# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: magecart

# Reference: https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/

magentocore.net

# Reference: https://www.riskiq.com/blog/labs/magecart-keylogger-injection/

abuse-js.link
angular.club
cdn-js.link
docstart.su
govfree.pw
jquery-cdn.top
js-abuse.link
js-abuse.su
js-cdn.link
js-link.su
js-magic.link
js-mod.su
js-save.link
js-save.su
js-start.su
js-stat.su
js-sucuri.link
js-syst.su
js-top.link
js-top.su
jscript-cdn.com
lolfree.pw
mage-cdn.link
mage-js.link
mage-js.su
magento-cdn.top
mageonline.net
mipss.su
mod-js.su
mod-sj.link
sj-mod.link
sj-syst.link
stat-sj.link
statdd.su
statsdot.eu
stecker.su
stek-js.link
syst-sj.link
top-sj.link
truefree.pw

# Reference: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/

http://89.47.162.248
baways.com

# Reference: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/

http://85.93.5.188
http://94.156.133.211
webfotce.me

# Reference: https://twitter.com/bad_packets/status/1043809501516726272

gamacdn.com

# Reference: https://twitter.com/hashtag/magecart?src=hash
# Reference: https://twitter.com/AmiV2/status/1042988934576271360

neweggstats.com

# Reference: https://otx.alienvault.com/pulse/5c9287b3b67a75234fc56b6b

cdnassels.com
cdnmage.com
cmytuok.top
configsysrc.info
js-cloud.com
magejavascripts.com
magesecuritys.com
magescripts.pw
mcloudjs.com
mypiltow.com
secure.livechatinc.org

# Reference: https://twitter.com/jeromesegura/status/1121134552158621696
# Reference: https://twitter.com/bad_packets/status/1121147936203624448
# Reference: https://otx.alienvault.com/pulse/5cd3ef4f22e204745f6672c3

magento-analytics.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada/

cloudmetric-analytics.com
g-analytics.com
ebitbr.com

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/

googletagmanager.eu

# Reference: https://twitter.com/jeromesegura/status/1128387989111853056

jqueryextd.at

# Reference: https://twitter.com/bad_packets/status/1128517905765683201

fontsawesome.gq

# Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/
# Reference: https://otx.alienvault.com/pulse/5ce56f2bc5bbee0a58f7073c

thatispersonal.com
top5value.com
voodoo4tactical.com

# Reference: https://twitter.com/jeromesegura/status/1133160126561394688
# Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/

modest4ever.com

# Reference: https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html
# Reference: https://www.virustotal.com/gui/ip-address/178.33.231.184/relations

http://178.33.231.184
adorebeauty.org
all-about-sneakers.org
battery-force.org
blackriverimaging.org
braincdn.org
childsplayclothing.org
citywlnery.org
closetlondon.org
dahlie.org
davidsfootwear.org
dobell.su
elpalaciodehierro.org
etradesupply.org
exrpesso.org
foodandcot.com
freshdepor.com
greatfurnituretradingco.org
hqassets.com
jewsondirect.com
kik-vape.org
labbe.biz
lamoodbighats.net
mage-checkout.org
misshaus.org
nililotan.org
oakandfort.org
ottocap.org
pmtonline.su
replacemyremote.org
safeprocessor.com
sagecdn.org
scriptdesire.com
security-payment.su
shop-rnib.org
slickjs.org
swappastore.com
verywellfitnesse.com
walletgear.org

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/06/magecart-skimmers-found-on-amazon-cloudfront-cdn/

cdn-imgcloud.com
font-assets.com
js-cloudhost.com
wix-cloud.com
ww1-filecloud.com

# Reference: https://twitter.com/rommeljoven17/status/1144786273741107200
# Reference: https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html
# Reference: https://otx.alienvault.com/pulse/5d1a08ac3f9760423c70c999

tracker-visitors.com
jquery-web.com
jquery-stats.com
jsreload.pw
routingzen.com

# Reference: https://twitter.com/eComscan/status/1147077036692922368

http://89.32.251.136

# Reference: https://www.zscaler.com/blogs/research/magecart-activity-and-campaign-enhancements
# Reference: https://www.virustotal.com/gui/domain/dnsden.biz/relations
# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/

http://93.187.129.249/gate.php
developer-js.info
dnsden.biz
jquery-bin.com
jsreload.pw
jqueryextd.at
routingzen.com
saterday-race.com
scriptvault.org
/errors/default/gate.php

# Reference: https://twitter.com/killamjr/status/1151142181643702277

ccprocess.review

# Reference: https://twitter.com/eComscan/status/1152153363892637696

magesource.su

# Reference: https://twitter.com/AffableKraut/status/1154641710653300737

googlepíng.com
xn--googlepng-m5a.com

# Reference: https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html
# Reference: https://twitter.com/daphiel/status/1156314169492279299

invoiceservice.info
lnfo.cc
google-analytîcs.com
xn--google-analytcs-xpb.com
google.ssl.lnfo.cc

# Reference: https://twitter.com/killamjr/status/1154393722777460737

googlc-analytics.cm

# Reference: https://twitter.com/jeromesegura/status/1158473869029601280

mageento.com
onlineclouds.cloud

# Reference: https://twitter.com/rommeljoven17/status/1158657062403883008

api-googles.com
facebookfollow.com
gstatlcs.com
qpstasis.com

# Reference: https://twitter.com/rommeljoven17/status/1169124706567544832

jquerycodemagento.com

# Reference: https://twitter.com/killamjr/status/1171399767240273920

trafficanalyzer.biz

# Reference: https://twitter.com/MBThreatIntel/status/1171817639728934912

magentoconnectors.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/
# Reference: https://otx.alienvault.com/pulse/5d821c4c16cca4b63f931226

googletrackmanager.com

# Reference: https://twitter.com/shotgunner101/status/1174759248703741952

bluemarineholding.com/wp-includes/locales.php

# Reference: https://www.riskiq.com/blog/labs/magecart-reused-domains/
# Reference: https://otx.alienvault.com/pulse/5d836d20a4a3d90861e796e2

cdnanalytics.net
cdnapis.com
contextjs.info
magelib.com
magento-order.com
nexcesscdh.net
ossmaxcdn.com

# Reference: https://twitter.com/shotgunner101/status/1175181663464230913

google-analyitics.org

# Reference: https://www.ibm.com/downloads/cas/O3W1LZAZ

cnzz.space
cnzz.work
jsboxcontents.com
ms-akadns.com
sdsyxwx.com
survey-microsoft.net
/runforestrun?sid=botnet

# Reference: https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/
# Reference: https://otx.alienvault.com/pulse/5d9cf3671d2973bf30d2753f

cdn-volusion.com
volusion-cdn.com

# Reference: https://twitter.com/killamjr/status/1182045635593289728

clouding.live
piratefashions.com

# Reference: https://twitter.com/killamjr/status/1182050912224849920

jsblom.com

# Reference: https://twitter.com/xiatianguo/status/1183405035192872961
# Reference: https://twitter.com/FullM3talPacket/status/1182404667755520000
# Reference: https://pastebin.com/kqMV9vCX

bks0.com
cssjs.co
jscss.co
jspri.co
pen4.co
j2.is

# Reference: https://twitter.com/MBThreatIntel/status/1184531791102857216

assetstorage.net
fileskeeper.org

# Reference: https://twitter.com/killamjr/status/1185376383180136448

mgstrs.com

# Reference: https://www.group-ib.com/blog/coffemokko

3lift.org
abtasty.net
adaptivecss.org
adorebeauty.org
all-about-sneakers.org
ar500arnor.com
authorizecdn.com
bannerbuzz.info
battery-force.org
batterynart.com
blackriverimaging.org
braincdn.org
btosports.net
chicksaddlery.net
childsplayclothing.org
christohperward.org
citywlnery.org
closetlondon.org
coffemokko.com
coffetea.org
dahlie.org
davidsfootwear.org
dobell.su
elegrina.com
energycoffe.org
energytea.org
etradesupply.org
exrpesso.org
foodandcot.com
freshchat.info
freshdepor.com
greatfurnituretradingco.org
info-js.link
jewsondirect.com
kandypens.net
kik-vape.org
labbe.biz
lamoodbighats.net
link-js.link
londontea.net
mage-checkout.org
majsurplus.com
map-js.link
mechat.info
misshaus.org
mylrendyphone.com
nililotan.org
oakandfort.org
ottocap.org
parks.su
paypaypay.org
pmtonline.su
replacemyremote.org
sagecdn.org
security-payment.su
shop-rnib.org
slickjs.org
slickmin.com
smart-js.link
swappastore.com
teacoffe.net
top5value.com
track-js.link
ukcoffe.com
verywellfitnesse.com
walletgear.org
zapaljs.com
zoplm.com

# Reference: https://www.group-ib.com/blog/illum

illum.pw
nstatistics.com
payment-line.tk
paymentpal.cf
payrightnow.cf
requestnet.tk
cdn.illum.pw
sr.illum.pw
records.nstatistics.com
request.payrightnow.cf
request.requestnet.tk

# Reference: https://www.group-ib.com/blog/g-analytics
# Reference: https://threatpost.com/card-skimming-google-analytics-angular/142264/

analytic.is
analytic.to
dittm.org
g-analytics.com
googlc-analytics.cm
google-analytics.cm
google-analytics.is
google-analytics.to
gooqletagmanager.com
iozoz.com
jquery-js.com

# Reference: https://www.group-ib.com/blog/reactget

adsapigate.com
adsgetapi.com
ajaxstatic.com
aldenmlilhouse.com
apitstatus.com
asianfoodgracer.com
balletbeautlful.com
bargalnjunkie.com
billgetstatus.com
cloudodesc.com
fbstatspartner.com
geisseie.com
gtmproc.com
hs-payments.com
livecheckpay.com
livegetpay.com
mageanalytics.com
maxstatics.com
mediapack.info
mxcounter.com
newrelicnet.com
nr-public.com
ordercheckpays.com
orderracker.com
payselector.com
reactjsapi.com
simcounter.com
sydneysalonsupplies.com
tagsmediaget.com
tagstracking.com
trust-tracker.com

# Reference: https://twitter.com/AffableKraut/status/1185070871691616256

fb-seo.net

# Reference: https://twitter.com/unmaskparasites/status/1185171035693441024

magento-community.org

# Reference: https://twitter.com/unmaskparasites/status/1185172904276836352

fb-content.dev

# Reference: https://twitter.com/unmaskparasites/status/1185256035633811463

magento-security.dev

# Reference: https://twitter.com/eComscan/status/1185170381331714048

fb-pixel.com
magento-protection.com

# Reference: https://twitter.com/killamjr/status/1182335468425416705
# Reference: https://twitter.com/xuy1202/status/1192005820491239424
 
xciy.net
/content/Compare/website.js

# Reference: https://twitter.com/killamjr/status/1182095269418024960

google-taq.com

# Reference: https://twitter.com/AffableKraut/status/1172052860378521600

magicsaphe.com
questappo.com
rqstpp.com
yongffice.com

# Reference: https://twitter.com/Totocellux/status/1165223332633022468
# Reference: https://blog.malwarebytes.com/threat-analysis/2019/08/magecart-criminals-caught-stealing-poker-face/

ajaxclick.com
www-trust.com

# Reference: https://twitter.com/AffableKraut/status/1159677725994622976

mage.biz.ua

# Reference: https://twitter.com/AdAstra247/status/1159111119488860160

scripts-analytics.com

# Reference: https://twitter.com/zombisoft/status/1152333754670755841

installw.com

# Reference: https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/

cdn-c.com

# Reference: https://twitter.com/unmaskparasites/status/1184571273583706112

cdn-clouds.com

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ (# Magecart Group 5 domains)

informaer.biz
informaer.cc
informaer.com
informaer.net
informaer.org
informaer.pw
informaer.ws
informaer.xyz
informaer.info

# Reference: https://twitter.com/gwillem/status/1187667658642206720

hsadspixel.com

# Reference: https://twitter.com/RapidSpike/status/1189882327557648386

/js/mage/adminhtml/product/composite/validate.php

# Reference: https://twitter.com/xuy1202/status/1192006102969282560

jquerycdnlib.at

# Reference: https://www.perimeterx.com/blog/multiple-magecart-groups-attacking-simultaneously/

mogento.info
/src/upscalestripper.js
/src/galeriedebeaute.js
/src/deliveryathome.js

# Reference: https://www.group-ib.com/blog/fakesecurity

alloaypparel.com
firstofbanks.com
fiswedbesign.com
mage-security.org
magento-security.org

# Reference: https://twitter.com/jknsCo/status/1192806947118092289

cdn-shopify.com

# Reference: https://blog.sucuri.net/2019/11/skimmers-for-both-magento-and-wordpress.html

gooqleadvstat.com
gooqlemgrteg.com
jquerystatic.com
zendesk-chart.com

# Reference: https://twitter.com/xuy1202/status/1195361991805681664

cxizi.net
getprices.online
gooogle-js.com
installerr.site
js-mini.com
myexclusivediamond.com

# Reference: https://twitter.com/xuy1202/status/1195290863875706881
# Reference: https://twitter.com/kyleehmke/status/1179727877488730113

cdn-zendesk.com
zendesk-cdn.com

# Reference: https://twitter.com/xuy1202/status/1194897841694507009

recheckcard.info

# Reference: https://twitter.com/xuy1202/status/1194896618245382145

routingzen.com

# Reference: https://twitter.com/xuy1202/status/1194895878181421061

script-analytics.com
/js/mage/google.js

# Reference: https://twitter.com/xuy1202/status/1194894864699121664

woldorf.com

# Reference: https://twitter.com/xuy1202/status/1194893048817143808

statcounter.one

# Reference: https://twitter.com/xuy1202/status/1194593451947356160

yxxi.net
/ipost-con.4.php

# Reference: https://twitter.com/xuy1202/status/1194508362903277568

jquery-script.icu

# Reference: https://blog.netlab.360.com/ongoing-credit-card-data-leak-continues/

adwordstraffic.link
/onestepcheckoutauthorizenet.js
/onestepcheckoutccpayment.js

# Reference: https://twitter.com/xuy1202/status/1196058702391861249

hilosennogada.com

# Reference: https://twitter.com/xuy1202/status/1196404569137242112

securecdn.eu

# Reference: https://twitter.com/unmaskparasites/status/1196934377063800832
# Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/

http://103.139.113.34
/osr-3.0.php

# Reference: https://www.helpnetsecurity.com/2019/11/19/macys-online-store-compromised/
# Reference: https://otx.alienvault.com/pulse/5dd513439df4d4400824b738

barn-x.com

# Reference: https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/
# Reference: https://twitter.com/jeromesegura/status/1197611010992918529
# Reference: https://otx.alienvault.com/pulse/5ddd99064d1dd4420367304b (# Fullz House)

account-restrictions.com
ajaxstatic.com
americanexpress-secure.com
appleld-verification.com
authorizeplus.com
checkout-sagepay.com
com-protect.com
deliveroosurvey.com
google-analytics.top
google-query.com
google-smart.com
googletagmanaqer.com
halifax-verification.com
halifaxverification.com
java-query.info
jquery-assets.com
lightgetjs.com
limited-account-panel.com
limited-restriction.com
limited-restrictions-paypai.com
limited-restrictions.com
limited-user-restrictions.com
limited-user-uk.com
limited-users-login.com
limited-users-restrictions.com
live-sagepay.com
login-limited-user.com
login-user-limited.com
login-user-restricted.com
login-users-limited.com
mastercard-migs.com
mediapack.info
migs-mastercard.com
mythreelogin.com
networkreset.net
online-secure-account.com
onlineaccountverificationwellssfargo.com
pay-u-biz.com
payment-mastercard.com
payment-sagepay.com
payment-worldpay.com
paymentfailurespotifiyj.top
paypai-account-limited.com
paypai-limited-user.com
paypai-limited-users.com
paypai-user-limited.com
paypai-user-restricted.com
paypal-secured.com
paypl-limited-users.com
paypl-users-limited.com
payu-biz.com
perfectmeme.info
perfectmeme.us
ppl-secure-uk.com
ppl-user-limitation.com
priceapigate.com
query-manager.info
rackapijs.com
ref017.com
ref3939-paypai.com
restricted-user-panel.com
roorewards.co.uk
sagepay-live.com
section.ws
secure-alerts-halifax.com
secure-users-paypai.com
security-check-paypai.com
securityaccountupdatewellsfargoo.info
securityadvance.co
securityupdateewellsfargoo.info
topapigate.com
uk-limited-user.com
uk-restricted-user.com
uk-user-limited.com
uk-user-restricted.com
uk-users-limitations.com
updatesecuritywelllsfargo.info
user-limited-login.com
user-limited-restrictions.com
user-login-limited.com
user-restricted-uk.com
user-restriction.com
user-restrictions-paypai.com
user-uk-restricted.com
users-limited-paypai.net
users-limited-uk.com
users-restricted.com
users-restriction.com

# Reference: https://twitter.com/xuy1202/status/1197848155204640768

w00commerce.com

# Reference: https://twitter.com/MBThreatIntel/status/1199010885525626890
# Reference: https://otx.alienvault.com/pulse/5ddc0e4cf94bd70658582ed8

magento-data.com
mage-js.com

# Reference: https://twitter.com/JCyberSec_/status/1199726915856158720

marketplace-magento.com

# Reference: https://twitter.com/JCyberSec_/status/1199701208530739200

g-statistic.com

# Reference: https://twitter.com/JCyberSec_/status/1197470727462641664

web-stats.net

# Reference: https://twitter.com/CTI_Marc/status/1196344211890683904

magestore.online

# Reference: https://twitter.com/AffableKraut/status/1196299424697331713

google-anaiytlcs.com

# Reference: https://twitter.com/AffableKraut/status/1157164442829746176

googletagmanger.com

# Reference: https://twitter.com/jeromesegura/status/1148358099712897024

nogaron.com
write-cdn.com

# Reference: https://twitter.com/rommeljoven17/status/1136555260477001728

anduansury.com
frocklay.com
sainester.com
theresevit.com

# Reference: https://twitter.com/jknsCo/status/1200061735278911488

googlemgrteg.com

# Reference: https://twitter.com/eComscan/status/1200749626988662784

sanguinelab.net
sansec.us

# Reference: https://twitter.com/eComscan/status/1197894033772875776

iubendas.com

# Reference: https://twitter.com/eComscan/status/1197097324264202240

magentohub.de

# Reference: https://twitter.com/GroupIB_GIB/status/1201520226791305216
# Reference: https://www.virustotal.com/gui/domain/phplib.net/relations

phplib.net

# Reference: https://twitter.com/MBThreatIntel/status/1201572698545102856

googlctagmanager.com

# Reference: https://twitter.com/MBThreatIntel/status/1201552839182438406

ancient-savannah-86049.herokuapp.com

# Reference: https://twitter.com/MBThreatIntel/status/1189217083688738816

sharp-planet.eu

# Reference: https://twitter.com/unmaskparasites/status/1201625226704015367

stark-gorge-44782.herokuapp.com

# Reference: https://twitter.com/JCyberSec_/status/1201850052723052549
# Reference: https://twitter.com/JCyberSec_/status/1201850090153005056

gnogle.ru
jquerycdnlib.at

# Reference: https://twitter.com/jeromesegura/status/1202275080526422016

pure-peak-91770.herokuapp.com

# Reference: https://twitter.com/gwillem/status/1202322985065091072

cdcc02.com

# Reference: https://twitter.com/gwillem/status/1202330272164990977

magento-track.com

# Reference: https://blog.malwarebytes.com/web-threats/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku/
# Reference: https://otx.alienvault.com/pulse/5de90822773402f817d5c9ab

aqueous-scrubland-51318.herokuapp.com

# Reference: https://twitter.com/jknsCo/status/1203453915930472448

googletage.com

# Reference: https://twitter.com/unmaskparasites/status/1204080970191777795

localserver.host
/app/code/core/Mage/Checkout/controllers/OnepageController.php

# Reference: https://twitter.com/MBThreatIntel/status/1204093071954046976

webassetsshop.com

# Reference: https://twitter.com/felixaime/status/1203959327612116995

magento-statistics.com

# Reference: https://twitter.com/xuy1202/status/1204778227517935616

jguerycdn.network

# Reference: https://twitter.com/killamjr/status/1204878142248235008

jquerycodemagento.com

# Reference: https://twitter.com/AffableKraut/status/1204997344581881856

magecart.net

# Reference: https://twitter.com/JCyberSec_/status/1206558829456048128

/payment/mage_secure/payment.js
/payment/mage_secure/post.php

# Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations

google-payment.com

# Reference: https://twitter.com/jeromesegura/status/1206713600288555010

cdnbigcommerce.com
google-analycs.com

# Reference: https://twitter.com/unmaskparasites/status/1206699288723697671

cdncontentserver.com
impress-slides.com

# Reference: https://twitter.com/killamjr/status/1207150660782657536

googlead.tech

# Reference: https://twitter.com/xuy1202/status/1207164640431505408

slade-sell-shop.com

# Reference: https://twitter.com/killamjr/status/1209165822939279365

opencartmodules.biz

# Reference: https://twitter.com/AffableKraut/status/1210298773248696320
# Reference: https://www.virustotal.com/gui/ip-address/124.156.35.204/relations

http://124.156.35.204
googieapls.com
google-catalog.com
googletag-manager.com
gstatlcs.com
jquery-js.link
xn--gstatc-7va.com

# Reference: https://twitter.com/killamjr/status/1212058181725114369

blockandcmqany.com
chatshop.online
chatstat.online
clientsupport.space
farmaforma.info
g-statistic.com
googleadservicesonline.com
googleservices.online
janmarlni.com
jqueryservice.info
mageento.com
magento-check.info
magestore.online
megaliveonline.com
onlineclick.xyz
onlineclouds.cloud
onlineclouds.info
onlineshoptracker.info
pythonservice.info
shoplogs.site
shopvalid.info
statisticpay.info
webstatvisit.com
webstatvisits.com
zoopim.online

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/

tawktalk.com

# Reference: https://twitter.com/MBThreatIntel/status/1212889315572760577
# Reference: https://www.virustotal.com/gui/ip-address/5.188.9.61/relations

googlc-analytics.net
googlo-analytics.com

# Reference: https://twitter.com/AffableKraut/status/1212927165454520321

googlc-analytics.com
googlctagmanager.cm

# Reference: https://twitter.com/xuy1202/status/1214051382178660352

newmagento.com

# Reference: https://www.bleepingcomputer.com/news/security/magecart-attackers-steal-card-info-from-focus-camera-shoppers/
# Reference: https://www.virustotal.com/gui/domain/zdsassets.com/details

zdsassets.com

# Reference: https://twitter.com/MBThreatIntel/status/1215693928764063744

vamberlo.com

# Reference: https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/
# Reference: https://twitter.com/BreachMessenger/status/1057394505266151425
# Reference: https://www.virustotal.com/gui/ip-address/124.156.210.169/relations

a4c.cloud
ajaxstatic.com
apipack.host
authorizeplus.com
autojspack.com
cdndeskpro.com
cdnpack.net
cdnpack.site
dusk.net.in
faceapiget.com
fbpixelget.com
gstaticapi.com
jspack.pro
kegland.top
lightgetjs.com
listrakjs.com
olarkcdn.com
perriconemd.me.uk
priceapigate.com
rackapijs.com
section.ws
sectionget.com
sectionio.com
topapigate.com
worx.top

# Reference: https://twitter.com/JCyberSec_/status/1216676671983624193

js-react.com

# Reference: https://twitter.com/jeromesegura/status/1064924824336654336

bootstrap-js.com

# Reference: https://twitter.com/xuy1202/status/1216951727615668224

apis-analytics.com

# Reference: https://www.rapidspike.com/blog/2019-magecart-timeline/

cleor.co
creditprop.com
googletagstorage.com
imagesengines.com

# Reference: https://twitter.com/Jouliok/status/1217400178170368001

gold.platinumus.top

# Reference: https://twitter.com/unmaskparasites/status/1204080970191777795

localserver.host

# Reference: https://twitter.com/unmaskparasites/status/1217452290577195008
# Reference: https://www.virustotal.com/gui/domain/logistic.tw/relations

logistic.tw

# Reference: https://twitter.com/unmaskparasites/status/1217860398789120003

cilent-tracking.com
cloudservice.tw

# Reference: https://twitter.com/felixaime/status/1218135753110302720

silver-statistics.com

# Reference: https://twitter.com/felixaime/status/1219175480303202307
# Reference: https://twitter.com/matr0cks/status/1220418827751763969

jqueryextplugin.com

# Reference: https://www.riskiq.com/blog/labs/fullz-house/
# Reference: https://www.virustotal.com/gui/ip-address/124.156.34.157/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.245.55.198/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations

checkout-sagepay.com
google-analytics.top
google-payment.com
google-query.com
google-smart.com
google-taq.com
jquery-assets.com
live-sagepay.com
mastercard-migs.com
migs-mastercard.com
pay-u-biz.com
payment-mastercard.com
payment-sagepay.com
payment-worldpay.com
payu-biz.com
sagepay-live.com
/ga.js?analytic=

# Reference: https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/

opendoorcdn.com

# Reference: https://twitter.com/jknsCo/status/1221031002564370432

hotjar.us
jquery.us

# Reference: https://twitter.com/AffableKraut/status/1220829096197939202

doubleclick.ws

# Reference: https://www.riskiq.com/blog/labs/magecart-group-12-olympics/
# Reference: https://otx.alienvault.com/pulse/5e3d8f9c9c559a74b0c82a71

cdn-content.cc
content-delivery.cc
deliveryjs.cc
givemejs.cc
jquerycdn.su
storefrontcdn.com
toplevelstatic.com

# Reference: https://twitter.com/felixaime/status/1226292060547878913

cdnanalyze.com
cdnapis.org
cdnchecker.org
cdnoptimize.com

# Reference: https://twitter.com/gwillem/status/1227936380380119041
# Reference: https://twitter.com/gwillem/status/1231604432586125313

e4.ms
http.ps

# Reference: https://twitter.com/felixaime/status/1228343232649662464

amirtechet.com
supermanager.space

# Reference: https://twitter.com/felixaime/status/1228342963744444416

googletegmanager.com

# Reference: https://twitter.com/d09r_/status/1228214041878749184

wappallyzer.com

# Reference: https://twitter.com/dubstard/status/1230895567947149314
# Reference: https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf

apienclave.com
apisquere.com
b-metric.com
jquery-cycle.com
ordercheck.online
pridecdn.com
quicdn.com

# Reference: https://raw.githubusercontent.com/gwillem/magento-malware-scanner/master/rules/burner-domains.txt

abuse-js.link
account-mage.su
activaguard.com
adsgetapi.com
advocatecdn.com
afterscripts.com
air-frog33.pw
alabamascripts.com
aleinvest.xyz
alemoney.xyz
alfcdn.com
allacarts.com
allyouwant.online
amasty.biz
analiticoscdn.com
anduansury.com
angular.club
animalzz921.pw
api-googles.com
apismanagers.com
apissystem.com
apitstatus.com
assetmage.com
assetsbrain.com
assetsbraln.com
aw-test.com
awscan.eu
awscan.info
awtest.eu
baways.com
bbypass.pw
beforescripts.com
bit.wo.tc
bm24.biz
bm24.info
bm24.org
bootstrapjs.com
braincdn.org
brainpayments.com
braintcdn.com
brainterepayments.com
braintform.com
braintreepaumenls.com
braintreepauments.com
braintreepaymenls.com
bralntree.com
brazersd.top
bridge.industries
brontocdn.com
busnguard.com
byte.wo.tc
ccheckout.com
ccvalidate.com
cdn-ch.org
cdn-cloud.pw
cdn-imgcloud.com
cdn-js-42.com
cdn-js.link
cdnanalytics.net
cdnapis.com
cdnassels.com
cdnbronto.com
cdnbronto.info
cdngoogle.com
cdnmage.com
cdnpayment.com
cdnppay.com
cdnrfv.com
cdnscriptx.com
cdnwhiltelist.com
cellubiue.com
cellublue.info
checkercarts.com
ciscostats.com
citwinery.com
citywiners.com
cl0udfiare.com
cloud-jquery.com
cloud-jquery.net
cloud-jquery.org
cloud-privacy.com
cloud-update.top
cloud-wp.org
cloudfusion.me
cloudmetric-analytics.com
cloudservice.tw
cloudtrusted.org
cmytuok.top
codesmagento.com
configmage.com
configsysrc.com
configsysrc.info
connectbootstrap.com
controlmage.com
crtteo.com
d0ubletraffic.com
directvapar.com
directvaporonline.com
directvaporus.com
directvaprr.com
dmaxjs.com
dnsden.biz
dobellonline.com
docstart.su
doublecllck.com
drberg.online
drberg.store
duserjs.com
ebitbr.com
ebizmart.biz
encoderform.com
encrypterforms.com
encryptforms.com
exrpesso.org
facebookfollow.com
fastlscripts.com
fbcommerse.com
fbprotector.com
fellsogood43.pw
font-assets.com
frameuserstat.com
frashjs.com
friend4cdn.com
g-analytics.com
gamacdn.com
ganalytlcs.com
gitformage.com
gitformlife.com
gitmage.com
googieapls.com
googiecloud.com
googieservlce.com
google-anaiytic.com
google-analytisc.su
googleprotectionshop.com
googletagmanager.eu
googletagnamager.com
googlitagmanager.com
googletrackmanager.com
gooqleadvstat.com
gooqlemgrteg.com
govfree.pw
gstatlcs.com
gtagaffilate.com
icon-base.biz
info-js.link
infopromo.biz
informaer.com
informaer.net
informaer.org
informaer.ws
infostat.pw
inst-js.su
installw.com
internalvaporgroup.com
invisiblename.com
invisiblename.pro
invisiblename.pw
ip.5uu8.com
javascloud.com
javascripts-system.com
jcloudcdn.com
jquery-cdn.top
jquery-cdnlib.com
jquery-cloud.net
jquery-cloud.org
jquery-code.su
jquery-css.su
jquery-js.com
jquery-js.link
jquery-libs.su
jquery-main.su
jquery-min.su
jquery-stats.com
jquery-validation.org
jquery-web.com
jquery.su
jquerycdnlibrary.com
jquerycodemagento.com
jqueryextd.us
jqueryexts.us
jquerystatic.com
jquerystorage.com
js-abuse.link
js-abuse.su
js-cdn.link
js-cloud.com
js-cloudhost.com
js-link.su
js-magic.link
js-mod.su
js-react.com
js-save.link
js-save.su
js-start.su
js-stat.su
js-stats.click
js-stats.xyz
js-storage.click
js-sucuri.link
js-syst.su
js-top.link
js-top.su
jscontroller.stream
jscript-cdn.com
jscripts-cloud.com
jscriptscloud.com
jsdellvr.com
jsecurely.com
jsecuri.com
jsmagento.com
jspoi.com
jsreload.pw
kennedyform.com
kissmetrik.com
link-js.link
link-js.su
listrakb.com
locateooo.com
logisticusa.biz
lolfree.pw
m24js.com
mage-cdn.link
mage-js.link
mage-js.su
mage-storage.pw
magecompas.com
mageconfig.com
magejavascripts.com
magely.info
magemarts.com
magento-analytics.com
magento-cdn.top
magento-connection.com
magento.name
magento.ontools.net
magentocore.net
magentopatchupdate.com
mageonline.net
magescripts.info
magescripts.pw
magesecurely.com
magesecuritys.com
magesources.com
magestops.com
map-js.link
market-stats.com
maskforms.com
maxijs.com
mcloudjs.com
mdelivry.com
mediageting.com
megalith-games.com
minifyscripts.com
minpays.com
mipss.su
mjs24.com
mod-js.su
mod-sj.link
monenate.net
monerate.net
monestate.net
msecurely.com
msn-analytics.com
my-braintree.com
myageverify.com
mycloudtrusted.com
mytokeasn2s.ru
netmg-cdn.com
neweggstats.com
newrellc.com
nodejsapi.net
nodejscript.net
nykoa.in
oh-polly.com
ohpoliy.com
oklahomjs.com
oltratoke.ru
onlineclouds.cloud
onlinereserchstatistics.online
onlineshopsecurity.com
onlinestatus.site
optimizly.info
order-security.com
orealjs.com
pass-js.click
paymentnow.tk
paymentpal.cf
paymentsystem.info
paypallobjects.com
privacyform.com
privatejs.com
privatixjs.com
qpstasis.com
qsxjs.com
realtrustsafe.com
receiverinformation.com
requestnet.tk
resselerratings.com
rlteaid.com
routingzen.com
s3-us-west.com
safeprivatcy.com
safeyouform.com
sagecdn.org
sainester.com
samescripts.com
samexsame.com
saveyoujs.com
scriptb.com
scriptsform.com
scriptsfyou.com
scriptsjzone.com
securecloudtrusted.com
secureqbrowser.com
securipayment.com
security-mage.com
secury-checkout.com
shelljs.com
shop-analytics.net
simcounter.com
simpiehuman.com
sistem-js.su
siteverification.online
siteverification.site
sj-mod.link
sj-syst.link
slickjs.org
slripe.com
smart-js.link
specjs.com
sportys.store
sslbrainform.com
sslpayform.com
sslvalidator.com
stat-sj.link
statdd.su
statesales.info
statistic-info.me
statsdot.eu
stecker.su
stek-js.link
storemagento.info
storentrust.com
stormnguard.com
strapform.com
sucuri-cloud.com
sucuri-js.com
supporttech281012.tk
syst-sj.link
system-backup.biz
tcsupport241012.tk
termlifelearned.us
thatispersonal.com
theresevit.com
top-sj.link
top5value.com
track-js.link
track-magento.com
tracker-visitors.com
trafficanalyzer.biz
traskedlink.com
truefree.pw
trustd.biz
typejsx.com
typekit.website
typekitcloud.com
typeklt.com
uorineall.info
upgradenstore.com
ups-broker.org
userinfos.com
userinfos.info
userlandform.com
userlandpay.com
uslogisticexpress.com
valdatecode.com
validatenyou.com
validateyourinfo.com
validatorcc.com
vamberlo.com
verifiedjs.com
verpayment.com
verpayments.com
vmaxjs.com
voodoo4tactical.com
vuserjs.com
web-info.me
web-rank.cc
web-rank.pw
web-stat.biz
web-stat.me
web-stats.cc
web-stats.pw
webfotce.me
webrank.ws
webstat-info.ws
webstat.cc
webstatistic.me
webstatistic.pw
webstatistic.tech
webstatistic.ws
webstats.me
webstatvisit.com
whitelistjs.com
wix-cloud.com
wpconnect.org
wpserve.org
ww1-filecloud.com
x-magesecurity.com
xmageform.com
xmageinfo.com
xmagejs.com
xmagesecurity.com
xn--google-analytcs-xpb.com
xn--gstatc-7va.com
youpayme.info
zendesk-chart.com
zonejs.com
zs.mk

# Reference: https://twitter.com/xuy1202/status/1232162075285147648

ns-scripts.com

# Reference: https://twitter.com/gwillem/status/1232246887367028737
# Reference: https://www.virustotal.com/gui/domain/cloudmgrtracker.com/detection

cloudmgrtracker.com

# Reference: https://twitter.com/MBThreatIntel/status/1232404872999231488

pluginmagento.net

# Reference: https://twitter.com/xuy1202/status/1232581248083582976

data-safeguard.com

# Reference: https://twitter.com/MBThreatIntel/status/1232726202281889793
# Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/

cdn-mediafiles.org
cdn-sources.org
d68344fb.ngrok.io

# Reference: https://sansec.io/labs/2020/02/25/longest-skimming-operation-yet/

aleopeople.info
bizlawyer.org
contentequare.com
cquotinent.com
jackhemmingway.com
joyjewell.com
installerr.pw
installerr.site
pizdasniff.site
qitcdn.net
securedcdn.net
thefei.com
vk-a6t5h7f3k.site
/5d507d3e6fdc7.js
/5d55d10058c9d.js
/5d570bebe00ed.js

# Reference: https://twitter.com/felixaime/status/1234111603831910400

webscriptly.com

# Reference: https://twitter.com/felixaime/status/1224257587555770368

jquerytxtplugin.com

# Reference: https://twitter.com/unmaskparasites/status/1234536106953146369

http://163.172.136.230

# Reference: https://twitter.com/unmaskparasites/status/1234917686242619393
# Reference: https://www.virustotal.com/gui/ip-address/83.166.248.67/relations

autocapital.pw
http.ps
xxx-club.pw
y5.ms

# Reference: https://twitter.com/felixaime/status/1235131517908570113
# Reference: https://www.virustotal.com/gui/ip-address/185.181.164.216/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.56.114.152/relations
# Reference: https://www.virustotal.com/gui/domain/wp-includ.com/relations
# Reference: https://twitter.com/500mk500/status/1235330678700548098

reportgns.com
sucuritester.com
wp-includ.com

# Reference: https://web.misker.me/blog/malware/2020/03/04/Raindrop-PoppedShop.html
# Reference: https://www.virustotal.com/gui/domain/googletagmanagrapis.com/detection

googletagmanagrapis.com

# Reference: https://twitter.com/felixaime/status/1236201312842326016

savemoneyoffice.com/js/varien/print.js

# Reference: https://twitter.com/felixaime/status/1236321303902269441

imprintcenter.com/js/embed.min.js
imprintcenter.com/js/flash/

# Reference: https://twitter.com/jeromesegura/status/1121811483195633670
# Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/

jquerylol.ru

# Reference: https://twitter.com/rootprivilege/status/1233065094965125120
# Reference: https://pastebin.com/4seW3Aya

neuro-programmer.de/e.php
neuro-programmer.de/test.php

# Reference: https://twitter.com/fletchsec/status/1175180643514355713

kursy.atas.pl/templates/system/html/data/red.php

# Reference: https://www.virustotal.com/gui/ip-address/181.214.86.150/relations

get-js.com
marketplace-magento.net

# Reference: https://twitter.com/d09r_/status/1238302755032166400
# Reference: https://www.virustotal.com/gui/ip-address/178.33.71.232/relations
# Reference: https://www.virustotal.com/gui/domain/theresevit.com/relations

jsvault.net
linkedtop.com
scriptopia.net

# Reference: https://twitter.com/ydklijnsma/status/1232727444962107392

google-anallytic.com
google--analytics.com
google-analyitics.com
google-anolytics.com

# Reference: https://twitter.com/AffableKraut/status/1207664349634011137

bizrateservices.com
j-queries.com
teamsystems.info
towbarchat.com
twinkhelp.com

# Reference: https://twitter.com/AffableKraut/status/1169489081568497664

gmagea.com

# Reference: https://twitter.com/AffableKraut/status/1169458435290804225

genidaff.com
strchckr.com
tfalseacc.com
tryuseracc.com
vaccss.com

# Reference: https://twitter.com/AffableKraut/status/1169458426344333312

htjar.com

# Reference: https://twitter.com/AffableKraut/status/1166223620886208513

shellsn.ru

# Reference: https://twitter.com/AffableKraut/status/1159677725994622976

jquery.in.ua

# Reference: https://twitter.com/AffableKraut/status/1133599840544468992

jqueryes.com

# Reference: https://twitter.com/MBThreatIntel/status/1238537326956933121

cookiepro.cloud

# Reference: https://www.riskiq.com/blog/labs/magecart-nutribullet/
# Reference: https://otx.alienvault.com/pulse/5e72332db0bfef80752cec40

amerisleep.github.io
3lift.org
abtasty.net
adaptivecss.org
adorebeauty.org
all-about-sneakers.org
ar500arnor.com
authorizecdn.com
bannerbuzz.info
battery-force.org
batterynart.com
blackriverimaging.org
braincdn.org
btosports.net
cdnassels.com
cdnmage.com
chicksaddlery.net
childsplayclothing.org
christohperward.org
citywlnery.org
closetlondon.org
cmytuok.top
coffemokko.com
coffetea.org
configsysrc.info
dahlie.org
davidsfootwear.org
dobell.su
elegrina.com
energycoffe.org
energytea.org
etradesupply.org
exrpesso.org
foodandcot.com
freshchat.info
freshdepor.com
greatfurnituretradingco.org
info-js.link
jewsondirect.com
js-cloud.com
kandypens.net
kik-vape.org
labbe.biz
lamoodbighats.net
link-js.link
livechatinc.org
londontea.net
mage-checkout.org
magejavascripts.com
magescripts.pw
magesecuritys.com
majsurplus.com
map-js.link
mcloudjs.com
mechat.info
melbounestorm.com
misshaus.org
mylrendyphone.com
mypiltow.com
nililotan.org
oakandfort.org
ottocap.org
parks.su
paypaypay.org
pmtonline.su
prodealscenter.com
replacemyremote.org
sagecdn.org
scriptoscript.com
security-payment.su
shop-rnib.org
slickjs.org
slickmin.com
smart-js.link
swappastore.com
teacoffe.net
top5value.com
track-js.link
ukcoffe.com
verywellfitnesse.com
walletgear.org
webanalyzer.net
zapaljs.com
zoplm.com

# Reference: https://twitter.com/felixaime/status/1241765974929530884

googletagmanage.com

# Reference: https://twitter.com/MBThreatIntel/status/1241837000564428800

sucurl.net

# Reference: https://www.virustotal.com/gui/domain/sucuri.pro/relations

sucuri.pro

# Reference: https://twitter.com/MBThreatIntel/status/1242538048044150784
# Reference: https://www.virustotal.com/gui/domain/allegrolearnings.com/relations

allegrolearnings.com/blogs/media/embed.min.js
allegrolearnings.com/blogs/media/common.js

# Reference: https://www.virustotal.com/gui/ip-address/161.117.236.58/relations

jquerrycdn.xyz

# Reference: https://twitter.com/d09r_/status/1242845745218228224
# Reference: https://twitter.com/securityaffairs/status/1242873730235277313
# Reference: https://securityaffairs.co/wordpress/100449/hacking/tupperware-site-hacked.html
# Reference: https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/

deskofhelp.com

# Reference: https://twitter.com/felixaime/status/1243083359212969984

gocgle-analytics.com

# Reference: https://twitter.com/felixaime/status/1243561946982625284

oldworldaccents.net/js/embed.min.js

# Reference: https://www.virustotal.com/gui/domain/google-analytics.gq/relations

google-analytics.gq

# Reference: https://twitter.com/felixaime/status/1247414542759575552

google-analytc.com

# Reference: https://twitter.com/unmaskparasites/status/1247886037881196547
# Reference: https://blog.sucuri.net/2020/01/web-swiper-in-image-title.html
# Reference: https://www.virustotal.com/gui/domain/intljs.rmtag.net/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.202.161.89/relations

intljs.rmtag.net
pollyfill.com

# Reference: https://twitter.com/d09r_/status/1247951999305302016
# Reference: https://www.virustotal.com/gui/ip-address/34.227.50.166/relations
# Reference: https://www.virustotal.com/gui/ip-address/54.89.179.241/relations
# Reference: https://www.virustotal.com/gui/ip-address/3.83.72.214/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.1.206.175/relations
# Reference: https://www.virustotal.com/gui/ip-address/3.84.27.209/relations

3alesforce.com
4esla.services
4eslamotors.com
7indowsupdate.com
7ootric.com
adn-apple.com
akalai.net
ap0see.com
app3ee.com
appqee.com
appsae.com
appsue.com
aprsee.com
apxsee.com
arpsee.com
atpsee.com
bdn-apple.com
calesforce.com
cdf-apple.com
cdj-apple.com
cdl-apple.com
cdn-a0ple.com
cdn-ap0le.com
cdn-appde.com
cdn-apphe.com
cdn-appla.com
cdn-appld.com
cdn-applg.com
cdn-applm.com
cdn-applu.com
cdn-appme.com
cdn-appne.com
cdn-apqle.com
cdn-aprle.com
cdn-aptle.com
cdn-apxle.com
cdn-aqple.com
cdn-arple.com
cdn-atple.com
cdn-axple.com
cdn-cpple.com
cdn-epple.com
cdn-ipple.com
cdn-qpple.com
cdnmapple.com
cdo-apple.com
cen-apple.com
cfn-apple.com
clack-msgs.com
cln-apple.com
coogleanalytics.com
coogleusercontent.com
cppsee.com
ctn-apple.com
deslamotors.com
eicrosoftonline.com
eixpanel.com
eoogleanalytics.com
eoogleusercontent.com
eropbox.com
fgxnews.com
fo8news.com
fohnews.com
foogleanalytics.com
fopnews.com
foxlews.com
foxne7s.com
foxneus.com
foxnew3.com
foxoews.com
foynews.com
fpnjs.com
gdn-apple.com
ggogleanalytics.com
ggogletagmanager.com
ggogleusercontent.com
gindowsupdate.com
gkogleanalytics.com
gkogleusercontent.com
gmogleanalytics.com
gmogletagmanager.com
gmogleusercontent.com
gnogleanalytics.com
gnogletagmanager.com
gnogleusercontent.com
goggletagmanager.com
goggleusercontent.com
gokgleanalytics.com
gokgletagmanager.com
gokgleusercontent.com
gomgleanalytics.com
gongleanalytics.com
gongletagmanager.com
gongleusercontent.com
goocleanalytics.com
goocletagmanager.com
goocleusercontent.com
gooeleanalytics.com
gooeleusercontent.com
goofleanalytics.com
goofletagmanager.com
googdeanalytics.com
googdetagmanager.com
googheanalytics.com
googhetagmanager.com
googheusercontent.com
googlaanalytics.com
googlatagmanager.com
googlausercontent.com
googldanalytics.com
googldtagmanager.com
googldusercontent.com
google4agmanager.com
google5sercontent.com
googleafalytics.com
googleajalytics.com
googlealalytics.com
googleanadytics.com
googleanahytics.com
googleanal9tics.com
googleanalqtics.com
googleanalxtics.com
googleanaly4ics.com
googleanalydics.com
googleanalypics.com
googleanalytacs.com
googleanalythcs.com
googleanalytias.com
googleanalytibs.com
googleanalytic3.com
googleanalyticc.com
googleanalyticq.com
googleanalyticr.com
googleanalyticw.com
googleanalytigs.com
googleanalytiks.com
googleanalytiss.com
googleanalytkcs.com
googleanalytmcs.com
googleanalytycs.com
googleanalyuics.com
googleanalyvics.com
googleanamytics.com
googleananytics.com
googleanclytics.com
googleanelytics.com
googleanilytics.com
googleanqlytics.com
googleaoalytics.com
googlecnalytics.com
googledagmanager.com
googleenalytics.com
googleesercontent.com
googleinalytics.com
googlepagmanager.com
googleqnalytics.com
googleqsercontent.com
googletacmanager.com
googletaemanager.com
googletag-anager.com
googletageanager.com
googletagianager.com
googletaglanager.com
googletagmafager.com
googletagmajager.com
googletagmalager.com
googletagmanacer.com
googletagmanaeer.com
googletagmanafer.com
googletagmanagar.com
googletagmanagdr.com
googletagmanage2.com
googletagmanageapi.com
googletagmanageb.com
googletagmanagep.com
googletagmanages.com
googletagmanagev.com
googletagmanagez.com
googletagmanaggr.com
googletagmanagmr.com
googletagmanagris.com
googletagmanagrs.com
googletagmanagrsapi.com
googletagmanagur.com
googletagmanaoer.com
googletagmanawer.com
googletagmancger.com
googletagmaneger.com
googletagmaniger.com
googletagmanqger.com
googletagmaoager.com
googletagmcnager.com
googletagminager.com
googletagmqnager.com
googletagoanager.com
googletaomanager.com
googletawmanager.com
googletcgmanager.com
googletigmanager.com
googletqgmanager.com
googletsercontent.com
googleu3ercontent.com
googleuagmanager.com
googleucercontent.com
googleuqercontent.com
googleurercontent.com
googleusarcontent.com
googleusdrcontent.com
googleuse2content.com
googleusebcontent.com
googleusepcontent.com
googleuseraontent.com
googleuserbontent.com
googleusercgntent.com
googleuserckntent.com
googleusercmntent.com
googleusercnntent.com
googleusercoftent.com
googleusercojtent.com
googleusercoltent.com
googleusercon4ent.com
googleusercondent.com
googleuserconpent.com
googleusercontant.com
googleusercontdnt.com
googleuserconteft.com
googleusercontejt.com
googleusercontelt.com
googleuserconten4.com
googleusercontend.com
googleusercontenp.com
googleusercontenu.com
googleusercontenv.com
googleuserconteot.com
googleusercontgnt.com
googleusercontmnt.com
googleusercontunt.com
googleuserconuent.com
googleuserconvent.com
googleusercootent.com
googleusergontent.com
googleusersontent.com
googleusescontent.com
googleusevcontent.com
googleusgrcontent.com
googleusmrcontent.com
googleusurcontent.com
googlevagmanager.com
googlewsercontent.com
googlganalytics.com
googlgtagmanager.com
googlgusercontent.com
googlmanalytics.com
googlmtagmanager.com
googluanalytics.com
googlutagmanager.com
googluusercontent.com
googmeanalytics.com
googmetagmanager.com
googmeusercontent.com
googneanalytics.com
goognetagmanager.com
googneusercontent.com
goooleanalytics.com
goooletagmanager.com
gootric.com
goowleanalytics.com
goowletagmanager.com
goowleusercontent.com
hocalytics.com
iicrosoftonline.com
iixpanel.com
ippsee.com
jpnjs.com
ka3persky.com
kaqpersky.com
kaspepsky.com
kasperqky.com
kaspersk9.com
kasperskq.com
kaspessky.com
kaspezsky.com
kaspgrsky.com
kaspmrsky.com
kaspursky.com
kastersky.com
kasxersky.com
kcspersky.com
kdn-apple.com
lgcalytics.com
licrosoftonline.com
lmcalytics.com
lncalytics.com
loaalytics.com
locadytics.com
locahytics.com
localqtics.com
localy4ics.com
localydics.com
localytacs.com
localythcs.com
localytias.com
localytibs.com
localytic3.com
localyticc.com
localyticw.com
localytigs.com
localytiks.com
localytiss.com
localytkcs.com
localytmcs.com
localytycs.com
localyuics.com
localyvics.com
locamytics.com
locanytics.com
locclytics.com
locelytics.com
locqlytics.com
lokalytics.com
lpnjs.com
mhxpanel.com
mi8panel.com
mibrosoftonline.com
micposoftonline.com
micrgsoftonline.com
micrksoftonline.com
microqoftonline.com
microskftonline.com
microsmftonline.com
microsnftonline.com
microsobtonline.com
microsof4online.com
microsofdonline.com
microsoftgnline.com
microsoftknline.com
microsoftnnline.com
microsoftofline.com
microsoftojline.com
microsoftolline.com
microsoftonhine.com
microsoftonlane.com
microsoftonlhne.com
microsoftonlife.com
microsoftonlije.com
microsoftonlile.com
microsoftonlina.com
microsoftonlind.com
microsoftonling.com
microsoftonlinu.com
microsoftonlioe.com
microsoftonlkne.com
microsoftonlmne.com
microsoftonmine.com
microsoftonnine.com
microsoftooline.com
microsofuonline.com
microsofvonline.com
microsovtonline.com
micsosoftonline.com
micvosoftonline.com
miczosoftonline.com
mihpanel.com
mippanel.com
mix0anel.com
mixpalel.com
mixpanal.com
mixpandl.com
mixpaned.com
mixpanem.com
mixpanml.com
mixpanul.com
mixpcnel.com
mixpenel.com
mixpinel.com
mixranel.com
mixtanel.com
mixxanel.com
mkcrosoftonline.com
mkxpanel.com
mmxpanel.com
mocalytics.com
myxpanel.com
n0njs.com
npjjs.com
npljs.com
npnhs.com
npnj3.com
npnks.com
npnns.com
npnzs.com
npojs.com
nqnjs.com
nrnjs.com
ntnjs.com
nxnjs.com
oicrosoftonline.com
oixpanel.com
ooogleanalytics.com
ooogleusercontent.com
opnjs.com
peslamotors.com
qalesforce.com
qlack-msgs.com
qppsee.com
qymantec.com
ralesforce.com
regment.io
rlack-msgs.com
rymantec.com
s9mantec.com
sadesforce.com
sahesforce.com
saldsforce.com
sale3force.com
saleqforce.com
salesborce.com
salesfgrce.com
salesfmrce.com
salesfnrce.com
salesfo2ce.com
salesfobce.com
salesfopce.com

# Reference: https://twitter.com/felixaime/status/1248154035053637632

google-analytcsapi.com

# Reference: https://www.perimeterx.com/resources/blog/2020/new-stealth-magecart-attack-bypasses-payment-services-using-iframes/
# Reference: https://www.virustotal.com/gui/ip-address/83.166.250.66/relations

braintreegateway24.com
braintreegateway24.tech
braintreegateway.services

# Reference: https://twitter.com/felixaime/status/1250807334676414465

tag-css.icu

# Reference: https://twitter.com/MBThreatIntel/status/1252265931088080896

vetality.site

# Reference: https://twitter.com/MBThreatIntel/status/1252285343555960833

ducatigrenoble.com/skin/frontend/ves_brave/default/css/bootstrap.php

# Reference: https://twitter.com/MBThreatIntel/status/1252338975265546242

clipbutton.com.br/catalog/discount.php
tivents.de/media/wysiwyg/paypal4.gif

# Reference: https://twitter.com/felixaime/status/1253039202465468419
# Reference: https://www.virustotal.com/gui/ip-address/193.38.54.55/relations
# Reference: https://www.virustotal.com/gui/ip-address/193.38.54.62/detection

secrityipa.club
securityipa.club

# Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# Skimmer)
# Reference: https://www.virustotal.com/gui/domain/sunrisepromos.com/relations

sunrisepromos.com/js/lib/ccard.js

# Reference: https://securityaffairs.co/wordpress/98124/cyber-crime/uncovering-new-magecart-implant.html
# Reference: https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/
# Reference: https://labs.sucuri.net/web-skimmer-with-a-domain-name-generator-follow-up/
# Reference: https://twitter.com/AffableKraut/status/1257937430709186560
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations

ql201000.pw
ql201041.pw
ql201243.pw
ql201456.pw
ql201463.pw
ql201721.pw
ql202141.pw
ql202412.pw
ql202657.pw
ql202989.pw
qr201010.pw
qr201089.pw
qr201161.pw
qr201346.pw
qr201854.pw
qr202004.pw
qr202284.pw
qr202754.pw
qr202844.pw
qr202960.pw
q(l|r)[0-9]{5,6}\.pw
/js/ar/ar906.php
/js/ar/ar2497.php
/js/ar/ar7938.php

# Reference: https://blog.sucuri.net/2020/04/web-skimmer-with-a-domain-name-generator.html

gooogletagmanager.online

# Reference: https://twitter.com/Bank_Security/status/1258130762685186048
# Reference: https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
# Reference: https://www.virustotal.com/gui/ip-address/83.166.242.105/relations

myicons.net
psas.pw

# Reference: https://twitter.com/felixaime/status/1258800483524804608

jquerycdn.at

# Reference: https://twitter.com/felixaime/status/1258834331163922432

jquerye.at

# Reference: https://twitter.com/felixaime/status/1260822992180973572

cdnjustuno.icu
manag.icu
targetad.icu

# Reference: https://twitter.com/felixaime/status/1260827294723170304

tags-app.icu
tags-bootstrap.icu

# Reference: https://twitter.com/MBThreatIntel/status/1269400469845061632

tagapp.icu

# Reference: https://twitter.com/AffableKraut/status/1261157021027622912
# Reference: https://gist.github.com/krautface/c2f2d6d0c4516afc47efcbe17e561e0c

priangan.com/wp-content/languages/blogid/

# Reference: https://twitter.com/tosscoinwitcher/status/1261353530465456128
# Reference: https://twitter.com/500mk500/status/1261361366339903488
# Reference: https://www.virustotal.com/gui/domain/googletagmanagr.com/detection

googletagmanagr.com

# Reference: https://twitter.com/MBThreatIntel/status/1262893385448210434

magentorates.com

# Reference: https://twitter.com/MBThreatIntel/status/1263850035382378497
# Reference: https://twitter.com/500mk500/status/1263861204327505928
# Reference: https://twitter.com/d09r_/status/1263864711847620609
# Reference: https://www.virustotal.com/gui/ip-address/5.188.62.173/relations
# Reference: https://www.virustotal.com/gui/ip-address/176.123.6.37/relations

padmin.xyz
hostssl.uno
hostssl.xyz
shopssl.xyz
idtransfer.icu

# Reference: https://twitter.com/MBThreatIntel/status/1263876741094727680
# Reference: https://www.virustotal.com/gui/ip-address/23.106.215.85/relations

cdncontentserver.com
onlineimageservices.com

# Reference: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/

gocgle-analytics.cm
gocgle-analytics.net
gocgletagmanager.cm
gocgletagmanager.com

# Reference: https://www.virustotal.com/gui/ip-address/194.180.224.112/relations

authcrize.net
gcogle-analytics.com
gocgle-analytics.net
googlo-analytics.com
googlo-analytics.net
gooqle-analytics.com
gooqle-analytics.net
secure-authorize.net
wanalytic.is

# Reference: https://twitter.com/kyleehmke/status/1399680399756906502
# Reference: https://www.virustotal.com/gui/ip-address/87.120.254.4/relations

gooqle-login.com

# Reference: https://twitter.com/felixaime/status/1264124350883602432
# Reference: https://www.virustotal.com/gui/ip-address/161.35.202.72/relations

cdndoubleclick.net

# Reference: https://twitter.com/felixaime/status/1264567401380753409

cdn-contentstore.com
cdn-sources.com

# Reference: https://twitter.com/AffableKraut/status/1265349583925841922

ads-fbstatistic.com

# Reference: https://twitter.com/felixaime/status/1265175178532831237

livechatcdn.com

# Reference: https://twitter.com/felixaime/status/1265176411322499072

cloudfrontapi.com
cloudfrontapi.net

# Reference: https://twitter.com/MBThreatIntel/status/1266397492658098176

s3.amazonaws.com/content.zipboss.com/code/zipboss.dev.js

# Reference: https://twitter.com/felixaime/status/1267045708932222976

apibazaarvoice.com

# Reference: https://twitter.com/benkow_/status/1267034595758833667

http://89.82.251.136/counter/index.php

# Reference: https://twitter.com/felixaime/status/1267095794571792384
# Reference: https://twitter.com/dimitribest/status/1372632649496420364
# Reference: https://twitter.com/rootprivilege/status/1392119803997941762
# Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/

http://45.197.141.250
45.197.141.250:443
happykid.in/image/catalog/d_blog_module/review/jjs.js
tienda.flex.cl/media/sello-ecommerce.js

# Reference: https://twitter.com/eclipsepicards/status/1268240487233867778

platinumus.top

# Reference: https://twitter.com/MBThreatIntel/status/1267874481113989121

googleapifs.space

# Reference: https://twitter.com/felixaime/status/1267729483987062786

ssecurapi.club

# Reference: https://twitter.com/MBThreatIntel/status/1268340229347270657

jquerylib.at

# Reference: https://twitter.com/MBThreatIntel/status/1268982125543387136

cdnn-aws.com

# Reference: https://twitter.com/unmaskparasites/status/1269005294325108738

hits-cache.com

# Reference: https://blog.sucuri.net/2020/06/evasion-tactics-in-hybrid-credit-card-skimmers.html
# Reference: https://www.virustotal.com/gui/ip-address/185.110.132.220/relations

http://185.110.132.220
jshost.org

# Reference: https://twitter.com/prsecurity_/status/1269843378088247296

http://185.4.65.69
http://185.4.65.72
http://185.4.66.82
http://37.252.0.91
http://37.252.0.115
http://37.252.0.150
http://37.252.0.149
http://37.252.0.196
http://37.252.0.199
http://5.45.80.46
http://5.45.82.166
http://5.45.82.189
http://5.45.83.202
http://5.45.83.223

# Reference: https://twitter.com/unmaskparasites/status/1270064808864419841
# Reference: https://www.virustotal.com/gui/ip-address/54.38.49.244/relations

jsassets.net
payprocessor.net

# Reference: https://twitter.com/MBThreatIntel/status/1270150196333142016

locol.site

# Reference: https://twitter.com/JWilsonSecurity/status/1270087185795026944

t.obet.us/gagal/log.php

# Reference: https://twitter.com/MBThreatIntel/status/1270861231776137218
# Reference: https://twitter.com/MBThreatIntel/status/1279128778543783936
# Reference: https://twitter.com/500mk500/status/1270945615812460544
# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.189/relations

bootstrapmag.com
chatajax.com
google-adware.com
jquery-apl.com
jqueryalert.com
jqueryapiscript.com
magento-info.com
magento-stores.com
magento-updater.com
security-magento.com
securityscr.com
w3schooli.com
wordpress-scripts.com

# Reference: https://twitter.com/felixaime/status/1271061780849209344
# Reference: https://www.virustotal.com/gui/ip-address/193.32.161.74/relations

cdnxmljquerybucket.com
jqueryapichecker.com
tagmanagercdn.com
tagmanagerxmlraw.com
xmljqueryscoring.com
xmlrawdataresponse.com

# Reference: https://securityaffairs.co/wordpress/104776/hacking/claires-magecart-attack.html

claires-assets.com

# Reference: https://twitter.com/felixaime/status/1263818626114740224
# Reference: https://twitter.com/MBThreatIntel/status/1272679759126777857
# Reference: https://www.virustotal.com/gui/ip-address/185.217.92.149/relations

jquerystats.com
salesstatistic.com
scriptstatistic.com

# Reference: https://twitter.com/benkow_/status/1273214642458853376

reddotarms.com/js/infortis/jquery/jquery-1.7.2.min.js

# Reference: https://twitter.com/benkow_/status/1273219665582579713

visaandpassportagency.com/js/prototype/prototype.js

# Reference: https://twitter.com/felixaime/status/1273221200886587392

magento-api.icu
magentolink.icu
bootstrap-fronts.icu
bootstrap-jquery.icu
cloud-fronts.icu
bootstrap-jquery.host
magento-api.host
cloud-fronts.host
magentolink.host
jqueryjs.host

# Reference: https://twitter.com/MBThreatIntel/status/1273733879526903808
# Reference: https://www.virustotal.com/gui/ip-address/185.92.148.128/relations

cddn.site
lebs.site

# Reference: https://securelist.com/web-skimming-with-google-analytics/97414/

google-anatytics.com
google-analytics-js.com

# Reference: https://www.virustotal.com/gui/ip-address/84.38.182.177/relations

mstracking.link
paypalapiobjects.com

# Reference: https://www.virustotal.com/gui/ip-address/5.101.50.50/relations

googleapimanager.com

# Reference: https://twitter.com/MBThreatIntel/status/1376665239647756289
# Reference: https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/

ads-fbstatistic.com
apilivechat.com
bestcdnforbusiness.com
bizrateservices.com
cddn.site
cxizi.net
favicon.click
j-queries.com
jquery-analitycs.com
jqueryanalise.xyz
koinweb.site
lebs.site
magentorates.com
pixasbay.com
sonol.site
teamsystems.info
towbarchat.com
undecoveria.com
webtrans.site
wosus.site
xciy.net
xoet.site
yxxi.net
yzxi.net

# Reference: https://twitter.com/MBThreatIntel/status/1279651033883439105

kttape.com/pub/static/frontend/Plumtree/kttapeb2b/en_US/mage/mail.js

# Reference: https://twitter.com/MBThreatIntel/status/1279523525192081408

cloud-flares.host

# Reference: https://twitter.com/wwp96/status/1279551267698888704

jquerycloud.host

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/
# Reference: https://twitter.com/MBThreatIntel/status/1280180299112919041
# Reference: https://www.virustotal.com/gui/ip-address/31.220.60.108/relations

cdn-xhr.com
hivnd.net
hixrq.net
idpcdn-cloud.com
joblly.com
rackxhr.com
thxrq.com

# Reference: https://twitter.com/unmaskparasites/status/1280569151833223168

cdn-google-analytics.com

# Reference: https://twitter.com/p5yb34m/status/1111707577685991424

givemejs.cc

# Reference: https://twitter.com/jeromesegura/status/1121811483195633670
# Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/

/mage/master/mage.js

# Reference: https://www.symantec.com/security-center/writeup/2018-092007-1208-99 (JSCoffe domains)

beachyripe.com
energycoffe.org
energytea.org
lightbulbs-direct.org
teacoffe.net
ukcoffe.com

# Reference: https://blog.sucuri.net/2018/12/localization-and-customization-of-credit-card-stealing-malware.html

kinfirighbetted.host
sales4reason.com
greatwebstat.com

# Reference: https://www.helpnetsecurity.com/2020/07/08/magecart-group-8/
# Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-A-3.pdf
# Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-B-1.pdf

adaptivecss.org
adorebeauty.org
anduansury.com
ankese.com
assethomify.com
assetstorage.net
blackriverimaging.org
braincdn.org
citywlnery.org
closetlondon.org
coffemokko.com
coffetea.org
dahlie.org
davidsfootwear.org
dobell.su
elegrina.com
energycoffe.org
etradesupply.org
exrpesso.org
fileskeeper.org
foodandcot.com
freshchat.info
freshdepor.com
frocklay.com
hqassets.com
info-js.link
jewsondirect.com
js-storage.click
jsvault.net
labbe.biz
link-js.link
londontea.net
mage-checkout.org
majsurplus.com
map-js.link
mechat.info
misshaus.org
oakandfort.org
ottocap.org
parks.su
paypaypay.org
pmtonline.su
replacemyremote.org
safeprocessor.com
sagecdn.org
sainester.com
scriptdesire.com
scriptsparadise.com
scriptvault.org
security-payment.su
shourve.com
slickjs.org
smart-js.link
stairany.com
swappastore.com
teacoffe.net
theresevit.com
top5value.com
track-js.link
ukcoffe.com
uthorizecdn.com
verywellfitnesse.com
walletgear.org
weblibscdn.com

# Reference: https://twitter.com/unmaskparasites/status/1283084460519456771

cdnlistrakbi.com

# Reference: https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html
# Reference: https://www.virustotal.com/gui/ip-address/8.208.19.101/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.77.10/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.99.41/relations

analytics-core.com
analytics-ssl.com
fonts-googlemaps.com
fonts-gstatic.com
fontsgoogle-apis.com
fontsgoogleapis.com
google-conf.com
google-console.com
google-core.com
google-sert.com
/app/design/frontend/Magento/luma/media/mage.png
/pub/media/downloadable/mage.png

# Reference: https://twitter.com/felixaime/status/1287408636164284419

cdn-filestorm.com
cloud-sources.com

# Reference: https://twitter.com/500mk500/status/1288482532774891521
# Reference: https://www.virustotal.com/gui/ip-address/8.211.36.239/relations
# Reference: https://www.virustotal.com/gui/domain/rooplancdn.com/detection

rooplancdn.com

# Reference: https://twitter.com/felixaime/status/1288604510802325509

shopify-sales.com

# Reference: https://twitter.com/felixaime/status/1288601153400446976
# Reference: https://www.virustotal.com/gui/ip-address/47.88.14.111/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.101.50.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.84.18/relations
# Reference: https://twitter.com/felixaime/status/1301090258671542272

adw-gooqle.com
blog-mage.com
cailpercovers.com
cheeseceke.com
cioubfiare.com
claristokp.top
clickstrackings.com
cloubfiare.com
cloudflaea.com
cloudfliare.com
googie-seo.com
google-ahatytics.com
google-anatytics.com
google-ssm.com
gooqieapis.com
jquery-doc.com
jquery-magento.com
jqueryupdate.com
magenlo.com
magento-update.com
marketing-yahoo.com
optimized-js.com
path-magento.com
script-magento.com
sucuil.net
tag-managers.com
up-tracking.com

# Reference: https://twitter.com/unmaskparasites/status/1288922935240077313

http://31.214.157.134/in.php
/setup/performance-toolkit/files/search_terms.php

# Reference: https://twitter.com/AffableKraut/status/1290031871670104066
# Reference: https://twitter.com/AffableKraut/status/1290031876892057600
# Reference: https://www.virustotal.com/gui/ip-address/37.252.5.111/relations
# Reference: https://gist.github.com/krautface/b65cb1e717038f000d4d9dfd860830ea

cdn-adsense.com

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/
# Reference: https://otx.alienvault.com/pulse/5f2c453b5b063dda49dd855f
# Reference: https://www.virustotal.com/gui/ip-address/51.83.209.11/relations

cigarpaqe.com
fleldsupply.com
pushcrew.pw
winqsupply.com
zoplm.com

# Reference: https://twitter.com/felixaime/status/1292567951762231299

cdncom.site

# Reference: https://twitter.com/AffableKraut/status/1293104085835689984
# Reference: https://www.virustotal.com/gui/domain/googapi.com/detection

googapi.com

# Reference: https://twitter.com/felixaime/status/1295796245588512768

payprocessor.net

# Reference: https://twitter.com/felixaime/status/1295800211416190976
# Reference: https://www.virustotal.com/gui/ip-address/188.209.49.71/relations

clipboardplugin.com
devtoolsforweb.com
variousscripts.com
topcc.biz
topcc.pw
topcc.store
topcc.su

# Reference: https://twitter.com/unmaskparasites/status/1295816804133199878
# Reference: https://twitter.com/AffableKraut/status/1295817245017493507

amastybootstrap.host
amastybootstrap.online
amastybootstrap.store
bootstrapcd.host
bootstrapcd.online
bootstrapcss.host
bootstrapcss.online
cdnbootstrap.host
cdnbootstrap.store
dbbootstrap.online

# Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations

cdn-jquerystatic.ddns.net
static-jquery.sytes.net

# Reference: https://www.virustotal.com/gui/ip-address/91.211.247.69/relations

cvv2.name

# Reference: https://www.virustotal.com/gui/ip-address/47.241.7.41/relations

acloudsapi.com
securebnp-server.com
securebnp1-update.com
secureing-update.com

# Reference: https://twitter.com/JCyberSec_/status/1298929497354448901

gaminpit.com

# Reference: https://twitter.com/MBThreatIntel/status/1299380573966802944
# Reference: https://www.virustotal.com/gui/ip-address/108.62.12.46/detection

content-analytics-server.com

# Reference: https://twitter.com/felixaime/status/1300335046029606912

lighting-spot.com/pub/media/js/jscol.min.js
lighting-spot.com/pub/media/js/lighting.js

# Reference: https://twitter.com/sansecio/status/1304043546970927104
# Reference: https://www.virustotal.com/gui/ip-address/80.78.254.128/relations

sansec.biz
csp.sansec.biz

# Reference: https://twitter.com/sansecio/status/1305041618744086528
# Reference: https://twitter.com/sansecio/status/1305461119314690048
# Reference: https://sansec.io/research/largest-magento-hack-to-date
# Reference: https://otx.alienvault.com/pulse/5f5f9a8ba62718db52b64700
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.245.32/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.245.93/relations

ajaxcloudflare.com
imags.pw
mcdnn.me
mcdnn.net
myicons.net
data-id-click.ru
divamoda-tds.ru
justwe-track.ru

# Reference: https://twitter.com/sansecio/status/1306190540963282946

facelook.no/en_US/pixel.js

# Reference: https://twitter.com/unmaskparasites/status/1308419144048668672

http://94.158.244.55

# Reference: https://twitter.com/MBThreatIntel/status/1310703704396279808

static-trustpilot.com

# Reference: https://twitter.com/felixaime/status/1310835184917458944
# Reference: https://www.virustotal.com/gui/ip-address/161.117.237.217/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.14.12.199/relations

acdn.space
ancdn.site
ancdnto.site
arcdn.site
bcdn.space
cacdn.site
ccdn.space
cdna.site
cdna.space
cdnc.space
cdncom.site
cdnd.site
cdnd.space
cdne.space
cdnf.site
cdnf.space
cdng.site
cdnh.site
cdni.site
cdnj.site
cdnm.site
cdno.site
cdnp.site
cdnq.site
cdnq.space
cdnr.space
cdns.space
cdnv.site
cdnv.space
cdnw.space
cdnx.space
cdnz.site
cdnz.space
dcdn.space
fcdn.space
frcdn.site
gcdn.space
gtacdn.site
gtag.site
gtage.site
gtamanag.site
gtcdn.site
gtgcdn.site
gtmcdn.site
hcdn.space
icdn.space
jcdn.space
kcdn.space
ncdn.space
ocdn.space
qcdn.space
tcdn.space
usacdn.site
uscdn.site
wcdn.space
xcdn.space
zcdn.space

# Reference: https://twitter.com/felixaime/status/1310840704801951744

jquerycss.online
jquerycss.space
jquerycss.store
jquerycss.tech
jquerycss.website

# Reference: https://twitter.com/JWilsonSecurity/status/1311140720498147334
# Reference: https://www.virustotal.com/gui/domain/ride4speed.com/relations

ride4speed.com

# Reference: https://twitter.com/AffableKraut/status/1311330609546104832

googleanalytics.monster
googleanalytics.buzz
google-analytics.monster
google-analytics.buzz
googletagmanager.cyou
google-analytics.icu
google-analytics.club
googletagmanager.top
google-analytics.cyou
googleanalytics.top
googleanalytics.cyou
statanalytic.cyou
googleshopanalytic.icu
gstatic.cyou
gstatic.club

# Reference: https://twitter.com/MBThreatIntel/status/1311423125582540802

adsojs.com
cdndeskpro.com
cdnprog.com
faceapiget.com
facecdnget.com
fbpixelget.com
gstaticapi.com
keywestcdn.com
klaviyo.host
lightgetjs.com
listrakjs.com
mediabtracker.com
meidiaplus.com
section.ws
sectionget.com
sumome.net
swiftypecdn.org
uniquegetapi.com
findericons.com/favicon.ico

# Reference: https://unit42.paloaltonetworks.com/malicious-coinminers-web-skimmer/

metahtmlhead.com

# Reference: https://twitter.com/rootprivilege/status/1311731116345237509
# Reference: https://blog.sucuri.net/2021/01/magento-php-injection-loads-javascript-skimmer.html
# Reference: https://www.virustotal.com/gui/ip-address/5.135.247.140/relations

underscorefw.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.90.81/relations

fontsgoogle-api.com
googleapis-fonts.com

# Reference: https://twitter.com/MBThreatIntel/status/1313137479512276995
# Reference: https://www.virustotal.com/gui/ip-address/188.68.220.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.184.253.166/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.245.128.231/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.89.184.107/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.254.170.245/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.254.84.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.53.125.202/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.14.9/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.20.61/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.27.102/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.72.188/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.79.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.65.45/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.210.68.59/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.143.29.164/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.144.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.145.190/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.147.241/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.148.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.148.30.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.148.31.102/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.148.31.214/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.180.233/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.180.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.183.160/relations

admin-autorization.com
bing-analytics.com
bing-insert.com
bootstrap-java.com
cdn-jquery.com
checkout-sagepay.com
connect-facebook.com
google-analytics.top
google-anylysis.com
google-apic.com
google-assignments.com
google-assistant.com
google-checkout.com
google-connect.com
google-modile.com
google-money.com
google-payment.com
google-query.com
google-sale.com
google-sanek.com
google-smart.com
google-standard.com
google-taq.com
google-tasks.com
google-worldpay.com
jquery-assets.com
jquery-assist.com
jquery-insert.com
jquery-migrate.com
live-sagepayment.com
pay-sagepay.com
pay-u-biz.com
payment-sagepay.com
payment-worldpay.com
paypal-assist.com
paypal-debit.com
paypal-vendor.com
paypal-worldpay.com
paypalapiobjects.com
payu-biz.com
sagepay-live.com
sagepay-world.com
yahoo-manager.com
yahoo-tasks.com

# Reference: https://www.virustotal.com/gui/ip-address/47.245.128.230/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.181.56/relations

cdnanalyticss.top
google-picaso.com
promakerboi.top

# Reference: https://twitter.com/AffableKraut/status/1313600312045907973

shopifyst.com

# Reference: https://twitter.com/unmaskparasites/status/1313913253035159553
# Reference: https://www.virustotal.com/gui/ip-address/176.123.3.85/relations

ay64.club
by222.site
cyan24.club
dynrdns.site
googleanalytics.icu
idssl.site
shopstatanalytics.store
statanalytic.site

# Reference: https://twitter.com/malwareinfosec/status/1349425176983658497
# Reference: https://www.virustotal.com/gui/ip-address/8.208.102.232/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.24.81/relations

facebookapimanager.com
tag-manager.net
tags-manager.com

# Reference: https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/
# Reference: https://www.virustotal.com/gui/ip-address/198.187.31.243/relations
# Reference: https://twitter.com/MBThreatIntel/status/1314298615204995072

playbacknows.com

# Reference: https://twitter.com/jeromesegura/status/1137087208630833152

jquers.com
jqueres.com

# Reference: https://twitter.com/Jacob_Pimental/status/1316173250850942977
# Reference: https://twitter.com/Jacob_Pimental/status/1316174498073399296
# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.154/relations

dataprocessor.net
luhnvalidator.com
stairany.com

# Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html

polobear.shop

# Reference: https://twitter.com/marcelmalware/status/1140723183584272386
# Reference: https://www.virustotal.com/gui/domain/jquery.su/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.97.167/relations

certicodeplus.cn
cloudflare.su
cloudflareplus.com
cloudflareplus.net
cloudflarepro.info
cloudflarepro.name
cloudflareshop.com
coomperative.com
glohtoris.top
googleexpert.name
googleinfo.name
googlemaster.info
googlemaster.name
googleplus.name
googletag.info
googletag.name
jquery.su
jquery24.com
jqueryexpert.com
jqueryinfo.com
jsstroy.com
magentoinfo.name
magentoinfo.org
magentoportal.com
magentostore.org
mycloudflare.net
paypai.xyz
procloudflare.com
procloudflare.net

# Reference: https://www.virustotal.com/gui/ip-address/195.54.167.88/relations

alipayservice.top
alipaysecurity.top
unionpayinternational.services

# Reference: https://twitter.com/AffableKraut/status/1325157786032992258
# Reference: https://twitter.com/AffableKraut/status/1325157787291168775

aws-amazon.site
freshdesk.space
gaming-spirit.xyz
gaminpit.com
googletagmanager.site
gooogletagsmanage.com
karovi.best
kckaa.com
kxotic.me
newoldtime.site
newoldtime.space
riskified.site
shipstation.space
signifyd.site
tiros.xyz

# Reference: https://www.virustotal.com/gui/ip-address/47.91.76.198/relations

google-site-verification.com
googlecloud-verification.com
googletags-manager.com
jquerydll.com
script-analytic.com
script-analytics.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.76.69/relations

apibaseajax.com
reactjsget.com
statsaps.com

# Reference: https://twitter.com/EKFiddle/status/1326245935559692289
# Reference: https://www.virustotal.com/gui/ip-address/162.241.201.20/relations

artichgroup.com

# Reference: https://twitter.com/rootprivilege/status/1326231381169512450
# Reference: https://www.virustotal.com/gui/ip-address/194.59.40.37/relations

jquerylib-min.com
jquerylib-min.net
onlinecdn-js.com

# Reference: https://www.riskiq.com/resources/research/magecart-ant-and-cockroach-skimmer/
# Reference: https://urlscan.io/search/#google-statik.pw
# Reference: https://www.virustotal.com/gui/ip-address/217.12.204.185/relations

2binary-education.pw
ads2.adverline.com/retargetproduit/partntertag/103754_tag.js
alexa-rank.pw
batbing.com
bgznnfzn.pw
checkip.biz
consoler.in
gnwnprnf.pw
google-statik.pw
niywqcnp.pw
pornodrive.pw
pornostyle.pw
portal-a.pw
portal-b.pw
portal-c.pw
portal-d.pw
portal-e.pw
portal-f.pw
recaptcha-in.pw
search-components.pw
sexrura.pw
tattoopad.pw
xnprnfzn.pw

# Reference: https://www.virustotal.com/gui/ip-address/185.236.232.88/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.44.45.58/relations
# Reference: https://otx.alienvault.com/indicator/domain/gtagmanagers.com
# Reference: https://urlscan.io/result/fcd59e67-62ae-4d44-904a-51208ed82f3e
# Reference: https://hybrid-analysis.com/sample/309d6cd27991b14cffe004ffbf3844dec6e050e2ed1604558627fa3077599032

gtagmanagers.com

# Reference: https://securityaffairs.co/wordpress/111009/cyber-crime/sucuri-software-skimmer.html

terminal4.veeblehosting.com/~sucurrin/i/gate.php
/~sucurrin/
/sucurrin/

# Reference: https://twitter.com/rootprivilege/status/1331766420317773826

zago-store.vn/pub/health_check.php

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/
# Reference: https://twitter.com/AffableKraut/status/1333258524219072515

adsometrick.com
apptegmaker.com
googletage.com
indesiter.com
tag-metrix.com
tawktalk.com

# Reference: https://twitter.com/AffableKraut/status/1334745410750046208

abcanalytics.net
adsymptotic.net
artestfut.com
artfut.net
iofrontcloud.com
outbrains.net
upsellit.io
zdassets.net

# Reference: https://twitter.com/EKFiddle/status/1334908783894491138
# Reference: https://twitter.com/rootprivilege/status/1335018000227868672
# Reference: https://sansec.io/research/svg-malware

budoshop.si/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css
budoshop.si/pub/health_check.php
myfisherstore.com/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css
myfisherstore.com/pub/health_check.php

# Reference: https://twitter.com/AffableKraut/status/1335501765031174145
# Reference: https://www.virustotal.com/gui/ip-address/51.89.179.232/relations

jquerycdn.net
jquerycss.xyz
jquerysapi.com
js-jquery.com
jslibcdn.net

# Reference: https://www.group-ib.com/blog/fakesecurity_raccoon (# FakeSecurity)

cloud-js.co.za
host-js.co.za
magento-cloud.co.za
magento-js.co.za
magento-security.co.za
marketplace-magento.co.za
marketplacemagento.co.za
node-js.co.za
payment-js.co.za
security-js.co.za
web-js.co.za

# Reference: https://twitter.com/sansecio/status/1336319799501078529 (# FakeSecurity)
# Reference: https://twitter.com/AffableKraut/status/1336342947613306881

bing-statistic.co.za
bing-statistic.org.za
bing-statistic.web.za
cdn-jquery.co.za
cdn-jquery.org.za
cdn-jquery.web.za
cdn-js.co.za
cdn-js.org.za
cdn-js.web.za
chrome.co.za
chrome.org.za
chrome.web.za
font-google.co.za
font-google.org.za
font-google.web.za
g00gle.africa
g00gle.co.za
g00gle.org.za
g00gle.web.za
godaddy.co.za
godaddy.org.za
godaddy.web.za
google-script.co.za
google-script.org.za
google-script.web.za
google-scripts.co.za
google-scripts.org.za
google-scripts.web.za
javascript.co.za
javascript.org.za
javascript.web.za
js-google.co.za
js-google.org.za
js-google.web.za
magent0.co.za
magent0.org.za
magent0.web.za
magento-connect.co.za
magento-connect.org.za
magento-connect.web.za
magento-content.co.za
magento-content.org.za
magento-content.web.za
microsoft.co.za
microsoft.org.za
microsoft.web.za
mozilla.co.za
mozilla.org.za
mozilla.web.za
opera.co.za
opera.org.za
opera.web.za
yah00.co.za
yah00.org.za
yah00.web.za

# Reference: https://www.virustotal.com/gui/ip-address/169.239.182.46/relations
# Reference: https://twitter.com/AffableKraut/status/1336352752478334977

google-statistic.com
google-statistic.net
yahoo-statistic.com
yahoo-statistic.net

# Reference: https://www.virustotal.com/gui/domain/google-statistics.com/relations

google-statistics.com

# Reference: https://twitter.com/500mk500/status/1336333922213404673
# Reference: https://www.virustotal.com/gui/ip-address/8.208.99.195/relations

comepropay54.net

# Reference: https://twitter.com/sansecio/status/1336614850047381506
# Reference: https://www.virustotal.com/gui/ip-address/89.108.90.123/relations

cloud-iq.net

# Reference: https://www.virustotal.com/gui/ip-address/89.108.90.125/relations

brandcdn.net

# Reference: https://twitter.com/kyleehmke/status/1336694242685702147

google-register.com
webspagestat.com

# Reference: https://twitter.com/AffableKraut/status/1337485794940956675
# Reference: https://twitter.com/AffableKraut/status/1337491084960739329
# Reference: https://twitter.com/500mk500/status/1337499684370255872
# Reference: https://pastebin.com/Xf4iGu9q

adrequest.xyz
agrorek.site
apiiiiii.com
appraisalqpm.com
artifacia.store
bigdomain.in
businesslocationfinder.org
cloudfront.pro
comebizframe.com
evamedia.top
evanalitic.com
g-content.bid
golecode.com
gooaglesyndication.com
google-stupidix.com
googleadservicees.com
googleais.com
googlecodelibs.com
googlesyndicatiofn.com
googlesyndiction.com
googletagmanag-er.com
googlgr.com
googlnalytics.com
gytmoogletagmanager.com
hs-script.com
html5update.com
javascriptcdn.stream
jquerry.online
jquerytutorialjs.com
jss-mautic.com
koobecaf.info
mediapays.info
ml-api.pw
nearsightedraccoon.com
polygons.cloud
professionalcdn.com
raku10shop.net
realtracking.ninja
removeclickfunnels.com
rotate4ads.com
seetestnow.com
sitespy.in
sublytics-5d6fcf0a813fd.com
thesqt.online
trackedlink.biz
visitorhunter.com
weathers.pw
xhtmls.cc

# Reference: https://twitter.com/jfslowik/status/1337465833602203648

centosupdatecdn.com
jqery.net

# Reference: https://twitter.com/AffableKraut/status/1337682688233398273

googie-analytisc.com
google-analytisc.com
google-ecommerce.com
google-science.com
google-trusts.com

# Reference: https://www.virustotal.com/gui/domain/google-analysis.com/detection

google-analysis.com

# Reference: https://twitter.com/gwillem/status/1339895713405280265
# Reference: https://www.virustotal.com/gui/file/2602da2aafea7a632d69654269c923d33d23bb72176bee9b5cd2e602bd3c93c3/detection
# Reference: https://www.virustotal.com/gui/file/4321b96d5ee4f89baeca39d24a7808190129b1115d1236297e191c4706444090/detection
# Reference: https://www.virustotal.com/gui/file/85b74ceae400d70ab81aa8e0f1412689196e9eead3fc3dbe33df26af7fac33c9/detection
# Reference: https://www.virustotal.com/gui/file/89ad715d0c924625fb4af392353e07c97b4e6a23fd65ef845690900e5d3dbb1d/detection

hostreselling.com
jquerysmartstack.com

# Reference: https://community.riskiq.com/article/14924d61
# Reference: https://urlscan.io/search/#jquerycloud.com
# Reference: https://www.virustotal.com/gui/ip-address/8.211.0.55/relations

jquerycloud.com
/js/dovesfarm.js

# Reference: https://twitter.com/VK_Intel/status/1162434460731813893
# Reference: https://www.zscaler.com/blogs/security-research/magecart-hits-again-leveraging-compromised-sites-and-newly-registered-domains

cloudflara.org
googletagmanager-service.com

# Reference: https://twitter.com/500mk500/status/1339707412316626945
# Reference: https://www.virustotal.com/gui/ip-address/185.154.13.210/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.254.129.13/relations

gstatica.space
gstaticc.space
gstaticd.space
gstatice.space
gstaticf.space
gstaticq.space
gstaticr.space
gstatics.space
gstaticv.space
gstaticw.space
gstaticx.space
gstaticz.space

# Reference: https://twitter.com/rootprivilege/status/1339751739604365312

printcss.host

# Reference: https://twitter.com/sansecio/status/1339914201662443520
# Reference: https://www.virustotal.com/gui/ip-address/162.241.222.203/relations

hsbc-secures.com
hsbcaccts.com
hsbcsecuressl.com
nmdatast.com
ushsbcsecure.com

# Reference: https://twitter.com/AffableKraut/status/1340035274450079744
# Reference: https://twitter.com/500mk500/status/1340048171779633153

paymaster-ssl.ru

# Reference: https://twitter.com/makflwana/status/1341239469836357633
# Reference: https://www.virustotal.com/gui/ip-address/176.123.7.116/relations

googlessl.icu
idtransfer.icu
idtransfer.me

# Reference: https://www.group-ib.com/blog/ultrarank
# Reference: https://otx.alienvault.com/pulse/5fe4cb300b0a9b6655a11de1

45.141.84.239:1443
googletagsmanager.co
googletagsmanager.info
s-panel.su

# Reference: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

zg9tywlubmftzw5ldza.com
zg9tywlubmftzw5ldze.com
zg9tywlubmftzw5ldze0.com
zg9tywlubmftzw5ldze1.com
zg9tywlubmftzw5ldzew.com
zg9tywlubmftzw5ldzex.com
zg9tywlubmftzw5ldzey.com
zg9tywlubmftzw5ldzez.com
zg9tywlubmftzw5ldzg.com
zg9tywlubmftzw5ldzi.com
zg9tywlubmftzw5ldzk.com
zg9tywlubmftzw5ldzm.com
zg9tywlubmftzw5ldzq.com
zg9tywlubmftzw5ldzu.com
zg9tywlubmftzw5ldzy.com

# Reference: https://www.virustotal.com/gui/ip-address/47.90.242.121/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.91.28.226/relations

trustcdnjs.com

# Reference: https://www.virustotal.com/gui/ip-address/161.117.89.16/relations
# Reference: https://urlscan.io/result/2cbc4a8f-eff1-4ed2-8fcf-09514c612e19/
# Reference: https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/
# Reference: https://urlscan.io/domain/myxintad.com

jsglobal.top
myxintad.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.89.255/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations

connecstaff.com
pubmatgic.com

# Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations

awskit.com
awsprog.com
keywestapi.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.24.53/relations

pixeltrack.top

# Reference: https://twitter.com/p0x53/status/1343649574674550784
# Reference: https://www.virustotal.com/gui/ip-address/176.119.1.157/relations

amazon-server12-cdn.com
amazon-server15-cdn.com

# Reference: https://twitter.com/felixaime/status/1343958003905671173

jerrysmusic.com/js/varien/validation.js

# Reference: https://twitter.com/marcelmalware/status/1277615543013519362

gtows.com/wp-content/js/var.js

# Reference: https://twitter.com/sinnadabueno/status/1344078328278482946

userway-api.com

# Reference: https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html

java-e-shop.com
soulmagic.biz.fozzyhost.com

# Reference: https://twitter.com/malwareinfosec/status/1347590799249219584
# Reference: https://www.virustotal.com/gui/ip-address/102.130.115.168/relations

cdn-cloud.co.za
cdn-jquery.biz
cdn-jquery.net
cdn-jquery.net.za
cdn-jquery.org
cdn-jquery.web.za
cdn-jquery.org.za
cdn-stat.co.za
cdn-stat.org.za
cdn-stat.web.za
cdn-update.co.za

# Reference: https://twitter.com/malwareinfosec/status/1347598539589709824

veterinaryconcepts.com/errors/enx.php?data=

# Reference: https://twitter.com/500mk500/status/1347687209844027392
# Reference: https://urlscan.io/result/0a34d7a1-aef8-45d3-b71a-71d68d66530b/
# Reference: https://urlscan.io/result/838576c6-7d97-4821-86cd-6d463d21782b/
# Reference: https://www.virustotal.com/gui/ip-address/193.38.54.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.4/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.6/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.7/relations

cloudchimp.online
cloudchimp.tech
mail-chimp.site
mailchimp.press
printcss.site
tagmanager.online
tagmanager.site
tagmanager.store
tagmanager.tech

# Reference: https://twitter.com/felixaime/status/1351456431086698498
# Reference: https://twitter.com/malwareinfosec/status/1351584550099435526
# Reference: https://twitter.com/p0x53/status/1352188052433633280
# Reference: https://www.virustotal.com/gui/ip-address/109.199.125.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.92.206.12/detection

styl.click
styl.host
styl.press
analyst.uno
magento.uno
publish.uno
servers.uno
sql.uno
vms.uno

# Reference: https://twitter.com/AffableKraut/status/1260829836198711296

analitic.club
felers.club
tags-analitic.icu
tags-css.icu

# Reference: https://twitter.com/AffableKraut/status/1348165316589846532

fbevents.host
fbevents.site
fbevents.store
fbevents.tech

# Reference: https://twitter.com/AffableKraut/status/1348525412415107072
# Reference: https://www.virustotal.com/gui/ip-address/45.155.38.3/relations

cdn-google-cloudflare.com

# Reference: https://twitter.com/AffableKraut/status/1348684891718901762
# Reference: https://www.virustotal.com/gui/ip-address/102.130.114.139/relations
# Reference: https://www.virustotal.com/gui/ip-address/102.130.114.153/relations
# Reference: https://www.virustotal.com/gui/ip-address/102.130.114.147/relations

asp-cloud.org.za
google-document.co.za
google-js.co.za
google-js.org.za
google-js.web.za
google-network.co.za
google-statistic.co.za
google-statistic.org
google-statistic.org.za
google-statistic.web.za
jquery.africa
jquery.org.za
lib-cloud.org.za
lib-cloud.web.za
mage.org.za
mage.web.za
magento.web.za
node-js.org.za
node-js.web.za
nodejs.org.za
yahoo-statistic.org.za
yahoo-statistic.web.za

# Reference: https://community.riskiq.com/article/5bea32aa

statexplore.com
jquery-dll.net

# Reference: https://twitter.com/AffableKraut/status/1351390506484445184
# Reference: https://twitter.com/AffableKraut/status/1351390507759529984
# Reference: https://twitter.com/AffableKraut/status/1351390508719943680
# Reference: https://gist.github.com/krautface/3957a1f6d21cb201fefb8327ecb3dfdd
# Reference: https://gist.github.com/krautface/8e4706bc1142f5d14c3fb15a8a17a7ed
# Reference: https://gist.github.com/krautface/e80d3dbf7cbc49a6449ba3355b6af327

0fx.club
114oo.icu
189027.icu
1xbe.icu
221u7.cyou
2now.cyou
3dworks.club
5x5x5.cyou
64bitss.club
7digits.us
8words.xyz
9gag.uno
a42.buzz
abspl.xyz
ax128.icu
b17.monster
badger.uno
bx333.cyou
c982.link
commv.club
cx1md.cyou
d883.click
dx26cmd.icu
e141.icu
ext22.icu
eyes2u.site
f1racing.icu
f8822.buzz
fx555.cyou
fykes.club
g8super.monster
g98.monster
gx717.icu
gym365.site
hihihi.cyou
hx24.cyou
hyper1.club
intr0.cyou
ix85.cyou
iyork.club
johndoe.icu
jx22.icu
jyjy.site
klingon.monster
kx482.icu
kyat.club
lazyfox.icu
lx05.cyou
lynx1.site
monk.monster
mx11.shop
mythis.store
n0ne.cyou
nx44.fun
nyvip.store
oppen.icu
ox95.top
pens.monster
px22.xyz
pyrex.site
quicky.cyou
reddys.icu
streetrac.icu
sub0.monster
tanks.cyou
uoycc.cyou
user42.xyz
vacuum5.club
vdr.monster
wyomng.icu
xfilesx.club
yoyoyo.cyou
zerr.club
zetas.club

# Reference: https://twitter.com/rootprivilege/status/1352625063212666880
# Reference: https://twitter.com/unmaskparasites/status/1352743873714348033
# Reference: https://lukeleal.com/research/posts/magento2-skimmer-testserver-php/

bardven.com/testServer.php
pedlitz.com/testServer.php

# Reference: https://twitter.com/AffableKraut/status/1352693061336371200
# Reference: https://www.virustotal.com/gui/ip-address/169.239.183.80/relations

ajax-plugin.org
cdn-ajax.co.uk
cdn-cloudflare.biz
cdn-js.co.uk
cdn-magento.com
cdn-plugins.org
cdn-rackspace.com
cloud-plugins.org
js-widget.com
plugin-ajax.com
widget-ajax.co.uk
widget-js.co.uk

# Reference: https://twitter.com/malwrhunterteam/status/1354431227802095619
# Reference: https://www.virustotal.com/gui/ip-address/34.85.13.9/relations

jquery-scdn.com

# Reference: https://twitter.com/jeromesegura/status/1354598447022653442
# Reference: https://www.virustotal.com/gui/ip-address/188.227.57.93/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.119.130/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.72.238/relations

google-analuting.com
google-conversion.com
google-gateway.com
google-note.com
google-squery.com
paypal-moneypay.com

# Reference: https://twitter.com/AffableKraut/status/1355263804872024072
# Reference: https://twitter.com/AffableKraut/status/1355263805899595783

aws-amazon.site
extrn.ru
freshdesk.space
google-analytics.su
kckaa.com 
newoldtime.site
newoldtime.space
riskified.site
shipstation.space
signifyd.site
strat-o-matic.org
tolinkjpattr.com
tywyvern.com

# Reference: https://twitter.com/unmaskparasites/status/1356378296292806657
# Reference: https://twitter.com/AffableKraut/status/1356412371334529024

advertising-cdn.com
africa-best-dating.com
google-adwert.com
google-adwersting.com
new-adversting.com

# Reference: https://twitter.com/jeromesegura/status/1356654794098626560
# Reference: https://twitter.com/MBThreatIntel/status/1357028912677613568
# Reference: https://www.virustotal.com/gui/ip-address/144.202.119.63/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.77.125.110/relations
# Reference: https://blog.malwarebytes.com/cybercrime/2021/02/credit-card-skimmer-piggybacks-on-magento-1-hacking-spree/

auxbeam-img.cloud
cdnmaeva.top
costway.top
crazyvaps.info
hdanalyse.com
hdenvironement.com
hdpopulation.com
motoxpricambi.top
securityxx.top
/costway.js
/mcostway.js

# Reference: https://twitter.com/virelli/status/1359465087204024325

beyondhealth.com/media/js/a1def6c62256906029767cb784323ab3.js

# Reference: https://twitter.com/kyleehmke/status/1360189186578513920
# Reference: https://www.virustotal.com/gui/ip-address/45.155.37.122/relations

gtmtagmanager.com

# Reference: https://twitter.com/AffableKraut/status/1360319951182180355

adfast.tech
getquantum.space
heatmap-customer-tracking.com
intellibs.net
ipmarketing.biz
jquery-library-code.ru
jsdeliddvr.net
media-rotator.net
mktracking.com
popstat.net
push.report
rotationmessage.net
salesbeeapi.com
statgecko.com
statisticsfree.com
weathermap.biz

# Reference: https://twitter.com/AffableKraut/status/1360343813454245893
# Reference: https://sansec.io/research/google-apps-script
# Reference: https://www.virustotal.com/gui/ip-address/91.194.11.205/relations

analit.tech
hotjar.host
pixelm.tech

# Reference: https://twitter.com/500mk500/status/1361061870061424653
# Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.200.85.137/relations

blondescript.info
blondescript.net
blondescript.org
coollandpage.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.203.198.177/relations
# Reference: https://urlscan.io/result/533860b5-b101-483a-8716-d8bd19c57679/

clickandunder.com
gdprmysites.co
javaskript.pw
json-jquery.icu
statistikajsscrypt.com

# Reference: https://twitter.com/benkow_/status/1222457832810991616
# Reference: https://www.virustotal.com/gui/domain/bamblbee.store/relations

bamblbee.store

# Reference: https://twitter.com/AffableKraut/status/1363366240039952387

google-tag.com

# Reference: https://urlscan.io/result/256f6bae-84f0-488e-9e15-47ae15760cc6/
# Reference: https://www.virustotal.com/gui/ip-address/45.145.64.143/relations

fbanalytic.org

# Reference: https://twitter.com/unmaskparasites/status/1364675090256785411

elume.org

# Reference: https://twitter.com/unmaskparasites/status/1364652993971245060
# Reference: https://www.virustotal.com/gui/ip-address/45.142.213.172/relations

googlecdn-api.com
jquery-in.com
jquery-ini.com
mastercvv.in
sert-googlefonts.com

# Reference: https://www.virustotal.com/gui/ip-address/34.65.43.209/relations

evolutagain.ru
huntes.ru
manualseos.ru
seocmson.ru

# Reference: https://gist.github.com/krautface/b97dfcb3e07d74ebc2eab7f1051923d2

bulder.online

# Reference: https://twitter.com/sansecio/status/1367404202461450244
# Reference: https://twitter.com/unmaskparasites/status/1370579966069383168
# Reference: https://urlscan.io/result/293c311f-900b-4662-9b5d-c1d0b11cead7/
# Reference: https://www.virustotal.com/gui/ip-address/195.123.217.18/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.246.34/relations

facedook.host
predator.host
pathc.space
redorn.space
zeborn.pw

# Reference: https://urlscan.io/result/6dea6218-8a34-4f48-931e-93fa1677faf6/

googletagmanaaer.com

# Reference: https://www.virustotal.com/gui/ip-address/5.34.179.116/relations

google-jquery.eu

# Reference: https://twitter.com/TeamDreier/status/1368955262900592640
# Reference: https://www.virustotal.com/gui/ip-address/185.238.171.228/relations
# Reference: https://www.virustotal.com/gui/ip-address/35.228.62.27/relations

cloubfiare.net
googiemanager.com
googlemanagerads.com
googlemgr.net
gooqleads.net
gooqlescript.com
qodaddy.net

# Reference: https://twitter.com/TeamDreier/status/1369617099023388672

google-codes.com
google-thumbs.com
google-worlds.com
paypal-merchant.com
paypal-merchants.com

# Reference: https://twitter.com/jfslowik/status/1369745187480559617

analytics-cdn.net
analytics-ssl.net

# Reference: https://twitter.com/unmaskparasites/status/1370151988285992960
# Reference: https://twitter.com/rootprivilege/status/1370394651509678080

content-analytics-server.com
pagemonitor-server.com
templatesurvey.com

# Reference: https://www.group-ib.com/blog/e1rb

cdn-gstat.com
cdn-host.org
google-analitics.org
jquery-live.com
jquery-on.com
telrshop.com

# Reference: https://twitter.com/MBThreatIntel/status/1371877118909378568

adextech.com/tr/echo/advisor.min.js

# Reference: https://twitter.com/rcwht_/status/1374016465444220932
# Reference: https://www.virustotal.com/gui/ip-address/8.209.70.103/relations

ssl-authorization.com

# Reference: https://twitter.com/unmaskparasites/status/1374806612611723264

wedelf.com/wip/reverse.min.js

# Reference: https://twitter.com/unmaskparasites/status/1374812123562319872
# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.143/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.87.144.10/relations

agilityscripts.com
amazonawscdn.com
cdnforplugins.com
devlibscdn.com
mirasvit.net
secure4d.net
seoagregator.com
speedtransaction.com
spotforassets.com
v2-zopim.com
webadstracker.com

# Reference: https://twitter.com/MBThreatIntel/status/1375516616243474438

un5.ffox.site

# Reference: https://twitter.com/TeamDreier/status/1375149879664709638
# Reference: https://www.virustotal.com/gui/ip-address/35.228.228.1/relations

bing-visitors.com
googieads.com
googieupdate.com
google-site-verification.net
googleadservlces.com
googlegtm.com
jquerylast.com
yahoo-tracker.com

# Reference: https://twitter.com/MBThreatIntel/status/1376662429229142022
# Reference: https://www.virustotal.com/gui/ip-address/194.61.25.77/relations

jqueri-web.at
jqueridev.at
jqueriweb.at

# Reference: https://twitter.com/unmaskparasites/status/1377383696009895939

brewtees.com/jquery/

# Reference: https://twitter.com/unmaskparasites/status/1378065215565168641
# Reference: https://twitter.com/unmaskparasites/status/1378065738422874114
# Reference: https://www.virustotal.com/gui/ip-address/198.27.64.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.91.78.128/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.69.32/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.96.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.211.41.122/relations

googletagmanagers.com
googletagsmanagers.com
fonts-analytics.com
fontsgstatic.com
googlefonts-api.com
googlefonts-dns.com
jquery-dns.com
jquery-ssl.com
page2adgooglesyndication.com
stackpathbootstrapcdn.com

# Reference: https://urlscan.io/result/e76a66c0-403e-4099-a673-ecb322b99f7e/
# Reference: https://urlscan.io/result/14b99a92-2ec2-4327-a0f1-a0249e4513be/
# Reference: https://www.virustotal.com/gui/ip-address/203.91.116.53/relations

cdnjsapis.com
jquery-analytics.com

# Reference: https://urlscan.io/result/a38d860f-b1a2-432c-a8ff-a4132c0f8293/

jquery-google.com

# Reference: https://twitter.com/rootprivilege/status/1379096986897408001
# Reference: https://lukeleal.com/research/posts/magento2-payprocess-obj_31337-skimmer/

payprocess.org
processpayment.cc

# Reference: https://www.virustotal.com/gui/ip-address/8.208.78.46/relations

cdn-alipearlhair.com
livechatlnc.com
paypalobjacts.com
tagmanaqer.com

# Reference: https://twitter.com/AffableKraut/status/1380022960627593216
# Reference: https://twitter.com/AffableKraut/status/1380022963160895490
# Reference: https://twitter.com/AffableKraut/status/1380022987626328065
# Reference: https://www.virustotal.com/gui/ip-address/176.9.51.172/relations

aramorganstake.com
cdnnetworking.com
cdnnetwrk.com
csscdnnett.com
fivemofreegate.com
fonts.services
gegelanallitics.com
google-analytics.org
googleanalyse.website
googlecashstat.com
healcodes.com
huggy.tech
joopsjeemz.com
liquidibi.com
manutdfuns.com
remincss.com
sellait.com
sixmofreegate.com
snowdronedge.com

# Reference: https://www.virustotal.com/gui/ip-address/144.76.57.177/relations

aldyen.com
braitnreegateway.com
cobrosya.net
cullqi.com
cyberesources.com
e-posnets.com
epayou.net
eurocommerces.net
filows.com
khipus.net
mercadopagos.net
mindbodyonlines.com
oppwwa.com
paypluge.com
paypulatam.com
redysys.net
sinetesis.com
stripies.com
transbanks.net
vivapayments.net
vnmnet.net
xpaymentes.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.78.196/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.92.202/relations

amazon-sert.com
fontsgoogles.com
googlefonts-map.com

# Reference: https://www.virustotal.com/gui/ip-address/192.187.120.45/detection
# Reference: https://www.virustotal.com/gui/ip-address/35.197.229.31/relations
# Reference: https://urlscan.io/result/14d969b1-dc3e-4803-8b8a-9a3356f44a79/

googl-mail.com
googl-service.com

# Reference: https://www.virustotal.com/gui/ip-address/98.129.19.208/relations

script-manager.com
scriptmgr.com

# Reference: https://www.virustotal.com/gui/ip-address/96.126.108.31/relations

scriptdispense.com

# Reference: https://twitter.com/TeamDreier/status/1383696994380648448
# Reference: https://www.virustotal.com/gui/ip-address/95.217.250.26/relations

googlemanagerapi.com

# Reference: https://www.virustotal.com/gui/ip-address/149.28.245.206/relations

api-hotjar.com

# Reference: https://twitter.com/AffableKraut/status/1383964524110245888

analistnet.site
analiticnet.site
analiticsnet.site
analiticweb.site
analylicweb.site
analystclick.site
analysttraffic.site
analystview.site
analystweb.site
analyticlick.site
analyticmanager.site
analyticview.site
clickanalyst.site
clickanalytic.site
foundanalyst.site
foundanalytic.site
managertraffic.site
netanalist.site
netanalitic.site
netanalitics.site
nettraffic.site
siteanalist.site
siteanalitic.site
siteanalitics.site
siteanalyst.site
siteanalytic.site
sitetraffic.site
trafficanalyst.site
trafficanalytics.site
trafficcloud.site
trafficweb.site
unpkgtraffic.site
viewanalyst.site
viewanalytic.site
webanalitic.site
webanalitics.site
webanalylic.site
webanalyst.site

# Reference: https://twitter.com/TeamDreier/status/1384089703599595526
# Reference: https://www.virustotal.com/gui/ip-address/34.125.75.72/relations

ajaxtracker.com
analytics-gtm.com
cdn-cgi.net
doubiecliick.net
jquery-ui.net

# Reference: https://twitter.com/rootprivilege/status/1384357710603292676

cdn-frontend.com

# Reference: https://www.virustotal.com/gui/ip-address/103.232.215.140/relations

jcsscpt.com
jcsscpt.net
sscyulept.com

# Reference: https://www.virustotal.com/gui/ip-address/104.219.248.46/relations

legacy-scripts.com

# Reference: https://twitter.com/AffableKraut/status/1384553513842352130

conf-localhost.com
facebooknetworks.com
secure-conf.com

# Reference: https://twitter.com/AffableKraut/status/1384546205921943552
# Reference: https://urlscan.io/search/#filename:%22google.analytics.b.js%22

/google.analytics.b.js

# Reference: https://twitter.com/TeamDreier/status/1384818143156129792

coupon-popup.net
dns-servers-update.net

# Reference: https://www.virustotal.com/gui/ip-address/8.208.86.98/detection
# Reference: https://urlscan.io/result/420f0ac5-d7b4-4417-9985-ce325c4feeb4/

ssl-center.com

# Reference: https://www.virustotal.com/gui/ip-address/135.181.34.206/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.148.120.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.93/relations
# Reference: https://www.virustotal.com/gui/ip-address/61.164.109.218/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.205.167.220/relations
# Reference: https://www.virustotal.com/gui/ip-address/44.227.238.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.124.42.69/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.248.102.2/relations

js-cdn.club
js-cdn.host
js-cdn.info
js-cdn.net
js-cdn.online
js-cdn.org
js-cdn.pw
js-cdn.ru
js-cdn.site
js-cdn.top
js-cdn.xyz

# Reference: https://www.virustotal.com/gui/ip-address/45.33.20.246/relations

1001-font.com
alexa-tracking.com
ali-clicks.com
analytics-website-services.com
analytix.host
cdn-hosted.com
cdn-js-query.com
code-scripts.com
count-stats.com
data-analytics.club
dr-cdn.com
glatrac.com
goolgeapis.com
jquery-custom-plugin.com
js-cdn.com
jscriptlibrary.org
kissmetrics-analytics.com
quikianalytics.site
securemy-js.com
staticjs-webui-library.com
tagblock-analytics.com
toolscript-js.com
tracfb.com
track-link.site
trackr.website
vnlyse.com
yanalyics.com

# Reference: https://www.virustotal.com/gui/ip-address/96.126.117.191/relations

cdn-aws.com
clicktracking321.com
google-analytics-premium.com
fonts-community.com
fonts-directory.com
leadcap-js.com

# Reference: https://www.virustotal.com/gui/ip-address/106.187.48.151/relations
# Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations
# Reference: https://www.virustotal.com/gui/ip-address/162.243.186.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.12.12.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.220.168.154/relations

jquery-cdn.info
jquery-cdn.me
jquery-cdn.net
jquery-cdn.org
jquery-cdn.pw
jquery-cdn.ru
jquery-cdn.tk

# Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations

jquerys.ga
jquerys.ml
jquerys.tk

# Reference: https://www.virustotal.com/gui/ip-address/104.28.1.107/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.128.115/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.208.80.82/relations
# Reference: https://www.virustotal.com/gui/ip-address/198.54.116.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/63.141.229.19/relations
# Reference: https://www.virustotal.com/gui/ip-address/93.174.93.164/relations

jquerys.info
jquerys.net
jquerys.org
jquerys.ru
jquerys.site
jquerys.xyz

# Reference: https://www.virustotal.com/gui/ip-address/141.8.226.58/relations

ddcdn.pw

# Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations

ml-js.com
peretrax-js.com

# Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations

cloud-js.link
js-cloud.xyz
scripteleven.ru

# Reference: https://www.virustotal.com/gui/ip-address/202.222.31.77/detection

js-cloud.net

# Reference: https://www.virustotal.com/gui/ip-address/185.91.175.226/relations

bootstrap-cdn.com

# Reference: https://www.virustotal.com/gui/domain/cdn-magento.com/detection

cdn-magento.com

# Reference: https://www.virustotal.com/gui/ip-address/167.99.163.243/relations

ssl-google.com

# Reference: https://www.virustotal.com/gui/ip-address/34.102.136.180/relations

googlefi.info
ssl-facebook.com
tatteredscript.com

# Reference: https://www.virustotal.com/gui/ip-address/50.63.51.92/relations

ssl-cloud.com

# Reference: https://www.virustotal.com/gui/ip-address/185.141.25.37/relations

ssl-analytics.com

# Reference: https://www.virustotal.com/gui/ip-address/192.64.119.207/detection

ssl-aws.com

# Reference: https://www.virustotal.com/gui/ip-address/37.120.206.98/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.245.255.10/relations

fontawesome.dev
g-metrics.me
jquerys.me
ooolll.me

# Reference: https://www.virustotal.com/gui/ip-address/64.70.19.203/relations

jquerys.ws

# Reference: https://www.virustotal.com/gui/ip-address/95.216.161.60/detection

ssl-cloud.me

# Reference: https://twitter.com/josh_larsen/status/1388892152680288262

evilcdn.com

# Reference: https://twitter.com/virusbtn/status/1387795316682940421
# Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html
# Reference: https://documents.trendmicro.com/assets/Appendix_Water-Pamola-Attacked-Online-Shops-Via-Malicious-Orders.pdf

77i.co
auth1html.site
basic-authentication.live
cloudlstorage.com
googleoapis.com
xf6.site

# Reference: https://twitter.com/unmaskparasites/status/1390027415615795200

renokonnect.com/stats/js/jcrop/jcrop.min.js

# Reference: https://www.circleid.com/posts/20210506-deep-dive-into-known-magecart-iocs-connected-internet-properties/

fastmycdn.com
statistik.site
webinformer.biz
zigzapframe.biz

# Reference: https://www.virustotal.com/gui/ip-address/34.95.57.185/detection
# Reference: https://www.virustotal.com/gui/ip-address/35.203.186.155/relations

purechal.com

# Reference: https://twitter.com/MBThreatIntel/status/1392887777902030853

houseofdesigners.in/scure.php

# Reference: https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/

kermo.pw
thesun.pw
zolo.pw
/m1_2021_force

# Reference: https://twitter.com/unmaskparasites/status/1394762869233786880

bingfindapi.com
bulder.online
foundstyle.online
fountm.online
gstatcs.com
jqwereid.online
webfaset.com

# Reference: https://twitter.com/sansecio/status/1395765199169261570

sanseclabs.com

# Reference: https://twitter.com/sansecio/status/1395770562769788929

pay.mollie.nl/checkout/v3/css/global.css

# Reference: https://twitter.com/unmaskparasites/status/1397030574749982722

celolum.com

# Reference: https://www.riskiq.com/blog/external-threat-management/mobile-inter/
# Reference: https://otx.alienvault.com/pulse/60afd2d5ce95a296d0f9323e

google-analyticss.com
google-downloader.com
google-pick.com
google-sens.com
google-turn.com
gooqle.ru.oitx.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1398037002923110400

gstaticsfonts.com

# Reference: https://twitter.com/AffableKraut/status/1398056214492291074

fonts-gstatics.com
googles-analytic.com

# Reference: https://twitter.com/AffableKraut/status/1398148316886491143

analistnetwork.site
analistnetwork.space
analitic-site.site
analitic-site.space
analiticsblock.site
analiticsblock.space
analiticsite.site
analiticsite.space
analiticssite.site
analiticssite.space
blockanalist.site
blockanalist.space
nettinganalist.site
nettinganalist.space
networkanalist.site
networkanalist.space
site-analitic.site
site-analitic.space
site-analitics.site
site-analitics.space
siteanalitic.site
siteanalitic.space
siteanalitics.site
siteanalitics.space

# Reference: https://www.virustotal.com/gui/ip-address/47.91.77.83/relations

google-opinion.com

# Reference: https://twitter.com/AffableKraut/status/1399786791931101192

googie-analytics.online
googie-analitycs.site
googie-analytics.website
googletagsmanager.website

# Reference: https://twitter.com/TracerSpiff/status/1399840920057659404

googie.host

# Reference: https://twitter.com/rootprivilege/status/1400850998063632389
# Reference: https://lukeleal.com/research/posts/analiticsweb-skimmer/

analiticsweb.site

# Reference: https://www.virustotal.com/gui/ip-address/47.74.9.12/relations

skin-jquery.com

# Reference: https://twitter.com/rootprivilege/status/1404595455065870336
# Reference: https://lukeleal.com/research/posts/hotjar-dot-info-skimmer/

hotjar.info

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations

javasrtscript.com

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.96/relations

cloudappcdn.com

# Reference: https://twitter.com/unmaskparasites/status/1407433077048057856

addjs.co
addsc.co
jss.lt
jsz.lt
ujl.me
ujq.me
vdf.me
vdf.xyz

# Reference: https://www.virustotal.com/gui/ip-address/64.190.62.111/relations

magento.host

# Reference: https://twitter.com/AffableKraut/status/1408512205289660429

cdn-doubleclick.net
chimpstatic-cdn.com
cloudflare-cdnjs.com
cloudflare-ssl.com
fontgoogleapis.com
static-doubleclick.com
static-zdassets.com
tatic-hotjar.com
widget-freshworks.com

# Reference: https://twitter.com/unmaskparasites/status/1408561524235374602

renokonnect.com/stats/js/jcrop/jcrop.min.js
sgtrek.com/jquery/jQuery.viewer.js

# Reference: https://blog.malwarebytes.com/cybercrime/2021/06/lil-skimmer-the-magecart-impersonator/
# Reference: https://www.virustotal.com/gui/ip-address/87.236.16.107/relations

cdnattn.site
cloudfiare.site
facebookmanagers.pw
googletagmanager.space
googie.website
googleapis.website
jquery.fun
tidio.fun
bebedepotplus.site
bebedepotplus.website
dirsalonfurniture.site
dogdug.website
gorillawhips.site
perfecttux.site
perfecttux.website
postguard.website

# Reference: https://twitter.com/rootprivilege/status/1409575929165193226
# Reference: https://www.virustotal.com/gui/ip-address/89.108.116.218/relations

toolser.pw

# Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations

googleapis.site

# Reference: https://www.virustotal.com/gui/ip-address/163.172.117.25/relations

googleapis.me
googlfonts.com

# Reference: https://www.virustotal.com/gui/ip-address/194.58.123.10/relations

googleapis.tk

# Reference: https://www.virustotal.com/gui/ip-address/31.187.64.40/relations

analytics-scripts.ml
font4u.ga
googleapis.ml

# Reference: https://www.virustotal.com/gui/ip-address/104.27.185.122/detection

googleapis.ga

# Reference: https://www.virustotal.com/gui/ip-address/193.37.212.63/relations

googleapis.gq

# Reference: https://www.virustotal.com/gui/ip-address/209.126.103.139/relations

sites-analytic.com

# Reference: https://www.virustotal.com/gui/ip-address/195.123.222.43/relations

hot-jar.com
hotjar-analytics.com

# Reference: https://twitter.com/AffableKraut/status/1411229363685806082
# Reference: https://www.virustotal.com/gui/ip-address/8.209.68.13/relations

apayments.top
stripe-auth-api.com

# Reference: https://twitter.com/felixaime/status/1349261822591954946
# Reference: https://twitter.com/500mk500/status/1411680465086525440
# Reference: https://www.virustotal.com/gui/ip-address/147.135.1.203/relations

cdngateways.com
cdncontentdelivery.com
query.network
jqueny.com
securecontentssl.com
site-counter.com

# Generic

/assets/lfg.js
/cdn/ga.php?analytic=
/js/ga.php?analytic=
/p/ga.php?analytic=
/ga.php?analytic=
/5d1cbc8c073d4.js
/5d4cdc4cdf344.js
/5e7fa6489b31a.js
/dsc-statistic.js
/subscriptioninsider.com.js
/adsbygoogle/
/adsbygoogle/ads.js
/baypressservices/
/baypressservices/baypr.js
/check_cvv2_number_script.js
/code/zipboss.dev.js
/gtm-connect/wp-share.min.js
/images/js/googleapi.js
/javascript/checkcheckout.js
/js/a1def6c62256906029767cb784323ab3.js
/js/afterpay/checkout/idev_onestep.js
/js/check_analystic.js
/js/customize-gtag.min.js
/js/extjs/fix-defer-after.js
/js/footer-link.js
/js/mage/cookies.js
/js/mage/google.js
/js/scriptaculous/print.js
/js/dsc-statistic.js
/js/varien/js.js.pagespeed.jm.aFn_GvyNS2.js
/mainer/myscr109881.js
/my/vmart.js
/103754_tag.js
/a1def6c62256906029767cb784323ab3.js
/markberg.dk.js
/qcore.js
/plugins/republicadealberdi.js
/republicadealberdi.js
/rimzoneonline/code.js
/silver/acor.js
/static/gstatic-hander.js
/googletag-manager?connect=
/gstatic-hander.js
/zipboss.dev.js
/sello-ecommerce.js
