# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: magecart # Reference: https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/ magentocore.net # Reference: https://www.riskiq.com/blog/labs/magecart-keylogger-injection/ abuse-js.link angular.club cdn-js.link docstart.su govfree.pw jquery-cdn.top js-abuse.link js-abuse.su js-cdn.link js-link.su js-magic.link js-mod.su js-save.link js-save.su js-start.su js-stat.su js-sucuri.link js-syst.su js-top.link js-top.su jscript-cdn.com lolfree.pw mage-cdn.link mage-js.link mage-js.su magento-cdn.top mageonline.net mipss.su mod-js.su mod-sj.link sj-mod.link sj-syst.link stat-sj.link statdd.su statsdot.eu stecker.su stek-js.link syst-sj.link top-sj.link truefree.pw # Reference: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ http://89.47.162.248 baways.com # Reference: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/ http://85.93.5.188 http://94.156.133.211 webfotce.me # Reference: https://twitter.com/bad_packets/status/1043809501516726272 gamacdn.com # Reference: https://twitter.com/hashtag/magecart?src=hash # Reference: https://twitter.com/AmiV2/status/1042988934576271360 neweggstats.com # Reference: https://otx.alienvault.com/pulse/5c9287b3b67a75234fc56b6b cdnassels.com cdnmage.com cmytuok.top configsysrc.info js-cloud.com magejavascripts.com magesecuritys.com magescripts.pw mcloudjs.com mypiltow.com secure.livechatinc.org # Reference: https://twitter.com/jeromesegura/status/1121134552158621696 # Reference: https://twitter.com/bad_packets/status/1121147936203624448 # Reference: https://otx.alienvault.com/pulse/5cd3ef4f22e204745f6672c3 magento-analytics.com # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada/ cloudmetric-analytics.com g-analytics.com ebitbr.com # Reference: https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/ googletagmanager.eu # Reference: https://twitter.com/jeromesegura/status/1128387989111853056 jqueryextd.at # Reference: https://twitter.com/bad_packets/status/1128517905765683201 fontsawesome.gq # Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/ # Reference: https://otx.alienvault.com/pulse/5ce56f2bc5bbee0a58f7073c thatispersonal.com top5value.com voodoo4tactical.com # Reference: https://twitter.com/jeromesegura/status/1133160126561394688 # Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/ modest4ever.com # Reference: https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html # Reference: https://www.virustotal.com/gui/ip-address/178.33.231.184/relations http://178.33.231.184 adorebeauty.org all-about-sneakers.org battery-force.org blackriverimaging.org braincdn.org childsplayclothing.org citywlnery.org closetlondon.org dahlie.org davidsfootwear.org dobell.su elpalaciodehierro.org etradesupply.org exrpesso.org foodandcot.com freshdepor.com greatfurnituretradingco.org hqassets.com jewsondirect.com kik-vape.org labbe.biz lamoodbighats.net mage-checkout.org misshaus.org nililotan.org oakandfort.org ottocap.org pmtonline.su replacemyremote.org safeprocessor.com sagecdn.org scriptdesire.com security-payment.su shop-rnib.org slickjs.org swappastore.com verywellfitnesse.com walletgear.org # Reference: https://blog.malwarebytes.com/threat-analysis/2019/06/magecart-skimmers-found-on-amazon-cloudfront-cdn/ cdn-imgcloud.com font-assets.com js-cloudhost.com wix-cloud.com ww1-filecloud.com # Reference: https://twitter.com/rommeljoven17/status/1144786273741107200 # Reference: https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html # Reference: https://otx.alienvault.com/pulse/5d1a08ac3f9760423c70c999 tracker-visitors.com jquery-web.com jquery-stats.com jsreload.pw routingzen.com # Reference: https://twitter.com/eComscan/status/1147077036692922368 http://89.32.251.136 # Reference: https://www.zscaler.com/blogs/research/magecart-activity-and-campaign-enhancements # Reference: https://www.virustotal.com/gui/domain/dnsden.biz/relations # Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/ http://93.187.129.249/gate.php developer-js.info dnsden.biz jquery-bin.com jsreload.pw jqueryextd.at routingzen.com saterday-race.com scriptvault.org /errors/default/gate.php # Reference: https://twitter.com/killamjr/status/1151142181643702277 ccprocess.review # Reference: https://twitter.com/eComscan/status/1152153363892637696 magesource.su # Reference: https://twitter.com/AffableKraut/status/1154641710653300737 googlepíng.com xn--googlepng-m5a.com # Reference: https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html # Reference: https://twitter.com/daphiel/status/1156314169492279299 invoiceservice.info lnfo.cc google-analytîcs.com xn--google-analytcs-xpb.com google.ssl.lnfo.cc # Reference: https://twitter.com/killamjr/status/1154393722777460737 googlc-analytics.cm # Reference: https://twitter.com/jeromesegura/status/1158473869029601280 mageento.com onlineclouds.cloud # Reference: https://twitter.com/rommeljoven17/status/1158657062403883008 api-googles.com facebookfollow.com gstatlcs.com qpstasis.com # Reference: https://twitter.com/rommeljoven17/status/1169124706567544832 jquerycodemagento.com # Reference: https://twitter.com/killamjr/status/1171399767240273920 trafficanalyzer.biz # Reference: https://twitter.com/MBThreatIntel/status/1171817639728934912 magentoconnectors.com # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/ # Reference: https://otx.alienvault.com/pulse/5d821c4c16cca4b63f931226 googletrackmanager.com # Reference: https://twitter.com/shotgunner101/status/1174759248703741952 bluemarineholding.com/wp-includes/locales.php # Reference: https://www.riskiq.com/blog/labs/magecart-reused-domains/ # Reference: https://otx.alienvault.com/pulse/5d836d20a4a3d90861e796e2 cdnanalytics.net cdnapis.com contextjs.info magelib.com magento-order.com nexcesscdh.net ossmaxcdn.com # Reference: https://twitter.com/shotgunner101/status/1175181663464230913 google-analyitics.org # Reference: https://www.ibm.com/downloads/cas/O3W1LZAZ cnzz.space cnzz.work jsboxcontents.com ms-akadns.com sdsyxwx.com survey-microsoft.net /runforestrun?sid=botnet # Reference: https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/ # Reference: https://otx.alienvault.com/pulse/5d9cf3671d2973bf30d2753f cdn-volusion.com volusion-cdn.com # Reference: https://twitter.com/killamjr/status/1182045635593289728 clouding.live piratefashions.com # Reference: https://twitter.com/killamjr/status/1182050912224849920 jsblom.com # Reference: https://twitter.com/xiatianguo/status/1183405035192872961 # Reference: https://twitter.com/FullM3talPacket/status/1182404667755520000 # Reference: https://pastebin.com/kqMV9vCX bks0.com cssjs.co jscss.co jspri.co pen4.co j2.is # Reference: https://twitter.com/MBThreatIntel/status/1184531791102857216 assetstorage.net fileskeeper.org # Reference: https://twitter.com/killamjr/status/1185376383180136448 mgstrs.com # Reference: https://www.group-ib.com/blog/coffemokko 3lift.org abtasty.net adaptivecss.org adorebeauty.org all-about-sneakers.org ar500arnor.com authorizecdn.com bannerbuzz.info battery-force.org batterynart.com blackriverimaging.org braincdn.org btosports.net chicksaddlery.net childsplayclothing.org christohperward.org citywlnery.org closetlondon.org coffemokko.com coffetea.org dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org energytea.org etradesupply.org exrpesso.org foodandcot.com freshchat.info freshdepor.com greatfurnituretradingco.org info-js.link jewsondirect.com kandypens.net kik-vape.org labbe.biz lamoodbighats.net link-js.link londontea.net mage-checkout.org majsurplus.com map-js.link mechat.info misshaus.org mylrendyphone.com nililotan.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su replacemyremote.org sagecdn.org security-payment.su shop-rnib.org slickjs.org slickmin.com smart-js.link swappastore.com teacoffe.net top5value.com track-js.link ukcoffe.com verywellfitnesse.com walletgear.org zapaljs.com zoplm.com # Reference: https://www.group-ib.com/blog/illum illum.pw nstatistics.com payment-line.tk paymentpal.cf payrightnow.cf requestnet.tk cdn.illum.pw sr.illum.pw records.nstatistics.com request.payrightnow.cf request.requestnet.tk # Reference: https://www.group-ib.com/blog/g-analytics # Reference: https://threatpost.com/card-skimming-google-analytics-angular/142264/ analytic.is analytic.to dittm.org g-analytics.com googlc-analytics.cm google-analytics.cm google-analytics.is google-analytics.to gooqletagmanager.com iozoz.com jquery-js.com # Reference: https://www.group-ib.com/blog/reactget adsapigate.com adsgetapi.com ajaxstatic.com aldenmlilhouse.com apitstatus.com asianfoodgracer.com balletbeautlful.com bargalnjunkie.com billgetstatus.com cloudodesc.com fbstatspartner.com geisseie.com gtmproc.com hs-payments.com livecheckpay.com livegetpay.com mageanalytics.com maxstatics.com mediapack.info mxcounter.com newrelicnet.com nr-public.com ordercheckpays.com orderracker.com payselector.com reactjsapi.com simcounter.com sydneysalonsupplies.com tagsmediaget.com tagstracking.com trust-tracker.com # Reference: https://twitter.com/AffableKraut/status/1185070871691616256 fb-seo.net # Reference: https://twitter.com/unmaskparasites/status/1185171035693441024 magento-community.org # Reference: https://twitter.com/unmaskparasites/status/1185172904276836352 fb-content.dev # Reference: https://twitter.com/unmaskparasites/status/1185256035633811463 magento-security.dev # Reference: https://twitter.com/eComscan/status/1185170381331714048 fb-pixel.com magento-protection.com # Reference: https://twitter.com/killamjr/status/1182335468425416705 # Reference: https://twitter.com/xuy1202/status/1192005820491239424 xciy.net /content/Compare/website.js # Reference: https://twitter.com/killamjr/status/1182095269418024960 google-taq.com # Reference: https://twitter.com/AffableKraut/status/1172052860378521600 magicsaphe.com questappo.com rqstpp.com yongffice.com # Reference: https://twitter.com/Totocellux/status/1165223332633022468 # Reference: https://blog.malwarebytes.com/threat-analysis/2019/08/magecart-criminals-caught-stealing-poker-face/ ajaxclick.com www-trust.com # Reference: https://twitter.com/AffableKraut/status/1159677725994622976 mage.biz.ua # Reference: https://twitter.com/AdAstra247/status/1159111119488860160 scripts-analytics.com # Reference: https://twitter.com/zombisoft/status/1152333754670755841 installw.com # Reference: https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/ cdn-c.com # Reference: https://twitter.com/unmaskparasites/status/1184571273583706112 cdn-clouds.com # Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ (# Magecart Group 5 domains) informaer.biz informaer.cc informaer.com informaer.net informaer.org informaer.pw informaer.ws informaer.xyz informaer.info # Reference: https://twitter.com/gwillem/status/1187667658642206720 hsadspixel.com # Reference: https://twitter.com/RapidSpike/status/1189882327557648386 /js/mage/adminhtml/product/composite/validate.php # Reference: https://twitter.com/xuy1202/status/1192006102969282560 jquerycdnlib.at # Reference: https://www.perimeterx.com/blog/multiple-magecart-groups-attacking-simultaneously/ mogento.info /src/upscalestripper.js /src/galeriedebeaute.js /src/deliveryathome.js # Reference: https://www.group-ib.com/blog/fakesecurity alloaypparel.com firstofbanks.com fiswedbesign.com mage-security.org magento-security.org # Reference: https://twitter.com/jknsCo/status/1192806947118092289 cdn-shopify.com # Reference: https://blog.sucuri.net/2019/11/skimmers-for-both-magento-and-wordpress.html gooqleadvstat.com gooqlemgrteg.com jquerystatic.com zendesk-chart.com # Reference: https://twitter.com/xuy1202/status/1195361991805681664 cxizi.net getprices.online gooogle-js.com installerr.site js-mini.com myexclusivediamond.com # Reference: https://twitter.com/xuy1202/status/1195290863875706881 # Reference: https://twitter.com/kyleehmke/status/1179727877488730113 cdn-zendesk.com zendesk-cdn.com # Reference: https://twitter.com/xuy1202/status/1194897841694507009 recheckcard.info # Reference: https://twitter.com/xuy1202/status/1194896618245382145 routingzen.com # Reference: https://twitter.com/xuy1202/status/1194895878181421061 script-analytics.com /js/mage/google.js # Reference: https://twitter.com/xuy1202/status/1194894864699121664 woldorf.com # Reference: https://twitter.com/xuy1202/status/1194893048817143808 statcounter.one # Reference: https://twitter.com/xuy1202/status/1194593451947356160 yxxi.net /ipost-con.4.php # Reference: https://twitter.com/xuy1202/status/1194508362903277568 jquery-script.icu # Reference: https://blog.netlab.360.com/ongoing-credit-card-data-leak-continues/ adwordstraffic.link /onestepcheckoutauthorizenet.js /onestepcheckoutccpayment.js # Reference: https://twitter.com/xuy1202/status/1196058702391861249 hilosennogada.com # Reference: https://twitter.com/xuy1202/status/1196404569137242112 securecdn.eu # Reference: https://twitter.com/unmaskparasites/status/1196934377063800832 http://103.139.113.34 # Reference: https://www.helpnetsecurity.com/2019/11/19/macys-online-store-compromised/ # Reference: https://otx.alienvault.com/pulse/5dd513439df4d4400824b738 barn-x.com # Reference: https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/ # Reference: https://twitter.com/jeromesegura/status/1197611010992918529 # Reference: https://otx.alienvault.com/pulse/5ddd99064d1dd4420367304b (# Fullz House) account-restrictions.com ajaxstatic.com americanexpress-secure.com appleld-verification.com authorizeplus.com checkout-sagepay.com com-protect.com deliveroosurvey.com google-analytics.top google-query.com google-smart.com googletagmanaqer.com halifax-verification.com halifaxverification.com java-query.info jquery-assets.com lightgetjs.com limited-account-panel.com limited-restriction.com limited-restrictions-paypai.com limited-restrictions.com limited-user-restrictions.com limited-user-uk.com limited-users-login.com limited-users-restrictions.com live-sagepay.com login-limited-user.com login-user-limited.com login-user-restricted.com login-users-limited.com mastercard-migs.com mediapack.info migs-mastercard.com mythreelogin.com networkreset.net online-secure-account.com onlineaccountverificationwellssfargo.com pay-u-biz.com payment-mastercard.com payment-sagepay.com payment-worldpay.com paymentfailurespotifiyj.top paypai-account-limited.com paypai-limited-user.com paypai-limited-users.com paypai-user-limited.com paypai-user-restricted.com paypal-secured.com paypl-limited-users.com paypl-users-limited.com payu-biz.com perfectmeme.info perfectmeme.us ppl-secure-uk.com ppl-user-limitation.com priceapigate.com query-manager.info rackapijs.com ref017.com ref3939-paypai.com restricted-user-panel.com roorewards.co.uk sagepay-live.com section.ws secure-alerts-halifax.com secure-users-paypai.com security-check-paypai.com securityaccountupdatewellsfargoo.info securityadvance.co securityupdateewellsfargoo.info topapigate.com uk-limited-user.com uk-restricted-user.com uk-user-limited.com uk-user-restricted.com uk-users-limitations.com updatesecuritywelllsfargo.info user-limited-login.com user-limited-restrictions.com user-login-limited.com user-restricted-uk.com user-restriction.com user-restrictions-paypai.com user-uk-restricted.com users-limited-paypai.net users-limited-uk.com users-restricted.com users-restriction.com # Reference: https://twitter.com/xuy1202/status/1197848155204640768 w00commerce.com # Reference: https://twitter.com/MBThreatIntel/status/1199010885525626890 # Reference: https://otx.alienvault.com/pulse/5ddc0e4cf94bd70658582ed8 magento-data.com mage-js.com # Reference: https://twitter.com/JCyberSec_/status/1199726915856158720 marketplace-magento.com # Reference: https://twitter.com/JCyberSec_/status/1199701208530739200 g-statistic.com # Reference: https://twitter.com/JCyberSec_/status/1197470727462641664 web-stats.net # Reference: https://twitter.com/CTI_Marc/status/1196344211890683904 magestore.online # Reference: https://twitter.com/AffableKraut/status/1196299424697331713 google-anaiytlcs.com # Reference: https://twitter.com/AffableKraut/status/1157164442829746176 googletagmanger.com # Reference: https://twitter.com/jeromesegura/status/1148358099712897024 nogaron.com write-cdn.com # Reference: https://twitter.com/rommeljoven17/status/1136555260477001728 anduansury.com frocklay.com sainester.com theresevit.com # Reference: https://twitter.com/jknsCo/status/1200061735278911488 googlemgrteg.com # Reference: https://twitter.com/eComscan/status/1200749626988662784 sanguinelab.net sansec.us # Reference: https://twitter.com/eComscan/status/1197894033772875776 iubendas.com # Reference: https://twitter.com/eComscan/status/1197097324264202240 magentohub.de # Reference: https://twitter.com/GroupIB_GIB/status/1201520226791305216 # Reference: https://www.virustotal.com/gui/domain/phplib.net/relations phplib.net # Reference: https://twitter.com/MBThreatIntel/status/1201572698545102856 googlctagmanager.com # Reference: https://twitter.com/MBThreatIntel/status/1201552839182438406 ancient-savannah-86049.herokuapp.com # Reference: https://twitter.com/MBThreatIntel/status/1189217083688738816 sharp-planet.eu # Reference: https://twitter.com/unmaskparasites/status/1201625226704015367 stark-gorge-44782.herokuapp.com # Reference: https://twitter.com/JCyberSec_/status/1201850052723052549 # Reference: https://twitter.com/JCyberSec_/status/1201850090153005056 gnogle.ru jquerycdnlib.at # Reference: https://twitter.com/jeromesegura/status/1202275080526422016 pure-peak-91770.herokuapp.com # Reference: https://twitter.com/gwillem/status/1202322985065091072 cdcc02.com # Reference: https://twitter.com/gwillem/status/1202330272164990977 magento-track.com # Reference: https://blog.malwarebytes.com/web-threats/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku/ # Reference: https://otx.alienvault.com/pulse/5de90822773402f817d5c9ab aqueous-scrubland-51318.herokuapp.com # Reference: https://twitter.com/jknsCo/status/1203453915930472448 googletage.com # Reference: https://twitter.com/unmaskparasites/status/1204080970191777795 localserver.host /app/code/core/Mage/Checkout/controllers/OnepageController.php # Reference: https://twitter.com/MBThreatIntel/status/1204093071954046976 webassetsshop.com # Reference: https://twitter.com/felixaime/status/1203959327612116995 magento-statistics.com # Reference: https://twitter.com/xuy1202/status/1204778227517935616 jguerycdn.network # Reference: https://twitter.com/killamjr/status/1204878142248235008 jquerycodemagento.com # Reference: https://twitter.com/AffableKraut/status/1204997344581881856 magecart.net # Reference: https://twitter.com/JCyberSec_/status/1206558829456048128 /payment/mage_secure/payment.js /payment/mage_secure/post.php # Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations google-payment.com # Reference: https://twitter.com/jeromesegura/status/1206713600288555010 cdnbigcommerce.com google-analycs.com # Reference: https://twitter.com/unmaskparasites/status/1206699288723697671 cdncontentserver.com impress-slides.com # Reference: https://twitter.com/killamjr/status/1207150660782657536 googlead.tech # Reference: https://twitter.com/xuy1202/status/1207164640431505408 slade-sell-shop.com # Reference: https://twitter.com/killamjr/status/1209165822939279365 opencartmodules.biz # Reference: https://twitter.com/AffableKraut/status/1210298773248696320 # Reference: https://www.virustotal.com/gui/ip-address/124.156.35.204/relations http://124.156.35.204 googieapls.com google-catalog.com googletag-manager.com gstatlcs.com jquery-js.link xn--gstatc-7va.com # Reference: https://twitter.com/killamjr/status/1212058181725114369 blockandcmqany.com chatshop.online chatstat.online clientsupport.space farmaforma.info g-statistic.com googleadservicesonline.com googleservices.online janmarlni.com jqueryservice.info mageento.com magento-check.info magestore.online megaliveonline.com onlineclick.xyz onlineclouds.cloud onlineclouds.info onlineshoptracker.info pythonservice.info shoplogs.site shopvalid.info statisticpay.info webstatvisit.com webstatvisits.com zoopim.online # Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ tawktalk.com # Reference: https://twitter.com/MBThreatIntel/status/1212889315572760577 # Reference: https://www.virustotal.com/gui/ip-address/5.188.9.61/relations googlc-analytics.net googlo-analytics.com # Reference: https://twitter.com/AffableKraut/status/1212927165454520321 googlc-analytics.com googlctagmanager.cm # Reference: https://twitter.com/xuy1202/status/1214051382178660352 newmagento.com # Reference: https://www.bleepingcomputer.com/news/security/magecart-attackers-steal-card-info-from-focus-camera-shoppers/ # Reference: https://www.virustotal.com/gui/domain/zdsassets.com/details zdsassets.com # Reference: https://twitter.com/MBThreatIntel/status/1215693928764063744 vamberlo.com # Reference: https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/ # Reference: https://twitter.com/BreachMessenger/status/1057394505266151425 # Reference: https://www.virustotal.com/gui/ip-address/124.156.210.169/relations a4c.cloud ajaxstatic.com apipack.host authorizeplus.com autojspack.com cdndeskpro.com cdnpack.net cdnpack.site dusk.net.in faceapiget.com fbpixelget.com gstaticapi.com jspack.pro kegland.top lightgetjs.com listrakjs.com olarkcdn.com perriconemd.me.uk priceapigate.com rackapijs.com section.ws sectionget.com sectionio.com topapigate.com worx.top # Reference: https://twitter.com/JCyberSec_/status/1216676671983624193 js-react.com # Reference: https://twitter.com/jeromesegura/status/1064924824336654336 bootstrap-js.com # Reference: https://twitter.com/xuy1202/status/1216951727615668224 apis-analytics.com # Reference: https://www.rapidspike.com/blog/2019-magecart-timeline/ cleor.co creditprop.com googletagstorage.com imagesengines.com # Reference: https://twitter.com/Jouliok/status/1217400178170368001 gold.platinumus.top # Reference: https://twitter.com/unmaskparasites/status/1204080970191777795 localserver.host # Reference: https://twitter.com/unmaskparasites/status/1217452290577195008 # Reference: https://www.virustotal.com/gui/domain/logistic.tw/relations logistic.tw # Reference: https://twitter.com/unmaskparasites/status/1217860398789120003 cilent-tracking.com cloudservice.tw # Reference: https://twitter.com/felixaime/status/1218135753110302720 silver-statistics.com # Reference: https://twitter.com/felixaime/status/1219175480303202307 # Reference: https://twitter.com/matr0cks/status/1220418827751763969 jqueryextplugin.com # Reference: https://www.riskiq.com/blog/labs/fullz-house/ # Reference: https://www.virustotal.com/gui/ip-address/124.156.34.157/relations # Reference: https://www.virustotal.com/gui/ip-address/47.245.55.198/relations # Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations checkout-sagepay.com google-analytics.top google-payment.com google-query.com google-smart.com google-taq.com jquery-assets.com live-sagepay.com mastercard-migs.com migs-mastercard.com pay-u-biz.com payment-mastercard.com payment-sagepay.com payment-worldpay.com payu-biz.com sagepay-live.com /ga.js?analytic= # Reference: https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/ opendoorcdn.com # Reference: https://twitter.com/jknsCo/status/1221031002564370432 hotjar.us jquery.us # Reference: https://twitter.com/AffableKraut/status/1220829096197939202 doubleclick.ws # Reference: https://www.riskiq.com/blog/labs/magecart-group-12-olympics/ # Reference: https://otx.alienvault.com/pulse/5e3d8f9c9c559a74b0c82a71 cdn-content.cc content-delivery.cc deliveryjs.cc givemejs.cc jquerycdn.su storefrontcdn.com toplevelstatic.com # Reference: https://twitter.com/felixaime/status/1226292060547878913 cdnanalyze.com cdnapis.org cdnchecker.org cdnoptimize.com # Reference: https://twitter.com/gwillem/status/1227936380380119041 # Reference: https://twitter.com/gwillem/status/1231604432586125313 e4.ms http.ps # Reference: https://twitter.com/felixaime/status/1228343232649662464 amirtechet.com supermanager.space # Reference: https://twitter.com/felixaime/status/1228342963744444416 googletegmanager.com # Reference: https://twitter.com/d09r_/status/1228214041878749184 wappallyzer.com # Reference: https://twitter.com/dubstard/status/1230895567947149314 # Reference: https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf apienclave.com apisquere.com b-metric.com jquery-cycle.com ordercheck.online pridecdn.com quicdn.com # Reference: https://raw.githubusercontent.com/gwillem/magento-malware-scanner/master/rules/burner-domains.txt abuse-js.link account-mage.su activaguard.com adsgetapi.com advocatecdn.com afterscripts.com air-frog33.pw alabamascripts.com aleinvest.xyz alemoney.xyz alfcdn.com allacarts.com allyouwant.online amasty.biz analiticoscdn.com anduansury.com angular.club animalzz921.pw api-googles.com apismanagers.com apissystem.com apitstatus.com assetmage.com assetsbrain.com assetsbraln.com aw-test.com awscan.eu awscan.info awtest.eu baways.com bbypass.pw beforescripts.com bit.wo.tc bm24.biz bm24.info bm24.org bootstrapjs.com braincdn.org brainpayments.com braintcdn.com brainterepayments.com braintform.com braintreepaumenls.com braintreepauments.com braintreepaymenls.com bralntree.com brazersd.top bridge.industries brontocdn.com busnguard.com byte.wo.tc ccheckout.com ccvalidate.com cdn-ch.org cdn-cloud.pw cdn-imgcloud.com cdn-js-42.com cdn-js.link cdnanalytics.net cdnapis.com cdnassels.com cdnbronto.com cdnbronto.info cdngoogle.com cdnmage.com cdnpayment.com cdnppay.com cdnrfv.com cdnscriptx.com cdnwhiltelist.com cellubiue.com cellublue.info checkercarts.com ciscostats.com citwinery.com citywiners.com cl0udfiare.com cloud-jquery.com cloud-jquery.net cloud-jquery.org cloud-privacy.com cloud-update.top cloud-wp.org cloudfusion.me cloudmetric-analytics.com cloudservice.tw cloudtrusted.org cmytuok.top codesmagento.com configmage.com configsysrc.com configsysrc.info connectbootstrap.com controlmage.com crtteo.com d0ubletraffic.com directvapar.com directvaporonline.com directvaporus.com directvaprr.com dmaxjs.com dnsden.biz dobellonline.com docstart.su doublecllck.com drberg.online drberg.store duserjs.com ebitbr.com ebizmart.biz encoderform.com encrypterforms.com encryptforms.com exrpesso.org facebookfollow.com fastlscripts.com fbcommerse.com fbprotector.com fellsogood43.pw font-assets.com frameuserstat.com frashjs.com friend4cdn.com g-analytics.com gamacdn.com ganalytlcs.com gitformage.com gitformlife.com gitmage.com googieapls.com googiecloud.com googieservlce.com google-anaiytic.com google-analytisc.su googleprotectionshop.com googletagmanager.eu googletagnamager.com googlitagmanager.com googletrackmanager.com gooqleadvstat.com gooqlemgrteg.com govfree.pw gstatlcs.com gtagaffilate.com icon-base.biz info-js.link infopromo.biz informaer.com informaer.net informaer.org informaer.ws infostat.pw inst-js.su installw.com internalvaporgroup.com invisiblename.com invisiblename.pro invisiblename.pw ip.5uu8.com javascloud.com javascripts-system.com jcloudcdn.com jquery-cdn.top jquery-cdnlib.com jquery-cloud.net jquery-cloud.org jquery-code.su jquery-css.su jquery-js.com jquery-js.link jquery-libs.su jquery-main.su jquery-min.su jquery-stats.com jquery-validation.org jquery-web.com jquery.su jquerycdnlibrary.com jquerycodemagento.com jqueryextd.us jqueryexts.us jquerystatic.com jquerystorage.com js-abuse.link js-abuse.su js-cdn.link js-cloud.com js-cloudhost.com js-link.su js-magic.link js-mod.su js-react.com js-save.link js-save.su js-start.su js-stat.su js-stats.click js-stats.xyz js-storage.click js-sucuri.link js-syst.su js-top.link js-top.su jscontroller.stream jscript-cdn.com jscripts-cloud.com jscriptscloud.com jsdellvr.com jsecurely.com jsecuri.com jsmagento.com jspoi.com jsreload.pw kennedyform.com kissmetrik.com link-js.link link-js.su listrakb.com locateooo.com logisticusa.biz lolfree.pw m24js.com mage-cdn.link mage-js.link mage-js.su mage-storage.pw magecompas.com mageconfig.com magejavascripts.com magely.info magemarts.com magento-analytics.com magento-cdn.top magento-connection.com magento.name magento.ontools.net magentocore.net magentopatchupdate.com mageonline.net magescripts.info magescripts.pw magesecurely.com magesecuritys.com magesources.com magestops.com map-js.link market-stats.com maskforms.com maxijs.com mcloudjs.com mdelivry.com mediageting.com megalith-games.com minifyscripts.com minpays.com mipss.su mjs24.com mod-js.su mod-sj.link monenate.net monerate.net monestate.net msecurely.com msn-analytics.com my-braintree.com myageverify.com mycloudtrusted.com mytokeasn2s.ru netmg-cdn.com neweggstats.com newrellc.com nodejsapi.net nodejscript.net nykoa.in oh-polly.com ohpoliy.com oklahomjs.com oltratoke.ru onlineclouds.cloud onlinereserchstatistics.online onlineshopsecurity.com onlinestatus.site optimizly.info order-security.com orealjs.com pass-js.click paymentnow.tk paymentpal.cf paymentsystem.info paypallobjects.com privacyform.com privatejs.com privatixjs.com qpstasis.com qsxjs.com realtrustsafe.com receiverinformation.com requestnet.tk resselerratings.com rlteaid.com routingzen.com s3-us-west.com safeprivatcy.com safeyouform.com sagecdn.org sainester.com samescripts.com samexsame.com saveyoujs.com scriptb.com scriptsform.com scriptsfyou.com scriptsjzone.com securecloudtrusted.com secureqbrowser.com securipayment.com security-mage.com secury-checkout.com shelljs.com shop-analytics.net simcounter.com simpiehuman.com sistem-js.su siteverification.online siteverification.site sj-mod.link sj-syst.link slickjs.org slripe.com smart-js.link specjs.com sportys.store sslbrainform.com sslpayform.com sslvalidator.com stat-sj.link statdd.su statesales.info statistic-info.me statsdot.eu stecker.su stek-js.link storemagento.info storentrust.com stormnguard.com strapform.com sucuri-cloud.com sucuri-js.com supporttech281012.tk syst-sj.link system-backup.biz tcsupport241012.tk termlifelearned.us thatispersonal.com theresevit.com top-sj.link top5value.com track-js.link track-magento.com tracker-visitors.com trafficanalyzer.biz traskedlink.com truefree.pw trustd.biz typejsx.com typekit.website typekitcloud.com typeklt.com uorineall.info upgradenstore.com ups-broker.org userinfos.com userinfos.info userlandform.com userlandpay.com uslogisticexpress.com valdatecode.com validatenyou.com validateyourinfo.com validatorcc.com vamberlo.com verifiedjs.com verpayment.com verpayments.com vmaxjs.com voodoo4tactical.com vuserjs.com web-info.me web-rank.cc web-rank.pw web-stat.biz web-stat.me web-stats.cc web-stats.pw webfotce.me webrank.ws webstat-info.ws webstat.cc webstatistic.me webstatistic.pw webstatistic.tech webstatistic.ws webstats.me webstatvisit.com whitelistjs.com wix-cloud.com wpconnect.org wpserve.org ww1-filecloud.com x-magesecurity.com xmageform.com xmageinfo.com xmagejs.com xmagesecurity.com xn--google-analytcs-xpb.com xn--gstatc-7va.com youpayme.info zendesk-chart.com zonejs.com zs.mk # Reference: https://twitter.com/xuy1202/status/1232162075285147648 ns-scripts.com # Reference: https://twitter.com/gwillem/status/1232246887367028737 # Reference: https://www.virustotal.com/gui/domain/cloudmgrtracker.com/detection cloudmgrtracker.com # Reference: https://twitter.com/MBThreatIntel/status/1232404872999231488 pluginmagento.net # Reference: https://twitter.com/xuy1202/status/1232581248083582976 data-safeguard.com # Reference: https://twitter.com/MBThreatIntel/status/1232726202281889793 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/ cdn-mediafiles.org cdn-sources.org d68344fb.ngrok.io # Reference: https://sansec.io/labs/2020/02/25/longest-skimming-operation-yet/ aleopeople.info bizlawyer.org contentequare.com cquotinent.com jackhemmingway.com joyjewell.com installerr.pw installerr.site pizdasniff.site qitcdn.net securedcdn.net thefei.com vk-a6t5h7f3k.site /5d507d3e6fdc7.js /5d55d10058c9d.js /5d570bebe00ed.js # Reference: https://twitter.com/felixaime/status/1234111603831910400 webscriptly.com # Reference: https://twitter.com/felixaime/status/1224257587555770368 jquerytxtplugin.com # Reference: https://twitter.com/unmaskparasites/status/1234536106953146369 http://163.172.136.230 # Reference: https://twitter.com/unmaskparasites/status/1234917686242619393 # Reference: https://www.virustotal.com/gui/ip-address/83.166.248.67/relations autocapital.pw http.ps xxx-club.pw y5.ms # Reference: https://twitter.com/felixaime/status/1235131517908570113 # Reference: https://www.virustotal.com/gui/ip-address/185.181.164.216/relations # Reference: https://www.virustotal.com/gui/ip-address/47.56.114.152/relations # Reference: https://www.virustotal.com/gui/domain/wp-includ.com/relations # Reference: https://twitter.com/500mk500/status/1235330678700548098 reportgns.com sucuritester.com wp-includ.com # Reference: https://web.misker.me/blog/malware/2020/03/04/Raindrop-PoppedShop.html # Reference: https://www.virustotal.com/gui/domain/googletagmanagrapis.com/detection googletagmanagrapis.com # Reference: https://twitter.com/felixaime/status/1236201312842326016 savemoneyoffice.com/js/varien/print.js # Reference: https://twitter.com/felixaime/status/1236321303902269441 imprintcenter.com/js/embed.min.js imprintcenter.com/js/flash/ # Reference: https://twitter.com/jeromesegura/status/1121811483195633670 # Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/ jquerylol.ru # Reference: https://twitter.com/rootprivilege/status/1233065094965125120 # Reference: https://pastebin.com/4seW3Aya neuro-programmer.de/e.php neuro-programmer.de/test.php # Reference: https://twitter.com/fletchsec/status/1175180643514355713 kursy.atas.pl/templates/system/html/data/red.php # Reference: https://www.virustotal.com/gui/ip-address/181.214.86.150/relations get-js.com marketplace-magento.net # Reference: https://twitter.com/d09r_/status/1238302755032166400 # Reference: https://www.virustotal.com/gui/ip-address/178.33.71.232/relations # Reference: https://www.virustotal.com/gui/domain/theresevit.com/relations jsvault.net linkedtop.com scriptopia.net # Reference: https://twitter.com/ydklijnsma/status/1232727444962107392 google-anallytic.com google--analytics.com google-analyitics.com google-anolytics.com # Reference: https://twitter.com/AffableKraut/status/1207664349634011137 bizrateservices.com j-queries.com teamsystems.info towbarchat.com twinkhelp.com # Reference: https://twitter.com/AffableKraut/status/1169489081568497664 gmagea.com # Reference: https://twitter.com/AffableKraut/status/1169458435290804225 genidaff.com strchckr.com tfalseacc.com tryuseracc.com vaccss.com # Reference: https://twitter.com/AffableKraut/status/1169458426344333312 htjar.com # Reference: https://twitter.com/AffableKraut/status/1166223620886208513 shellsn.ru # Reference: https://twitter.com/AffableKraut/status/1159677725994622976 jquery.in.ua # Reference: https://twitter.com/AffableKraut/status/1133599840544468992 jqueryes.com # Reference: https://twitter.com/MBThreatIntel/status/1238537326956933121 cookiepro.cloud # Reference: https://www.riskiq.com/blog/labs/magecart-nutribullet/ # Reference: https://otx.alienvault.com/pulse/5e72332db0bfef80752cec40 amerisleep.github.io 3lift.org abtasty.net adaptivecss.org adorebeauty.org all-about-sneakers.org ar500arnor.com authorizecdn.com bannerbuzz.info battery-force.org batterynart.com blackriverimaging.org braincdn.org btosports.net cdnassels.com cdnmage.com chicksaddlery.net childsplayclothing.org christohperward.org citywlnery.org closetlondon.org cmytuok.top coffemokko.com coffetea.org configsysrc.info dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org energytea.org etradesupply.org exrpesso.org foodandcot.com freshchat.info freshdepor.com greatfurnituretradingco.org info-js.link jewsondirect.com js-cloud.com kandypens.net kik-vape.org labbe.biz lamoodbighats.net link-js.link livechatinc.org londontea.net mage-checkout.org magejavascripts.com magescripts.pw magesecuritys.com majsurplus.com map-js.link mcloudjs.com mechat.info melbounestorm.com misshaus.org mylrendyphone.com mypiltow.com nililotan.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su prodealscenter.com replacemyremote.org sagecdn.org scriptoscript.com security-payment.su shop-rnib.org slickjs.org slickmin.com smart-js.link swappastore.com teacoffe.net top5value.com track-js.link ukcoffe.com verywellfitnesse.com walletgear.org webanalyzer.net zapaljs.com zoplm.com # Reference: https://twitter.com/felixaime/status/1241765974929530884 googletagmanage.com # Reference: https://twitter.com/MBThreatIntel/status/1241837000564428800 sucurl.net # Reference: https://www.virustotal.com/gui/domain/sucuri.pro/relations sucuri.pro # Reference: https://twitter.com/MBThreatIntel/status/1242538048044150784 # Reference: https://www.virustotal.com/gui/domain/allegrolearnings.com/relations allegrolearnings.com/blogs/media/embed.min.js allegrolearnings.com/blogs/media/common.js # Reference: https://www.virustotal.com/gui/ip-address/161.117.236.58/relations jquerrycdn.xyz # Reference: https://twitter.com/d09r_/status/1242845745218228224 # Reference: https://twitter.com/securityaffairs/status/1242873730235277313 # Reference: https://securityaffairs.co/wordpress/100449/hacking/tupperware-site-hacked.html # Reference: https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/ deskofhelp.com # Reference: https://twitter.com/felixaime/status/1243083359212969984 gocgle-analytics.com # Reference: https://twitter.com/felixaime/status/1243561946982625284 oldworldaccents.net/js/embed.min.js # Reference: https://www.virustotal.com/gui/domain/google-analytics.gq/relations google-analytics.gq # Reference: https://twitter.com/felixaime/status/1247414542759575552 google-analytc.com # Reference: https://twitter.com/unmaskparasites/status/1247886037881196547 # Reference: https://blog.sucuri.net/2020/01/web-swiper-in-image-title.html # Reference: https://www.virustotal.com/gui/domain/intljs.rmtag.net/relations # Reference: https://www.virustotal.com/gui/ip-address/82.202.161.89/relations intljs.rmtag.net pollyfill.com # Reference: https://twitter.com/d09r_/status/1247951999305302016 # Reference: https://www.virustotal.com/gui/ip-address/34.227.50.166/relations # Reference: https://www.virustotal.com/gui/ip-address/54.89.179.241/relations # Reference: https://www.virustotal.com/gui/ip-address/3.83.72.214/relations # Reference: https://www.virustotal.com/gui/ip-address/52.1.206.175/relations # Reference: https://www.virustotal.com/gui/ip-address/3.84.27.209/relations 3alesforce.com 4esla.services 4eslamotors.com 7indowsupdate.com 7ootric.com adn-apple.com akalai.net ap0see.com app3ee.com appqee.com appsae.com appsue.com aprsee.com apxsee.com arpsee.com atpsee.com bdn-apple.com calesforce.com cdf-apple.com cdj-apple.com cdl-apple.com cdn-a0ple.com cdn-ap0le.com cdn-appde.com cdn-apphe.com cdn-appla.com cdn-appld.com cdn-applg.com cdn-applm.com cdn-applu.com cdn-appme.com cdn-appne.com cdn-apqle.com cdn-aprle.com cdn-aptle.com cdn-apxle.com cdn-aqple.com cdn-arple.com cdn-atple.com cdn-axple.com cdn-cpple.com cdn-epple.com cdn-ipple.com cdn-qpple.com cdnmapple.com cdo-apple.com cen-apple.com cfn-apple.com clack-msgs.com cln-apple.com coogleanalytics.com coogleusercontent.com cppsee.com ctn-apple.com deslamotors.com eicrosoftonline.com eixpanel.com eoogleanalytics.com eoogleusercontent.com eropbox.com fgxnews.com fo8news.com fohnews.com foogleanalytics.com fopnews.com foxlews.com foxne7s.com foxneus.com foxnew3.com foxoews.com foynews.com fpnjs.com gdn-apple.com ggogleanalytics.com ggogletagmanager.com ggogleusercontent.com gindowsupdate.com gkogleanalytics.com gkogleusercontent.com gmogleanalytics.com gmogletagmanager.com gmogleusercontent.com gnogleanalytics.com gnogletagmanager.com gnogleusercontent.com goggletagmanager.com goggleusercontent.com gokgleanalytics.com gokgletagmanager.com gokgleusercontent.com gomgleanalytics.com gongleanalytics.com gongletagmanager.com gongleusercontent.com goocleanalytics.com goocletagmanager.com goocleusercontent.com gooeleanalytics.com gooeleusercontent.com goofleanalytics.com goofletagmanager.com googdeanalytics.com googdetagmanager.com googheanalytics.com googhetagmanager.com googheusercontent.com googlaanalytics.com googlatagmanager.com googlausercontent.com googldanalytics.com googldtagmanager.com googldusercontent.com google4agmanager.com google5sercontent.com googleafalytics.com googleajalytics.com googlealalytics.com googleanadytics.com googleanahytics.com googleanal9tics.com googleanalqtics.com googleanalxtics.com googleanaly4ics.com googleanalydics.com googleanalypics.com googleanalytacs.com googleanalythcs.com googleanalytias.com googleanalytibs.com googleanalytic3.com googleanalyticc.com googleanalyticq.com googleanalyticr.com googleanalyticw.com googleanalytigs.com googleanalytiks.com googleanalytiss.com googleanalytkcs.com googleanalytmcs.com googleanalytycs.com googleanalyuics.com googleanalyvics.com googleanamytics.com googleananytics.com googleanclytics.com googleanelytics.com googleanilytics.com googleanqlytics.com googleaoalytics.com googlecnalytics.com googledagmanager.com googleenalytics.com googleesercontent.com googleinalytics.com googlepagmanager.com googleqnalytics.com googleqsercontent.com googletacmanager.com googletaemanager.com googletag-anager.com googletageanager.com googletagianager.com googletaglanager.com googletagmafager.com googletagmajager.com googletagmalager.com googletagmanacer.com googletagmanaeer.com googletagmanafer.com googletagmanagar.com googletagmanagdr.com googletagmanage2.com googletagmanageapi.com googletagmanageb.com googletagmanagep.com googletagmanages.com googletagmanagev.com googletagmanagez.com googletagmanaggr.com googletagmanagmr.com googletagmanagris.com googletagmanagrs.com googletagmanagrsapi.com googletagmanagur.com googletagmanaoer.com googletagmanawer.com googletagmancger.com googletagmaneger.com googletagmaniger.com googletagmanqger.com googletagmaoager.com googletagmcnager.com googletagminager.com googletagmqnager.com googletagoanager.com googletaomanager.com googletawmanager.com googletcgmanager.com googletigmanager.com googletqgmanager.com googletsercontent.com googleu3ercontent.com googleuagmanager.com googleucercontent.com googleuqercontent.com googleurercontent.com googleusarcontent.com googleusdrcontent.com googleuse2content.com googleusebcontent.com googleusepcontent.com googleuseraontent.com googleuserbontent.com googleusercgntent.com googleuserckntent.com googleusercmntent.com googleusercnntent.com googleusercoftent.com googleusercojtent.com googleusercoltent.com googleusercon4ent.com googleusercondent.com googleuserconpent.com googleusercontant.com googleusercontdnt.com googleuserconteft.com googleusercontejt.com googleusercontelt.com googleuserconten4.com googleusercontend.com googleusercontenp.com googleusercontenu.com googleusercontenv.com googleuserconteot.com googleusercontgnt.com googleusercontmnt.com googleusercontunt.com googleuserconuent.com googleuserconvent.com googleusercootent.com googleusergontent.com googleusersontent.com googleusescontent.com googleusevcontent.com googleusgrcontent.com googleusmrcontent.com googleusurcontent.com googlevagmanager.com googlewsercontent.com googlganalytics.com googlgtagmanager.com googlgusercontent.com googlmanalytics.com googlmtagmanager.com googluanalytics.com googlutagmanager.com googluusercontent.com googmeanalytics.com googmetagmanager.com googmeusercontent.com googneanalytics.com goognetagmanager.com googneusercontent.com goooleanalytics.com goooletagmanager.com gootric.com goowleanalytics.com goowletagmanager.com goowleusercontent.com hocalytics.com iicrosoftonline.com iixpanel.com ippsee.com jpnjs.com ka3persky.com kaqpersky.com kaspepsky.com kasperqky.com kaspersk9.com kasperskq.com kaspessky.com kaspezsky.com kaspgrsky.com kaspmrsky.com kaspursky.com kastersky.com kasxersky.com kcspersky.com kdn-apple.com lgcalytics.com licrosoftonline.com lmcalytics.com lncalytics.com loaalytics.com locadytics.com locahytics.com localqtics.com localy4ics.com localydics.com localytacs.com localythcs.com localytias.com localytibs.com localytic3.com localyticc.com localyticw.com localytigs.com localytiks.com localytiss.com localytkcs.com localytmcs.com localytycs.com localyuics.com localyvics.com locamytics.com locanytics.com locclytics.com locelytics.com locqlytics.com lokalytics.com lpnjs.com mhxpanel.com mi8panel.com mibrosoftonline.com micposoftonline.com micrgsoftonline.com micrksoftonline.com microqoftonline.com microskftonline.com microsmftonline.com microsnftonline.com microsobtonline.com microsof4online.com microsofdonline.com microsoftgnline.com microsoftknline.com microsoftnnline.com microsoftofline.com microsoftojline.com microsoftolline.com microsoftonhine.com microsoftonlane.com microsoftonlhne.com microsoftonlife.com microsoftonlije.com microsoftonlile.com microsoftonlina.com microsoftonlind.com microsoftonling.com microsoftonlinu.com microsoftonlioe.com microsoftonlkne.com microsoftonlmne.com microsoftonmine.com microsoftonnine.com microsoftooline.com microsofuonline.com microsofvonline.com microsovtonline.com micsosoftonline.com micvosoftonline.com miczosoftonline.com mihpanel.com mippanel.com mix0anel.com mixpalel.com mixpanal.com mixpandl.com mixpaned.com mixpanem.com mixpanml.com mixpanul.com mixpcnel.com mixpenel.com mixpinel.com mixranel.com mixtanel.com mixxanel.com mkcrosoftonline.com mkxpanel.com mmxpanel.com mocalytics.com myxpanel.com n0njs.com npjjs.com npljs.com npnhs.com npnj3.com npnks.com npnns.com npnzs.com npojs.com nqnjs.com nrnjs.com ntnjs.com nxnjs.com oicrosoftonline.com oixpanel.com ooogleanalytics.com ooogleusercontent.com opnjs.com peslamotors.com qalesforce.com qlack-msgs.com qppsee.com qymantec.com ralesforce.com regment.io rlack-msgs.com rymantec.com s9mantec.com sadesforce.com sahesforce.com saldsforce.com sale3force.com saleqforce.com salesborce.com salesfgrce.com salesfmrce.com salesfnrce.com salesfo2ce.com salesfobce.com salesfopce.com # Reference: https://twitter.com/felixaime/status/1248154035053637632 google-analytcsapi.com # Reference: https://www.perimeterx.com/resources/blog/2020/new-stealth-magecart-attack-bypasses-payment-services-using-iframes/ # Reference: https://www.virustotal.com/gui/ip-address/83.166.250.66/relations braintreegateway24.com braintreegateway24.tech braintreegateway.services # Reference: https://twitter.com/felixaime/status/1250807334676414465 tag-css.icu # Reference: https://twitter.com/MBThreatIntel/status/1252265931088080896 vetality.site # Reference: https://twitter.com/MBThreatIntel/status/1252285343555960833 ducatigrenoble.com/skin/frontend/ves_brave/default/css/bootstrap.php # Reference: https://twitter.com/MBThreatIntel/status/1252338975265546242 clipbutton.com.br/catalog/discount.php tivents.de/media/wysiwyg/paypal4.gif # Reference: https://twitter.com/felixaime/status/1253039202465468419 # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.55/relations # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.62/detection secrityipa.club securityipa.club # Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# Skimmer) # Reference: https://www.virustotal.com/gui/domain/sunrisepromos.com/relations sunrisepromos.com/js/lib/ccard.js # Reference: https://securityaffairs.co/wordpress/98124/cyber-crime/uncovering-new-magecart-implant.html # Reference: https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/ # Reference: https://labs.sucuri.net/web-skimmer-with-a-domain-name-generator-follow-up/ # Reference: https://twitter.com/AffableKraut/status/1257937430709186560 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations ql201000.pw ql201041.pw ql201243.pw ql201456.pw ql201463.pw ql201721.pw ql202141.pw ql202412.pw ql202657.pw ql202989.pw qr201010.pw qr201089.pw qr201161.pw qr201346.pw qr201854.pw qr202004.pw qr202284.pw qr202754.pw qr202844.pw qr202960.pw q(l|r)[0-9]{5,6}\.pw /js/ar/ar906.php /js/ar/ar2497.php /js/ar/ar7938.php # Reference: https://blog.sucuri.net/2020/04/web-skimmer-with-a-domain-name-generator.html gooogletagmanager.online # Reference: https://twitter.com/Bank_Security/status/1258130762685186048 # Reference: https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/ # Reference: https://www.virustotal.com/gui/ip-address/83.166.242.105/relations myicons.net psas.pw # Reference: https://twitter.com/felixaime/status/1258800483524804608 jquerycdn.at # Reference: https://twitter.com/felixaime/status/1258834331163922432 jquerye.at # Reference: https://twitter.com/felixaime/status/1260822992180973572 cdnjustuno.icu manag.icu targetad.icu # Reference: https://twitter.com/felixaime/status/1260827294723170304 tags-app.icu tags-bootstrap.icu # Reference: https://twitter.com/MBThreatIntel/status/1269400469845061632 tagapp.icu # Reference: https://twitter.com/AffableKraut/status/1261157021027622912 # Reference: https://gist.github.com/krautface/c2f2d6d0c4516afc47efcbe17e561e0c priangan.com/wp-content/languages/blogid/ # Reference: https://twitter.com/tosscoinwitcher/status/1261353530465456128 # Reference: https://twitter.com/500mk500/status/1261361366339903488 # Reference: https://www.virustotal.com/gui/domain/googletagmanagr.com/detection googletagmanagr.com # Reference: https://twitter.com/MBThreatIntel/status/1262893385448210434 magentorates.com # Reference: https://twitter.com/MBThreatIntel/status/1263850035382378497 # Reference: https://twitter.com/500mk500/status/1263861204327505928 # Reference: https://twitter.com/d09r_/status/1263864711847620609 # Reference: https://www.virustotal.com/gui/ip-address/5.188.62.173/relations # Reference: https://www.virustotal.com/gui/ip-address/176.123.6.37/relations padmin.xyz hostssl.uno hostssl.xyz shopssl.xyz idtransfer.icu # Reference: https://twitter.com/MBThreatIntel/status/1263876741094727680 # Reference: https://www.virustotal.com/gui/ip-address/23.106.215.85/relations cdncontentserver.com onlineimageservices.com # Reference: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/ gocgle-analytics.cm gocgle-analytics.net gocgletagmanager.cm gocgletagmanager.com # Reference: https://www.virustotal.com/gui/ip-address/194.180.224.112/relations authcrize.net gcogle-analytics.com gocgle-analytics.net gooqle-analytics.com gooqle-analytics.net secure-authorize.net wanalytic.is # Reference: https://twitter.com/felixaime/status/1264124350883602432 # Reference: https://www.virustotal.com/gui/ip-address/161.35.202.72/relations cdndoubleclick.net # Reference: https://twitter.com/felixaime/status/1264567401380753409 cdn-contentstore.com cdn-sources.com # Reference: https://twitter.com/AffableKraut/status/1265349583925841922 ads-fbstatistic.com # Reference: https://twitter.com/felixaime/status/1265175178532831237 livechatcdn.com # Reference: https://twitter.com/felixaime/status/1265176411322499072 cloudfrontapi.com cloudfrontapi.net # Reference: https://twitter.com/MBThreatIntel/status/1266397492658098176 s3.amazonaws.com/content.zipboss.com/code/zipboss.dev.js # Reference: https://twitter.com/felixaime/status/1267045708932222976 apibazaarvoice.com # Reference: https://twitter.com/benkow_/status/1267034595758833667 http://89.82.251.136/counter/index.php # Reference: https://twitter.com/felixaime/status/1267095794571792384 http://45.197.141.250/analytics.php happykid.in/image/catalog/d_blog_module/review/jjs.js # Reference: https://twitter.com/eclipsepicards/status/1268240487233867778 platinumus.top # Reference: https://twitter.com/MBThreatIntel/status/1267874481113989121 googleapifs.space # Reference: https://twitter.com/felixaime/status/1267729483987062786 ssecurapi.club # Reference: https://twitter.com/MBThreatIntel/status/1268340229347270657 jquerylib.at # Reference: https://twitter.com/MBThreatIntel/status/1268982125543387136 cdnn-aws.com # Reference: https://twitter.com/unmaskparasites/status/1269005294325108738 hits-cache.com # Reference: https://blog.sucuri.net/2020/06/evasion-tactics-in-hybrid-credit-card-skimmers.html # Reference: https://www.virustotal.com/gui/ip-address/185.110.132.220/relations http://185.110.132.220 jshost.org # Reference: https://twitter.com/prsecurity_/status/1269843378088247296 http://185.4.65.69 http://185.4.65.72 http://185.4.66.82 http://37.252.0.91 http://37.252.0.115 http://37.252.0.150 http://37.252.0.149 http://37.252.0.196 http://37.252.0.199 http://5.45.80.46 http://5.45.82.166 http://5.45.82.189 http://5.45.83.202 http://5.45.83.223 # Reference: https://twitter.com/unmaskparasites/status/1270064808864419841 # Reference: https://www.virustotal.com/gui/ip-address/54.38.49.244/relations jsassets.net payprocessor.net # Reference: https://twitter.com/MBThreatIntel/status/1270150196333142016 locol.site # Reference: https://twitter.com/JWilsonSecurity/status/1270087185795026944 t.obet.us/gagal/log.php # Reference: https://twitter.com/MBThreatIntel/status/1270861231776137218 # Reference: https://twitter.com/MBThreatIntel/status/1279128778543783936 # Reference: https://twitter.com/500mk500/status/1270945615812460544 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.189/relations bootstrapmag.com chatajax.com google-adware.com jquery-apl.com jqueryalert.com jqueryapiscript.com magento-info.com magento-stores.com magento-updater.com security-magento.com securityscr.com w3schooli.com wordpress-scripts.com # Reference: https://twitter.com/felixaime/status/1271061780849209344 # Reference: https://www.virustotal.com/gui/ip-address/193.32.161.74/relations cdnxmljquerybucket.com jqueryapichecker.com tagmanagercdn.com tagmanagerxmlraw.com xmljqueryscoring.com xmlrawdataresponse.com # Reference: https://securityaffairs.co/wordpress/104776/hacking/claires-magecart-attack.html claires-assets.com # Reference: https://twitter.com/felixaime/status/1263818626114740224 # Reference: https://twitter.com/MBThreatIntel/status/1272679759126777857 # Reference: https://www.virustotal.com/gui/ip-address/185.217.92.149/relations jquerystats.com salesstatistic.com scriptstatistic.com # Reference: https://twitter.com/benkow_/status/1273214642458853376 reddotarms.com/js/infortis/jquery/jquery-1.7.2.min.js # Reference: https://twitter.com/benkow_/status/1273219665582579713 visaandpassportagency.com/js/prototype/prototype.js # Reference: https://twitter.com/felixaime/status/1273221200886587392 magento-api.icu magentolink.icu bootstrap-fronts.icu bootstrap-jquery.icu cloud-fronts.icu bootstrap-jquery.host magento-api.host cloud-fronts.host magentolink.host jqueryjs.host # Reference: https://twitter.com/MBThreatIntel/status/1273733879526903808 # Reference: https://www.virustotal.com/gui/ip-address/185.92.148.128/relations cddn.site lebs.site # Reference: https://securelist.com/web-skimming-with-google-analytics/97414/ google-anatytics.com google-analytics-js.com # Reference: https://www.virustotal.com/gui/ip-address/84.38.182.177/relations mstracking.link paypalapiobjects.com # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.50/relations googleapimanager.com # Reference: https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/ ads-fbstatistic.com apilivechat.com bestcdnforbusiness.com bizrateservices.com cddn.site cxizi.net j-queries.com jquery-analitycs.com jqueryanalise.xyz koinweb.site lebs.site magentorates.com pixasbay.com sonol.site teamsystems.info towbarchat.com undecoveria.com webtrans.site wosus.site xciy.net xoet.site yxxi.net yzxi.net # Reference: https://twitter.com/MBThreatIntel/status/1279651033883439105 kttape.com/pub/static/frontend/Plumtree/kttapeb2b/en_US/mage/mail.js # Reference: https://twitter.com/MBThreatIntel/status/1279523525192081408 cloud-flares.host # Reference: https://twitter.com/wwp96/status/1279551267698888704 jquerycloud.host # Reference: https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/ # Reference: https://twitter.com/MBThreatIntel/status/1280180299112919041 # Reference: https://www.virustotal.com/gui/ip-address/31.220.60.108/relations cdn-xhr.com hivnd.net hixrq.net idpcdn-cloud.com joblly.com rackxhr.com thxrq.com # Reference: https://twitter.com/unmaskparasites/status/1280569151833223168 cdn-google-analytics.com # Reference: https://twitter.com/p5yb34m/status/1111707577685991424 givemejs.cc # Reference: https://twitter.com/jeromesegura/status/1121811483195633670 # Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/ /mage/master/mage.js # Reference: https://www.symantec.com/security-center/writeup/2018-092007-1208-99 (JSCoffe domains) beachyripe.com energycoffe.org energytea.org lightbulbs-direct.org teacoffe.net ukcoffe.com # Reference: https://blog.sucuri.net/2018/12/localization-and-customization-of-credit-card-stealing-malware.html kinfirighbetted.host sales4reason.com greatwebstat.com # Reference: https://www.helpnetsecurity.com/2020/07/08/magecart-group-8/ # Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-A-3.pdf # Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-B-1.pdf adaptivecss.org adorebeauty.org anduansury.com ankese.com assethomify.com assetstorage.net blackriverimaging.org braincdn.org citywlnery.org closetlondon.org coffemokko.com coffetea.org dahlie.org davidsfootwear.org dobell.su elegrina.com energycoffe.org etradesupply.org exrpesso.org fileskeeper.org foodandcot.com freshchat.info freshdepor.com frocklay.com hqassets.com info-js.link jewsondirect.com js-storage.click jsvault.net labbe.biz link-js.link londontea.net mage-checkout.org majsurplus.com map-js.link mechat.info misshaus.org oakandfort.org ottocap.org parks.su paypaypay.org pmtonline.su replacemyremote.org safeprocessor.com sagecdn.org sainester.com scriptdesire.com scriptsparadise.com scriptvault.org security-payment.su shourve.com slickjs.org smart-js.link stairany.com swappastore.com teacoffe.net theresevit.com top5value.com track-js.link ukcoffe.com uthorizecdn.com verywellfitnesse.com walletgear.org weblibscdn.com # Reference: https://twitter.com/unmaskparasites/status/1283084460519456771 cdnlistrakbi.com # Reference: https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html # Reference: https://www.virustotal.com/gui/ip-address/8.208.19.101/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.77.10/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.99.41/relations analytics-core.com analytics-ssl.com fonts-googlemaps.com fonts-gstatic.com fontsgoogle-apis.com fontsgoogleapis.com google-conf.com google-console.com google-core.com google-sert.com /app/design/frontend/Magento/luma/media/mage.png /pub/media/downloadable/mage.png # Reference: https://twitter.com/felixaime/status/1287408636164284419 cdn-filestorm.com cloud-sources.com # Reference: https://twitter.com/500mk500/status/1288482532774891521 # Reference: https://www.virustotal.com/gui/ip-address/8.211.36.239/relations # Reference: https://www.virustotal.com/gui/domain/rooplancdn.com/detection rooplancdn.com # Reference: https://twitter.com/felixaime/status/1288604510802325509 shopify-sales.com # Reference: https://twitter.com/felixaime/status/1288601153400446976 # Reference: https://www.virustotal.com/gui/ip-address/47.88.14.111/relations # Reference: https://www.virustotal.com/gui/ip-address/5.101.50.134/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.84.18/relations # Reference: https://twitter.com/felixaime/status/1301090258671542272 adw-gooqle.com blog-mage.com cailpercovers.com cheeseceke.com cioubfiare.com claristokp.top clickstrackings.com cloubfiare.com cloudflaea.com cloudfliare.com googie-seo.com google-ahatytics.com google-anatytics.com google-ssm.com gooqieapis.com jquery-doc.com jquery-magento.com jqueryupdate.com magenlo.com magento-update.com marketing-yahoo.com optimized-js.com path-magento.com script-magento.com sucuil.net tag-managers.com up-tracking.com # Reference: https://twitter.com/unmaskparasites/status/1288922935240077313 http://31.214.157.134/in.php /setup/performance-toolkit/files/search_terms.php # Reference: https://twitter.com/AffableKraut/status/1290031871670104066 # Reference: https://twitter.com/AffableKraut/status/1290031876892057600 # Reference: https://www.virustotal.com/gui/ip-address/37.252.5.111/relations # Reference: https://gist.github.com/krautface/b65cb1e717038f000d4d9dfd860830ea cdn-adsense.com # Reference: https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/ # Reference: https://otx.alienvault.com/pulse/5f2c453b5b063dda49dd855f # Reference: https://www.virustotal.com/gui/ip-address/51.83.209.11/relations cigarpaqe.com fleldsupply.com pushcrew.pw winqsupply.com zoplm.com # Reference: https://twitter.com/felixaime/status/1292567951762231299 cdncom.site # Reference: https://twitter.com/AffableKraut/status/1293104085835689984 # Reference: https://www.virustotal.com/gui/domain/googapi.com/detection googapi.com # Reference: https://twitter.com/felixaime/status/1295796245588512768 payprocessor.net # Reference: https://twitter.com/felixaime/status/1295800211416190976 # Reference: https://www.virustotal.com/gui/ip-address/188.209.49.71/relations clipboardplugin.com devtoolsforweb.com variousscripts.com topcc.biz topcc.pw topcc.store topcc.su # Reference: https://twitter.com/unmaskparasites/status/1295816804133199878 # Reference: https://twitter.com/AffableKraut/status/1295817245017493507 amastybootstrap.host amastybootstrap.online amastybootstrap.store bootstrapcd.host bootstrapcd.online bootstrapcss.host bootstrapcss.online cdnbootstrap.host cdnbootstrap.store dbbootstrap.online # Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations cdn-jquerystatic.ddns.net static-jquery.sytes.net # Reference: https://www.virustotal.com/gui/ip-address/91.211.247.69/relations cvv2.name # Reference: https://www.virustotal.com/gui/ip-address/47.241.7.41/relations acloudsapi.com securebnp-server.com securebnp1-update.com secureing-update.com # Reference: https://twitter.com/JCyberSec_/status/1298929497354448901 gaminpit.com # Reference: https://twitter.com/MBThreatIntel/status/1299380573966802944 # Reference: https://www.virustotal.com/gui/ip-address/108.62.12.46/detection content-analytics-server.com # Reference: https://twitter.com/felixaime/status/1300335046029606912 lighting-spot.com/pub/media/js/jscol.min.js lighting-spot.com/pub/media/js/lighting.js # Reference: https://twitter.com/sansecio/status/1304043546970927104 # Reference: https://www.virustotal.com/gui/ip-address/80.78.254.128/relations sansec.biz csp.sansec.biz # Reference: https://twitter.com/sansecio/status/1305041618744086528 # Reference: https://twitter.com/sansecio/status/1305461119314690048 # Reference: https://sansec.io/research/largest-magento-hack-to-date # Reference: https://otx.alienvault.com/pulse/5f5f9a8ba62718db52b64700 # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.152/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.245.32/relations # Reference: https://www.virustotal.com/gui/ip-address/83.166.245.93/relations ajaxcloudflare.com imags.pw mcdnn.me mcdnn.net myicons.net data-id-click.ru divamoda-tds.ru justwe-track.ru # Reference: https://twitter.com/sansecio/status/1306190540963282946 facelook.no/en_US/pixel.js # Reference: https://twitter.com/unmaskparasites/status/1308419144048668672 http://94.158.244.55 # Reference: https://twitter.com/MBThreatIntel/status/1310703704396279808 static-trustpilot.com # Reference: https://twitter.com/felixaime/status/1310835184917458944 # Reference: https://www.virustotal.com/gui/ip-address/161.117.237.217/relations # Reference: https://www.virustotal.com/gui/ip-address/45.14.12.199/relations acdn.space ancdn.site ancdnto.site arcdn.site bcdn.space cacdn.site ccdn.space cdna.site cdna.space cdnc.space cdncom.site cdnd.site cdnd.space cdne.space cdnf.site cdnf.space cdng.site cdnh.site cdni.site cdnj.site cdnm.site cdno.site cdnp.site cdnq.site cdnq.space cdnr.space cdns.space cdnv.site cdnv.space cdnw.space cdnx.space cdnz.site cdnz.space dcdn.space fcdn.space frcdn.site gcdn.space gtacdn.site gtag.site gtage.site gtamanag.site gtcdn.site gtgcdn.site gtmcdn.site hcdn.space icdn.space jcdn.space kcdn.space ncdn.space ocdn.space qcdn.space tcdn.space usacdn.site uscdn.site wcdn.space xcdn.space zcdn.space # Reference: https://twitter.com/felixaime/status/1310840704801951744 jquerycss.online jquerycss.space jquerycss.store jquerycss.tech jquerycss.website # Reference: https://twitter.com/JWilsonSecurity/status/1311140720498147334 # Reference: https://www.virustotal.com/gui/domain/ride4speed.com/relations ride4speed.com # Reference: https://twitter.com/AffableKraut/status/1311330609546104832 googleanalytics.monster googleanalytics.buzz google-analytics.monster google-analytics.buzz googletagmanager.cyou google-analytics.icu google-analytics.club googletagmanager.top google-analytics.cyou googleanalytics.top googleanalytics.cyou statanalytic.cyou googleshopanalytic.icu gstatic.cyou gstatic.club # Reference: https://twitter.com/MBThreatIntel/status/1311423125582540802 adsojs.com cdndeskpro.com cdnprog.com faceapiget.com facecdnget.com fbpixelget.com gstaticapi.com keywestcdn.com klaviyo.host lightgetjs.com listrakjs.com mediabtracker.com meidiaplus.com section.ws sectionget.com sumome.net swiftypecdn.org uniquegetapi.com findericons.com/favicon.ico # Reference: https://unit42.paloaltonetworks.com/malicious-coinminers-web-skimmer/ metahtmlhead.com # Reference: https://twitter.com/rootprivilege/status/1311731116345237509 # Reference: https://www.virustotal.com/gui/ip-address/5.135.247.140/relations underscorefw.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.90.81/relations fontsgoogle-api.com googleapis-fonts.com # Reference: https://twitter.com/MBThreatIntel/status/1313137479512276995 # Reference: https://www.virustotal.com/gui/ip-address/188.68.220.49/relations # Reference: https://www.virustotal.com/gui/ip-address/31.184.253.166/relations # Reference: https://www.virustotal.com/gui/ip-address/47.245.128.231/relations # Reference: https://www.virustotal.com/gui/ip-address/47.89.184.107/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.170.245/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.84.162/relations # Reference: https://www.virustotal.com/gui/ip-address/5.53.125.202/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.14.9/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.20.61/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.27.102/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.72.188/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.79.49/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.65.45/relations # Reference: https://www.virustotal.com/gui/ip-address/8.210.68.59/relations # Reference: https://www.virustotal.com/gui/ip-address/79.143.29.164/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.144.26/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.145.190/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.147.241/relations # Reference: https://www.virustotal.com/gui/ip-address/80.249.148.133/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.30.191/relations # Reference: https://www.virustotal.com/gui/ip-address/82.148.31.102/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.233/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.180.84/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.183.160/relations admin-autorization.com bing-analytics.com bing-insert.com bootstrap-java.com cdn-jquery.com checkout-sagepay.com connect-facebook.com google-analytics.top google-anylysis.com google-apic.com google-assistant.com google-checkout.com google-connect.com google-modile.com google-money.com google-payment.com google-query.com google-sale.com google-smart.com google-standard.com google-taq.com google-tasks.com google-worldpay.com jquery-assets.com jquery-assist.com jquery-insert.com jquery-migrate.com live-sagepayment.com pay-sagepay.com pay-u-biz.com payment-sagepay.com payment-worldpay.com paypal-assist.com paypal-debit.com paypal-vendor.com paypal-worldpay.com paypalapiobjects.com payu-biz.com sagepay-live.com sagepay-world.com yahoo-manager.com yahoo-tasks.com # Reference: https://www.virustotal.com/gui/ip-address/47.245.128.230/relations # Reference: https://www.virustotal.com/gui/ip-address/84.38.181.56/relations cdnanalyticss.top google-picaso.com promakerboi.top # Reference: https://twitter.com/AffableKraut/status/1313600312045907973 shopifyst.com # Reference: https://twitter.com/unmaskparasites/status/1313913253035159553 # Reference: https://www.virustotal.com/gui/ip-address/176.123.3.85/relations ay64.club by222.site cyan24.club dynrdns.site googleanalytics.icu idssl.site shopstatanalytics.store statanalytic.site # Reference: https://twitter.com/malwareinfosec/status/1349425176983658497 # Reference: https://www.virustotal.com/gui/ip-address/8.208.102.232/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.24.81/relations facebookapimanager.com tag-manager.net tags-manager.com # Reference: https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/ # Reference: https://www.virustotal.com/gui/ip-address/198.187.31.243/relations # Reference: https://twitter.com/MBThreatIntel/status/1314298615204995072 playbacknows.com # Reference: https://twitter.com/jeromesegura/status/1137087208630833152 jquers.com jqueres.com # Reference: https://twitter.com/Jacob_Pimental/status/1316173250850942977 # Reference: https://twitter.com/Jacob_Pimental/status/1316174498073399296 # Reference: https://www.virustotal.com/gui/ip-address/176.121.14.154/relations dataprocessor.net luhnvalidator.com stairany.com # Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html polobear.shop # Reference: https://twitter.com/marcelmalware/status/1140723183584272386 # Reference: https://www.virustotal.com/gui/domain/jquery.su/relations # Reference: https://www.virustotal.com/gui/ip-address/8.208.97.167/relations certicodeplus.cn cloudflare.su cloudflareplus.com cloudflareplus.net cloudflarepro.info cloudflarepro.name cloudflareshop.com coomperative.com glohtoris.top googleexpert.name googleinfo.name googlemaster.info googlemaster.name googleplus.name googletag.info googletag.name jquery.su jquery24.com jqueryexpert.com jqueryinfo.com jsstroy.com magentoinfo.name magentoinfo.org magentoportal.com magentostore.org mycloudflare.net paypai.xyz procloudflare.com procloudflare.net # Reference: https://www.virustotal.com/gui/ip-address/195.54.167.88/relations alipayservice.top alipaysecurity.top unionpayinternational.services # Reference: https://twitter.com/AffableKraut/status/1325157786032992258 # Reference: https://twitter.com/AffableKraut/status/1325157787291168775 aws-amazon.site freshdesk.space gaming-spirit.xyz gaminpit.com googletagmanager.site gooogletagsmanage.com karovi.best kckaa.com kxotic.me newoldtime.site newoldtime.space riskified.site shipstation.space signifyd.site tiros.xyz # Reference: https://www.virustotal.com/gui/ip-address/47.91.76.198/relations google-site-verification.com googlecloud-verification.com googletags-manager.com jquerydll.com script-analytic.com script-analytics.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.76.69/relations apibaseajax.com reactjsget.com statsaps.com # Reference: https://twitter.com/EKFiddle/status/1326245935559692289 # Reference: https://www.virustotal.com/gui/ip-address/162.241.201.20/relations artichgroup.com # Reference: https://twitter.com/rootprivilege/status/1326231381169512450 # Reference: https://www.virustotal.com/gui/ip-address/194.59.40.37/relations jquerylib-min.com jquerylib-min.net onlinecdn-js.com # Reference: https://www.riskiq.com/resources/research/magecart-ant-and-cockroach-skimmer/ 2binary-education.pw ads2.adverline.com/retargetproduit/partntertag/103754_tag.js alexa-rank.pw batbing.com bgznnfzn.pw checkip.biz consoler.in gnwnprnf.pw niywqcnp.pw pornostyle.pw portal-a.pw portal-b.pw portal-c.pw portal-d.pw portal-e.pw portal-f.pw search-components.pw sexrura.pw tattoopad.pw xnprnfzn.pw # Reference: https://www.virustotal.com/gui/ip-address/185.236.232.88/relations # Reference: https://www.virustotal.com/gui/ip-address/5.44.45.58/relations # Reference: https://otx.alienvault.com/indicator/domain/gtagmanagers.com # Reference: https://urlscan.io/result/fcd59e67-62ae-4d44-904a-51208ed82f3e # Reference: https://hybrid-analysis.com/sample/309d6cd27991b14cffe004ffbf3844dec6e050e2ed1604558627fa3077599032 gtagmanagers.com # Reference: https://securityaffairs.co/wordpress/111009/cyber-crime/sucuri-software-skimmer.html terminal4.veeblehosting.com/~sucurrin/i/gate.php /~sucurrin/ /sucurrin/ # Reference: https://twitter.com/rootprivilege/status/1331766420317773826 zago-store.vn/pub/health_check.php # Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ # Reference: https://twitter.com/AffableKraut/status/1333258524219072515 adsometrick.com apptegmaker.com googletage.com indesiter.com tag-metrix.com tawktalk.com # Reference: https://twitter.com/AffableKraut/status/1334745410750046208 abcanalytics.net adsymptotic.net artestfut.com artfut.net iofrontcloud.com outbrains.net upsellit.io zdassets.net # Reference: https://twitter.com/EKFiddle/status/1334908783894491138 # Reference: https://twitter.com/rootprivilege/status/1335018000227868672 # Reference: https://sansec.io/research/svg-malware budoshop.si/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css budoshop.si/pub/health_check.php myfisherstore.com/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css myfisherstore.com/pub/health_check.php # Reference: https://twitter.com/AffableKraut/status/1335501765031174145 # Reference: https://www.virustotal.com/gui/ip-address/51.89.179.232/relations jquerycdn.net jquerycss.xyz jquerysapi.com js-jquery.com jslibcdn.net # Reference: https://www.group-ib.com/blog/fakesecurity_raccoon (# FakeSecurity) cloud-js.co.za host-js.co.za magento-cloud.co.za magento-js.co.za magento-security.co.za marketplace-magento.co.za marketplacemagento.co.za node-js.co.za payment-js.co.za security-js.co.za web-js.co.za # Reference: https://twitter.com/sansecio/status/1336319799501078529 (# FakeSecurity) # Reference: https://twitter.com/AffableKraut/status/1336342947613306881 bing-statistic.co.za bing-statistic.org.za bing-statistic.web.za cdn-jquery.co.za cdn-jquery.org.za cdn-jquery.web.za cdn-js.co.za cdn-js.org.za cdn-js.web.za chrome.co.za chrome.org.za chrome.web.za font-google.co.za font-google.org.za font-google.web.za g00gle.africa g00gle.co.za g00gle.org.za g00gle.web.za godaddy.co.za godaddy.org.za godaddy.web.za google-script.co.za google-script.org.za google-script.web.za google-scripts.co.za google-scripts.org.za google-scripts.web.za javascript.co.za javascript.org.za javascript.web.za js-google.co.za js-google.org.za js-google.web.za magent0.co.za magent0.org.za magent0.web.za magento-connect.co.za magento-connect.org.za magento-connect.web.za magento-content.co.za magento-content.org.za magento-content.web.za microsoft.co.za microsoft.org.za microsoft.web.za mozilla.co.za mozilla.org.za mozilla.web.za opera.co.za opera.org.za opera.web.za yah00.co.za yah00.org.za yah00.web.za # Reference: https://www.virustotal.com/gui/ip-address/169.239.182.46/relations # Reference: https://twitter.com/AffableKraut/status/1336352752478334977 google-statistic.com google-statistic.net yahoo-statistic.com yahoo-statistic.net # Reference: https://www.virustotal.com/gui/domain/google-statistics.com/relations google-statistics.com # Reference: https://twitter.com/500mk500/status/1336333922213404673 # Reference: https://www.virustotal.com/gui/ip-address/8.208.99.195/relations comepropay54.net # Reference: https://twitter.com/sansecio/status/1336614850047381506 # Reference: https://www.virustotal.com/gui/ip-address/89.108.90.123/relations cloud-iq.net # Reference: https://www.virustotal.com/gui/ip-address/89.108.90.125/relations brandcdn.net # Reference: https://twitter.com/kyleehmke/status/1336694242685702147 google-register.com webspagestat.com # Reference: https://twitter.com/AffableKraut/status/1337485794940956675 # Reference: https://twitter.com/AffableKraut/status/1337491084960739329 # Reference: https://twitter.com/500mk500/status/1337499684370255872 # Reference: https://pastebin.com/Xf4iGu9q adrequest.xyz agrorek.site apiiiiii.com appraisalqpm.com artifacia.store bigdomain.in businesslocationfinder.org cloudfront.pro comebizframe.com evamedia.top evanalitic.com g-content.bid golecode.com gooaglesyndication.com google-stupidix.com googleadservicees.com googleais.com googlecodelibs.com googlesyndicatiofn.com googlesyndiction.com googletagmanag-er.com googlgr.com googlnalytics.com gytmoogletagmanager.com hs-script.com html5update.com javascriptcdn.stream jquerry.online jquerytutorialjs.com jss-mautic.com koobecaf.info mediapays.info ml-api.pw nearsightedraccoon.com polygons.cloud professionalcdn.com raku10shop.net realtracking.ninja removeclickfunnels.com rotate4ads.com seetestnow.com sitespy.in sublytics-5d6fcf0a813fd.com thesqt.online trackedlink.biz visitorhunter.com weathers.pw xhtmls.cc # Reference: https://twitter.com/jfslowik/status/1337465833602203648 centosupdatecdn.com jqery.net # Reference: https://twitter.com/AffableKraut/status/1337682688233398273 googie-analytisc.com google-analytisc.com google-ecommerce.com google-science.com google-trusts.com # Reference: https://www.virustotal.com/gui/domain/google-analysis.com/detection google-analysis.com # Reference: https://twitter.com/gwillem/status/1339895713405280265 # Reference: https://www.virustotal.com/gui/file/2602da2aafea7a632d69654269c923d33d23bb72176bee9b5cd2e602bd3c93c3/detection # Reference: https://www.virustotal.com/gui/file/4321b96d5ee4f89baeca39d24a7808190129b1115d1236297e191c4706444090/detection # Reference: https://www.virustotal.com/gui/file/85b74ceae400d70ab81aa8e0f1412689196e9eead3fc3dbe33df26af7fac33c9/detection # Reference: https://www.virustotal.com/gui/file/89ad715d0c924625fb4af392353e07c97b4e6a23fd65ef845690900e5d3dbb1d/detection hostreselling.com jquerysmartstack.com # Reference: https://community.riskiq.com/article/14924d61 # Reference: https://urlscan.io/search/#jquerycloud.com # Reference: https://www.virustotal.com/gui/ip-address/8.211.0.55/relations jquerycloud.com /js/dovesfarm.js # Reference: https://twitter.com/VK_Intel/status/1162434460731813893 # Reference: https://www.zscaler.com/blogs/security-research/magecart-hits-again-leveraging-compromised-sites-and-newly-registered-domains cloudflara.org googletagmanager-service.com # Reference: https://twitter.com/500mk500/status/1339707412316626945 # Reference: https://www.virustotal.com/gui/ip-address/185.154.13.210/relations # Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations # Reference: https://www.virustotal.com/gui/ip-address/47.254.129.13/relations gstatica.space gstaticc.space gstaticd.space gstatice.space gstaticf.space gstaticq.space gstaticr.space gstatics.space gstaticv.space gstaticw.space gstaticx.space gstaticz.space # Reference: https://twitter.com/rootprivilege/status/1339751739604365312 printcss.host # Reference: https://twitter.com/sansecio/status/1339914201662443520 # Reference: https://www.virustotal.com/gui/ip-address/162.241.222.203/relations hsbc-secures.com hsbcaccts.com hsbcsecuressl.com nmdatast.com ushsbcsecure.com # Reference: https://twitter.com/AffableKraut/status/1340035274450079744 # Reference: https://twitter.com/500mk500/status/1340048171779633153 paymaster-ssl.ru # Reference: https://twitter.com/makflwana/status/1341239469836357633 # Reference: https://www.virustotal.com/gui/ip-address/176.123.7.116/relations googlessl.icu idtransfer.icu idtransfer.me # Reference: https://www.group-ib.com/blog/ultrarank # Reference: https://otx.alienvault.com/pulse/5fe4cb300b0a9b6655a11de1 45.141.84.239:1443 googletagsmanager.co googletagsmanager.info s-panel.su # Reference: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce zg9tywlubmftzw5ldza.com zg9tywlubmftzw5ldze.com zg9tywlubmftzw5ldze0.com zg9tywlubmftzw5ldze1.com zg9tywlubmftzw5ldzew.com zg9tywlubmftzw5ldzex.com zg9tywlubmftzw5ldzey.com zg9tywlubmftzw5ldzez.com zg9tywlubmftzw5ldzg.com zg9tywlubmftzw5ldzi.com zg9tywlubmftzw5ldzk.com zg9tywlubmftzw5ldzm.com zg9tywlubmftzw5ldzq.com zg9tywlubmftzw5ldzu.com zg9tywlubmftzw5ldzy.com # Reference: https://www.virustotal.com/gui/ip-address/47.90.242.121/relations # Reference: https://www.virustotal.com/gui/ip-address/47.91.28.226/relations trustcdnjs.com # Reference: https://www.virustotal.com/gui/ip-address/161.117.89.16/relations # Reference: https://urlscan.io/result/2cbc4a8f-eff1-4ed2-8fcf-09514c612e19/ # Reference: https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/ # Reference: https://urlscan.io/domain/myxintad.com jsglobal.top myxintad.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.89.255/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations connecstaff.com pubmatgic.com # Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations awskit.com awsprog.com keywestapi.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.24.53/relations pixeltrack.top # Reference: https://twitter.com/p0x53/status/1343649574674550784 # Reference: https://www.virustotal.com/gui/ip-address/176.119.1.157/relations amazon-server12-cdn.com amazon-server15-cdn.com # Reference: https://twitter.com/felixaime/status/1343958003905671173 jerrysmusic.com/js/varien/validation.js # Reference: https://twitter.com/marcelmalware/status/1277615543013519362 gtows.com/wp-content/js/var.js # Reference: https://twitter.com/sinnadabueno/status/1344078328278482946 userway-api.com # Reference: https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html java-e-shop.com soulmagic.biz.fozzyhost.com # Reference: https://twitter.com/malwareinfosec/status/1347590799249219584 # Reference: https://www.virustotal.com/gui/ip-address/102.130.115.168/relations cdn-cloud.co.za cdn-jquery.biz cdn-jquery.net cdn-jquery.net.za cdn-jquery.org cdn-jquery.web.za cdn-jquery.org.za cdn-stat.co.za cdn-stat.org.za cdn-stat.web.za cdn-update.co.za # Reference: https://twitter.com/malwareinfosec/status/1347598539589709824 veterinaryconcepts.com/errors/enx.php?data= # Reference: https://twitter.com/500mk500/status/1347687209844027392 # Reference: https://urlscan.io/result/0a34d7a1-aef8-45d3-b71a-71d68d66530b/ # Reference: https://urlscan.io/result/838576c6-7d97-4821-86cd-6d463d21782b/ # Reference: https://www.virustotal.com/gui/ip-address/193.38.54.81/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.4/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.5/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.6/relations # Reference: https://www.virustotal.com/gui/ip-address/45.140.146.7/relations cloudchimp.online cloudchimp.tech mail-chimp.site mailchimp.press printcss.site tagmanager.online tagmanager.site tagmanager.store tagmanager.tech # Reference: https://twitter.com/AffableKraut/status/1260829836198711296 analitic.club felers.club tags-analitic.icu tags-css.icu # Reference: https://twitter.com/AffableKraut/status/1348165316589846532 fbevents.host fbevents.site fbevents.store fbevents.tech # Reference: https://twitter.com/AffableKraut/status/1348525412415107072 # Reference: https://www.virustotal.com/gui/ip-address/45.155.38.3/relations cdn-google-cloudflare.com # Reference: https://twitter.com/AffableKraut/status/1348684891718901762 # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.139/relations # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.153/relations # Reference: https://www.virustotal.com/gui/ip-address/102.130.114.147/relations asp-cloud.org.za google-document.co.za google-js.co.za google-js.org.za google-js.web.za google-network.co.za google-statistic.co.za google-statistic.org google-statistic.org.za google-statistic.web.za jquery.africa jquery.org.za lib-cloud.org.za lib-cloud.web.za mage.org.za mage.web.za magento.web.za node-js.org.za node-js.web.za nodejs.org.za yahoo-statistic.org.za yahoo-statistic.web.za # Reference: https://community.riskiq.com/article/5bea32aa statexplore.com jquery-dll.net # Generic /cdn/ga.php?analytic= /js/ga.php?analytic= /p/ga.php?analytic= /ga.php?analytic= /5d1cbc8c073d4.js /5d4cdc4cdf344.js /5e7fa6489b31a.js /dsc-statistic.js /adsbygoogle/ /adsbygoogle/ads.js /baypressservices/ /baypressservices/baypr.js /check_cvv2_number_script.js /code/zipboss.dev.js /gtm-connect/wp-share.min.js /images/js/googleapi.js /javascript/checkcheckout.js /js/afterpay/checkout/idev_onestep.js /js/check_analystic.js /js/extjs/fix-defer-after.js /js/footer-link.js /js/mage/cookies.js /js/mage/google.js /js/scriptaculous/print.js /js/dsc-statistic.js /js/varien/js.js.pagespeed.jm.aFn_GvyNS2.js /my/vmart.js /103754_tag.js /markberg.dk.js /qcore.js /plugins/republicadealberdi.js /republicadealberdi.js /rimzoneonline/code.js /silver/acor.js /googletag-manager?connect= /zipboss.dev.js