem-music.com/wp-includes/js/jquery/jquery.query.min.js # Reference: https://www.virustotal.com/gui/ip-address/195.242.111.32/relations fizpool.online iertech.site ochelun.quest povelec.shop uerlock.store vehton.click # Reference: https://app.validin.com/detail?type=ip&find=195.242.111.0%2F24 bezvotic.store chelotech.site clatech.site dramlink.online dvestich.online evasel.online fekipont.shop feloontop.click fesdeil.shop gepkint.quest goratech.site hvilutech.site kintech.site komezi.site multqinetic.site naverpic.quest nehoteep.online pektech.site promobet.site sepewoon.click shosdigit.site sovber.shop svepoop.store tulubtic.site vejfor.click xemit.store yelpelint.quest cdn.clatech.site cdn.ctotech.store cdn.cvyatop.online cdn.dramlink.online cdn.drgibit.click cdn.dvestich.online cdn.evasel.online cdn.feloontop.click cdn.fesdeil.shop cdn.fizpool.online cdn.gapsink.shop cdn.goratech.site cdn.hvilutech.site cdn.iertech.site cdn.kintech.site cdn.komezi.site cdn.luterylpen.online cdn.mokamob.site cdn.multqinetic.site cdn.naverpic.quest cdn.ochelun.quest cdn.peeyol.click cdn.povelec.shop cdn.sewit.quest cdn.shosdigit.site cdn.sovber.shop cdn.svepoop.store cdn.tulubtic.site cdn.uerlock.store cdn.vidbent.shop cdn.wegvilt.site cdn.xemit.store # Reference: https://x.com/sdcyberresearch/status/1795057766865744223 # Reference: https://www.virustotal.com/gui/ip-address/45.88.3.204/relations bilerec.online damnmob.quest fetlicfet.store fezelec.click gulimob.site heliponk.click hiperglucemicos.day infelec.yachts kennidigit.online kenttec.shop leglink.quest nasoltech.site novitech.store poglink.click pospit.site prostictec.pw raditeches.shop tempoticlec.in.net turnmob.shop velipot.quest yekmet.online cdn.bilerec.online cdn.damnmob.quest cdn.fetlicfet.store cdn.fezelec.click cdn.gepkint.quest cdn.gulimob.site cdn.heliponk.click cdn.hiperglucemicos.day cdn.kennidigit.online cdn.kenttec.shop cdn.leglink.quest cdn.nasoltech.site cdn.novitech.store cdn.poglink.click cdn.pospit.site cdn.prostictec.pw cdn.raditeches.shop cdn.tempoticlec.in.net cdn.turnmob.shop cdn.vehton.click cdn.velipot.quest cdn.yekmet.online # Reference: https://app.validin.com/detail?find=45.88.3.0%2F24&type=ip&ref_id=91b18e17fe2#tab=resolutions ahedoob.shop antelec.click apartims.shop arados.monster chapotech.store chastictop.online chelitec.online chelplink.online chigomob.online coyundearias.xyz ctotech.store cvyatop.online delamint.online depiters.store dilink.click dipteb.quest dostotec.quest drgibit.click entrelec.store eshatic.store febiloot.site fenmatc.click feyatic.quest fototytrul.online frektech.site frothelink.quest fudorable.website gamakatvet.store gelte.site gemintele.shop gemptech.shop glubit.shop goalkeeper.pics godytru.site helitic.quest hepotils.site hetnop.online iedoot.quest ihipute.shop intgqc.site isolatec.site jectop.store jegpll.shop jeremob.site jsmhxfd.online joermen.store jojtom.store joyjon.click jyjotec.online kapecol.shop keluven.quest ketbon.quest khetech.site kretop.click krusswep.online leopatet.site loopdigit.site melopic.shop metriso.online mifelpot.shop misdigit.click mistlink.online mjadmin.news mokamob.site molotech.online nastech.store neznlink.store neztec.click nishbakh.site nsnamob.site obshmob.shop pantech.online peerdigit.shop perelink.click perlet.store pershidigit.online petloom.quest piltech.quest pizelec.site ranotech.site reshnot.quest revqc.online rijtech.shop rukutec.store saponline.site shaapotec.click sinketech.shop skitech.site snvepic.online stayoph.click sterhook.site sudtech.online temninch.site teredigit.click tiodigit.shop tutic.click vafapic.online varenmob.store vidbent.shop vitaloop.site vsetech.quest vtikgot.site weewloop.store weponit.site wowiatel.shop xadirec.site xaetop.site xifelec.click yakutech.quest yaznet.site zakit.quest zarelec.quest cdn.antelec.click cdn.apartims.shop cdn.avtomob.sbs cdn.beatmob.pics cdn.bupunit.store cdn.ceilyt.click cdn.chapotech.store cdn.chastictop.online cdn.chekeelec.quest cdn.chelitec.online cdn.chelotech.site cdn.chelplink.online cdn.chigomob.online cdn.coyundearias.xyz cdn.cutele.shop cdn.delamint.online cdn.depiters.store cdn.dilink.click cdn.dipteb.quest cdn.dostotec.quest cdn.dvestich.online cdn.entrelec.store cdn.eshatic.store cdn.fadyit.pics cdn.febiloot.site cdn.fenmatc.click cdn.feyatic.quest cdn.flattec.sbs cdn.frektech.site cdn.frothelink.quest cdn.gamakatvet.store cdn.gelte.site cdn.gemdigit.pics cdn.gemintele.shop cdn.gemptech.shop cdn.gepotich.space cdn.getepol.space cdn.glubit.shop cdn.goalkeeper.pics cdn.helitic.quest cdn.hepotils.site cdn.hetnop.online cdn.iedoot.quest cdn.ihipute.shop cdn.isolatec.site cdn.jectop.store cdn.jegpll.shop cdn.jeremob.site cdn.joermen.store cdn.jojtom.store cdn.joyjon.click cdn.joykent.online cdn.jyjotec.online cdn.kapecol.shop cdn.keluven.quest cdn.ketbon.quest cdn.khetech.site cdn.kintech.site cdn.kretop.click cdn.krusswep.online cdn.lavutele.yachts cdn.leopatet.site cdn.lielecef.cyou cdn.loopdigit.site cdn.melopic.shop cdn.metriso.online cdn.mifelpot.shop cdn.misdigit.click cdn.mistlink.online cdn.mjadmin.news cdn.molotech.online cdn.nastech.store cdn.neznlink.store cdn.neztec.click cdn.noanotech.sbs cdn.nsnamob.site cdn.obshmob.shop cdn.odintech.sbs cdn.pantech.online cdn.peerdigit.shop cdn.perelink.click cdn.perlet.store cdn.pershidigit.online cdn.petloom.quest cdn.piltech.quest cdn.pizelec.site cdn.promobet.site cdn.ranotech.site cdn.reshnot.quest cdn.rijtech.shop cdn.rithdigit.cyou cdn.rukutec.store cdn.saponline.site cdn.shaapotec.click cdn.sinketech.shop cdn.skitech.site cdn.snvepic.online cdn.stayoph.click cdn.sudtech.online cdn.temninch.site cdn.teredigit.click cdn.tiodigit.shop cdn.tochdigital.pics cdn.tutic.click cdn.vafapic.online cdn.varenmob.store cdn.vejfor.click cdn.vitaloop.site cdn.vsetech.quest cdn.vtikgot.site cdn.weewloop.store cdn.weponit.site cdn.xadirec.site cdn.xaetop.site cdn.xifelec.click cdn.yakutech.quest cdn.yaznet.site cdn.yololive.sbs cdn.zakit.quest cdn.zapolmob.sbs cdn.zarelec.quest tvd.nishbakh.site # Reference: https://www.virustotal.com/gui/ip-address/195.242.110.10/relations ceilyt.click # Reference: https://www.virustotal.com/gui/ip-address/45.141.87.131/relations cc-check.cash # Reference: https://x.com/sdcyberresearch/status/1793281100992667981 # Reference: https://www.virustotal.com/gui/ip-address/77.221.152.122/relations # Reference: https://www.virustotal.com/gui/ip-address/79.137.203.220/relations autossl-letsencrypt-demo.com catheeweiss.com eurochems.org sendtouser.com # Reference: https://blog.sucuri.net/2024/05/server-side-credit-card-skimmer-lodged-in-obscure-plugin.html 2of.cc # Reference: https://x.com/johnk3r/status/1798833023804440593 # Reference: https://www.virustotal.com/gui/ip-address/108.174.194.122/relations hlntup.io # Reference: https://www.virustotal.com/gui/ip-address/45.67.231.166/relations tagmanager.space ns1.tagmanager.space # Reference: https://x.com/sdcyberresearch/status/1801178651288871147 # Reference: https://x.com/sdcyberresearch/status/1808102569086013847 # Reference: https://www.virustotal.com/gui/ip-address/141.98.80.82/relations # Reference: https://app.validin.com/detail?find=141.98.80.0%2F24&type=ip&ref_id=93c02ace42f#tab=resolutions # Reference: https://app.validin.com/detail?find=91.202.233.147&type=ip4&ref_id=da1c921fe1c#tab=resolutions cnv.icu cvd.icu cvn.icu cvv.icu dcv.icu ddv.icu dvv.icu ndn.icu nnv.icu nvv.icu vcn.icu vdd.icu vdv.icu vnv.icu vvd.icu # Reference: https://x.com/sdcyberresearch/status/1815380710737522937 # Reference: https://x.com/sdcyberresearch/status/1878786203023245478 # Reference: https://www.virustotal.com/gui/ip-address/94.131.110.36/relations aikalabrge.org ancarog.sbs aqocm.sbs arvns.org auarim.com aunce.org auoxs.com bumsg.org butmaushati.org calabergm.com calabergn.com calesaham.com cavinrobinson.com ccvc.icu cimaushatim.org cipoy.org db13g10.com db13g6.com db13g7.com db13g8.com db13g9.com emusati.com eonmaushet.sbs funse.org getsen.org gmishetu.org gmoins.org googeinfo.com inforestele.com informrunner.com irnmaushti.org ishamew.com isnore.org kaiabrgfre.org kalabsbarg.com mahishati.com maishatucli.org maishetie.com maishti.org mashuti.org masseatea.com mauaeshaty.org maunshate.org maushetym.sbs mausshati.org mayshati.click mdowcn.sbs meashateti.org mencg.org menshaty.org mesahamix.sbs mishtiman.org mnishati.com moishaety.sbs mqonset.sbs mshaty.com mueshti.com muwcan.sbs mymaishity.org mysahmyar.click myshetu.com naemashatu.com naiwns.sbs ncinat.sbs nmistim.org nsmahatu.org pemans.sbs poripal.org rauisom.sbs ronsahmye.sbs rxeoy.com saiyam.sbs sanmeysht.com searchnau.com sebmaishatu.sbs sinesm.org sinmaushti.org smaishyu.org sqsnci.org telmaysheti.click themausheti.org umayhei.com umayhei.org uomaishaty.org usmyshatu.org vaondns.sbs vvcv.icu vvdv.icu vvvc.icu vvvd.icu vvvn.icu xposen.org ymaovn.org yoqns.com # Reference: https://x.com/sdcyberresearch/status/1801186223593005289 kandkca.com/instamojo/instamojo.js # Reference: https://blog.sucuri.net/2024/06/caesar-cipher-skimmer.html # Reference: https://app.validin.com/detail?find=NOTHING%20TO%20SEE%20HERE%20(%3A&type=raw&ref_id=038b91e70eb#tab=host_pairs_v2 googletagmanager4.com cdn.googletagmanager4.com ws.googletagmanager4.com # Reference: https://sansec.io/research/polyfill-supply-chain-attack googie-anaiytics.com kuurza.com # Reference: https://app.validin.com/detail?type=ip&find=195.242.111.0%2F24#tab=resolutions amulink.click asekick.store boencon.click chosnow.online dvatop.quest feehner.online filtecc.quest godmic.site hityel.store huelint.quest jaketool.shop midimob.shop milotech.shop natugoon.shop noltic.site panktech.store piolit.site pjekloom.click povodton.online pugatec.site serlofet.quest vangot.online velput.online verdigit.click yeinc.store cdn.amulink.click cdn.asekick.store cdn.boencon.click cdn.chosnow.online cdn.dvatop.quest cdn.feehner.online cdn.filtecc.quest cdn.godmic.site cdn.hityel.store cdn.huelint.quest cdn.jaketool.shop cdn.midimob.shop cdn.milotech.shop cdn.natugoon.shop cdn.noltic.site cdn.panktech.store cdn.piolit.site cdn.pjekloom.click cdn.povodton.online cdn.pugatec.site cdn.serlofet.quest cdn.vangot.online cdn.velput.online cdn.verdigit.click cdn.yeinc.store # Reference: https://x.com/sdcyberresearch/status/1800133719464006128 # Reference: https://www.virustotal.com/gui/ip-address/78.128.112.217/relations # Reference: https://app.validin.com/detail?find=78.128.112.217&type=ip4&ref_id=53e84d71645#tab=resolutions 0check.shop dbuono.shop extrastat.network firstat.guru globaltag.shop hardstat.bond istats.online jetag.one kanalytics.digital lowhost.buzz megatag.cam nccoastalvolleyball.shop newanalytics.homes opentag.lat plustat.forum quicklnk.asia retrostat.autos statz.christmas tagmanager.guru tagmanager.network truetag.fit ultranalytics.shop ultratags.shop unitag.info virtmarkt.shop zentag.xyz # Reference: https://www.virustotal.com/gui/ip-address/185.193.125.168/relations gtagmanager.app # Reference: https://app.validin.com/detail?type=ip&find=195.242.111.0%2F24#tab=resolutions (# 2024-07-10) ambidot.click bigjet.click halyeel.shop kanalit.site kitlinks.online mjeetech.store negoon.quest veuseel.click cdn.ambidot.click cdn.bigjet.click cdn.halyeel.shop cdn.kanalit.site cdn.kitlinks.online cdn.mjeetech.store cdn.negoon.quest cdn.veuseel.click # Reference: https://x.com/sdcyberresearch/status/1811388642377498669 store.statsforapps.com/app/mobile/buildfire/api/api.min.js # Reference: https://sansec.io/research/cosmicsting-hitting-major-stores # Reference: https://www.virustotal.com/gui/ip-address/82.202.165.36/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.165.43/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.165.48/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.165.55/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.165.96/relations api4cdn.io bingforce.org easttrack.net foptimize.net freedombot.io freeview.io gearplace.net infiniboosts.com inpwrd.io pomtag.net quantlive.net registertime.net ruleslaw.org saleapi.org servicetoast.net stackapt.com staticforce.org wealthleaderinc.com wisepops.co yotpont.com app.ruleslaw.org app.staticforce.org h.pomtag.net js.yotpont.com map.registertime.net temp.quantlive.net # Reference: https://www.virustotal.com/gui/ip-address/195.20.50.188/relations static-jquery.ga # Reference: https://www.virustotal.com/gui/ip-address/139.180.219.218/relations # Reference: https://www.virustotal.com/gui/ip-address/148.135.91.83/relations # Reference: https://www.virustotal.com/gui/ip-address/5.61.47.234/relations # Reference: https://www.virustotal.com/gui/ip-address/95.179.178.92/relations analyticsapi.club analyticsvisits.com analyticsvisits.xyz jquerycdn.store jquerylab.pw ns1.analyticsvisits.xyz ns2.analyticsvisits.xyz static.jquerycdn.store test.jquerylab.pw # Reference: https://www.virustotal.com/gui/ip-address/5.45.122.116/relations jquery.space static.jquery.space # Reference: https://www.virustotal.com/gui/ip-address/134.122.109.150/relations jqurey.vip jsdelivr.autos autoscdn.jsdelivr.autos cdn.jsdelivr.autos dn.jsdelivr.autos fcdn.jsdelivr.autos magento.setting.gg static.jqurey.vip # Reference: https://x.com/sdcyberresearch/status/1812853003893837885 # Reference: https://www.virustotal.com/gui/ip-address/77.238.233.189/relations adsimilar.com # Reference: https://app.validin.com/detail?type=ip&find=45.88.3.0%2F24#tab=resolutions autocon.store bazelec.site belmint.quest comslet.store cvirdot.quest drodigit.online gordment.click hlimbet.site karfaet.store kirelit.site koontop.click redelot.shop shemmob.online sinckick.shop vestmic.quest cdn.autocon.store cdn.bazelec.site cdn.belmint.quest cdn.comslet.store cdn.cvirdot.quest cdn.drodigit.online cdn.gordment.click cdn.hlimbet.site cdn.karfaet.store cdn.kirelit.site cdn.koontop.click cdn.redelot.shop cdn.shemmob.online cdn.sinckick.shop cdn.vestmic.quest # Reference: https://app.validin.com/detail?find=45.88.3.141&type=ip4&ref_id=b806f575d8e#tab=resolutions ditchdigit.quest genotic.shop heleveni.cyou henotik.click komotech.quest santecs.store wenmen.online cdn.ditchdigit.quest cdn.genotic.shop cdn.heleveni.cyou cdn.henotik.click cdn.komotech.quest cdn.santecs.store cdn.wenmen.online # Reference: https://x.com/sdcyberresearch/status/1815710792651555218 # Reference: https://www.virustotal.com/gui/ip-address/45.125.67.12/relations # Reference: https://app.validin.com/detail?find=139453fbd538458849d54a40a5a300ae18a6f30c&type=hash&ref_id=37722d4fd81#tab=host_pairs (# 2025-02-28) jewelryhomenyc.com morningflexpleasure.com reusable-flex.com static-open.com statistics-for-you.com statistics-renew.com wellfacing.com yourmarketingpay.com waf-tg.2gc.workers.dev # Reference: https://app.validin.com/detail?type=ip&find=195.242.110.0%2F24 fomloop.site getrei.store hihekic.online leftec.quest limatop.shop cdn.fomloop.site cdn.getrei.store cdn.hihekic.online cdn.leftec.quest cdn.limatop.shop # Reference: https://x.com/sdcyberresearch/status/1816105654416748722 # Reference: https://x.com/ValidinLLC/status/1816449533359833160 # Reference: https://www.virustotal.com/gui/ip-address/172.86.107.49/relations # Reference: https://www.virustotal.com/gui/ip-address/172.86.124.36/relations # Reference: https://www.virustotal.com/gui/ip-address/91.194.11.108/relations cdnamgasite.com cdnamgastyle.com cdnassetsite.com cdnjsdev.com cdnjsdevs.com devblen.com logicloo.com pixelforgts.com techglitc.com # Reference: https://x.com/sdcyberresearch/status/1817910238520959453 abbiecrm.com adsprep.online b2blinkstorage.com b2bsolution24.com cartflowcrm.com cartfreedom.com cartualcrm.com clarkcrm.com click-analytics.net corkscrm.com crmbargs.com crmcom.org crmcrown.com crmdaps.com crmfant.site crmgibs.com crmkrafft.com crmprew.com crmprove.com crmrebss.com datasconn.com fastbcrm.com octalcrm.com quickcartcloud.com rsoftline.sbs shopcartcrm.com smartcli.org smoothb2b.com smoothconnect.org speedspree.org speedysalestore.com tikmoneyid.cfd trustedapi.org updatecrm.org # Reference: https://www.virustotal.com/gui/domain/cdn-delivery-xyz.com/relations cdn-delivery-xyz.com chu.cdn-delivery-xyz.com dir.cdn-delivery-xyz.com # Reference: https://app.validin.com/detail?find=185.196.9.82&type=ip4&ref_id=e7811530e8a#tab=resolutions gmduftruepaitus.com javascript-static.com web3work.space # Reference: https://x.com/sdcyberresearch/status/1820463720965009424 naturalcuriosities.com/a.js naturalcuriosities.com/obb.js # Reference: https://x.com/sdcyberresearch/status/1820837819088040000 # Reference: https://x.com/sdcyberresearch/status/1821167470792638621 # Reference: https://x.com/sdcyberresearch/status/1821167541818884207 # Reference: https://x.com/sdcyberresearch/status/1822940433712111840 # Reference: https://x.com/sdcyberresearch/status/1825517871893524530 codcraft.shop codemingle.shop getlnfo.com luckycharm.website marketexpert.site paysysmetrics.com pixelsmith.shop productpulsehub.com protocolhubinfo.com reviewharborhub.com salesguru.online sibautomation.com statistall.com statlstic.shop statmaster.shop vodog.shop # Reference: https://app.validin.com/detail?type=ip&find=195.242.110.0%2F24#tab=resolutions dewoper.click kismic.click maketech.online strodigit.store tonamob.quest truvit.shop cdn.dewoper.click cdn.kismic.click cdn.maketech.online cdn.strodigit.store cdn.tonamob.quest cdn.truvit.shop # Reference: https://app.validin.com/detail?type=ip&find=195.242.111.0%2F24#tab=resolutions helotop.site loetec.quest pustmob.online cdn.helotop.site cdn.loetec.quest cdn.pustmob.online # Reference: https://sansec.io/research/magento-wish-list-exploits http://69.49.246.122 a.aa4.in purplesunrise.com/2.js triconville.com/pub/errors/cr.js # Reference: https://app.validin.com/detail?type=ip&find=45.88.3.0%2F24#tab=resolutions deqbit.quest feurcat.shop pealink.store shebil.online svetmob.click cdn.deqbit.quest cdn.feurcat.shop cdn.pealink.store cdn.shebil.online cdn.svetmob.click # Reference: https://blog.sucuri.net/2024/08/prestashop-gtag-websocket-skimmer.html # Reference: https://www.virustotal.com/gui/ip-address/176.113.115.198/relations iconstaff.top cd.iconstaff.top cdn.iconstaff.top # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-23-v10673/1914 analytlx.shop artvislon.shop datawiz.shop deslgnpro.shop happywave.shop luckipath.shop trendset.website # Reference: https://app.validin.com/detail?type=ip&find=45.88.3.0%2F24#tab=resolutions alasink.quest alegoot.site alemob.space amnam.fun amonico.shop benetock.shop bitcass.store bohnopics.online budutvone.click bulktec.store califmob.site cemdigit.click cholmob.store chtelink.click chtotop.online creftip.shop deiporen.click demtecer.site deqiroos.quest deqitec.site detemp.shop devyarec.click dodigit.online dumrec.click ecstatec.store fenhotoc.online fentech.site feqrtool.shop fitdigit.online fyzent.fun gamdev.site geeit.click gejitop.online gelkifolk.online geotop.site geutes.quest girelink.online gootekoo.quest gseytip.quest hebifan.store hebopot.site hegolit.click helenoton.store heleritp.site helifob.click helspen.space helstic.quest helutemp.click hesport.store hewliit.quest hhelytoc.store ierpits.quest inlgepot.quest jejtol.shop jempitek.online jeopel.site jeytop.click jirelit.shop jojtech.quest jolkefat.quest jujetik.shop kantiner.site kelpertop.shop kenttoc.site kepmfel.store kepton.shop kilotemp.store kilvmep.click kiretech.shop kletec.online kvilit.store lamptech.online lenotach.space leslike.site levigen.click lhetoyer.store liteloot.store livesoc.shop logidigit.online magatoc.store melalink.quest memmob.quest memosinc.store mercigent.site misttum.site muzmic.quest nanidig.shop nasline.shop nasteam.quest necisomp.site nelhelp.store nesudteq.click netigep.shop neulec.shop newteches.store ocmetech.online oegetech.site orgalep.online otroot.quest peretec.click plusdigit.store poshetech.site presow.site qentopic.fun rekment.click rivtek.click roztab.shop samloop.online serdot.site stalentop.shop sumreit.quest sutevdigit.online svinuer.site svutech.shop teopit.store tepomob.online tichtec.store tiebatec.shop toodigtl.quest uudigit.space vikinut.online vispelyec.online vitadigit.quest vitkij.shop xavitec.site xuetext.click yadewan.shop yelowpop.fun yeltech.store yepetok.quest yepkit.site zapotech.shop zmimot.shop zumivqiq.click cdn.alasink.quest cdn.alegoot.site cdn.alemob.space cdn.amnam.fun cdn.amonico.shop cdn.benetock.shop cdn.bitcass.store cdn.bohnopics.online cdn.budutvone.click cdn.bulktec.store cdn.califmob.site cdn.cemdigit.click cdn.cholmob.store cdn.chtelink.click cdn.chtotop.online cdn.creftip.shop cdn.deiporen.click cdn.demtecer.site cdn.deqiroos.quest cdn.deqitec.site cdn.detemp.shop cdn.devyarec.click cdn.dodigit.online cdn.dumrec.click cdn.ecstatec.store cdn.fenhotoc.online cdn.fentech.site cdn.feqrtool.shop cdn.fitdigit.online cdn.fyzent.fun cdn.gamdev.site cdn.geeit.click cdn.gejitop.online cdn.gelkifolk.online cdn.geotop.site cdn.geutes.quest cdn.girelink.online cdn.gootekoo.quest cdn.gseytip.quest cdn.hebifan.store cdn.hebopot.site cdn.hegolit.click cdn.helenoton.store cdn.heleritp.site cdn.helifob.click cdn.helspen.space cdn.helstic.quest cdn.helutemp.click cdn.hesport.store cdn.hewliit.quest cdn.hhelytoc.store cdn.ierpits.quest cdn.inlgepot.quest cdn.jejtol.shop cdn.jempitek.online cdn.jeopel.site cdn.jeytop.click cdn.jirelit.shop cdn.jojtech.quest cdn.jolkefat.quest cdn.jujetik.shop cdn.kantiner.site cdn.kelpertop.shop cdn.kenttoc.site cdn.kepmfel.store cdn.kepton.shop cdn.kilotemp.store cdn.kilvmep.click cdn.kiretech.shop cdn.kletec.online cdn.kvilit.store cdn.lamptech.online cdn.lenotach.space cdn.leslike.site cdn.levigen.click cdn.lhetoyer.store cdn.liteloot.store cdn.livesoc.shop cdn.logidigit.online cdn.magatoc.store cdn.melalink.quest cdn.memmob.quest cdn.memosinc.store cdn.mercigent.site cdn.misttum.site cdn.muzmic.quest cdn.nanidig.shop cdn.nasline.shop cdn.nasteam.quest cdn.necisomp.site cdn.nelhelp.store cdn.nesudteq.click cdn.netigep.shop cdn.neulec.shop cdn.newteches.store cdn.ocmetech.online cdn.oegetech.site cdn.orgalep.online cdn.otroot.quest cdn.peretec.click cdn.plusdigit.store cdn.poshetech.site cdn.presow.site cdn.qentopic.fun cdn.rekment.click cdn.rivtek.click cdn.roztab.shop cdn.samloop.online cdn.serdot.site cdn.stalentop.shop cdn.sumreit.quest cdn.sutevdigit.online cdn.svinuer.site cdn.svutech.shop cdn.teopit.store cdn.tepomob.online cdn.tichtec.store cdn.tiebatec.shop cdn.toodigtl.quest cdn.uudigit.space cdn.vikinut.online cdn.vispelyec.online cdn.vitadigit.quest cdn.vitkij.shop cdn.xavitec.site cdn.xuetext.click cdn.yadewan.shop cdn.yelowpop.fun cdn.yeltech.store cdn.yepetok.quest cdn.yepkit.site cdn.zapotech.shop cdn.zmimot.shop cdn.zumivqiq.click # Reference: https://app.validin.com/detail?type=ip&find=195.242.110.0%2F24#tab=resolutions erhiteed.site geytiit.shop jeqvic.quest poglot.click povemob.store cdn.erhiteed.site cdn.geytiit.shop cdn.jeqvic.quest cdn.poglot.click cdn.povemob.store # Reference: https://app.validin.com/detail?type=ip&find=195.242.111.0%2F24#tab=resolutions cheqseep.online dushiotk.store cdn.cheqseep.online cdn.dushiotk.store # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-26-v10674/1918 artickon.shop articon.website happyllfe.online luckkystar.shop seilsmart.shop selllify.shop # Reference: https://x.com/sdcyberresearch/status/1932826555761250667 # Reference: https://sansec.io/research/cosmicsting-cnext-persistent-backdoor # Reference: https://www.virustotal.com/gui/ip-address/38.180.90.92/relations # Reference: https://www.virustotal.com/gui/ip-address/38.180.93.5/relations accept.bar amocha.xyz cdn-webstats.com clearnetfab.net fallodick87-78.sbs gistatics.com inspectdlet.net jquerypackageus.com jqueryuslibs.com jstatic201.com lererikal.org mamatmavali.ru nothingillegal.bond paie-locli.com sellerstat.site statsseo.com statstoday.org vincaolet.xyz webexcelsior.org cdn.inspectdlet.net # Reference: https://x.com/Gi7w0rm/status/1878770002448564491 # Reference: https://x.com/Gi7w0rm/status/1878780682803310793 # Reference: https://x.com/Gi7w0rm/status/1878799911002763727 # Reference: https://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpress-checkout-pages-via-database-injection.html # Reference: https://app.validin.com/detail?find=185.11.61.57&type=ip4&ref_id=18b92005709#tab=resolutions # Reference: https://app.validin.com/detail?type=dom&find=gjoagjiii.proton.me#tab=dns fqbe23.xyz valhafather.xyz browser-security.digital data-redirect.biz panel-alert-v1.homes redirect-security.digital serverproxy-v2homes.life wordpress-control.org wordpress-defense.com wordpress-redirect.biz wordpress-request.com wordpress-safety.org wordpress-secirity.org wordpress-secure.org wordpress-team.org # Reference: https://x.com/sdcyberresearch/status/1830625427284525061 cdnweb2analytics.com # Reference: https://www.hybrid-analysis.com/sample/aa1bd1010ab75108b02e4082eed98733013b76e23a0584e33c3467c992e731dd cdnwebanalytics.com # Reference: https://x.com/sdcyberresearch/status/1831306045274079284 # Reference: https://www.virustotal.com/gui/ip-address/46.226.160.210/relations jgueurystatic.xyz # Reference: https://app.validin.com/detail?find=78.128.112.218&type=ip4&ref_id=bdb069571b7#tab=resolutions # Reference: https://app.validin.com/detail?find=78.128.112.221&type=ip4&ref_id=a93a4c303e6#tab=resolutions 0tags.info 0test.my 1onebigshop.it.com 1stat.today 2links.blog 2smallbigshop.info 3analytics.buzz 3rdsock.pro 4casts.one 4kidsandmoms.live 5data.world 5monthlater.boutique 6feetunder.cc 6stat.website 7luckyones.click 7tags.shop 8pool.best 8urls.info 9analytics.ink 9circle.today advsto.store albion.click alfabe.club analytz.info antiqshp.work ashops.cc bbqinn.my beautymania.tattoo betam.app bishop.help brinder.wiki builder.motorcycles bybeby.bio ccdiq.pro cdccom.vip celimax.digital co-eco.store coworkin.art crowdspace.shop dccome.app directs.bond discoveryrover.info dofabrics.asia dolsstores.blog doorsandwindowsuk.store dorei.website eciccom.name ecocoe.info enrgy.cam esst.cc fastn.best fatno.tech ferrix.shop fieldmans.fit fixr.pics gigatag.info grossbar.shop gsmsa.pro h5.opshop.cc habcd.cc histat.top humn.pro ibmpc.cc itracking.autos jackst.site jetex.pics jetstat.info jfkai.live kcjosef.fun keytag.rest kfcd.site koloco.name lipo.wtf livedirect.my lonefrst.today megastat.shop metamanager.shop ministat.shop monstr.cv musmash.one nextai.cam nmesame.vip nops.asia oooopsid.click openc.shop openmonitor.rest openstat.cc opshop.cc postds.one protostat.lat pshp.live qrapp.asia quicktag.wiki realstat.today resultip.cc rmark.lat spendless.guru statmasters.shop supertag.info tagsanalytics.shop tagscart.shop tagsmanager.shop tagspot.store terap.app ultrabit.shop ultrabyte.shop ultracart.shop ultramain.shop ultramesh.shop ultranite.shop ultrasys.shop uniquemask.homes unis.my vectors.guru vset.life vspec.info vsys.digital vtag.world vtags.life vtasks.shop vteam.top vtec.live vvwv.dev webstat.help wikistat.wiki wwwi.click xpertbit.shop xreplx.my xtras.work xtreme.boats xztv.me yamis.bio yesok.life yestat.website yesyes.rest ynotme.bar zalzas.cc zend.quest zerotag.cc zivert.top # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-09-02-v10679/1932 creatlva.shop sellifypro.com # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-30-v10678/1926 creatls.com getstylify.com graphiqsw.com metricelevate.com pixelia.shop secunnet.shop # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924 creativeslim.com dealhunt.website designlq.com graphlq.shop javaninja.shop merchifly.shop selloria.shop # Reference: https://x.com/sdcyberresearch/status/1833124334417682447 feedbackharvest.com # Reference: https://cside.dev/blog/cisco-client-side-magecart-javascript-attack # Reference: https://www.virustotal.com/gui/ip-address/82.202.163.229/relations rextension.net app.rextension.net # Reference: https://x.com/sdcyberresearch/status/1835661136877715670 ads-analysis.net jsdelive.com sw.jsdelive.com # Reference: https://www.virustotal.com/gui/ip-address/45.88.3.11/relations marenteches.online repo.marenteches.online # Reference: https://x.com/sdcyberresearch/status/1838222470135833080 # Reference: https://www.virustotal.com/gui/ip-address/176.124.222.157/relations # Reference: https://www.virustotal.com/gui/ip-address/217.144.184.139/relations # Reference: https://app.validin.com/detail?type=dom&find=cdnstatics.net#tab=host_pairs cdnstaticnetwork.net cdnstatics.net # Reference: https://x.com/sdcyberresearch/status/1838527580678275345 opinionharbor.com # Reference: https://x.com/sdcyberresearch/status/1841114094637568084 # Reference: https://www.virustotal.com/gui/ip-address/82.197.83.18/relations addtag.net mystatpal.com seomgr.com statictool.com useonline.org parent.addtag.net ui.addtag.net widget.statictool.com widget.useonline.org sales.mystatpal.com stat.mystatpal.com # Reference: https://sansec.io/research/cosmicsting-fallout # Reference: https://app.validin.com/detail?find=158.255.213.172&type=ip4&ref_id=17650ce9986#tab=resolutions app.chwine.dev bystats.io cdn.myshopper.io chwine.dev consentime.com convertpro.org fatrade.net ge4cdn.com hostnotify.io img.wisepops.co itsemma.io m.bingforce.org myshopper.io sourcetrap.net subsales.net t.gearplace.net tag.convertpro.org tag.wealthleaderinc.com tr.hostnotify.io web.bystats.io web.foptimize.net youpilot.org # Reference: https://sansec.io/research/cosmicsting#attack-attribution analytisgroup.com analytisweb.com bytesbazar.com chartismart.com codecarawan.com cssmagic.shop datifyny.com desiqnia.shop desynlabtech.com echomest.com horlzonhub.com marketiqhub.com marketrom.shop marketsoilmart.com metricsy.shop novastraem.com quantunnquest.com radlantroots.com sellwisehub.com statify.online statspots.com techtnee.com trendgurupro.com trendor.website trendorawin.com trendori.shop vizualis.online # Reference: https://app.validin.com/detail?first_seen=2024-09-01&type=ip&find=195.242.110.0%2F24#tab=resolutions aloteches.click aradosetar.top avarit.site bamgen.store beilink.site bigdata.name bleucot.site bomtec.online cafemode.shop chepolent.online chiptoc.site cikpit.shop deimatec.store dotectech.fun druzkint.site duimeb.quest dujetec.store dvendot.site faktech.site famitevec.site fenotech.shop figonowubo.fun filintop.store galkick.online garuelo.quest geitetic.online gekliop.online gemupel.shop geopert.shop getcomec.store gevjet.site geytim.quest gigulom.store gitorec.shop gorilink.quest guqetec.click helomint.shop helvet.quest helyadig.quest hlopsinc.quest hrustec.online ibamob.shop ijustec.store infoteches.store interten.site itisdigit.shop jedigit.shop jeoilec.store jeypop.click jijtool.click jvfufees.quest kandot.quest keiture.online kicyakick.click kindigit.quest kolutec.shop kolutech.site koramel.online krowlink.quest krustop.click lemetotic.site lenvin.online leptirot.store leyrec.online lietec.quest loofet.site lookeus.shop lovdyno.click mehagn0me.site memotip.site mewdot.site milidigit.site milink.shop mojetik.store mojtec.quest mutech.store nasecol.quest nemaelec.online nushsintez.store obstrels.online omatec.store opelink.shop operec.site opertec.store opewinc.site oskaloop.quest otolink.online oulipeec.site pahatech.shop pekjij.shop perelink.quest perelit.site peretech.online pevitech.click piplot.site pitrelop.shop pledigit.store postolink.online presitech.online pridmob.shop puuktec.site ramsook.click rasedipop.click rastec.store reshtic.site rifpiit.quest saertech.quest sectrans.store sedmet.click sendig.store sendigit.online seqirink.click setinc.site sewtic.shop shisdigit.site shvidzol.site sinomic.shop sivtech.quest sofinet.online sominuwe.online somnetec.online sorlinker.click starkick.online stepfet.click stesntec.store supelink.store sviloon.site telifetec.click telsinket.site tenopont.click teonlitic.shop tepiyoop.shop testexamplesa.online tishatec.click toketic.shop tupulopes.store turulink.store tuterec.site umnidot.quest umovec.site unacec.click undopit.online vemobeed.quest vladtech.online vonutec.click vremlil.quest vtordigit.site waslink.shop weletec.quest welipop.click xaraelec.click yadislink.shop yalowtec.online yanetech.online yelotic.store yelventar.quest yoriteh.site zabkoj.store zagalink.store zavtielot.shop zemeksinc.online zenehot.shop zirtdigit.site cdn.aloteches.click cdn.aradosetar.top cdn.avarit.site cdn.bamgen.store cdn.beilink.site cdn.bigdata.name cdn.bleucot.site cdn.bomtec.online cdn.cafemode.shop cdn.chepolent.online cdn.chiptoc.site cdn.cikpit.shop cdn.deimatec.store cdn.dotectech.fun cdn.druzkint.site cdn.duimeb.quest cdn.dujetec.store cdn.dvendot.site cdn.faktech.site cdn.famitevec.site cdn.fenotech.shop cdn.figonowubo.fun cdn.filintop.store cdn.galkick.online cdn.garuelo.quest cdn.geitetic.online cdn.gekliop.online cdn.gemupel.shop cdn.geopert.shop cdn.getcomec.store cdn.gevjet.site cdn.geytim.quest cdn.gigulom.store cdn.gitorec.shop cdn.gorilink.quest cdn.guqetec.click cdn.helomint.shop cdn.helvet.quest cdn.helyadig.quest cdn.hlopsinc.quest cdn.hrustec.online cdn.ibamob.shop cdn.ijustec.store cdn.infoteches.store cdn.interten.site cdn.itisdigit.shop cdn.jedigit.shop cdn.jeoilec.store cdn.jeypop.click cdn.jijtool.click cdn.jvfufees.quest cdn.kandot.quest cdn.keiture.online cdn.kicyakick.click cdn.kindigit.quest cdn.kolutec.shop cdn.kolutech.site cdn.koramel.online cdn.krowlink.quest cdn.krustop.click cdn.lemetotic.site cdn.lenvin.online cdn.leptirot.store cdn.leyrec.online cdn.lietec.quest cdn.loofet.site cdn.lookeus.shop cdn.lovdyno.click cdn.mehagn0me.site cdn.memotip.site cdn.mewdot.site cdn.milidigit.site cdn.milink.shop cdn.mojetik.store cdn.mojtec.quest cdn.mutech.store cdn.nasecol.quest cdn.nemaelec.online cdn.nushsintez.store cdn.obstrels.online cdn.omatec.store cdn.opelink.shop cdn.operec.site cdn.opertec.store cdn.opewinc.site cdn.oskaloop.quest cdn.otolink.online cdn.oulipeec.site cdn.pahatech.shop cdn.pekjij.shop cdn.perelink.quest cdn.perelit.site cdn.peretech.online cdn.pevitech.click cdn.piplot.site cdn.pitrelop.shop cdn.pledigit.store cdn.postolink.online cdn.presitech.online cdn.pridmob.shop cdn.puuktec.site cdn.ramsook.click cdn.rasedipop.click cdn.rastec.store cdn.reshtic.site cdn.rifpiit.quest cdn.saertech.quest cdn.sectrans.store cdn.sedmet.click cdn.sendig.store cdn.sendigit.online cdn.seqirink.click cdn.setinc.site cdn.sewtic.shop cdn.shisdigit.site cdn.shvidzol.site cdn.sinomic.shop cdn.sivtech.quest cdn.sofinet.online cdn.sominuwe.online cdn.somnetec.online cdn.sorlinker.click cdn.starkick.online cdn.stepfet.click cdn.stesntec.store cdn.supelink.store cdn.sviloon.site cdn.telifetec.click cdn.telsinket.site cdn.tenopont.click cdn.teonlitic.shop cdn.tepiyoop.shop cdn.testexamplesa.online cdn.tishatec.click cdn.toketic.shop cdn.tupulopes.store cdn.turulink.store cdn.tuterec.site cdn.umnidot.quest cdn.umovec.site cdn.unacec.click cdn.undopit.online cdn.vemobeed.quest cdn.vladtech.online cdn.vonutec.click cdn.vremlil.quest cdn.vtordigit.site cdn.waslink.shop cdn.weletec.quest cdn.welipop.click cdn.xaraelec.click cdn.yadislink.shop cdn.yalowtec.online cdn.yanetech.online cdn.yelotic.store cdn.yelventar.quest cdn.yoriteh.site cdn.zabkoj.store cdn.zagalink.store cdn.zavtielot.shop cdn.zemeksinc.online cdn.zenehot.shop cdn.zirtdigit.site # Reference: https://sansec.io/research/cosmicsting advertiq.shop advertispro.com advertls.shop anality-google.com articon.shop artistryhab.shop brandilift.com brandixi.shop chartify.shop checkout.lat codegenesis.shop countilancer.com countora.shop datagen.shop datallqs.com deslgnhq.com desynsy.com evaluatemingle.com graphig.shop graphisprintstudio.com graphize.shop graphwebpro.com happynast.shop insightharvesters.com joyfullday.shop m37gg41n.c5.rs marketicsy.com marketro.shop markettz.com myhapperflowers.com pixella.shop sdtrack.io sellllink.com selllvibe.com sellsageapp.com sellspotweb.com statdynanics.com statify.shop styllize.shop # Reference: https://x.com/sdcyberresearch/status/1844375964027080808 # Reference: https://www.virustotal.com/gui/ip-address/38.180.61.99/relations javalibraryeuro.com # Reference: https://guardiansofcyber.com/threats-vulnerabilities/the-mongolian-skimmer-inside-a-javascript-skimming-campaign-using-obfuscation-and-anti-debugging-tactics/ cdn-core.com gifcache.com common.gifcache.com blog.cdn-core.com cache.cdn-core.com cdn.gifcache.com js.cdn-core.com sentry.cdn-core.com zb.cdn-core.com # Reference: https://x.com/sdcyberresearch/status/1845777289151136039 # Reference: https://x.com/sdcyberresearch/status/1982754972497502340 # Reference: https://www.virustotal.com/gui/ip-address/5.10.250.250/relations gstatlc.org jqeury.net ssl.gstatlc.org # Reference: https://sansec.io/research/cosmicsting#group-peschanki%3A-automated-mass-cms-block-updates # Reference: https://www.virustotal.com/gui/ip-address/106.14.40.200/relations http://106.14.40.200 106.14.40.200:443 cssucess.com desiginfest.com designmetrlcs.com designospro.com desynifynet.com htmledge.com marketprome.com statrackers.com # Reference: https://x.com/sdcyberresearch/status/1845796766911775076 graphorix.com # Reference: https://x.com/sdcyberresearch/status/1845813522250264895 elbruho.com https://paramascot.com/iframes/spiuk/iframe.php # Reference: https://x.com/sdcyberresearch/status/1846207523117814140 # Reference: https://www.virustotal.com/gui/ip-address/185.163.204.248/relations redsys-spain.com # Reference: https://app.validin.com/detail?first_seen=2024-10-10&type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2024-10-24) dogroudig.store durgeem.shop feitoot.site geipets.online georips.online geyteck.store heoturs.fun jeyrice.store joeqolip.fun kecicte.sbs kopitec.store kresviv.sbs lenlink.sbs luchfran.store meglink.online multilot.shop norkes.shop paysendmmm.online remnit.fun souserec.shop spasit.site tellaso.fun uerzit.online vexirec.shop vosabit.fun vulpet.sbs wepits.sbs yapitse.site yenmac.site zarotec.site cdn.dogroudig.store cdn.durgeem.shop cdn.feitoot.site cdn.geipets.online cdn.georips.online cdn.geyteck.store cdn.heoturs.fun cdn.joeqolip.fun cdn.kecicte.sbs cdn.kopitec.store cdn.kresviv.sbs cdn.luchfran.store cdn.meglink.online cdn.multilot.shop cdn.paysendmmm.online cdn.remnit.fun cdn.souserec.shop cdn.spasit.site cdn.tellaso.fun cdn.vexirec.shop cdn.vulpet.sbs cdn.wepits.sbs cdn.yapitse.site cdn.yenmac.site # Reference: https://x.com/sdcyberresearch/status/1850897739426541700 # Reference: https://app.validin.com/detail?find=83.147.18.204&type=ip4&ref_id=ec65632f3ec#tab=resolutions win-win.work # Reference: https://x.com/sdcyberresearch/status/1850898932441714774 # Reference: https://app.validin.com/detail?find=athanasiusg.gmail.com&type=dom#tab=dns # Reference: https://app.validin.com/detail?find=137.74.151.41&type=ip4&ref_id=127115debe2#tab=resolutions # Reference: https://app.validin.com/detail?find=195.82.146.71&type=ip4&ref_id=aac1a37e53d#tab=resolutions cdn-tagger.com zoonmer.xyz cnd.zoonmer.xyz js.zoonmer.xyz # Reference: https://www.virustotal.com/gui/ip-address/94.156.68.148/relations shopanalyticss.com # Reference: https://x.com/sdcyberresearch/status/1851634572728893823 fb-counter.com connect.fb-counter.com # Reference: https://x.com/sdcyberresearch/status/1854186024131268735 statnestt.com # Reference: https://app.validin.com/detail?find=Attention%20Notice&type=raw&ref_id=131c0406d8d#tab=host_pairs admatrixclick.com adpulsetop.com advertiqs.com analytishub.com analyzrvisual.com artifyau.com brandiffy.com brandmynxt.com brandoraup.com canevaslab.com chartmyiq.com chartproset.com codeslucky.com countifyhub.com crafftedhub.com crafttrendly.com creatisup.com creatowebhub.com cssiwave.com datafwd.sbs datageen.com datamazehub.com datavibers.com designiohub.com designlfy.com dessignslab.com desynity.com desynmax.com dndworksstat.com drieventrend.com dsgnflux.com dsgnpit.com dsgnv.store fittjamatmarknad.se geniushubplus.com graphlycool.com graphwebpad.com happystrend.com inisightvision.com letcc.tk letzz.cf luckydealls.com marketcnaft.com marketgoweb.com marketisplay.com marketon360.com marketxxx.com marketzeen.com marteton360.com metricksstat.com metricsyapp.com mktgle.com mktloope.com mktvibe.com mktwiz.fun pixeloramy.com pixelprosstudio.com quantifymy.com qwickdns.com salesflowe.com salesuplab.com saveanon.com sellarcs.com sellbeamshop.com sellnestonline.com sellpathhub.com sellquestor.com sellriter.com sellwebhype.com sellwiseweb.com statenova.com statgennius.com statibuzz.com staticvisionary.com statixlab.com statnxt.com statsalles.com stylifyhub.com styloramy.com thejupitersystems.com trasoltng.com trendifymy.com trendisall.com trendisnet.com trendkeed.com trendlab360.com trendlq.com trenduphut.com trendwebbot.com visualldata.com vizualispro.com wisedesignls.com worksgethub.com cpanel.fittjamatmarknad.se denizens-nonfrigidity.initrdns.web-hosting.com webdisk.fittjamatmarknad.se # Reference: https://blog.sucuri.net/2024/11/2024-credit-card-theft-season-arrives.html cpeciadogfoods.com # Reference: https://x.com/sansecio/status/1856658781322510420 statepulseapp.com # Reference: https://app.validin.com/detail?find=45.88.3.0%2F24&type=ip&ref_id=91b18e17fe2#tab=resolutions 1acades.click aktevil.store babadodo.site beltip.sbs bierom.store bokdigit.shop crocuta.mom daemets.sbs dalifeu.fun deepfallow.cam depssitntrac.icu faeqir.site felis.homes feuted.sbs forcet.store gelotec.online geosepy.site geypol.shop grackle.icu grivanta.click grunet.online guetech.online handslegs.site heokit.fun hetper.fun hoetmob.sbs interqc.online intqc.site jadov.store jarkit.site kostium.fit krtztanik.xyz leiuer.store lntearec.icu loamish.xyz loperbit.shop mooncrate.click nemipoots.sbs nikhem.shop oceanicsre.site opeton.site outapps.online partiii.life pizvoofes.shop portec.online raztop.site richen.club rivtec.online roomscontsbelts.lol safemh.icu safemh.lol sealink.fun sedevtec.sbs sijemit.sbs sliceadslvlb.com slidovodi.fun tavyniq.skin tripist.online vidyeolit.online volopert.site wend.mom xorlium.rest zolmirex.cfd cdn.1acades.click cdn.aktevil.store cdn.babadodo.site cdn.beltip.sbs cdn.bierom.store cdn.bokdigit.shop cdn.crocuta.mom cdn.daemets.sbs cdn.dalifeu.fun cdn.deepfallow.cam cdn.faeqir.site cdn.felis.homes cdn.feuted.sbs cdn.forcet.store cdn.gelotec.online cdn.geosepy.site cdn.geypol.shop cdn.grackle.icu cdn.grivanta.click cdn.grunet.online cdn.guetech.online cdn.heokit.fun cdn.hetper.fun cdn.hoetmob.sbs cdn.interqc.online cdn.intqc.site cdn.jadov.store cdn.jarkit.site cdn.kostium.fit cdn.leiuer.store cdn.loamish.xyz cdn.loperbit.shop cdn.mooncrate.click cdn.nemipoots.sbs cdn.nikhem.shop cdn.oceanicsre.site cdn.opeton.site cdn.outapps.online cdn.partiii.life cdn.pizvoofes.shop cdn.portec.online cdn.raztop.site cdn.richen.club cdn.rivtec.online cdn.roomscontsbelts.lol cdn.sealink.fun cdn.sedevtec.sbs cdn.sijemit.sbs cdn.slidovodi.fun cdn.tavyniq.skin cdn.tripist.online cdn.vidyeolit.online cdn.volopert.site cdn.wend.mom cdn.xorlium.rest cdn.zolmirex.cfd chairi.handslegs.site merajd.safemh.lol merajdns.safemh.icu # Reference: https://x.com/sdcyberresearch/status/1858833533663383856 ads-data-verify-v5g3dyhvdq-uc.a.run.app # Reference: https://x.com/sdcyberresearch/status/1859239170754957317 productprobehub.com reviewgatherer.com # Reference: https://x.com/sdcyberresearch/status/1861040655922843998 # Reference: https://www.virustotal.com/gui/ip-address/213.108.22.35/relations # Reference: https://app.validin.com/detail?find=204.48.30.229&type=ip4&ref_id=50ba59b1326#tab=resolutions click-track-adwords-google-cpc-search.ga dynamicopenfonts.com ecommercesoltic.org foodnetwork.buzz link-track-cpc.tk pogoo.click webtracker.click click.webtracker.click # Reference: https://x.com/sdcyberresearch/status/1861805574003822765 # Reference: https://app.validin.com/detail?find=f19be927e0ace610970e44ac0fda9f6bdd0c9267&type=hash&ref_id=293e78771a7#tab=host_pairs (# 2024-12-24) 365live.world analyticcoms.com analytics-open.com appanalyticsweb.online arial-font.com ecofonts.pro ecommercesolution.tech ecomscan.click generateyourlogo.pro helpdevtools.world lucky-1.top opensansfont.com perfectdomains.world static-fonts.com staticfonts.com svgstatic.com ustatics.info webdevelopers.tools webdevtools.sa.com # Reference: https://www.virustotal.com/gui/ip-address/185.196.11.69/relations magentoplugins.cc # Reference: https://app.validin.com/detail?find=89d0ef12d8d583fba8c80cad17e6ef30&type=hash&ref_id=e8c9bfe02ca#tab=host_pairs (# 2024-12-01) anonguard.shop anontech.shop brandlx.shop countify.shop creativemlnd.shop creatlveedge.shop cssfusion.shop datasphare.shop dealflnder.shop designfiow.shop designia.shop designls.shop graphexpert.shop graphiq.shop htmlwizard.shop htmlworks.shop javawizard.shop joyfuipath.shop marketls.shop markettis.shop pixelmaster.shop quantlfy.shop safezonne.shop sellboost.shop sellifry.shop statboost.shop stattrek.shop trendlfy.shop trendweve.shop # Reference: https://x.com/sdcyberresearch/status/1863580218822185269 # Reference: https://app.validin.com/detail?find=146.70.71.179&type=ip4&ref_id=682c14ec707#tab=resolutions apistatistic.live # Reference: https://x.com/sdcyberresearch/status/1864303340403732714 webtagcontrol.com api.webtagcontrol.com # Reference: https://x.com/sdcyberresearch/status/1866126596983115899 # Reference: https://app.validin.com/detail?find=192.145.125.142&type=ip4&ref_id=1bd1a6d7787#tab=resolutions apistats.info asd123qwe2.online gatetpere.space jfixed.com lsikaqr.vip tetsted.com wargular.xyz windowsupdate.io # Reference: https://app.validin.com/detail?first_seen=2024-12-01&type=ip&find=45.88.3.0%2F24 (# 2024-12-09) beopoor.site brasei.fun cetuopit.online gogetec.sbs jaluwtech.store kometeches.store kurmob.site leopevit.store mojtec.sbs pftuotic.fun pvilinket.store shatink.store sobilink.shop unirec.store veofet.shop vseyol.online cdn.beopoor.site cdn.brasei.fun cdn.cetuopit.online cdn.gogetec.sbs cdn.jaluwtech.store cdn.kometeches.store cdn.kurmob.site cdn.leopevit.store cdn.mojtec.sbs cdn.pftuotic.fun cdn.pvilinket.store cdn.shatink.store cdn.sobilink.shop cdn.unirec.store cdn.veofet.shop cdn.vseyol.online # Reference: https://app.validin.com/detail?first_seen=2024-12-12&type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2024-12-19) bilseo.sbs bojtech.online feokicn.shop gemedig.shop getilock.quest iertik.store jeiloot.site jeorets.site keitouc.store leopent.fun presidential.digital prizefor.me routotech.site rubicot.site samotech.sbs sobolent.online vivodit.yachts wislit.fun zonisnap.site cdn.bilseo.sbs cdn.bojtech.online cdn.feokicn.shop cdn.gemedig.shop cdn.getilock.quest cdn.iertik.store cdn.jeiloot.site cdn.jeorets.site cdn.keitouc.store cdn.leopent.fun cdn.presidential.digital cdn.prizefor.me cdn.routotech.site cdn.rubicot.site cdn.samotech.sbs cdn.sobolent.online cdn.vivodit.yachts cdn.wislit.fun cdn.zonisnap.site # Reference: https://app.validin.com/detail?find=195.242.110.161&type=ip4&ref_id=adc7115d423#tab=resolutions bazgent.shop ocajep.fun opestat.online sgomet.store zatrob.sbs cdn.bazgent.shop cdn.ocajep.fun cdn.opestat.online cdn.sgomet.store cdn.zatrob.sbs # Reference: https://x.com/sdcyberresearch/status/1868663371870130626 analyzerq.com designsetlab.com dnflowe.com dnsphire.com dsgntag.com dsgnxl.com mktcrafter.com mktflowe.com salecores.com saleviewapp.com salewizi.com sellboosti.com statsalesup.com # Reference: https://x.com/sdcyberresearch/status/1868974963274973325 # Reference: https://x.com/sdcyberresearch/status/1990363294545432712 # Reference: https://www.virustotal.com/gui/ip-address/45.61.132.99/relations # Reference: https://app.validin.com/detail?find=193.43.134.191&type=ip4&ref_id=381fecf60a2#tab=resolutions (# 2025-04-) # Reference: https://app.validin.com/detail?find=19fe6b1334b2035cedcaa692ac77b550&type=hash&ref_id=f73fc343e2b#tab=host_pairs (# 2024-12-17) bbpjsuporte.pro cdnjsdevcss.com cdnjsdvcss.com cdnoaistatcs.icu chatjsdvcss.com chatjssvcss.com chelyad.icu cspreport.org csscdnhub.com debdpkgseclib.com epscsp.shop fastcdnjs.com goljsdofls.com goljsdofma.org goljsdofmain.com iloveveganlongbeach.com instaholldatalib.com logicwploo.com logicwploop.com logwplmap.com manuchat.icu reportcsp.com reportjquery.com reportjquery.shop reportls.org reportscsp.shop restapi.space seereportpro.com shieldwealth.org ssreportpro.com stylewpcall.com stylewpcoll.com stylewpoll.com syrvival.icu theftl.icu titansl.icu toolsmanuanalyzer.live # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-09-19-v10698/1991 trendpronet.com # Reference: https://x.com/sdcyberresearch/status/1871179192513290460 # Reference: https://app.validin.com/detail?find=38.180.241.131&type=ip4&ref_id=fb7e106e3b0#tab=resolutions # Reference: https://app.validin.com/detail?find=87.120.112.166&type=ip4&ref_id=b47ca8be73b#tab=resolutions eurowebmonitortool.com onlinechatusbot.com webmonitortool.info webstatusmonitor.store # Reference: https://bsky.app/profile/sans.ec/post/3ldy6xxz7rk2l # Reference: https://x.com/sdcyberresearch/status/1871228710579253746 esaspaceshop.pics # Reference: https://app.validin.com/detail?first_seen=2024-12-12&type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2024-12-29) beiyalo.sbs bralink.online feodates.fun geopyt.online izteches.store keitint.fun meliperk.shop noasint.store pvetech.site shapotech.sbs twelai.site ulasint.shop cdn.beiyalo.sbs cdn.bralink.online cdn.feodates.fun cdn.geopyt.online cdn.izteches.store cdn.keitint.fun cdn.meliperk.shop cdn.noasint.store cdn.pvetech.site cdn.shapotech.sbs cdn.twelai.site cdn.ulasint.shop # Reference: https://app.validin.com/detail?first_seen=2024-12-12&type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2025-01-10) aidoppep.shop cilseminty.fun nafkaut.site theufenq.store tokoleq.sbs cdn.aidoppep.shop cdn.cilseminty.fun cdn.nafkaut.site cdn.theufenq.store cdn.tokoleq.sbs # Reference: https://sansec.io/research/google-services-abused-skimming-campaigns # Reference: https://www.virustotal.com/gui/ip-address/94.131.105.71/relations cloudflare-stat.net js-stats.com montina.it/mx/stripe premium.vn/bb/stripe udalzira.com/.well-known/cloud.js # Reference: https://x.com/sdcyberresearch/status/1876212239570706724 # Reference: https://app.validin.com/detail?find=37.1.211.247&type=ip4&ref_id=0f22ad7c900#tab=resolutions # Reference: https://app.validin.com/detail?find=72.5.42.123&type=ip4&ref_id=12fcc4054b0#tab=resolutions brudget.net ebobus.online ls1ks.xyz schneemann.tech sitesupport.vip cn.ls1ks.xyz # Reference: https://www.virustotal.com/gui/ip-address/80.78.28.57/relations sucuri.ltd # Reference: https://x.com/sdcyberresearch/status/1877007825521521129 saurojewelry.com/js/tinybox/tinymod.js # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-09-v10834/2338 chartzend.com # Reference: https://app.validin.com/detail?first_seen=2025-01-01&type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2025-01-14) illopou.store lisitec.site serteop.fun sevemit.shop tvorotech.online volkanti.online cdn.illopou.store cdn.lisitec.site cdn.serteop.fun cdn.sevemit.shop cdn.tvorotech.online cdn.volkanti.online # Reference: https://x.com/sdcyberresearch/status/1879225717789270380 # Reference: https://www.virustotal.com/gui/ip-address/45.61.151.43/relations jsmanifestgl.com jsmanifestglls.com jsmanifestgls.com # Reference: https://app.validin.com/detail?find=Attention%20Notice&type=raw#tab=host_pairs (# 2025-01-19) bslnfo.com dninsignht.com dnmep.com dnsmixpro.com dsgnbee.com dsgncore.com dsgnjet.com dsgnnest.com dsgnsynic.com exoticsovokefizzier.lol mktflowi.com mktvault.com rinfohub.lol salemape.com saleshifft.com saletrendio.com saliedash.com salliepro.com snslyticus.com starhegc.com statihive.com statikeys.com statspoot.com statvibbe.com volemson.com apis.exoticsovokefizzier.lol clients1.exoticsovokefizzier.lol clients6.exoticsovokefizzier.lol docs.exoticsovokefizzier.lol gstatic-fonts.exoticsovokefizzier.lol mers.exoticsovokefizzier.lol news.exoticsovokefizzier.lol optimizationguide-pa.exoticsovokefizzier.lol play.exoticsovokefizzier.lol securitydomain-pa.exoticsovokefizzier.lol www1.exoticsovokefizzier.lol www2.exoticsovokefizzier.lol # Reference: https://x.com/Gi7w0rm/status/1882475789335109745 # Reference: https://gi7w0rm.medium.com/a-beginner-s-guide-to-hunting-web-based-credit-card-skimmers-c820aeee87d6 # Reference: https://app.validin.com/detail?find=185.208.156.149&type=ip4&ref_id=ee5d8d3de6d#tab=resolutions # Reference: https://app.validin.com/detail?find=185.208.158.230&type=ip4&ref_id=14aeaa11986#tab=resolutions analyticsseolinks.online api-chat.live bulforanalysis.online cantact.chat cdn-statistics.com dataassociates.online dataassociates.org dobrowork.space ebatkopat.click eeestats.com fecaboo0k.xyz getcssmodals.com handsl.org jquerywp.xyz nc-img.co neshion.com privatstripp.com privatstripp.tech statedash.com store-locator.org storedirect.top authx.fecaboo0k.xyz bc.nc-img.co socket.bulforanalysis.online # Reference: https://x.com/salmanvsf/status/1886664402243608717 # Reference: https://jscrambler.com/blog/stealing-seconds-web-skimmer-compromises-websites # Reference: https://app.validin.com/detail?find=82.202.166.35&type=ip4&ref_id=b861456976a#tab=resolutions augmetrics.org easyanalytic.net imagechat.net pagelook.org trade4host.com tradewine.net app.imagechat.net cms.pagelook.org common.trade4host.com conn.augmetrics.org img.tradewine.net pp.imagechat.net static.easyanalytic.net # Reference: https://app.validin.com/detail?first_seen=2025-01-01&type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2025-02-02) fionest.fun gieyloop.shop leospeet.store meliter.online sugtheit.site vseshoy.sbs cdn.fionest.fun cdn.gieyloop.shop cdn.leospeet.store cdn.meliter.online cdn.sugtheit.site cdn.vseshoy.sbs # Reference: https://app.validin.com/detail?type=ip&find=195.242.110.0%2F24#tab=resolutions (# 2025-02-02) aletec.store aretech.site bazetoch.yachts blagotic.online bosilamp.online bosileen.click drifmop.store feetlink.store genonet.fun hedlendet.quest helepop.store holetoc.online klevtic.fun makelec.yachts menisop.space nemovipster.shop nitnet.shop poenepo.site pohnat.site rebellion.lol sikpic.online stereotype.digital terlonic.shop treclap.quest voilink.site widspe.site cdn.aletec.store cdn.aretech.site cdn.bazetoch.yachts cdn.blagotic.online cdn.bosilamp.online cdn.bosileen.click cdn.drifmop.store cdn.feetlink.store cdn.genonet.fun cdn.hedlendet.quest cdn.helepop.store cdn.holetoc.online cdn.klevtic.fun cdn.makelec.yachts cdn.menisop.space cdn.nemovipster.shop cdn.nitnet.shop cdn.poenepo.site cdn.pohnat.site cdn.rebellion.lol cdn.sikpic.online cdn.stereotype.digital cdn.terlonic.shop cdn.treclap.quest cdn.voilink.site cdn.widspe.site # Reference: https://x.com/sdcyberresearch/status/1888981202641596816 # Reference: https://x.com/sdcyberresearch/status/1916789605501649330 # Reference: https://www.virustotal.com/gui/ip-address/85.209.128.106/relations # Reference: https://www.virustotal.com/gui/ip-address/94.232.249.234/relations g2uni.com gate2uni.com uniinform.com # Reference: https://x.com/sdcyberresearch/status/1889641697698607429 # Reference: https://app.validin.com/detail?find=5d36d75ac57ab2e4760df3b11fd54a43&type=hash&ref_id=050b20284c5#tab=host_pairs # Reference: https://app.validin.com/detail?find=5c8c742ef57fadd96852c5a12839be3b&type=hash&ref_id=e8152416730#tab=host_pairs # Reference: https://app.validin.com/detail?find=9c2df47209a52480dd61ce8fea9cf8bf&type=hash&ref_id=f30f5e8901b#tab=host_pairs # Reference: https://app.validin.com/detail?type=hash&find=cfe6e34a4c7f24aad32aa4299562f5b1#tab=host_pairs activitymetrictools.com adperformanceanalytics.com analyticsgeotrack.com analyticsmanager.net analyticsvista.com analytixflow.com analyzetrendhub.com audiencebehaviorinsights.com contentengagementhub.com customerdatainsights.com dataanalysiscentral.com datahubtracker.com datainsightdeck.com datainsightmap.com datainsightstools.com datalinkmanager.com datametricpath.com datamonitorhub.com datamonitoringhub.com datamonitoringpro.com datamonitorpro.com datamonitortools.com dataoptimizationhub.com datatracknest.com datatrackscope.com datatracktools.com datatrailanalytics.com digitalmetricsmanager.com geoactivitytracker.com geoinsighttracker.com geometrictrack.com geopulsemetrics.com geostatscope.com geostattrack.com geotrackmetrics.com googleetagmanager.com insightdashflow.com insightfultrack.com insightgeostats.com insightpathdata.com insightscopepro.com insightwebstats.com magicdomainsearch.com mapandmetric.com metricinsightpro.com metricmappro.com metricpulsehub.com metricsmonitorpro.com metricstoolspro.com metricstreamline.com metrictrendhub.com monitloop.com monitorstatsnow.com pageinsightsmanager.com pageintelpro.com pagetrackiq.com sentriflow.com siteanalyticspro.com siteinsightgrid.com siteinsightspro.com sitemetricpro.com sitestatflow.com sitestattracker.com sitetrackerpro.com sitetrackhq.com sitetrackmetrics.com statfusionhq.com statgeoanalytics.com statpulsecenter.com statvisionpro.com taganalyticspro.com tagmanagersite.com tagmanagertools.com tagmonitoringhub.com tagtactix.com trackanalytica.com trackermanagerpro.com trackgeotrends.com tracklith.com tracklyticshub.com tracklyticspro.com trackmanagersite.com trackmetricline.com trackmetricshub.com tracksitemetrics.com trackstatgeo.com tracktagcenter.com tracktagmanager.com trackwebtrends.com trafficinsightly.com trendmetriczone.com userengagementtracker.com watchlyze.com webanalyticscenter.com webanalyticsgrid.com webinsightmetrics.com webinsights360.com webmetricflow.com webmetricloop.com webmetricshub.com webmetricsmonitor.com webmetricsphere.com webmetricstool.com webstatscope.com webstatsinsight.com webstatvista.com webtrackdashboard.com webtrackerhq.com webtrackermanager.com webtrackingtools.com webtrackinsights.com webtracksphere.com webtracktools.com webtrendmatrix.com worktrackingsystem.com api.activitymetrictools.com api.analyticsmanager.net api.datalinkmanager.com api.dataoptimizationhub.com api.insightscopepro.com api.magicdomainsearch.com api.monitloop.com api.monitorstatsnow.com api.pageinsightsmanager.com api.pageintelpro.com api.pagetrackiq.com api.sentriflow.com api.siteinsightspro.com api.sitetrackhq.com api.statfusionhq.com api.statvisionpro.com api.tracklith.com api.tracklyticspro.com api.tracktagcenter.com api.tracktagmanager.com api.trafficinsightly.com api.userengagementtracker.com api.watchlyze.com api.webmetricflow.com api.webmetricstool.com assets.datamonitoringpro.com assets.datamonitortools.com assets.metricsmonitorpro.com assets.metricstoolspro.com assets.taganalyticspro.com cdn.digitalmetricsmanager.com cdn.geotrackmetrics.com cdn.googleetagmanager.com cdn.siteanalyticspro.com cdn.webanalyticsgrid.com cdn.webtrackingtools.com css.datamonitorpro.com css.datatracktools.com css.tagmanagersite.com cdn.tagtactix.com css.webmetricshub.com dashws.insightdashflow.com data.geoinsighttracker.com data.geotrackmetrics.com datahub.datainsightmap.com datahub.metricinsightpro.com datahub.metrictrendhub.com datahub.tracksitemetrics.com datahub.webtracksphere.com datastream.datametricpath.com datastream.insightwebstats.com datastream.trackgeotrends.com datastream.webstatvista.com dev-api.metricmappro.com dev-api.sitemetricpro.com dev.geostattrack.com dev.insightdashflow.com dev.insightgeostats.com dev.insightpathdata.com dev.siteinsightgrid.com dev.webmetricloop.com files.datatracknest.com files.webstatscope.com geo.adperformanceanalytics.com geo.audiencebehaviorinsights.com geo.contentengagementhub.com geo.customerdatainsights.com gridws.siteinsightgrid.com hub.trendmetriczone.com internal-api.analyticsvista.com live.analyticsvista.com live.datatracknest.com live.trackmetricline.com media.sitestatflow.com metrics.geoinsighttracker.com metrics.insightgeostats.com mobile-api.datametricpath.com mobile-api.insightwebstats.com mobile-api.metricpulsehub.com mobile-api.trackgeotrends.com mobile-api.webstatvista.com monitor.datainsightmap.com monitor.metrictrendhub.com monitor.tracksitemetrics.com monitor.webmetricsphere.com monitor.webtracksphere.com notifications.analytixflow.com notifications.metricmappro.com preview.datatrackscope.com push.geostattrack.com qa.analyzetrendhub.com realtime.tracklyticshub.com rt.analyticsgeotrack.com rt.sitetrackmetrics.com rt.trackanalytica.com rt.webinsightmetrics.com sandbox.datainsightdeck.com scopews.datatrackscope.com server.trackmetricline.com service.analyticsgeotrack.com service.geometrictrack.com service.sitetrackmetrics.com service.trackanalytica.com service.webinsightmetrics.com staging.webtrendmatrix.com static.trackwebtrends.com storage.statpulsecenter.com stream.datainsightdeck.com stream-ws.webstatscope.com stream.sitemetricpro.com stream.webanalyticsgrid.com user-api.analytixflow.com user-api.sitestatflow.com ws.digitalmetricsmanager.com ws.monitloop.com ws.trackwebtrends.com ws.watchlyze.com wsc.insightscopepro.com wsc.monitorstatsnow.com wsc.pageintelpro.com wsc.pagetrackiq.com wsc.sitetrackhq.com wsc.statfusionhq.com wsc.statvisionpro.com wsc.tracklyticspro.com wsc.trafficinsightly.com wsc.webmetricflow.com # Reference: https://app.validin.com/detail?type=ip&find=195.242.110.0%2F24#tab=resolutions (# 2025-02-16) ewitool.sbs fastec.fun feeimob.store feopewq.sbs geitec.shop gtrpoot.site houdite.online infrecot.fun leipets.site limsweet.shop llanetries1.shop najatech.sbs perheet.site qietyts.shop qiqtoc.store qoerint.online teoyey.online vulerloq.store cdn.ewitool.sbs cdn.fastec.fun cdn.feeimob.store cdn.feopewq.sbs cdn.geitec.shop cdn.gtrpoot.site cdn.houdite.online cdn.infrecot.fun cdn.leipets.site cdn.limsweet.shop cdn.llanetries1.shop cdn.najatech.sbs cdn.perheet.site cdn.qietyts.shop cdn.qiqtoc.store cdn.qoerint.online cdn.teoyey.online cdn.vulerloq.store # Reference: https://x.com/sdcyberresearch/status/1891514677319942233 # Reference: https://www.virustotal.com/gui/ip-address/77.238.228.157/relations cdncheckout.com dweeseny.com pendtoany.com sun-any.com # Reference: https://app.validin.com/detail?find=185.208.158.150&type=ip4&ref_id=a01f0301650#tab=resolutions googletgmanagers.com googletgmanagers.online heipdescsecuri.store # Reference: https://sourcedefense.com/resources/blog/sophisticated-eskimming-campaign-conceals-itself-by-leveraging-stripe-api/ # Reference: https://app.validin.com/detail?find=f417bdca4b13c39d943fc89c524e0ca26d58fafc&type=hash&ref_id=3e07b116e1c#tab=host_pairs (# 2025-02-20) # Reference: https://app.validin.com/detail?find=146.70.101.108&type=ip4&ref_id=3a68ec24d8d#tab=resolutions (# 2025-04-07) # Reference: https://app.validin.com/detail?find=146.70.101.121&type=ip4&ref_id=f7c5bfb65ed#tab=resolutions (# 2025-02-20) # Reference: https://app.validin.com/detail?find=146.70.53.157&type=ip4&ref_id=3e07b116e1c#tab=resolutions (# 2025-02-20) # Reference: https://app.validin.com/detail?find=146.70.20.208&type=ip4&ref_id=3e07b116e1c#tab=resolutions (# 2025-02-20) # Reference: https://www.virustotal.com/gui/ip-address/149.255.35.143/relations adsvscrypto.online adsvscrypto.store bootstrap.rest bootstrap.solar bsjq-api.store bsjq-api.xyz bsjq-cdn.store bsjq-cdn.xyz bsjq-checker.store bsjq-online.store bsjq-papper.xyz bsjq-shop.store bsjq-shop.xyz bsjq-store.xyz bsjq.online bsjq.shop bsjq.site bsjq.store criptosucker.space criptosucker.store crypto-shop.online crypto-shop.site cryptosuck.online freestylershop.space freestylershop.store greatsong.online isjustone.site isjustour.site jqbs-api.store jqbs-api.xyz jqbs-bsjq.store jqbs-cdn.store jqbs-cdn.xyz jqbs-checker.store jqbs-cloud-api.xyz jqbs-cloud-cdn.xyz jqbs-cloud-min.xyz jqbs-cloud.store jqbs-cloud.xyz jqbs-get.store jqbs-min-api.xyz jqbs-min.store jqbs-min.xyz jqbs-online.store jqbs-rest.store jqbs-shop.store jqbs.online jqbs.shop jqbs.site jqbs.store jquery.digital jquery.monster jquery.rest mcduckgroup.shop megaappshop.space megaappshop.store megapetshop.space net-3admsv.ml nightsong.online oneadm.space org-3bwl.ml ouradm.space promo-profit.online promo-transfer.site promo-transfer.store querysong.online thisisourparadise.site thisisourparadise.space thisisourparadise.store thisisourpeace.site thisisourpeace.space thisisourpeace.store thisisourplace.site thisisourplace.space thisisourplace.store # Reference: https://x.com/sdcyberresearch/status/1894055884294078800 cndcheckjs.com secure.cndcheckjs.com # Reference: https://x.com/sdcyberresearch/status/1894386650031042632 cdn-skins.com # Reference: https://app.validin.com/detail?type=ip&find=195.242.111.0%2F24#tab=resolutions (# 2025-02-26) absorbing.cam acidic.best acrylons.pics africt.art airplayer.live alpinedata.ink biscuit.pics blackcurrants.online cafelamontana.life caribean.live charli.beauty circulates.lol croissant.mom deep.christmas depart.buzz dispead.shop ducational.pics eduactional.xyz emergency.autos federation.boats finaly.live gader.ink healthy.christmas hematoid.cash inexpensive.blog intially.xyz lowly.boats macau.lol marmalade.homes merciful.beauty mobiancy.xyz necklace.christmas oranger.pics orginaly.click phila.world powersonal.online propagation.beauty raadiot.world ragged.biz ramulus.sbs ribber.xyz scattered.cfd slavyango.art tarin.homes unaware.store unkempt.art unsightly.autos volatile.baby zauberkiste.xyz cdn.absorbing.cam cdn.acidic.best cdn.acrylons.pics cdn.africt.art cdn.airplayer.live cdn.alpinedata.ink cdn.biscuit.pics cdn.blackcurrants.online cdn.cafelamontana.life cdn.caribean.live cdn.charli.beauty cdn.circulates.lol cdn.croissant.mom cdn.deep.christmas cdn.depart.buzz cdn.dispead.shop cdn.ducational.pics cdn.eduactional.xyz cdn.emergency.autos cdn.federation.boats cdn.finaly.live cdn.gader.ink cdn.healthy.christmas cdn.hematoid.cash cdn.inexpensive.blog cdn.intially.xyz cdn.lowly.boats cdn.macau.lol cdn.marmalade.homes cdn.merciful.beauty cdn.mobiancy.xyz cdn.necklace.christmas cdn.oranger.pics cdn.orginaly.click cdn.phila.world cdn.powersonal.online cdn.propagation.beauty cdn.raadiot.world cdn.ragged.biz cdn.ramulus.sbs cdn.ribber.xyz cdn.scattered.cfd cdn.slavyango.art cdn.tarin.homes cdn.unaware.store cdn.unkempt.ar cdn.unkempt.art cdn.unsightly.autos cdn.volatile.baby cdn.zauberkiste.xyz # Reference: https://app.validin.com/detail?type=ip&find=195.242.110.0%2F24#tab=resolutions (# 2025-05-07) africasester.click ations.lol bagarthe.pics boracape.click brasnovo.world brasnovo.xyz brassu.xyz busicssciency.xyz busing.mom cefo.lol concentration.autos courage.boats datahil.pics feminist.baby feyloot.site fritech.fun getvisi.store gradient.christmas hould.world howerfun.pics intellert.beauty jademountain.sbs kegosei.sbs landsout.store lily.coupons nordichealth.wiki pharinell.shop rabiei.live reggio.click reggio.world reinforce.coupons runfoloink.online sandscomp.cam sekleteo.online slappliam.art slapps.store slavyan.lol tropicaldreams.xyz uutop.shop cdn.africasester.click cdn.ations.lol cdn.bagarthe.pics cdn.boracape.click cdn.brasnovo.world cdn.brasnovo.xyz cdn.brassu.xyz cdn.busicssciency.xyz cdn.busing.mom cdn.cefo.lol cdn.concentration.autos cdn.courage.boats cdn.datahil.pics cdn.feminist.baby cdn.feyloot.site cdn.fritech.fun cdn.getvisi.store cdn.gradient.christmas cdn.hould.world cdn.howerfun.pics cdn.intellert.beauty cdn.jademountain.sbs cdn.kegosei.sbs cdn.landsout.store cdn.lily.coupons cdn.nordichealth.wiki cdn.pharinell.shop cdn.rabiei.live cdn.reggio.click cdn.reggio.world cdn.reinforce.coupons cdn.runfoloink.online cdn.sandscomp.cam cdn.sekleteo.online cdn.slappliam.art cdn.slapps.store cdn.slavyan.lol cdn.tropicaldreams.xyz cdn.uutop.shop # Reference: https://x.com/sdcyberresearch/status/1895166209815126454 # Reference: https://x.com/sdcyberresearch/status/1895168152750956899 # Reference: https://x.com/sdcyberresearch/status/1909221244341277017 # Reference: https://x.com/sdcyberresearch/status/1909221421567328382 aveopixel.xyz megapixelheid.top bapepixel.top beppixel.top canmeriksmonday.xyz carefulmetriks.top egametriks.top fabulo.xyz fiftytwopixel.top heropixelmod.top hotmeriksbook.top jatesmetrics.xyz jaysmetricks.top jsqlds.top megametriks.top megapixelheid.top metrikshot.top metrikspixels.xyz moonmetriks.top newpixelwar.top onkorova.top pinkmanpixel.top pixelment.top pixelment.xyz pixelomix.info pixelsouss.xyz pixelssssssssss.xyz pixelstars.top presession.top schoolmeriks.top screenpixelnews.xyz skrytivzorvi.top streetmeriks.top superrpixel.xyz wepixelclusive.top zametriks.top # Reference: https://x.com/threatcat_ch/status/1895509272605409437 # Reference: https://x.com/threatcat_ch/status/1895509278984999200 # Reference: https://x.com/threatcat_ch/status/1895509296169001223 # Reference: https://www.virustotal.com/gui/file/db4560b4064b27382130b06daa44db858162f9b0351b7479c4afced611dfe4bf/detection # Reference: https://www.virustotal.com/gui/file/63175e45936c56f36c792be294e36a1f43e4d570b1df15ba19b2438b9d7549a5/detection # Reference: https://www.virustotal.com/gui/file/5b8b752ba0449f389e2bccc01c827369aabf92d69f807e93ce3f9c38e72b44f6/detection # Reference: https://www.virustotal.com/gui/file/269c3da29876ef699589cee7620e9f0d90824af0b96e1a4fa08f3e19031919cd/detection # Reference: https://www.virustotal.com/gui/file/17475d5f6dfc07a8e4a1627bc6e274e5714b24fe198c32b688dea20dd4a19320/detection suckerity.xyz # Reference: https://x.com/sdcyberresearch/status/1896932590076252412 # Reference: https://app.validin.com/detail?find=45.133.203.0%2F24&type=ip&ref_id=da5082cc1bb#tab=resolutions (# 2025-03-04) aaftech.click adolf.pics africal.pics ambfit.site anatech.online andescoffe.xyz arabibarba.xyz artisantool.click asdfasfwe.online auqoit.fun barpoc.online beiouloo.online beshtech.click bontec.in.net borostec.shop boyadigit.site buttcheek.online ceiyeq.site cgies.sbs chittack.mom chocdelt.sbs chorean.pics chotech.fun chuvitek.online ciconian.beauty clause.mom coiyuip.online cometrit.pics coroplas.shop cready.art cresh.homes darlinket.shop deetiot.online deldmob.site deosat.online deqlint.online detlink.shop deulab.store devkint.shop diamob.site dochtech.cyou dodstec.quest doritos.homes downbeat.lol dvrandot.store elebim.site elounto.site estategapps.lol fanjet.wiki fasloor.shop fasvet.shop fazeu.shop feiqoter.store feopseaq.shop feouertit.sbs fesdigit.online feutiop.quest feylit.store fivolink.store fleurssoleti.buzz fungarian.shop gbleylot.quest geaxint.fun geleego.quest gematil.sbs geodot.sbs geopel.site geopets.online geottei.click geptiko.shop ghitekit.site giftok.site goletec.store gragit.shop greenvalley.ink gutloon.online healtervice.info heipet.shop helaapit.shop heletec.cyou helitot.click heopits.online hetiper.store heutint.site hylomys.ink idhowtech.sbs inshdigit.sbs jeytop.site kapimob.pics keitec.site keopeweet.fun kertop.online kijytop.shop kimnarec.store koeroi.online kogoyool.quest koilet.site koipoop.site kooldigit.click korebelgar.click krinloot.store krodit.click krosrec.quest ksadit.store kvetsiio.sbs lamkalm.site leipey.store leitop.store leurtyth.quest listindia.live liudain.sbs liudlein.sbs louker.sbs lqoesoop.store lufton.xyz magmative.cloud mether.beauty miftech.site mobiliare.pro moralia.pro motivac.shop nagadhya.online nashosit.yachts neiloot.store neobilet.online newsbooks.live niesraz.fun nikllop.online nycteris.bar oewiol.site okolcei.online oratotech.sbs outec.fun overdispersion.world patelspice.life pdatiic.quest piltie.online plohelec.quest pokledigital.pics poptele.cyou posterboards.live povotec.sbs prolinket.shop qoerjoon.sbs raif.buzz randomly.pics recombination.cloud rosenberg.lol sancook.sbs sciety.online secern.club secthmob.fun seirekt.site sewlei.shop shalako.site shipotop.shop sivelec.cyou sometech.sbs soterin.fun sprachest.site steiko.site stormei.store svilock.sbs sysmeit.online takdegit.online taquito.mom tastrmob.store techitor.click tilpoot.shop timbao.shop tittering.live titutop.site toonches.store trokit.store tutfient.shop ucuduc.sbs ueputech.fun unobservable.lol untepol.shop veidol.site veopeir.fun vepstan.fun vipalent.sbs voitest.shop vouklacrif.fun vuemool.store vutfais.fun waggly.shop wheemob.shop yadigit.store yalmob.shop yeuleli.click cdn.aaftech.click cdn.adolf.pics cdn.africal.pics cdn.ambfit.site cdn.anatech.online cdn.andescoffe.xyz cdn.arabibarba.xyz cdn.artisantool.click cdn.asdfasfwe.online cdn.auqoit.fun cdn.barpoc.online cdn.beiouloo.online cdn.beshtech.click cdn.bontec.in.net cdn.borostec.shop cdn.boyadigit.site cdn.buttcheek.online cdn.ceiyeq.site cdn.cgies.sbs cdn.chittack.mom cdn.chocdelt.sbs cdn.chorean.pics cdn.chotech.fun cdn.chuvitek.online cdn.ciconian.beauty cdn.clause.mom cdn.coiyuip.online cdn.cometrit.pics cdn.coroplas.shop cdn.cready.art cdn.cresh.homes cdn.darlinket.shop cdn.deetiot.online cdn.deldmob.site cdn.deosat.online cdn.deqlint.online cdn.detlink.shop cdn.deulab.store cdn.devkint.shop cdn.diamob.site cdn.dochtech.cyou cdn.dodstec.quest cdn.doritos.homes cdn.downbeat.lol cdn.dvrandot.store cdn.elebim.site cdn.elounto.site cdn.estategapps.lol cdn.fanjet.wiki cdn.fasloor.shop cdn.fasvet.shop cdn.fazeu.shop cdn.feiqoter.store cdn.feopseaq.shop cdn.feouertit.sbs cdn.fesdigit.online cdn.feutiop.quest cdn.feylit.store cdn.fivolink.store cdn.flagmob.quest cdn.fleurssoleti.buzz cdn.flowit.pics cdn.fungarian.shop cdn.gbleylot.quest cdn.geaxint.fun cdn.geleego.quest cdn.gematil.sbs cdn.geodot.sbs cdn.geopel.site cdn.geopets.online cdn.geottei.click cdn.geptiko.shop cdn.ghitekit.site cdn.giftok.site cdn.goletec.store cdn.gragit.shop cdn.greenvalley.ink cdn.gutloon.online cdn.healtervice.info cdn.heipet.shop cdn.helaapit.shop cdn.heletec.cyou cdn.helitot.click cdn.heopits.online cdn.hetiper.store cdn.heutint.site cdn.hylomys.ink cdn.idhowtech.sbs cdn.inshdigit.sbs cdn.jeytop.site cdn.kapimob.pics cdn.keitec.site cdn.keopeweet.fun cdn.kertop.online cdn.kijytop.shop cdn.kimnarec.store cdn.koeroi.online cdn.kogoyool.quest cdn.koilet.site cdn.koipoop.site cdn.kooldigit.click cdn.korebelgar.click cdn.kouelec.cyou cdn.krinloot.store cdn.krodit.click cdn.krosrec.quest cdn.ksadit.store cdn.kvetsiio.sbs cdn.lamkalm.site cdn.leipey.store cdn.leitop.store cdn.leurtyth.quest cdn.listindia.live cdn.liudain.sbs cdn.liudlein.sbs cdn.louker.sbs cdn.lqoesoop.store cdn.magmative.cloud cdn.mether.beauty cdn.miftech.site cdn.mobiliare.pro cdn.moralia.pro cdn.motivac.shop cdn.nagadhya.online cdn.nashosit.yachts cdn.neiloot.store cdn.neobilet.online cdn.newsbooks.live cdn.niesraz.fun cdn.nikllop.online cdn.nycteris.bar cdn.oewiol.site cdn.okolcei.online cdn.oratotech.sbs cdn.outec.fun cdn.overdispersion.world cdn.patelspice.life cdn.pdatiic.quest cdn.piltie.online cdn.plohelec.quest cdn.pokledigital.pics cdn.poptele.cyou cdn.posterboards.live cdn.povotec.sbs cdn.prolinket.shop cdn.qoerjoon.sbs cdn.raif.buzz cdn.randomly.pics cdn.recombination.cloud cdn.rosenberg.lol cdn.sancook.sbs cdn.sciety.online cdn.secern.club cdn.secthmob.fun cdn.seirekt.site cdn.sewlei.shop cdn.shalako.site cdn.shipotop.shop cdn.sivelec.cyou cdn.sometech.sbs cdn.soterin.fun cdn.sprachest.site cdn.steiko.site cdn.stormei.store cdn.svilock.sbs cdn.sysmeit.online cdn.takdegit.online cdn.taquito.mom cdn.tastrmob.store cdn.techitor.click cdn.tilpoot.shop cdn.timbao.shop cdn.tittering.live cdn.titutop.site cdn.toonches.store cdn.trokit.store cdn.tutfient.shop cdn.ucuduc.sbs cdn.ueputech.fun cdn.unobservable.lol cdn.untepol.shop cdn.veidol.site cdn.veopeir.fun cdn.vepstan.fun cdn.vipalent.sbs cdn.voitest.shop cdn.vouklacrif.fun cdn.vuemool.store cdn.vutfais.fun cdn.waggly.shop cdn.wheemob.shop cdn.yadigit.store cdn.yalmob.shop cdn.yeuleli.click fyd.lufton.xyz # Reference: https://app.validin.com/detail?type=ip&find=86.54.42.0%2F24#tab=resolutions # Reference: https://app.validin.com/detail?find=livintool.cfd&type=dom&ref_id=faf20d0350e#tab=host_pairs acessofacil.org livintool.cfd flowerlands.click woocommercepro.help # Reference: https://app.validin.com/detail?type=ip&find=185.196.10.111#tab=resolutions adsanalytics.online butcherstool.click cheaterchat.website # Reference: https://app.validin.com/detail?find=babkin_vnuk%20Tech.&type=raw&ref_id=08797f35fbf#tab=host_pairs (# 2025-03-06) # Reference: https://app.validin.com/detail?find=185.196.8.147&type=ip4&ref_id=7f153877a63#tab=resolutions (# 2025-03-06) assurparcel.com dellivery-ups.com live-info.net livechatonbot.com navigo-carte.com tvilogete.tech # Reference: https://app.validin.com/detail?type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2025-03-07) debt.ink eye.coupons footstones.pics reburials.mom wilderness.autos cdn.debt.ink cdn.eye.coupons cdn.footstones.pics cdn.reburials.mom cdn.wilderness.autos # Reference: https://x.com/sdcyberresearch/status/1899439149242896851 cla-cdn.com clarms.icu elem.ltd elstat.icu estat.icu zoho-cdn.com zoho-net.com mail.elem.ltd # Reference: https://x.com/sdcyberresearch/status/1899823674766565513 grev.io # Reference: https://x.com/threatcat_ch/status/1901290247876452409 # Reference: https://app.validin.com/detail?find=89c67878e6f499e1b0e6d15a52d55106&type=hash&ref_id=89e46241d65#tab=host_pairs (# 2025-04-04) # Reference: https://app.validin.com/detail?find=03a4a775001d6dd38250a7f30d9345be&type=hash&ref_id=61ee4e58631#tab=host_pairs (# 2025-04-04) # Reference: https://app.validin.com/detail?type=hash&find=9f5bdeafc31c7b54325f6b468fe027a2#tab=host_pairs (# 2025-04-04) kefersuc.xyz keritysuc.xyz kezopersuc.online kezopersuc.xyz redismaker.xyz # Reference: https://x.com/sdcyberresearch/status/1901623816654110729 # Reference: https://app.validin.com/detail?find=45.67.231.28&type=ip4&ref_id=b696df26cb1#tab=resolutions googlesindicate.com bacbook.online bigbrotherrr.fun hinlen.shop kiberr.online merjen.online pasba.online selbi.online strpe.icu host.hinlen.shop host.pasba.online host.selbi.online mail.strpe.icu # Reference: https://x.com/sdcyberresearch/status/1858833533663383856 # Reference: https://x.com/sdcyberresearch/status/1901660073451000062 ads-check-v5g3dyhvdq-uc.a.run.app ads-checking-v5g3dyhvdq-uc.a.run.app ads-collect-v5g3dyhvdq-uc.a.run.app ads-collecting-v5g3dyhvdq-uc.a.run.app ads-data-verify-v5g3dyhvdq-uc.a.run.app ads-google-verification-v5g3dyhvdq-uc.a.run.app ads-suggest-v5g3dyhvdq-uc.a.run.app ads-suggesting-v5g3dyhvdq-uc.a.run.app ads-v5g3dyhvdq-uc.a.run.app # Reference: https://x.com/sdcyberresearch/status/1902756680330346911 fbanalyt.com seostat.ltd trustplots.com # Reference: https://x.com/sdcyberresearch/status/1904892067949457917 # Reference: https://www.virustotal.com/gui/ip-address/82.202.165.155/relations turnot.io static.turnot.io # Reference: https://x.com/sdcyberresearch/status/1906720953553305780 goosecurlisds.com # Reference: https://www.linkedin.com/posts/sansec_found-defunctdat-on-your-site-oops-youve-activity-7313565459658797056-HDhS/ /pub/defunct.dat # Reference: https://socket.dev/blog/malicious-pypi-package-targets-woocommerce-stores-with-automated-carding-attacks railgunmisaka.com # Reference: https://www.virustotal.com/gui/ip-address/185.208.158.60/relations consultgroup.wiki # Reference: https://www.virustotal.com/gui/ip-address/176.65.134.26/relations javascripts-modals.net jsloadermodals.com online-chatsupport.com pluginsconnect.com pulsarexp.in script-transfering.com webchatsupport.online webjs-cms.com # Reference: https://app.validin.com/detail?find=185.208.156.201&type=ip4&ref_id=42f63d6373a#tab=host_pairs (# 2025-05-01) organisationdejour.com webjs-cms.online # Reference: https://app.validin.com/detail?find=185.196.11.100&type=ip4&ref_id=23ca33e4924#tab=resolutions (# 2025-05-01) # Reference: https://app.validin.com/detail?find=a427293b9f24f4147c5e52ba63638401&type=hash&ref_id=23ca33e4924#tab=host_pairs (# 2025-05-01) # CERT_FINGERPRINT_SHA256-HOST=480b7ae6795713255b94245086cf17e1a5b5340ff5d4eddc3c8e7b7e050e6d8f # CERT_FINGERPRINT_SHA256-HOST=97b0019005ee14927525495d3649872fb489cdd0820e6971b6ab08df3eb6716c accueildisclosure.com communityhelper.store googletgmanager.net monitoringrealip.cc optionhoraire.com showroomadmin.wiki westminster-royal.info magento.monitoringrealip.cc shop.monitoringrealip.cc # Reference: https://app.validin.com/detail?type=ip&find=45.88.3.0%2F24#tab=resolutions (# 2025-04-11) acrologic.baby aiprice.cc angineerian.live argentica.xyz belvic.sbs bevil.blog boyleus.shop cancy.beauty ceest.lol chassidic.homes clove.beauty clove.pics cosmogonic.lol creepydata.world cruis.club cyanotypes.lol elaink.xyz fatharfa.xyz flaming.homes folklorish.cfd halke.cam hasidim.pics inaeiger.click indolatifical.lol kehillah.lol maple.boats midin.pics naswef.online owse.art pefcoot.fun photographs.beauty pliofilm.best poetical.world roads.mom roosting.site rowser.live shamanic.pro shuls.online steadiest.live syncontic.shop thorsdal.online tintype.baby unfiled.digital veirq.store wills.lol cdn.acrologic.baby cdn.aiprice.cc cdn.angineerian.live cdn.argentica.xyz cdn.belvic.sbs cdn.bevil.blog cdn.boyleus.shop cdn.cancy.beauty cdn.ceest.lol cdn.chassidic.homes cdn.clove.beauty cdn.clove.pics cdn.cosmogonic.lol cdn.creepydata.world cdn.cruis.club cdn.cyanotypes.lol cdn.elaink.xyz cdn.fatharfa.xyz cdn.flaming.homes cdn.folklorish.cfd cdn.halke.cam cdn.hasidim.pics cdn.inaeiger.click cdn.indolatifical.lol cdn.kehillah.lol cdn.maple.boats cdn.midin.pics cdn.naswef.online cdn.owse.art cdn.pefcoot.fun cdn.photographs.beauty cdn.pliofilm.best cdn.poetical.world cdn.roads.mom cdn.roosting.site cdn.rowser.live cdn.shamanic.pro cdn.shuls.online cdn.steadiest.live cdn.syncontic.shop cdn.thorsdal.online cdn.tintype.baby cdn.unfiled.digital cdn.veirq.store cdn.wills.lol # Reference: https://x.com/sdcyberresearch/status/1912416825691738248 # Reference: https://app.validin.com/detail?find=94.154.35.233&type=ip4&ref_id=6323618bf31#tab=resolutions (# 2025-04-16) epos-internal.com js-privacy-essentials.com js-privacy-shield.com js-privacy-solutions.com js-secure-analyze.xyz js-security-essentials.com js-security-shield.com js-security-solutions.com js-ware-secure.com ns1.js-ware-secure.com ns2.js-ware-secure.com # Reference: https://www.linkedin.com/posts/sansec_as-roma-hacked-customer-data-stolen-activity-7318954317091139584-I-I2 # Reference: https://app.validin.com/detail?find=c4de6c3ba65486e8efb0c03ecbb7a05f&type=hash&ref_id=55d77e463f4#tab=host_pairs (# 2025-04-20) # Reference: https://app.validin.com/detail?find=dffc7fb6dde0148922a0c6a8b97da3f1&type=hash&ref_id=46c342442c5#tab=host_pairs (# 2025-04-20) # Reference: https://app.validin.com/detail?find=188.127.246.83&type=ip4&ref_id=1d271ff1756#tab=resolutions (# 2025-04-20) # Reference: https://app.validin.com/detail?find=91.199.137.135&type=ip4&ref_id=1d271ff1756#tab=resolutions (# 2025-04-20) bootrow.com brandsocket.net businesssale.net flowmanager.org foodtiket.io imgweb.net live4cdn.net lookround.org mapchat.us matsmap.com primechart.org profapi.com redtransfer.net scdnwire.com subgraphic.com televersion.net app.mapchat.us app.primechart.org cms.imgweb.net cms.televersion.net cpanel.imgweb.net cpcalendars.imgweb.net cpcontacts.imgweb.net h.matsmap.com h.redtransfer.net img.bootrow.com js.lookround.org m.live4cdn.net mail.imgweb.net media.scdnwire.com static.profapi.com top.businesssale.net up.foodtiket.io web.brandsocket.net web.flowmanager.org web.subgraphic.com webdisk.imgweb.net webmail.imgweb.net # Reference: https://x.com/500mk500/status/1916792029926805969 # Reference: https://x.com/TLP_R3D/status/1918169164210110786 # Reference: https://patchstack.com/articles/fake-security-vulnerability-phishing-campaign-targets-woocommerce-users/ # Reference: https://app.validin.com/detail?find=ec798f07ee6774932f2beadd1b9ad5b9&type=hash&ref_id=202b58f8a9e#tab=host_pairs admin-woocommerce.com alert-woocommerce.com cloud-woocommerce.com dev-woocommerce.com email-woocommerce.com helpdesk-woocommerce.com offerlab-woocommerce.com patch-woocommerce.com scan-woocommerce.com secure-woocommerce.com security-woocommerce.com send-woocommerce.com service-woocommerce.com tech-woocommerce.com update-woocommerce.com updates-woocommerce.com woocommerce-alert.com woocommerce-alerts.com woocommerce-api.com woocommerce-auth.com woocommerce-care.com woocommerce-check.com woocommerce-checks.com woocommerce-client.com woocommerce-desk.com woocommerce-dev.com woocommerce-emails.com woocommerce-fix.com woocommerce-help.com woocommerce-helpdesk.com woocommerce-info.com woocommerce-mailer.com woocommerce-maintenance.com woocommerce-monitor.com woocommerce-notification.com woocommerce-notify.com woocommerce-patch.com woocommerce-post.com woocommerce-response.com woocommerce-safe.com woocommerce-safety.com woocommerce-scan.com woocommerce-sec.com woocommerce-secure.com woocommerce-security.com woocommerce-server.com woocommerce-services.com woocommerce-shield.com woocommerce-status.com woocommerce-system.com woocommerce-updates.com xn--oocommerce-9gc.com xn--wocommerce-q3b.com xn--wocommerce-r3b.com xn--woocmmerce-t3b.com xn--woocommece-26b.com xn--woocommece-g6b.com xn--woocommerc-0mb.com xn--woocommerc-rlb.com xn--woocommere-7ib.com xn--woocommere-lib.com xn--woocommrce-olb.com xn--woocommrce-xmb.com xn--wooommerce-1ib.com xn--wooommerce-fib.com xn--wooommerce-shb.com api.dev-woocommerce.com # Reference: https://www.virustotal.com/gui/ip-address/67.217.228.244/relations cdn-moonpay.com cdn-namecheap.com # Reference: https://x.com/sdcyberresearch/status/1922224943262994457 # Reference: https://www.virustotal.com/gui/ip-address/195.123.226.191/relations cmretailing.com dcmplugins.com # Reference: https://x.com/sdcyberresearch/status/1922953897557025102 # Reference: https://www.virustotal.com/gui/ip-address/185.38.19.75/relations # Reference: https://app.validin.com/detail?find=e4804b3b63a0868b2e15&type=hash&ref_id=9d5ea4704be#tab=host_pairs (# 2025-05-15) allwebsolution.org telechargent.com css.telechargent.com web.allwebsolution.org # Reference: https://x.com/sdcyberresearch/status/1924417222593614275 sentrymap.us # Reference: https://www.virustotal.com/gui/ip-address/38.180.193.241/relations cdn-hosts.com jsonpackageusapi.com phppackageeuro.com # Reference: https://www.virustotal.com/gui/ip-address/104.21.27.193/relations kof.one box2.kof.one mago.kof.one # Reference: https://x.com/_eremit4/status/1957969714740699221 # Reference: https://www.virustotal.com/gui/ip-address/104.21.48.1/relations # Reference: https://www.virustotal.com/gui/ip-address/104.21.65.136/relations anl.is eqp.is snf.is # Reference: https://x.com/sdcyberresearch/status/1929892055020401016 scripts.peachseo.com/services/editor-elements-library/dist/thunderbolt/rb_wixui.a240ce2a.bundle.min.js # Reference: https://www.virustotal.com/gui/ip-address/109.120.138.149/relations italicfonts.org # Reference: https://x.com/sdcyberresearch/status/1940410275355832331 clicktrack01.com jartrack01.com # Reference: https://x.com/sdcyberresearch/status/1942191553125986566 # Reference: https://app.validin.com/detail?find=38.180.234.198&type=ip4&ref_id=674553ef1ec#tab=resolutions # Reference: https://www.virustotal.com/gui/ip-address/95.164.53.82/relations anagi.net cdn-server.online dorton.org frostwarriorsaga.com globalmi.net magnetice.click neonvalley.eu pollokingdoms.com spectralhavens.com support-serv.xyz # Reference: https://x.com/sdcyberresearch/status/1944696520055378180 # Reference: https://app.validin.com/detail?find=19fe6b1334b2035cedcaa692ac77b550&type=hash&ref_id=f6592434d3c#tab=host_pairs (# 2025-07-14) cloudfastlist.shop fastjsdev.shop scheduledcss.shop # Reference: https://x.com/sdcyberresearch/status/1945816300539785718 cloudflariz.com shop-update.com mail.cloudflariz.com # Reference: https://x.com/sdcyberresearch/status/1947227311478034814 # Refereence: https://app.validin.com/detail?find=e5c1988433bb8590b948&type=hash&ref_id=e202aff5280#tab=host_pairs (# 2025-07-21) antiddos-protection.net mmercadolibre.com kk.land # Reference: https://x.com/sdcyberresearch/status/1947994404901265579 # Reference: https://app.validin.com/detail?find=141.98.6.103&type=ip4&ref_id=8aeef8d30be#tab=resolutions backupper.info backupper.pro geoterbang.site staticpaycloud.com # Reference: https://www.virustotal.com/gui/ip-address/85.192.27.0/relations svgstatic.org # Reference: https://x.com/sdcyberresearch/status/1954917161681457152 # Reference: https://www.virustotal.com/gui/ip-address/89.208.113.79/relations # Reference: https://www.virustotal.com/gui/ip-address/94.140.114.137/relations # Reference: https://www.virustotal.com/gui/ip-address/94.140.114.19/relations # Reference: https://www.virustotal.com/gui/ip-address/95.164.23.158/relations elementatorprof.info elementatorstati.site felalilingena.online ghanamusthi.xyz jsanalytic.cloud jscode.cloud jsstat.cloud orristhekyone.site neritetarnerbi.xyz ppheaimondon.site wsocket.store # Reference: https://x.com/csideai/status/1948802854308782471 # Reference: https://app.validin.com/detail?type=hash&find=0e829cc271bdcdfe9b25c06d9ae10c7a#tab=host_pairs (# 2025-08-15) # Reference: https://app.validin.com/detail?find=6f98e7ef8dc5672e4f85e84c7d68d6b2&type=hash&ref_id=c4e3993f306#tab=host_pairs (# 2025-08-15) # Reference: https://app.validin.com/lookalikes?limit=1000&lookback=90&depth=2&find=%2F%5E%5Ba-z%5D%7B0%2C%7Dmeriks%5Ba-z%5D%2B%5C.top%24%2F (# 2025-08-15) antimeriksbuy.top bananapixel.top damagepixel.top emberpixel.top errormeriks.top fishpixelnow.top followmeriksshop.top garrypixelpotter.top goldenmeriksapple.top heimerikszenit.top histonmeriks.top hornypixel.top kezmeriksfight.top makvinpixel.top manymeriks.top meriksalienspace.top meriksbanormute.top meriksbarierz.top meriksbattle.top meriksbeginsmart.top meriksbmw.top meriksbrobronze.top merikscanditation.top merikscanuseeme.top merikschecked.top merikscheriks.top meriksconditioner.top meriksdawnwest.top meriksdjonsina.top meriksferious.top meriksfreefire.top meriksgalaxytv.top meriksgamecs.top meriksgivechance.top meriksglobalelite.top meriksglobusmore.top meriksgoblinnike.top meriksgoblinsquad.top merikshaisenberg.top meriksiceger.top meriksimbalance.top meriksitiliano.top merikslimons.top meriksmanager.top meriksmercedes.top meriksmoonsun.top meriksnewplayer.top meriksnewstuff.top meriksoldmoney.top meriksonevsone.top meriksoperstyle.top merikspentruzeche.top meriksplatinum.top meriksquattro.top meriksrainstreet.top meriksralph.top meriksrespondeble.top meriksscouteronly.top meriksscream.top merikssearchglobal.top merikssecondtimer.top meriksseshka.top meriksshadowfiend.top meriksshedule.top meriksshikflow.top meriksshmeriks.top merikssimplegood.top meriksslaimuper.top meriksslowlyemotion.top merikssmackthat.top merikssmarttvchese.top merikssmothing.top merikssmurfik.top merikssnowbord.top merikssnowfails.top merikssnowfollballs.top merikssporttvshow.top merikssrezforme.top meriksstandart.top meriksstantion.top meriksstarbucks.top meriksstaylife.top meriksstreamer.top merikstoppalace.top merikstranki.top meriksvalentineday.top meriksviber.top meriksvilverelite.top meriksvinusuela.top meriksxenonlight.top meriksyoutuber.top merikszaimckerits.top millionpixel.top pixelbronestill.top pixelcrocodile.top pixelelephant.top pixelitpedia.top pixellaser.top pixelnomad.top pixelnonefoll.top pixelnothingrich.top pixelnotinggo.top pixelnotworking.top pixelnovanddec.top pixelnovarank.top pixelnovember.top pixelnowchange.top pixelnowcheked.top pixelnowrestart.top pixelnowsearchae.top pixelnowsellerorbuyer.top pixelreqiuemfast.top pixelskodaoctavia.top pixelslowermode.top rainbowpixel.top saimonpixel.top teampixelspeak.top twomeriksone.top utilitymeriks.top wowmerikswoman.top yorumerikschannel.top zaimmeriks.top # Reference: https://x.com/sdcyberresearch/status/1960679898021806340 # Reference: https://app.validin.com/detail?find=d6bc8c6022d37ffd6acbbb53e200e714&type=hash&ref_id=6f40c2b0525#tab=host_pairs (# 2025-08-27) # Reference: https://app.validin.com/detail?find=829d74aa5bdd9687b61b062aca432811&type=hash&ref_id=6f40c2b0525#tab=host_pairs (# 2025-08-27) ajax-jquery.com bf-core.com c-ads.net cloud-ajax.com partywirks.club paysafe.global sale5shop.com sale7shop.com wrist-sale.com www-static.com 7064b8afd9509a0f.b-cdn.net ads.cdn-f.net asd1.lazyno1.net hostmaster.c-ads.net mail.partywirks.club tws.cdn-f.net # Reference: https://x.com/sdcyberresearch/status/1962465392636383380 # Reference: https://www.virustotal.com/gui/domain/cdn-f.net/relations cdn-f.net ssl.cdn-f.net # Reference: https://x.com/sdcyberresearch/status/1965014900562133381 # Reference: https://app.validin.com/detail?find=1db0a111dde8011b8e8d76fafadb0e02&type=hash&ref_id=1e46789fd1d#tab=host_pairs (# 2025-09-08) artistyhub.com datasetboost.com digitalldawn.com graphistat.com marketedweb.com marketiapro.com mystatisic.com onlinedefenceshield.com sallesnxt.com selideck.com selledgehub.com sellorashop.com sellsparkw.com statrisse.com statspots.com stattmark.com webstatusis.com wessist.com wiesestat.com wwwgyoutube.com # Reference: https://x.com/sdcyberresearch/status/1965736554820739163 e31692e26753a0cb.b-cdn.net # Reference: https://x.com/sdcyberresearch/status/1967530667019010127 cc-analytics.com cc-analytis.com getejs.com getnjs.com getvjs.com i-statics.com itstatics.com jgetjs.com jstatics.com ostatics.com pstatics.com qstatics.com rstatics.com sstatics.com ustatics.com util-analytics.com utilanalytics.com wstatics.com youtuber-dashboardwme.pro ystatics.com accounts.youtuber-dashboardwme.pro api.sstatics.com # Reference: https://x.com/sdcyberresearch/status/1968293903712539006 # Reference: https://app.validin.com/detail?find=6cd5b8b194c15542c2610a34dd25f8bd&type=hash&ref_id=d2e03137ed9#tab=host_pairs (# 2025-09-17) chatsup.us hotapps.app hubsport.io imgwick.net pcapredict.pro rainb.io regnapps.app roadtheapp.com schemaapp.pro shiftshops.app 511.schemaapp.pro app.hubsport.io cdn.hotapps.app claim.imgwick.net f.shiftshops.app state.pcapredict.pro store.rainb.io store.roadtheapp.com # Reference: https://x.com/sdcyberresearch/status/1975162966082228471 css-animations.online uesrghawg.info uesrghwg.info cdn.uesrghawg.info click.uesrghwg.info style.css-animations.online # Reference: https://x.com/_eremit4/status/1976050532021420314 # BANNER_0_HASH-HOST=9fc453fd20645c4628d9ce386ffcbf5d # BANNER_0_HASH-HOST=df1fb9c560251dae625583d67ef1639b googletegmaneger.com myconvertr.com cdn-googlemanager.com secure-endpoint-v2.com cdn.myconvertr.com # Reference: https://x.com/sdcyberresearch/status/1980619281361436948 # Reference: https://www.virustotal.com/gui/ip-address/76.223.26.96/relations # Reference: https://www.virustotal.com/gui/file/cede310567508275b775bfa4d170c3e20a0faf0124b31c975c5360dcce620c31/detection # BANNER_0_HASH-HOST=a70f9384abe7996ab2389f10626f2466 # BANNER_0_HASH-HOST=e19097712f322a4d5b065303d87fc89f cdnstring.com npqam.com objectst.in thawte.cam tmdate.com tmstring.com # Reference: https://www.volexity.com/blog/2021/12/07/xe-group-exposed-8-years-of-hacking-card-skimming-for-profit/ # Reference: https://github.com/volexity/threat-intel/blob/main/2021/2021-12-06%20-%20XEGroup/indicators/indicators.csv addthiis.com addthiis.net adfs.xegroups.com amazon.xegroups.com baucua.com buygetdiscount.com ccn.xegroups.com cf.addthiis.com dongtanphat.com email.paycashs.com emvnhim.com ftp.paycashs.com ftp.xework.com guiquare.com hegpt.com imap.xegroups.com loinhuancao.com mail.paycashs.com mail.restapi.xegroups.com mail.xegroups.com mail.xeminer.com mail.xework.com mylanshop.com noithatgiare.com ns1.paycashs.com ns1.restapi.xegroups.com ns1.subinput.com ns1.xegroups.com ns1.xeminer.com ns1.xework.com ns2.amazon.xegroups.com ns2.object.fm ns2.paycashs.com ns2.xegroups.com ns2.xeminer.com ns2.xework.com object.fm object.sbs paycashs.com restapi.xegroups.com s7.addthiis.com sanmuaban.com sanmuaban.net secure.subinput.com subinput.com va00.addthiis.com vhimne.com vp2-addthiis.com webmail.object.fm webmail.paycashs.com webmail.xegroups.com woodofvietnam.com xeadult.com xedob.com xegroups.com xemembers.com xeminer.com xeson.net xework.com ajax.googleapis.com.hivnd.com google-analytics.com.hivnd.com ns1.hivnd.com ns2.hivnd.com verify.authorize.net.hivnd.com # Reference: https://x.com/sdcyberresearch/status/1983483103902613894 discord.com/api/webhooks/1354279778441629867/ # Reference: https://x.com/sdcyberresearch/status/1985331962660167993 m-stripe.vercel.app # Reference: https://www.virustotal.com/gui/file/b009cec84e7471ea648d7331e81b9c931c2cd58e671fcd8dd1a32a546982d9ae/detection # Reference: https://www.virustotal.com/gui/file/8855e2c8a722e1520c33ecfa9962b07d919f75514479dc60243af956f1ae1887/detection # Reference: https://www.virustotal.com/gui/file/011244520d9adddd83830759311619a2af9cb6430c8627c782dea7ad1533e486/detection elementorupdate.live # Reference: https://www.virustotal.com/gui/ip-address/194.165.16.54/relations dataconnector.online inovationsolution.info # Reference: https://x.com/sdcyberresearch/status/1990727780405850278 # BANNER_0_HASH-HOST=bef0b5382eca3552499158187a405a95 artisttrydata.com foxicpeak.com hiviefox.com metrixinsig.com mttrcs.com salecrafft.com smsboxs.com worokshub.com zenithneest.com # Reference: https://x.com/sdcyberresearch/status/1992995764625457218 jsdelijsm.com # Reference: https://www.virustotal.com/gui/ip-address/104.21.46.131/relations shy.is # Reference: https://www.virustotal.com/gui/ip-address/104.21.37.208/relations 1x0.is # Reference: https://x.com/sdcyberresearch/status/1994067832888517096 # CLASS_0_HASH-HOST=56dc27d059527bb852b24e11194d78ff artrocoach.com cspreported.com japangomenu.com shoeptpopular.com xrenchick.com # Reference: https://x.com/sdcyberresearch/status/1995441432149319762 # Reference: https://www.virustotal.com/gui/ip-address/38.180.142.89/relations # Reference: https://app.validin.com/detail?type=dom&find=shipping.js#tab=host_pairs (# 2025-12-04) analyzerai.icu livechatorg.com onlinechatmatrix.online onlinechatmatrix.store onlinechatmatrix.xyz onlinechatmatrix․xyz onlinesupportmatrix.org onlinesupportmatrix.support onlinesupportmatrix.xyz onlinesupportmatrix․support requiresys.icu rshardware.online supportstreamonline.com typeglp.com w0rld.store # Reference: https://x.com/sdcyberresearch/status/2001277909835591854 # BANNER_0_HASH-HOST=98e438289789a00d0f1bfede7412f25f design.nday.net wireframe.nday.net # Reference: https://www.virustotal.com/gui/ip-address/176.65.144.144/relations applclickanalytics.com # Reference: https://x.com/sdcyberresearch/status/2003811306848362919 hyperstat.shop ixopt.pics sirsmile.cv tetraga.online u2speed.site virtustat.shop vw-cars.top wvxmas.top # Reference: https://x.com/sdcyberresearch/status/2005621112898548175 analyticsamazing.info basestatos.com bitbaystats.com bootstatseven.com bootstrap-sdn.com cdn-htojar.com claritycrown.com clearprint.tech cloudframestat.com cloudlstatics.com fbfromstat.com ftp-opencart.com googledriveanalytice.com googlemanageranalytic.com gtm-analyticsdn.com hotanalytic.com iframemetric.com jquarystatistic.com jquery-boots.com jquery-hoster.com jquery-minical.com jquery-stupify.com jquery-tech.com jstreecommon.com ninebasec.com primestatics.com rtc-forms.com rtc-info.com sdn-jquary.com sdn-optima.com sdn-starstair.com sdn-veryfy.com shfeeds.com ssa-conections.com staticsinfo.com statisticmanager.com statistoinf.info stiticlouds.com supluyers.com tryanalitics.com jquery.googlemanageranalytic.com # Reference: https://x.com/sdcyberresearch/status/2008553327550726534 peachseo.com # Reference: https://x.com/sdcyberresearch/status/2010694446652809581 cdn-typekit.com i.cdn-typekit.com # Reference: https://www.silentpush.com/blog/magecart/ # ETAG-HOST=W/"67bd5f3d-264" cdn-cookie.com cdn-gstatic.com detail-best.com hacptcha.com ipifly.com newasest.com omappepi.com lasorie.com ftp.cdn-cookie.com ftp.cdn-gstatic.com ftp.detail-best.com ftp.google-manager.com ftp.hacptcha.com ftp.ipifly.com ftp.newasest.com ftp.omappepi.com mail.cdn-cookie.com mail.cdn-gstatic.com mail.detail-best.com mail.hacptcha.com mail.ipifly.com mail.newasest.com mail.omappepi.com # Reference: https://x.com/sdcyberresearch/status/2011404135757651976 fastlistcss.icu gooliststyle.icu # Reference: https://sansec.io/research/keylogger-major-us-bank-employees artrabol.com domain-csp.com js-analyzer.com js-csp.com js-tag.com jslibrary.net # Reference: https://www.virustotal.com/gui/ip-address/91.212.166.10/relations jsconstant.com # Reference: https://x.com/sdcyberresearch/status/2013205078119682419 # BANNER_0_HASH-HOST=a1fbc2a3c8c5c0279b9ced011b8c2c9e # BANNER_0_HASH-HOST=78f37cab92545793474f9f800c98f87e # BANNER_0_HASH-HOST=ec53943d3cf13f05fc3451158505d463 admistr.com admistr.info adsbridge.fun adsbridge.site adsbridge.space clickgator.info clickopath.info crmclicks.com # Reference: https://www.virustotal.com/gui/ip-address/94.159.113.60/relations cloudflare-static4.com cloudflare-static4.net cloudflare-static7.com cloudflare-static7.net # Reference: https://www.virustotal.com/gui/ip-address/45.158.127.153/relations cloudflare-static11.com cloudflare-static12.com cloudflare-static12.net cloudflare-static14.com cloudflare-static14.net # Reference: https://www.virustotal.com/gui/ip-address/172.67.185.101/relations goog-in.icu # Reference: https://www.virustotal.com/gui/ip-address/193.163.7.197/relations cdn-cookies.com cdncomplete.com cdncookie.com # Reference: https://www.virustotal.com/gui/ip-address/185.196.9.152/relations # BANNER_0_HASH-HOST=c58634db9b1afe46014c1be6ae110004 # CERT_FINGERPRINT_SHA256-HOST=8d12a609e619bc1ce9fe9335a5d1dbda217a12d4f996b1d7da09ad04701a7368 deynicaminiz.site filedocumentonline.com ftm-lottery.net goodleestat.online googlestgmanager.xyz skillsworks.top socket-io.ws wijetmedio.site # Reference: https://x.com/unmaskparasites/status/2021677496715108417 rocketplugin.com api.rocketplugin.com # Reference: https://www.virustotal.com/gui/ip-address/146.19.213.254/relations braintreeapi.shop braintreeapi.top # Reference: https://x.com/sdcyberresearch/status/2026266049755164860 # Reference: https://www.virustotal.com/gui/ip-address/38.180.80.50/relations chatliveapp.com chatliveplus.com eventchatsupport.com javascripttestlibrary.com livechathub.org livechatlite.com liverespond.online apicheck.chatliveplus.com blog.chatliveplus.com chat.eventchatsupport.com calendar.livechatlite.com mail.chatliveplus.com online.eventchatsupport.com portal.livechatlite.com status.livechatlite.com system.eventchatsupport.com webdisk.chatliveplus.com # Reference: https://www.linkedin.com/posts/sansec_all-your-cheese-are-belong-to-us-we-just-activity-7432081690745024512-4qFA api-middle-connect.com cdn.api-middle-connect.com cloud.api-middle-connect.com # Reference: https://x.com/sdcyberresearch/status/2026985724935889148 # Reference: https://www.virustotal.com/gui/ip-address/192.236.209.185/relations api-woocommerce.com cdnjs-cloud.com cdnjs-cloudflare.com leads-zdassets.com path-bootstrapcdn.com widget-trustpilot.com widget-zopim.com # Generic /assets/lfg.js /cdn/ga.php?analytic= /js/ga.php?analytic= /p/ga.php?analytic= /ga.php?analytic= /5d1cbc8c073d4.js /5d4cdc4cdf344.js /5e7fa6489b31a.js /dsc-statistic.js /subscriptioninsider.com.js /adsbygoogle/ /adsbygoogle/ads.js /baypressservices/ /baypressservices/baypr.js /check_cvv2_number_script.js /code/zipboss.dev.js /gate/jquery-static.js /gtm-connect/wp-share.min.js /images/js/googleapi.js /javascript/checkcheckout.js /js/a1def6c62256906029767cb784323ab3.js /js/afterpay/checkout/idev_onestep.js /js/check_analystic.js /js/customize-gtag.min.js /js/extjs/fix-defer-after.js /js/footer-link.js /js/mage/cookies.js /js/mage/google.js /js/scriptaculous/print.js /js/dsc-statistic.js /js/varien/js.js.pagespeed.jm.aFn_GvyNS2.js /mainer/myscr109881.js /my/vmart.js /103754_tag.js /a1def6c62256906029767cb784323ab3.js /ac-analytics.js /authorze.js /markberg.dk.js /qcore.js /plugins/republicadealberdi.js /republicadealberdi.js /rimzoneonline/code.js /silver/acor.js /static/gstatic-hander.js /googletag-manager?connect= /gstatic-hander.js /zipboss.dev.js /sello-ecommerce.js /d3d3LmZjaW5nb2xzdGFkdC1zaG9wLmRl.js