# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: magecart

# Reference: https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/

magentocore.net

# Reference: https://www.riskiq.com/blog/labs/magecart-keylogger-injection/

abuse-js.link
angular.club
cdn-js.link
docstart.su
govfree.pw
jquery-cdn.top
js-abuse.link
js-abuse.su
js-cdn.link
js-link.su
js-magic.link
js-mod.su
js-save.link
js-save.su
js-start.su
js-stat.su
js-sucuri.link
js-syst.su
js-top.link
js-top.su
jscript-cdn.com
lolfree.pw
mage-cdn.link
mage-js.link
mage-js.su
magento-cdn.top
mageonline.net
mipss.su
mod-js.su
mod-sj.link
sj-mod.link
sj-syst.link
stat-sj.link
statdd.su
statsdot.eu
stecker.su
stek-js.link
syst-sj.link
top-sj.link
truefree.pw

# Reference: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/

http://89.47.162.248
baways.com

# Reference: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/

http://85.93.5.188
http://94.156.133.211
webfotce.me

# Reference: https://twitter.com/bad_packets/status/1043809501516726272

gamacdn.com

# Reference: https://twitter.com/hashtag/magecart?src=hash
# Reference: https://twitter.com/AmiV2/status/1042988934576271360

neweggstats.com

# Reference: https://otx.alienvault.com/pulse/5c9287b3b67a75234fc56b6b

cdnassels.com
cdnmage.com
cmytuok.top
configsysrc.info
js-cloud.com
magejavascripts.com
magesecuritys.com
magescripts.pw
mcloudjs.com
mypiltow.com
secure.livechatinc.org

# Reference: https://twitter.com/jeromesegura/status/1121134552158621696
# Reference: https://twitter.com/bad_packets/status/1121147936203624448
# Reference: https://otx.alienvault.com/pulse/5cd3ef4f22e204745f6672c3

magento-analytics.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada/

cloudmetric-analytics.com
g-analytics.com
ebitbr.com

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/

googletagmanager.eu

# Reference: https://twitter.com/jeromesegura/status/1128387989111853056

jqueryextd.at

# Reference: https://twitter.com/bad_packets/status/1128517905765683201

fontsawesome.gq

# Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/
# Reference: https://otx.alienvault.com/pulse/5ce56f2bc5bbee0a58f7073c

thatispersonal.com
top5value.com
voodoo4tactical.com

# Reference: https://twitter.com/jeromesegura/status/1133160126561394688
# Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/

modest4ever.com

# Reference: https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html
# Reference: https://www.virustotal.com/gui/ip-address/178.33.231.184/relations

http://178.33.231.184
adorebeauty.org
all-about-sneakers.org
battery-force.org
blackriverimaging.org
braincdn.org
childsplayclothing.org
citywlnery.org
closetlondon.org
dahlie.org
davidsfootwear.org
dobell.su
elpalaciodehierro.org
etradesupply.org
exrpesso.org
foodandcot.com
freshdepor.com
greatfurnituretradingco.org
hqassets.com
jewsondirect.com
kik-vape.org
labbe.biz
lamoodbighats.net
mage-checkout.org
misshaus.org
nililotan.org
oakandfort.org
ottocap.org
pmtonline.su
replacemyremote.org
safeprocessor.com
sagecdn.org
scriptdesire.com
security-payment.su
shop-rnib.org
slickjs.org
swappastore.com
verywellfitnesse.com
walletgear.org

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/06/magecart-skimmers-found-on-amazon-cloudfront-cdn/

cdn-imgcloud.com
font-assets.com
js-cloudhost.com
wix-cloud.com
ww1-filecloud.com

# Reference: https://twitter.com/rommeljoven17/status/1144786273741107200
# Reference: https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html
# Reference: https://otx.alienvault.com/pulse/5d1a08ac3f9760423c70c999

tracker-visitors.com
jquery-web.com
jquery-stats.com
jsreload.pw
routingzen.com

# Reference: https://twitter.com/eComscan/status/1147077036692922368

http://89.32.251.136

# Reference: https://www.zscaler.com/blogs/research/magecart-activity-and-campaign-enhancements
# Reference: https://www.virustotal.com/gui/ip-address/62.233.50.75/relations
# Reference: https://www.virustotal.com/gui/domain/dnsden.biz/relations
# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/

http://93.187.129.249/gate.php
developer-js.info
dnsden.biz
jquery-bin.com
jquery-bins.com
jsreload.pw
jqueryextd.at
routingzen.com
saterday-race.com
scriptvault.org
/errors/default/gate.php

# Reference: https://twitter.com/killamjr/status/1151142181643702277

ccprocess.review

# Reference: https://twitter.com/eComscan/status/1152153363892637696

magesource.su

# Reference: https://twitter.com/AffableKraut/status/1154641710653300737

googlepíng.com
xn--googlepng-m5a.com

# Reference: https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html
# Reference: https://twitter.com/daphiel/status/1156314169492279299

invoiceservice.info
lnfo.cc
google-analytîcs.com
xn--google-analytcs-xpb.com
google.ssl.lnfo.cc

# Reference: https://twitter.com/killamjr/status/1154393722777460737

googlc-analytics.cm

# Reference: https://twitter.com/jeromesegura/status/1158473869029601280

mageento.com
onlineclouds.cloud

# Reference: https://twitter.com/rommeljoven17/status/1158657062403883008

api-googles.com
facebookfollow.com
gstatlcs.com
qpstasis.com

# Reference: https://twitter.com/rommeljoven17/status/1169124706567544832

jquerycodemagento.com

# Reference: https://twitter.com/killamjr/status/1171399767240273920

trafficanalyzer.biz

# Reference: https://twitter.com/MBThreatIntel/status/1171817639728934912

magentoconnectors.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/
# Reference: https://otx.alienvault.com/pulse/5d821c4c16cca4b63f931226

googletrackmanager.com

# Reference: https://twitter.com/shotgunner101/status/1174759248703741952

bluemarineholding.com/wp-includes/locales.php

# Reference: https://www.riskiq.com/blog/labs/magecart-reused-domains/
# Reference: https://otx.alienvault.com/pulse/5d836d20a4a3d90861e796e2

cdnanalytics.net
cdnapis.com
contextjs.info
magelib.com
magento-order.com
nexcesscdh.net
ossmaxcdn.com

# Reference: https://twitter.com/shotgunner101/status/1175181663464230913

google-analyitics.org

# Reference: https://www.ibm.com/downloads/cas/O3W1LZAZ

cnzz.space
cnzz.work
jsboxcontents.com
ms-akadns.com
sdsyxwx.com
survey-microsoft.net
/runforestrun?sid=botnet

# Reference: https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/
# Reference: https://otx.alienvault.com/pulse/5d9cf3671d2973bf30d2753f

cdn-volusion.com
volusion-cdn.com

# Reference: https://twitter.com/killamjr/status/1182045635593289728

clouding.live
piratefashions.com

# Reference: https://twitter.com/killamjr/status/1182050912224849920

jsblom.com

# Reference: https://twitter.com/xiatianguo/status/1183405035192872961
# Reference: https://twitter.com/FullM3talPacket/status/1182404667755520000
# Reference: https://pastebin.com/kqMV9vCX

bks0.com
cssjs.co
jscss.co
jspri.co
pen4.co
j2.is

# Reference: https://twitter.com/MBThreatIntel/status/1184531791102857216

assetstorage.net
fileskeeper.org

# Reference: https://twitter.com/killamjr/status/1185376383180136448

mgstrs.com

# Reference: https://www.group-ib.com/blog/coffemokko

3lift.org
abtasty.net
adaptivecss.org
adorebeauty.org
all-about-sneakers.org
ar500arnor.com
authorizecdn.com
bannerbuzz.info
battery-force.org
batterynart.com
blackriverimaging.org
braincdn.org
btosports.net
chicksaddlery.net
childsplayclothing.org
christohperward.org
citywlnery.org
closetlondon.org
coffemokko.com
coffetea.org
dahlie.org
davidsfootwear.org
dobell.su
elegrina.com
energycoffe.org
energytea.org
etradesupply.org
exrpesso.org
foodandcot.com
freshchat.info
freshdepor.com
greatfurnituretradingco.org
info-js.link
jewsondirect.com
kandypens.net
kik-vape.org
labbe.biz
lamoodbighats.net
link-js.link
londontea.net
mage-checkout.org
majsurplus.com
map-js.link
mechat.info
misshaus.org
mylrendyphone.com
nililotan.org
oakandfort.org
ottocap.org
parks.su
paypaypay.org
pmtonline.su
replacemyremote.org
sagecdn.org
security-payment.su
shop-rnib.org
slickjs.org
slickmin.com
smart-js.link
swappastore.com
teacoffe.net
top5value.com
track-js.link
ukcoffe.com
verywellfitnesse.com
walletgear.org
zapaljs.com
zoplm.com

# Reference: https://www.group-ib.com/blog/illum

illum.pw
nstatistics.com
payment-line.tk
paymentpal.cf
payrightnow.cf
requestnet.tk
cdn.illum.pw
sr.illum.pw
records.nstatistics.com
request.payrightnow.cf
request.requestnet.tk

# Reference: https://www.group-ib.com/blog/g-analytics
# Reference: https://threatpost.com/card-skimming-google-analytics-angular/142264/

analytic.is
analytic.to
dittm.org
g-analytics.com
googlc-analytics.cm
google-analytics.cm
google-analytics.is
google-analytics.to
gooqletagmanager.com
iozoz.com
jquery-js.com

# Reference: https://www.group-ib.com/blog/reactget

adsapigate.com
adsgetapi.com
ajaxstatic.com
aldenmlilhouse.com
apitstatus.com
asianfoodgracer.com
balletbeautlful.com
bargalnjunkie.com
billgetstatus.com
cloudodesc.com
fbstatspartner.com
geisseie.com
gtmproc.com
hs-payments.com
livecheckpay.com
livegetpay.com
mageanalytics.com
maxstatics.com
mediapack.info
mxcounter.com
newrelicnet.com
nr-public.com
ordercheckpays.com
orderracker.com
payselector.com
reactjsapi.com
simcounter.com
sydneysalonsupplies.com
tagsmediaget.com
tagstracking.com
trust-tracker.com

# Reference: https://twitter.com/AffableKraut/status/1185070871691616256

fb-seo.net

# Reference: https://twitter.com/unmaskparasites/status/1185171035693441024

magento-community.org

# Reference: https://twitter.com/unmaskparasites/status/1185172904276836352

fb-content.dev

# Reference: https://twitter.com/unmaskparasites/status/1185256035633811463

magento-security.dev

# Reference: https://twitter.com/eComscan/status/1185170381331714048

fb-pixel.com
magento-protection.com

# Reference: https://twitter.com/killamjr/status/1182335468425416705
# Reference: https://twitter.com/xuy1202/status/1192005820491239424
 
xciy.net
/content/Compare/website.js

# Reference: https://twitter.com/killamjr/status/1182095269418024960

google-taq.com

# Reference: https://twitter.com/AffableKraut/status/1172052860378521600

magicsaphe.com
questappo.com
rqstpp.com
yongffice.com

# Reference: https://twitter.com/Totocellux/status/1165223332633022468
# Reference: https://blog.malwarebytes.com/threat-analysis/2019/08/magecart-criminals-caught-stealing-poker-face/

ajaxclick.com
www-trust.com

# Reference: https://twitter.com/AffableKraut/status/1159677725994622976

mage.biz.ua

# Reference: https://twitter.com/AdAstra247/status/1159111119488860160

scripts-analytics.com

# Reference: https://twitter.com/zombisoft/status/1152333754670755841

installw.com

# Reference: https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/

cdn-c.com

# Reference: https://twitter.com/unmaskparasites/status/1184571273583706112

cdn-clouds.com

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ (# Magecart Group 5 domains)

informaer.biz
informaer.cc
informaer.com
informaer.net
informaer.org
informaer.pw
informaer.ws
informaer.xyz
informaer.info

# Reference: https://twitter.com/gwillem/status/1187667658642206720

hsadspixel.com

# Reference: https://twitter.com/RapidSpike/status/1189882327557648386

/js/mage/adminhtml/product/composite/validate.php

# Reference: https://twitter.com/xuy1202/status/1192006102969282560

jquerycdnlib.at

# Reference: https://www.perimeterx.com/blog/multiple-magecart-groups-attacking-simultaneously/

mogento.info
/src/upscalestripper.js
/src/galeriedebeaute.js
/src/deliveryathome.js

# Reference: https://www.group-ib.com/blog/fakesecurity

alloaypparel.com
firstofbanks.com
fiswedbesign.com
mage-security.org
magento-security.org

# Reference: https://twitter.com/jknsCo/status/1192806947118092289

cdn-shopify.com

# Reference: https://blog.sucuri.net/2019/11/skimmers-for-both-magento-and-wordpress.html

gooqleadvstat.com
gooqlemgrteg.com
jquerystatic.com
zendesk-chart.com

# Reference: https://twitter.com/xuy1202/status/1195361991805681664

cxizi.net
getprices.online
gooogle-js.com
installerr.site
js-mini.com
myexclusivediamond.com

# Reference: https://twitter.com/xuy1202/status/1195290863875706881
# Reference: https://twitter.com/kyleehmke/status/1179727877488730113

cdn-zendesk.com
zendesk-cdn.com

# Reference: https://twitter.com/xuy1202/status/1194897841694507009

recheckcard.info

# Reference: https://twitter.com/xuy1202/status/1194896618245382145

routingzen.com

# Reference: https://twitter.com/xuy1202/status/1194895878181421061

script-analytics.com
/js/mage/google.js

# Reference: https://twitter.com/xuy1202/status/1194894864699121664

woldorf.com

# Reference: https://twitter.com/xuy1202/status/1194893048817143808

statcounter.one

# Reference: https://twitter.com/xuy1202/status/1194593451947356160

yxxi.net
/ipost-con.4.php

# Reference: https://twitter.com/xuy1202/status/1194508362903277568

jquery-script.icu

# Reference: https://blog.netlab.360.com/ongoing-credit-card-data-leak-continues/

adwordstraffic.link
/onestepcheckoutauthorizenet.js
/onestepcheckoutccpayment.js

# Reference: https://twitter.com/xuy1202/status/1196058702391861249

hilosennogada.com

# Reference: https://twitter.com/xuy1202/status/1196404569137242112

securecdn.eu

# Reference: https://twitter.com/unmaskparasites/status/1196934377063800832
# Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/

http://103.139.113.34
/osr-3.0.php

# Reference: https://www.helpnetsecurity.com/2019/11/19/macys-online-store-compromised/
# Reference: https://otx.alienvault.com/pulse/5dd513439df4d4400824b738

barn-x.com

# Reference: https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/
# Reference: https://twitter.com/jeromesegura/status/1197611010992918529
# Reference: https://otx.alienvault.com/pulse/5ddd99064d1dd4420367304b (# Fullz House)

account-restrictions.com
ajaxstatic.com
americanexpress-secure.com
appleld-verification.com
authorizeplus.com
checkout-sagepay.com
com-protect.com
deliveroosurvey.com
google-analytics.top
google-query.com
google-smart.com
googletagmanaqer.com
halifax-verification.com
halifaxverification.com
java-query.info
jquery-assets.com
lightgetjs.com
limited-account-panel.com
limited-restriction.com
limited-restrictions-paypai.com
limited-restrictions.com
limited-user-restrictions.com
limited-user-uk.com
limited-users-login.com
limited-users-restrictions.com
live-sagepay.com
login-limited-user.com
login-user-limited.com
login-user-restricted.com
login-users-limited.com
mastercard-migs.com
mediapack.info
migs-mastercard.com
mythreelogin.com
networkreset.net
online-secure-account.com
onlineaccountverificationwellssfargo.com
pay-u-biz.com
payment-mastercard.com
payment-sagepay.com
payment-worldpay.com
paymentfailurespotifiyj.top
paypai-account-limited.com
paypai-limited-user.com
paypai-limited-users.com
paypai-user-limited.com
paypai-user-restricted.com
paypal-secured.com
paypl-limited-users.com
paypl-users-limited.com
payu-biz.com
perfectmeme.info
perfectmeme.us
ppl-secure-uk.com
ppl-user-limitation.com
priceapigate.com
query-manager.info
rackapijs.com
ref017.com
ref3939-paypai.com
restricted-user-panel.com
roorewards.co.uk
sagepay-live.com
section.ws
secure-alerts-halifax.com
secure-users-paypai.com
security-check-paypai.com
securityaccountupdatewellsfargoo.info
securityadvance.co
securityupdateewellsfargoo.info
topapigate.com
uk-limited-user.com
uk-restricted-user.com
uk-user-limited.com
uk-user-restricted.com
uk-users-limitations.com
updatesecuritywelllsfargo.info
user-limited-login.com
user-limited-restrictions.com
user-login-limited.com
user-restricted-uk.com
user-restriction.com
user-restrictions-paypai.com
user-uk-restricted.com
users-limited-paypai.net
users-limited-uk.com
users-restricted.com
users-restriction.com

# Reference: https://twitter.com/xuy1202/status/1197848155204640768

w00commerce.com

# Reference: https://twitter.com/MBThreatIntel/status/1199010885525626890
# Reference: https://otx.alienvault.com/pulse/5ddc0e4cf94bd70658582ed8

magento-data.com
mage-js.com

# Reference: https://twitter.com/JCyberSec_/status/1199726915856158720

marketplace-magento.com

# Reference: https://twitter.com/JCyberSec_/status/1199701208530739200

g-statistic.com

# Reference: https://twitter.com/JCyberSec_/status/1197470727462641664

web-stats.net

# Reference: https://twitter.com/CTI_Marc/status/1196344211890683904

magestore.online

# Reference: https://twitter.com/AffableKraut/status/1196299424697331713

google-anaiytlcs.com

# Reference: https://twitter.com/AffableKraut/status/1157164442829746176

googletagmanger.com

# Reference: https://twitter.com/jeromesegura/status/1148358099712897024

nogaron.com
write-cdn.com

# Reference: https://twitter.com/rommeljoven17/status/1136555260477001728

anduansury.com
frocklay.com
sainester.com
theresevit.com

# Reference: https://twitter.com/jknsCo/status/1200061735278911488

googlemgrteg.com

# Reference: https://twitter.com/eComscan/status/1200749626988662784

sanguinelab.net
sansec.us

# Reference: https://twitter.com/eComscan/status/1197894033772875776

iubendas.com

# Reference: https://twitter.com/eComscan/status/1197097324264202240

magentohub.de

# Reference: https://twitter.com/GroupIB_GIB/status/1201520226791305216
# Reference: https://www.virustotal.com/gui/domain/phplib.net/relations

phplib.net

# Reference: https://twitter.com/MBThreatIntel/status/1201572698545102856

googlctagmanager.com

# Reference: https://twitter.com/MBThreatIntel/status/1201552839182438406

ancient-savannah-86049.herokuapp.com

# Reference: https://twitter.com/MBThreatIntel/status/1189217083688738816

sharp-planet.eu

# Reference: https://twitter.com/unmaskparasites/status/1201625226704015367

stark-gorge-44782.herokuapp.com

# Reference: https://twitter.com/JCyberSec_/status/1201850052723052549
# Reference: https://twitter.com/JCyberSec_/status/1201850090153005056

gnogle.ru
jquerycdnlib.at

# Reference: https://twitter.com/jeromesegura/status/1202275080526422016

pure-peak-91770.herokuapp.com

# Reference: https://twitter.com/gwillem/status/1202322985065091072

cdcc02.com

# Reference: https://twitter.com/gwillem/status/1202330272164990977

magento-track.com

# Reference: https://blog.malwarebytes.com/web-threats/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku/
# Reference: https://otx.alienvault.com/pulse/5de90822773402f817d5c9ab

aqueous-scrubland-51318.herokuapp.com

# Reference: https://twitter.com/jknsCo/status/1203453915930472448

googletage.com

# Reference: https://twitter.com/unmaskparasites/status/1204080970191777795

localserver.host
/app/code/core/Mage/Checkout/controllers/OnepageController.php

# Reference: https://twitter.com/MBThreatIntel/status/1204093071954046976

webassetsshop.com

# Reference: https://twitter.com/felixaime/status/1203959327612116995

magento-statistics.com

# Reference: https://twitter.com/xuy1202/status/1204778227517935616

jguerycdn.network

# Reference: https://twitter.com/killamjr/status/1204878142248235008

jquerycodemagento.com

# Reference: https://twitter.com/AffableKraut/status/1204997344581881856

magecart.net

# Reference: https://twitter.com/JCyberSec_/status/1206558829456048128

/payment/mage_secure/payment.js
/payment/mage_secure/post.php

# Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations

google-payment.com

# Reference: https://twitter.com/jeromesegura/status/1206713600288555010

cdnbigcommerce.com
google-analycs.com

# Reference: https://twitter.com/unmaskparasites/status/1206699288723697671

cdncontentserver.com
impress-slides.com

# Reference: https://twitter.com/killamjr/status/1207150660782657536

googlead.tech

# Reference: https://twitter.com/xuy1202/status/1207164640431505408

slade-sell-shop.com

# Reference: https://twitter.com/killamjr/status/1209165822939279365

opencartmodules.biz

# Reference: https://twitter.com/AffableKraut/status/1210298773248696320
# Reference: https://www.virustotal.com/gui/ip-address/124.156.35.204/relations

http://124.156.35.204
googieapls.com
google-catalog.com
googletag-manager.com
gstatlcs.com
jquery-js.link
xn--gstatc-7va.com

# Reference: https://twitter.com/killamjr/status/1212058181725114369

blockandcmqany.com
chatshop.online
chatstat.online
clientsupport.space
farmaforma.info
g-statistic.com
googleadservicesonline.com
googleservices.online
janmarlni.com
jqueryservice.info
mageento.com
magento-check.info
magestore.online
megaliveonline.com
onlineclick.xyz
onlineclouds.cloud
onlineclouds.info
onlineshoptracker.info
pythonservice.info
shoplogs.site
shopvalid.info
statisticpay.info
webstatvisit.com
webstatvisits.com
zoopim.online

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/

tawktalk.com

# Reference: https://twitter.com/MBThreatIntel/status/1212889315572760577
# Reference: https://www.virustotal.com/gui/ip-address/5.188.9.61/relations

googlc-analytics.net
googlo-analytics.com

# Reference: https://twitter.com/AffableKraut/status/1212927165454520321

googlc-analytics.com
googlctagmanager.cm

# Reference: https://twitter.com/xuy1202/status/1214051382178660352

newmagento.com

# Reference: https://www.bleepingcomputer.com/news/security/magecart-attackers-steal-card-info-from-focus-camera-shoppers/
# Reference: https://www.virustotal.com/gui/domain/zdsassets.com/details

zdsassets.com

# Reference: https://twitter.com/MBThreatIntel/status/1215693928764063744

vamberlo.com

# Reference: https://www.rapidspike.com/blog/multiple-hacking-groups-attempt-to-skim-credit-cards-from-perricone-md/
# Reference: https://twitter.com/BreachMessenger/status/1057394505266151425
# Reference: https://www.virustotal.com/gui/ip-address/124.156.210.169/relations

a4c.cloud
ajaxstatic.com
apipack.host
authorizeplus.com
autojspack.com
cdndeskpro.com
cdnpack.net
cdnpack.site
dusk.net.in
faceapiget.com
fbpixelget.com
gstaticapi.com
jspack.pro
kegland.top
lightgetjs.com
listrakjs.com
olarkcdn.com
perriconemd.me.uk
priceapigate.com
rackapijs.com
section.ws
sectionget.com
sectionio.com
topapigate.com
worx.top

# Reference: https://twitter.com/JCyberSec_/status/1216676671983624193

js-react.com

# Reference: https://twitter.com/jeromesegura/status/1064924824336654336

bootstrap-js.com

# Reference: https://twitter.com/xuy1202/status/1216951727615668224

apis-analytics.com

# Reference: https://www.rapidspike.com/blog/2019-magecart-timeline/

cleor.co
creditprop.com
googletagstorage.com
imagesengines.com

# Reference: https://twitter.com/Jouliok/status/1217400178170368001

gold.platinumus.top

# Reference: https://twitter.com/unmaskparasites/status/1204080970191777795

localserver.host

# Reference: https://twitter.com/unmaskparasites/status/1217452290577195008
# Reference: https://www.virustotal.com/gui/domain/logistic.tw/relations

logistic.tw

# Reference: https://twitter.com/unmaskparasites/status/1217860398789120003

cilent-tracking.com
cloudservice.tw

# Reference: https://twitter.com/felixaime/status/1218135753110302720

silver-statistics.com

# Reference: https://twitter.com/felixaime/status/1219175480303202307
# Reference: https://twitter.com/matr0cks/status/1220418827751763969

jqueryextplugin.com

# Reference: https://www.riskiq.com/blog/labs/fullz-house/
# Reference: https://www.virustotal.com/gui/ip-address/124.156.34.157/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.245.55.198/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.78.255.222/relations

checkout-sagepay.com
google-analytics.top
google-payment.com
google-query.com
google-smart.com
google-taq.com
jquery-assets.com
live-sagepay.com
mastercard-migs.com
migs-mastercard.com
pay-u-biz.com
payment-mastercard.com
payment-sagepay.com
payment-worldpay.com
payu-biz.com
sagepay-live.com
/ga.js?analytic=

# Reference: https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/

opendoorcdn.com

# Reference: https://twitter.com/jknsCo/status/1221031002564370432

hotjar.us
jquery.us

# Reference: https://twitter.com/AffableKraut/status/1220829096197939202

doubleclick.ws

# Reference: https://www.riskiq.com/blog/labs/magecart-group-12-olympics/
# Reference: https://otx.alienvault.com/pulse/5e3d8f9c9c559a74b0c82a71
# Reference: https://malware.news/t/inside-view-of-brazzzersff-infrastructure/62431

http://45.141.86.31
cdn-content.cc
content-delivery.cc
deliveryjs.cc
givemejs.cc
jquerycdn.su
storefrontcdn.com
toplevelstatic.com

# Reference: https://twitter.com/felixaime/status/1226292060547878913

cdnanalyze.com
cdnapis.org
cdnchecker.org
cdnoptimize.com

# Reference: https://twitter.com/gwillem/status/1227936380380119041
# Reference: https://twitter.com/gwillem/status/1231604432586125313

e4.ms
http.ps

# Reference: https://twitter.com/felixaime/status/1228343232649662464

amirtechet.com
supermanager.space

# Reference: https://twitter.com/felixaime/status/1228342963744444416

googletegmanager.com

# Reference: https://twitter.com/d09r_/status/1228214041878749184

wappallyzer.com

# Reference: https://twitter.com/dubstard/status/1230895567947149314
# Reference: https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf

apienclave.com
apisquere.com
b-metric.com
jquery-cycle.com
ordercheck.online
pridecdn.com
quicdn.com

# Reference: https://raw.githubusercontent.com/gwillem/magento-malware-scanner/master/rules/burner-domains.txt
# Reference: https://www.virustotal.com/gui/ip-address/185.202.103.37/relations

abuse-js.link
account-mage.su
activaguard.com
adsgetapi.com
advocatecdn.com
afterscripts.com
air-frog33.pw
alabamascripts.com
aleinvest.xyz
alemoney.xyz
alfcdn.com
allacarts.com
allyouwant.online
amasty.biz
analiticoscdn.com
anduansury.com
angular.club
animalzz921.pw
api-googles.com
apismanagers.com
apissystem.com
apitstatus.com
assetmage.com
assetsbrain.com
assetsbraln.com
aw-test.com
awscan.eu
awscan.info
awtest.eu
baways.com
bbypass.pw
beforescripts.com
bit.wo.tc
bm24.biz
bm24.info
bm24.org
bootstrapjs.com
braincdn.org
brainpayments.com
braintcdn.com
brainterepayments.com
braintform.com
braintreepaumenls.com
braintreepauments.com
braintreepaymenls.com
bralntree.com
brazersd.top
bridge.industries
brontocdn.com
busnguard.com
byte.wo.tc
ccheckout.com
ccvalidate.com
cdn-ch.org
cdn-cloud.pw
cdn-imgcloud.com
cdn-js-42.com
cdn-js.link
cdnanalytics.net
cdnapis.com
cdnassels.com
cdnbronto.com
cdnbronto.info
cdngoogle.com
cdnmage.com
cdnpayment.com
cdnppay.com
cdnrfv.com
cdnscriptx.com
cdnwhiltelist.com
cellubiue.com
cellublue.info
checkercarts.com
ciscostats.com
citwinery.com
citywiners.com
cl0udfiare.com
cloud-jquery.com
cloud-jquery.net
cloud-jquery.org
cloud-privacy.com
cloud-update.top
cloud-wp.org
cloudfusion.me
cloudmetric-analytics.com
cloudservice.tw
cloudtrusted.org
cmytuok.top
codesmagento.com
configmage.com
configsysrc.com
configsysrc.info
connectbootstrap.com
controlmage.com
crtteo.com
d0ubletraffic.com
directvapar.com
directvaporonline.com
directvaporus.com
directvaprr.com
dmaxjs.com
dnsden.biz
dobellonline.com
docstart.su
doublecllck.com
drberg.online
drberg.store
duserjs.com
ebitbr.com
ebizmart.biz
encoderform.com
encrypterforms.com
encryptforms.com
exrpesso.org
facebookfollow.com
fastlscripts.com
fbcommerse.com
fbprotector.com
fellsogood43.pw
font-assets.com
frameuserstat.com
frashjs.com
friend4cdn.com
g-analytics.com
gamacdn.com
ganalytlcs.com
gitformage.com
gitformlife.com
gitmage.com
googieapls.com
googiecloud.com
googieservlce.com
google-anaiytic.com
google-analytisc.su
googleprotectionshop.com
googletagmanager.eu
googletagnamager.com
googlitagmanager.com
googletrackmanager.com
gooqleadvstat.com
gooqlemgrteg.com
govfree.pw
gstatlcs.com
gtagaffilate.com
icon-base.biz
info-js.link
infopromo.biz
informaer.com
informaer.net
informaer.org
informaer.ws
infostat.pw
inst-js.su
installw.com
internalvaporgroup.com
invisiblename.com
invisiblename.pro
invisiblename.pw
ip.5uu8.com
javascloud.com
javascripts-system.com
jcloudcdn.com
jquery-cdn.top
jquery-cdnlib.com
jquery-cloud.net
jquery-cloud.org
jquery-code.su
jquery-css.su
jquery-js.com
jquery-js.link
jquery-libs.su
jquery-main.su
jquery-min.su
jquery-stats.com
jquery-validation.org
jquery-web.com
jquery.su
jquerycdnlibrary.com
jquerycodemagento.com
jqueryextd.us
jqueryexts.us
jquerystatic.com
jquerystorage.com
js-abuse.link
js-abuse.su
js-cdn.link
js-cloud.com
js-cloudhost.com
js-link.su
js-magic.link
js-mod.su
js-react.com
js-save.link
js-save.su
js-start.su
js-stat.su
js-stats.click
js-stats.xyz
js-storage.click
js-sucuri.link
js-syst.su
js-top.link
js-top.su
jscontroller.stream
jscript-cdn.com
jscripts-cloud.com
jscriptscloud.com
jsdellvr.com
jsecurely.com
jsecuri.com
jsmagento.com
jspoi.com
jsreload.pw
kennedyform.com
kissmetrik.com
link-js.link
link-js.su
listrakb.com
locateooo.com
logisticusa.biz
lolfree.pw
m24js.com
mage-cdn.link
mage-js.link
mage-js.su
mage-storage.pw
magecompas.com
mageconfig.com
magejavascripts.com
magely.info
magemarts.com
magento-analytics.com
magento-cdn.top
magento-connection.com
magento.name
magento.ontools.net
magentocore.net
magentopatchupdate.com
mageonline.net
magescripts.info
magescripts.pw
magesecurely.com
magesecuritys.com
magesources.com
magestops.com
map-js.link
market-stats.com
maskforms.com
maxijs.com
mcloudjs.com
mdelivry.com
mediageting.com
megalith-games.com
minifyscripts.com
minpays.com
mipss.su
mjs24.com
mod-js.su
mod-sj.link
monenate.net
monerate.net
monestate.net
msecurely.com
msn-analytics.com
my-braintree.com
myageverify.com
mycloudtrusted.com
mytokeasn2s.ru
netmg-cdn.com
neweggstats.com
newrellc.com
nodejsapi.net
nodejscript.net
nykoa.in
oh-polly.com
ohpoliy.com
oklahomjs.com
oltratoke.ru
onlineclouds.cloud
onlinereserchstatistics.online
onlineshopsecurity.com
onlinestatus.site
onlinestatus.stream
optimizly.info
order-security.com
orealjs.com
pass-js.click
paymentnow.tk
paymentpal.cf
paymentsystem.info
paypallobjects.com
privacyform.com
privatejs.com
privatixjs.com
qpstasis.com
qsxjs.com
realtrustsafe.com
receiverinformation.com
requestnet.tk
resselerratings.com
rlteaid.com
routingzen.com
s3-us-west.com
safeprivatcy.com
safeyouform.com
sagecdn.org
sainester.com
samescripts.com
samexsame.com
saveyoujs.com
scriptb.com
scriptsform.com
scriptsfyou.com
scriptsjzone.com
securecloudtrusted.com
secureqbrowser.com
securipayment.com
security-mage.com
secury-checkout.com
shelljs.com
shop-analytics.net
simcounter.com
simpiehuman.com
sistem-js.su
siteverification.online
siteverification.site
sj-mod.link
sj-syst.link
slickjs.org
slripe.com
smart-js.link
specjs.com
sportys.store
sslbrainform.com
sslpayform.com
sslvalidator.com
stat-sj.link
statdd.su
statesales.info
statistic-info.me
statsdot.eu
stecker.su
stek-js.link
storemagento.info
storentrust.com
stormnguard.com
strapform.com
sucuri-cloud.com
sucuri-js.com
supporttech281012.tk
syst-sj.link
system-backup.biz
tcsupport241012.tk
termlifelearned.us
thatispersonal.com
theresevit.com
top-sj.link
top5value.com
track-js.link
track-magento.com
tracker-visitors.com
trafficanalyzer.biz
traskedlink.com
truefree.pw
trustd.biz
typejsx.com
typekit.website
typekitcloud.com
typeklt.com
uorineall.info
upgradenstore.com
ups-broker.org
userinfos.com
userinfos.info
userlandform.com
userlandpay.com
uslogisticexpress.com
valdatecode.com
validatenyou.com
validateyourinfo.com
validatorcc.com
vamberlo.com
verifiedjs.com
verpayment.com
verpayments.com
vmaxjs.com
voodoo4tactical.com
vuserjs.com
web-info.me
web-rank.cc
web-rank.pw
web-stat.biz
web-stat.me
web-stats.cc
web-stats.pw
webfotce.me
webrank.ws
webstat-info.ws
webstat.cc
webstatistic.me
webstatistic.pw
webstatistic.tech
webstatistic.ws
webstats.me
webstatvisit.com
whitelistjs.com
wix-cloud.com
wpconnect.org
wpserve.org
ww1-filecloud.com
x-magesecurity.com
xmageform.com
xmageinfo.com
xmagejs.com
xmagesecurity.com
xn--google-analytcs-xpb.com
xn--gstatc-7va.com
youpayme.info
zendesk-chart.com
zonejs.com
zs.mk

# Reference: https://twitter.com/xuy1202/status/1232162075285147648

ns-scripts.com

# Reference: https://twitter.com/gwillem/status/1232246887367028737
# Reference: https://www.virustotal.com/gui/domain/cloudmgrtracker.com/detection

cloudmgrtracker.com

# Reference: https://twitter.com/MBThreatIntel/status/1232404872999231488

pluginmagento.net

# Reference: https://twitter.com/xuy1202/status/1232581248083582976

data-safeguard.com

# Reference: https://twitter.com/MBThreatIntel/status/1232726202281889793
# Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/

cdn-mediafiles.org
cdn-sources.org
d68344fb.ngrok.io

# Reference: https://sansec.io/labs/2020/02/25/longest-skimming-operation-yet/

aleopeople.info
bizlawyer.org
contentequare.com
cquotinent.com
jackhemmingway.com
joyjewell.com
installerr.pw
installerr.site
pizdasniff.site
qitcdn.net
securedcdn.net
thefei.com
vk-a6t5h7f3k.site
/5d507d3e6fdc7.js
/5d55d10058c9d.js
/5d570bebe00ed.js

# Reference: https://twitter.com/felixaime/status/1234111603831910400

webscriptly.com

# Reference: https://twitter.com/felixaime/status/1224257587555770368

jquerytxtplugin.com

# Reference: https://twitter.com/unmaskparasites/status/1234536106953146369

http://163.172.136.230

# Reference: https://twitter.com/unmaskparasites/status/1234917686242619393
# Reference: https://www.virustotal.com/gui/ip-address/83.166.248.67/relations

autocapital.pw
http.ps
xxx-club.pw
y5.ms

# Reference: https://twitter.com/felixaime/status/1235131517908570113
# Reference: https://www.virustotal.com/gui/ip-address/185.181.164.216/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.56.114.152/relations
# Reference: https://www.virustotal.com/gui/domain/wp-includ.com/relations
# Reference: https://twitter.com/500mk500/status/1235330678700548098

reportgns.com
sucuritester.com
wp-includ.com

# Reference: https://web.misker.me/blog/malware/2020/03/04/Raindrop-PoppedShop.html
# Reference: https://www.virustotal.com/gui/domain/googletagmanagrapis.com/detection

googletagmanagrapis.com

# Reference: https://twitter.com/felixaime/status/1236201312842326016

savemoneyoffice.com/js/varien/print.js

# Reference: https://twitter.com/felixaime/status/1236321303902269441

imprintcenter.com/js/embed.min.js
imprintcenter.com/js/flash/

# Reference: https://twitter.com/jeromesegura/status/1121811483195633670
# Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/

jquerylol.ru

# Reference: https://twitter.com/rootprivilege/status/1233065094965125120
# Reference: https://pastebin.com/4seW3Aya

neuro-programmer.de/e.php
neuro-programmer.de/test.php

# Reference: https://twitter.com/fletchsec/status/1175180643514355713

kursy.atas.pl/templates/system/html/data/red.php

# Reference: https://www.virustotal.com/gui/ip-address/181.214.86.150/relations

get-js.com
marketplace-magento.net

# Reference: https://twitter.com/d09r_/status/1238302755032166400
# Reference: https://www.virustotal.com/gui/ip-address/178.33.71.232/relations
# Reference: https://www.virustotal.com/gui/domain/theresevit.com/relations

jsvault.net
linkedtop.com
scriptopia.net

# Reference: https://twitter.com/ydklijnsma/status/1232727444962107392

google-anallytic.com
google--analytics.com
google-analyitics.com
google-anolytics.com

# Reference: https://twitter.com/AffableKraut/status/1207664349634011137

bizrateservices.com
j-queries.com
teamsystems.info
towbarchat.com
twinkhelp.com

# Reference: https://twitter.com/AffableKraut/status/1169489081568497664

gmagea.com

# Reference: https://twitter.com/AffableKraut/status/1169458435290804225

genidaff.com
strchckr.com
tfalseacc.com
tryuseracc.com
vaccss.com

# Reference: https://twitter.com/AffableKraut/status/1169458426344333312

htjar.com

# Reference: https://twitter.com/AffableKraut/status/1166223620886208513

shellsn.ru

# Reference: https://twitter.com/AffableKraut/status/1159677725994622976

jquery.in.ua

# Reference: https://twitter.com/AffableKraut/status/1133599840544468992

jqueryes.com

# Reference: https://twitter.com/MBThreatIntel/status/1238537326956933121

cookiepro.cloud

# Reference: https://www.riskiq.com/blog/labs/magecart-nutribullet/
# Reference: https://otx.alienvault.com/pulse/5e72332db0bfef80752cec40

amerisleep.github.io
3lift.org
abtasty.net
adaptivecss.org
adorebeauty.org
all-about-sneakers.org
ar500arnor.com
authorizecdn.com
bannerbuzz.info
battery-force.org
batterynart.com
blackriverimaging.org
braincdn.org
btosports.net
cdnassels.com
cdnmage.com
chicksaddlery.net
childsplayclothing.org
christohperward.org
citywlnery.org
closetlondon.org
cmytuok.top
coffemokko.com
coffetea.org
configsysrc.info
dahlie.org
davidsfootwear.org
dobell.su
elegrina.com
energycoffe.org
energytea.org
etradesupply.org
exrpesso.org
foodandcot.com
freshchat.info
freshdepor.com
greatfurnituretradingco.org
info-js.link
jewsondirect.com
js-cloud.com
kandypens.net
kik-vape.org
labbe.biz
lamoodbighats.net
link-js.link
livechatinc.org
londontea.net
mage-checkout.org
magejavascripts.com
magescripts.pw
magesecuritys.com
majsurplus.com
map-js.link
mcloudjs.com
mechat.info
melbounestorm.com
misshaus.org
mylrendyphone.com
mypiltow.com
nililotan.org
oakandfort.org
ottocap.org
parks.su
paypaypay.org
pmtonline.su
prodealscenter.com
replacemyremote.org
sagecdn.org
scriptoscript.com
security-payment.su
shop-rnib.org
slickjs.org
slickmin.com
smart-js.link
swappastore.com
teacoffe.net
top5value.com
track-js.link
ukcoffe.com
verywellfitnesse.com
walletgear.org
webanalyzer.net
zapaljs.com
zoplm.com

# Reference: https://twitter.com/felixaime/status/1241765974929530884

googletagmanage.com

# Reference: https://twitter.com/MBThreatIntel/status/1241837000564428800

sucurl.net

# Reference: https://www.virustotal.com/gui/domain/sucuri.pro/relations

sucuri.pro

# Reference: https://twitter.com/MBThreatIntel/status/1242538048044150784
# Reference: https://www.virustotal.com/gui/domain/allegrolearnings.com/relations

allegrolearnings.com/blogs/media/embed.min.js
allegrolearnings.com/blogs/media/common.js

# Reference: https://www.virustotal.com/gui/ip-address/161.117.236.58/relations

jquerrycdn.xyz

# Reference: https://twitter.com/d09r_/status/1242845745218228224
# Reference: https://twitter.com/securityaffairs/status/1242873730235277313
# Reference: https://securityaffairs.co/wordpress/100449/hacking/tupperware-site-hacked.html
# Reference: https://blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/

deskofhelp.com

# Reference: https://twitter.com/felixaime/status/1243083359212969984

gocgle-analytics.com

# Reference: https://twitter.com/felixaime/status/1243561946982625284

oldworldaccents.net/js/embed.min.js

# Reference: https://www.virustotal.com/gui/domain/google-analytics.gq/relations

google-analytics.gq

# Reference: https://twitter.com/felixaime/status/1247414542759575552

google-analytc.com

# Reference: https://twitter.com/unmaskparasites/status/1247886037881196547
# Reference: https://blog.sucuri.net/2020/01/web-swiper-in-image-title.html
# Reference: https://www.virustotal.com/gui/domain/intljs.rmtag.net/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.202.161.89/relations

intljs.rmtag.net
pollyfill.com

# Reference: https://twitter.com/d09r_/status/1247951999305302016
# Reference: https://www.virustotal.com/gui/ip-address/34.227.50.166/relations
# Reference: https://www.virustotal.com/gui/ip-address/54.89.179.241/relations
# Reference: https://www.virustotal.com/gui/ip-address/3.83.72.214/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.1.206.175/relations
# Reference: https://www.virustotal.com/gui/ip-address/3.84.27.209/relations

3alesforce.com
4esla.services
4eslamotors.com
7indowsupdate.com
7ootric.com
adn-apple.com
akalai.net
ap0see.com
app3ee.com
appqee.com
appsae.com
appsue.com
aprsee.com
apxsee.com
arpsee.com
atpsee.com
bdn-apple.com
calesforce.com
cdf-apple.com
cdj-apple.com
cdl-apple.com
cdn-a0ple.com
cdn-ap0le.com
cdn-appde.com
cdn-apphe.com
cdn-appla.com
cdn-appld.com
cdn-applg.com
cdn-applm.com
cdn-applu.com
cdn-appme.com
cdn-appne.com
cdn-apqle.com
cdn-aprle.com
cdn-aptle.com
cdn-apxle.com
cdn-aqple.com
cdn-arple.com
cdn-atple.com
cdn-axple.com
cdn-cpple.com
cdn-epple.com
cdn-ipple.com
cdn-qpple.com
cdnmapple.com
cdo-apple.com
cen-apple.com
cfn-apple.com
clack-msgs.com
cln-apple.com
coogleanalytics.com
coogleusercontent.com
cppsee.com
ctn-apple.com
deslamotors.com
eicrosoftonline.com
eixpanel.com
eoogleanalytics.com
eoogleusercontent.com
eropbox.com
fgxnews.com
fo8news.com
fohnews.com
foogleanalytics.com
fopnews.com
foxlews.com
foxne7s.com
foxneus.com
foxnew3.com
foxoews.com
foynews.com
fpnjs.com
gdn-apple.com
ggogleanalytics.com
ggogletagmanager.com
ggogleusercontent.com
gindowsupdate.com
gkogleanalytics.com
gkogleusercontent.com
gmogleanalytics.com
gmogletagmanager.com
gmogleusercontent.com
gnogleanalytics.com
gnogletagmanager.com
gnogleusercontent.com
goggletagmanager.com
goggleusercontent.com
gokgleanalytics.com
gokgletagmanager.com
gokgleusercontent.com
gomgleanalytics.com
gongleanalytics.com
gongletagmanager.com
gongleusercontent.com
goocleanalytics.com
goocletagmanager.com
goocleusercontent.com
gooeleanalytics.com
gooeleusercontent.com
goofleanalytics.com
goofletagmanager.com
googdeanalytics.com
googdetagmanager.com
googheanalytics.com
googhetagmanager.com
googheusercontent.com
googlaanalytics.com
googlatagmanager.com
googlausercontent.com
googldanalytics.com
googldtagmanager.com
googldusercontent.com
google4agmanager.com
google5sercontent.com
googleafalytics.com
googleajalytics.com
googlealalytics.com
googleanadytics.com
googleanahytics.com
googleanal9tics.com
googleanalqtics.com
googleanalxtics.com
googleanaly4ics.com
googleanalydics.com
googleanalypics.com
googleanalytacs.com
googleanalythcs.com
googleanalytias.com
googleanalytibs.com
googleanalytic3.com
googleanalyticc.com
googleanalyticq.com
googleanalyticr.com
googleanalyticw.com
googleanalytigs.com
googleanalytiks.com
googleanalytiss.com
googleanalytkcs.com
googleanalytmcs.com
googleanalytycs.com
googleanalyuics.com
googleanalyvics.com
googleanamytics.com
googleananytics.com
googleanclytics.com
googleanelytics.com
googleanilytics.com
googleanqlytics.com
googleaoalytics.com
googlecnalytics.com
googledagmanager.com
googleenalytics.com
googleesercontent.com
googleinalytics.com
googlepagmanager.com
googleqnalytics.com
googleqsercontent.com
googletacmanager.com
googletaemanager.com
googletag-anager.com
googletageanager.com
googletagianager.com
googletaglanager.com
googletagmafager.com
googletagmajager.com
googletagmalager.com
googletagmanacer.com
googletagmanaeer.com
googletagmanafer.com
googletagmanagar.com
googletagmanagdr.com
googletagmanage2.com
googletagmanageapi.com
googletagmanageb.com
googletagmanagep.com
googletagmanages.com
googletagmanagev.com
googletagmanagez.com
googletagmanaggr.com
googletagmanagmr.com
googletagmanagris.com
googletagmanagrs.com
googletagmanagrsapi.com
googletagmanagur.com
googletagmanaoer.com
googletagmanawer.com
googletagmancger.com
googletagmaneger.com
googletagmaniger.com
googletagmanqger.com
googletagmaoager.com
googletagmcnager.com
googletagminager.com
googletagmqnager.com
googletagoanager.com
googletaomanager.com
googletawmanager.com
googletcgmanager.com
googletigmanager.com
googletqgmanager.com
googletsercontent.com
googleu3ercontent.com
googleuagmanager.com
googleucercontent.com
googleuqercontent.com
googleurercontent.com
googleusarcontent.com
googleusdrcontent.com
googleuse2content.com
googleusebcontent.com
googleusepcontent.com
googleuseraontent.com
googleuserbontent.com
googleusercgntent.com
googleuserckntent.com
googleusercmntent.com
googleusercnntent.com
googleusercoftent.com
googleusercojtent.com
googleusercoltent.com
googleusercon4ent.com
googleusercondent.com
googleuserconpent.com
googleusercontant.com
googleusercontdnt.com
googleuserconteft.com
googleusercontejt.com
googleusercontelt.com
googleuserconten4.com
googleusercontend.com
googleusercontenp.com
googleusercontenu.com
googleusercontenv.com
googleuserconteot.com
googleusercontgnt.com
googleusercontmnt.com
googleusercontunt.com
googleuserconuent.com
googleuserconvent.com
googleusercootent.com
googleusergontent.com
googleusersontent.com
googleusescontent.com
googleusevcontent.com
googleusgrcontent.com
googleusmrcontent.com
googleusurcontent.com
googlevagmanager.com
googlewsercontent.com
googlganalytics.com
googlgtagmanager.com
googlgusercontent.com
googlmanalytics.com
googlmtagmanager.com
googluanalytics.com
googlutagmanager.com
googluusercontent.com
googmeanalytics.com
googmetagmanager.com
googmeusercontent.com
googneanalytics.com
goognetagmanager.com
googneusercontent.com
goooleanalytics.com
goooletagmanager.com
gootric.com
goowleanalytics.com
goowletagmanager.com
goowleusercontent.com
hocalytics.com
iicrosoftonline.com
iixpanel.com
ippsee.com
jpnjs.com
ka3persky.com
kaqpersky.com
kaspepsky.com
kasperqky.com
kaspersk9.com
kasperskq.com
kaspessky.com
kaspezsky.com
kaspgrsky.com
kaspmrsky.com
kaspursky.com
kastersky.com
kasxersky.com
kcspersky.com
kdn-apple.com
lgcalytics.com
licrosoftonline.com
lmcalytics.com
lncalytics.com
loaalytics.com
locadytics.com
locahytics.com
localqtics.com
localy4ics.com
localydics.com
localytacs.com
localythcs.com
localytias.com
localytibs.com
localytic3.com
localyticc.com
localyticw.com
localytigs.com
localytiks.com
localytiss.com
localytkcs.com
localytmcs.com
localytycs.com
localyuics.com
localyvics.com
locamytics.com
locanytics.com
locclytics.com
locelytics.com
locqlytics.com
lokalytics.com
lpnjs.com
mhxpanel.com
mi8panel.com
mibrosoftonline.com
micposoftonline.com
micrgsoftonline.com
micrksoftonline.com
microqoftonline.com
microskftonline.com
microsmftonline.com
microsnftonline.com
microsobtonline.com
microsof4online.com
microsofdonline.com
microsoftgnline.com
microsoftknline.com
microsoftnnline.com
microsoftofline.com
microsoftojline.com
microsoftolline.com
microsoftonhine.com
microsoftonlane.com
microsoftonlhne.com
microsoftonlife.com
microsoftonlije.com
microsoftonlile.com
microsoftonlina.com
microsoftonlind.com
microsoftonling.com
microsoftonlinu.com
microsoftonlioe.com
microsoftonlkne.com
microsoftonlmne.com
microsoftonmine.com
microsoftonnine.com
microsoftooline.com
microsofuonline.com
microsofvonline.com
microsovtonline.com
micsosoftonline.com
micvosoftonline.com
miczosoftonline.com
mihpanel.com
mippanel.com
mix0anel.com
mixpalel.com
mixpanal.com
mixpandl.com
mixpaned.com
mixpanem.com
mixpanml.com
mixpanul.com
mixpcnel.com
mixpenel.com
mixpinel.com
mixranel.com
mixtanel.com
mixxanel.com
mkcrosoftonline.com
mkxpanel.com
mmxpanel.com
mocalytics.com
myxpanel.com
n0njs.com
npjjs.com
npljs.com
npnhs.com
npnj3.com
npnks.com
npnns.com
npnzs.com
npojs.com
nqnjs.com
nrnjs.com
ntnjs.com
nxnjs.com
oicrosoftonline.com
oixpanel.com
ooogleanalytics.com
ooogleusercontent.com
opnjs.com
peslamotors.com
qalesforce.com
qlack-msgs.com
qppsee.com
qymantec.com
ralesforce.com
regment.io
rlack-msgs.com
rymantec.com
s9mantec.com
sadesforce.com
sahesforce.com
saldsforce.com
sale3force.com
saleqforce.com
salesborce.com
salesfgrce.com
salesfmrce.com
salesfnrce.com
salesfo2ce.com
salesfobce.com
salesfopce.com

# Reference: https://twitter.com/felixaime/status/1248154035053637632

google-analytcsapi.com

# Reference: https://www.perimeterx.com/resources/blog/2020/new-stealth-magecart-attack-bypasses-payment-services-using-iframes/
# Reference: https://www.virustotal.com/gui/ip-address/83.166.250.66/relations

braintreegateway24.com
braintreegateway24.tech
braintreegateway.services

# Reference: https://twitter.com/felixaime/status/1250807334676414465

tag-css.icu

# Reference: https://twitter.com/MBThreatIntel/status/1252265931088080896

vetality.site

# Reference: https://twitter.com/MBThreatIntel/status/1252285343555960833

ducatigrenoble.com/skin/frontend/ves_brave/default/css/bootstrap.php

# Reference: https://twitter.com/MBThreatIntel/status/1252338975265546242

clipbutton.com.br/catalog/discount.php
tivents.de/media/wysiwyg/paypal4.gif

# Reference: https://twitter.com/felixaime/status/1253039202465468419
# Reference: https://www.virustotal.com/gui/ip-address/193.38.54.55/relations
# Reference: https://www.virustotal.com/gui/ip-address/193.38.54.62/detection

secrityipa.club
securityipa.club

# Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# Skimmer)
# Reference: https://www.virustotal.com/gui/domain/sunrisepromos.com/relations

sunrisepromos.com/js/lib/ccard.js

# Reference: https://securityaffairs.co/wordpress/98124/cyber-crime/uncovering-new-magecart-implant.html
# Reference: https://marcoramilli.com/2020/02/19/uncovering-new-magecart-implant-attacking-ecommerce/
# Reference: https://labs.sucuri.net/web-skimmer-with-a-domain-name-generator-follow-up/
# Reference: https://twitter.com/AffableKraut/status/1257937430709186560
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations

ql201000.pw
ql201041.pw
ql201243.pw
ql201456.pw
ql201463.pw
ql201721.pw
ql202141.pw
ql202412.pw
ql202657.pw
ql202989.pw
qr201010.pw
qr201089.pw
qr201161.pw
qr201346.pw
qr201854.pw
qr202004.pw
qr202284.pw
qr202754.pw
qr202844.pw
qr202960.pw
q(l|r)[0-9]{5,6}\.pw
/js/ar/ar906.php
/js/ar/ar2497.php
/js/ar/ar7938.php

# Reference: https://blog.sucuri.net/2020/04/web-skimmer-with-a-domain-name-generator.html

gooogletagmanager.online

# Reference: https://twitter.com/Bank_Security/status/1258130762685186048
# Reference: https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
# Reference: https://www.virustotal.com/gui/ip-address/83.166.242.105/relations

myicons.net
psas.pw

# Reference: https://twitter.com/felixaime/status/1258800483524804608

jquerycdn.at

# Reference: https://twitter.com/felixaime/status/1258834331163922432

jquerye.at

# Reference: https://twitter.com/felixaime/status/1260822992180973572

cdnjustuno.icu
manag.icu
targetad.icu

# Reference: https://twitter.com/felixaime/status/1260827294723170304

tags-app.icu
tags-bootstrap.icu

# Reference: https://twitter.com/MBThreatIntel/status/1269400469845061632

tagapp.icu

# Reference: https://twitter.com/AffableKraut/status/1261157021027622912
# Reference: https://gist.github.com/krautface/c2f2d6d0c4516afc47efcbe17e561e0c

priangan.com/wp-content/languages/blogid/

# Reference: https://twitter.com/tosscoinwitcher/status/1261353530465456128
# Reference: https://twitter.com/500mk500/status/1261361366339903488
# Reference: https://www.virustotal.com/gui/domain/googletagmanagr.com/detection

googletagmanagr.com

# Reference: https://twitter.com/MBThreatIntel/status/1262893385448210434

magentorates.com

# Reference: https://twitter.com/MBThreatIntel/status/1263850035382378497
# Reference: https://twitter.com/500mk500/status/1263861204327505928
# Reference: https://twitter.com/d09r_/status/1263864711847620609
# Reference: https://www.virustotal.com/gui/ip-address/5.188.62.173/relations
# Reference: https://www.virustotal.com/gui/ip-address/176.123.6.37/relations

padmin.xyz
hostssl.uno
hostssl.xyz
shopssl.xyz
idtransfer.icu

# Reference: https://twitter.com/MBThreatIntel/status/1263876741094727680
# Reference: https://www.virustotal.com/gui/ip-address/23.106.215.85/relations

cdncontentserver.com
onlineimageservices.com

# Reference: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/

gocgle-analytics.cm
gocgle-analytics.net
gocgletagmanager.cm
gocgletagmanager.com

# Reference: https://www.virustotal.com/gui/ip-address/194.180.224.112/relations

authcrize.net
gcogle-analytics.com
gocgle-analytics.net
googlo-analytics.com
googlo-analytics.net
gooqle-analytics.com
gooqle-analytics.net
secure-authorize.net
wanalytic.is
secure.authcrize.net

# Reference: https://twitter.com/kyleehmke/status/1399680399756906502
# Reference: https://www.virustotal.com/gui/ip-address/87.120.254.4/relations

gooqle-login.com

# Reference: https://twitter.com/felixaime/status/1264124350883602432
# Reference: https://www.virustotal.com/gui/ip-address/161.35.202.72/relations

cdndoubleclick.net

# Reference: https://twitter.com/felixaime/status/1264567401380753409

cdn-contentstore.com
cdn-sources.com

# Reference: https://twitter.com/AffableKraut/status/1265349583925841922

ads-fbstatistic.com

# Reference: https://twitter.com/felixaime/status/1265175178532831237

livechatcdn.com

# Reference: https://twitter.com/felixaime/status/1265176411322499072

cloudfrontapi.com
cloudfrontapi.net

# Reference: https://twitter.com/MBThreatIntel/status/1266397492658098176

s3.amazonaws.com/content.zipboss.com/code/zipboss.dev.js

# Reference: https://twitter.com/felixaime/status/1267045708932222976

apibazaarvoice.com

# Reference: https://twitter.com/benkow_/status/1267034595758833667

http://89.82.251.136/counter/index.php

# Reference: https://twitter.com/felixaime/status/1267095794571792384
# Reference: https://twitter.com/dimitribest/status/1372632649496420364
# Reference: https://twitter.com/rootprivilege/status/1392119803997941762
# Reference: https://lukeleal.com/research/posts/lolzilla-php-js-skimmer/

http://45.197.141.250
45.197.141.250:443
happykid.in/image/catalog/d_blog_module/review/jjs.js
tienda.flex.cl/media/sello-ecommerce.js

# Reference: https://twitter.com/eclipsepicards/status/1268240487233867778

platinumus.top

# Reference: https://twitter.com/MBThreatIntel/status/1267874481113989121

googleapifs.space

# Reference: https://twitter.com/felixaime/status/1267729483987062786

ssecurapi.club

# Reference: https://twitter.com/MBThreatIntel/status/1268340229347270657

jquerylib.at

# Reference: https://twitter.com/MBThreatIntel/status/1268982125543387136

cdnn-aws.com

# Reference: https://twitter.com/unmaskparasites/status/1269005294325108738

hits-cache.com

# Reference: https://blog.sucuri.net/2020/06/evasion-tactics-in-hybrid-credit-card-skimmers.html
# Reference: https://www.virustotal.com/gui/ip-address/185.110.132.220/relations

http://185.110.132.220
jshost.org

# Reference: https://twitter.com/prsecurity_/status/1269843378088247296

http://185.4.65.69
http://185.4.65.72
http://185.4.66.82
http://37.252.0.91
http://37.252.0.115
http://37.252.0.150
http://37.252.0.149
http://37.252.0.196
http://37.252.0.199
http://5.45.80.46
http://5.45.82.166
http://5.45.82.189
http://5.45.83.202
http://5.45.83.223

# Reference: https://twitter.com/unmaskparasites/status/1270064808864419841
# Reference: https://www.virustotal.com/gui/ip-address/54.38.49.244/relations

jsassets.net
payprocessor.net

# Reference: https://twitter.com/MBThreatIntel/status/1270150196333142016

locol.site

# Reference: https://twitter.com/JWilsonSecurity/status/1270087185795026944

t.obet.us/gagal/log.php

# Reference: https://twitter.com/MBThreatIntel/status/1270861231776137218
# Reference: https://twitter.com/MBThreatIntel/status/1279128778543783936
# Reference: https://twitter.com/500mk500/status/1270945615812460544
# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.189/relations

bootstrapmag.com
chatajax.com
google-adware.com
jquery-apl.com
jqueryalert.com
jqueryapiscript.com
magento-info.com
magento-stores.com
magento-updater.com
security-magento.com
securityscr.com
w3schooli.com
wordpress-scripts.com

# Reference: https://twitter.com/felixaime/status/1271061780849209344
# Reference: https://www.virustotal.com/gui/ip-address/193.32.161.74/relations

cdnxmljquerybucket.com
jqueryapichecker.com
tagmanagercdn.com
tagmanagerxmlraw.com
xmljqueryscoring.com
xmlrawdataresponse.com

# Reference: https://securityaffairs.co/wordpress/104776/hacking/claires-magecart-attack.html

claires-assets.com

# Reference: https://twitter.com/felixaime/status/1263818626114740224
# Reference: https://twitter.com/MBThreatIntel/status/1272679759126777857
# Reference: https://www.virustotal.com/gui/ip-address/185.217.92.149/relations

jquerystats.com
salesstatistic.com
scriptstatistic.com

# Reference: https://twitter.com/benkow_/status/1273214642458853376

reddotarms.com/js/infortis/jquery/jquery-1.7.2.min.js

# Reference: https://twitter.com/benkow_/status/1273219665582579713

visaandpassportagency.com/js/prototype/prototype.js

# Reference: https://twitter.com/felixaime/status/1273221200886587392

magento-api.icu
magentolink.icu
bootstrap-fronts.icu
bootstrap-jquery.icu
cloud-fronts.icu
bootstrap-jquery.host
magento-api.host
cloud-fronts.host
magentolink.host
jqueryjs.host

# Reference: https://twitter.com/MBThreatIntel/status/1273733879526903808
# Reference: https://www.virustotal.com/gui/ip-address/185.92.148.128/relations

cddn.site
lebs.site

# Reference: https://securelist.com/web-skimming-with-google-analytics/97414/

google-anatytics.com
google-analytics-js.com

# Reference: https://www.virustotal.com/gui/ip-address/84.38.182.177/relations

mstracking.link
paypalapiobjects.com

# Reference: https://www.virustotal.com/gui/ip-address/5.101.50.50/relations

googleapimanager.com

# Reference: https://twitter.com/MBThreatIntel/status/1376665239647756289
# Reference: https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/

ads-fbstatistic.com
apilivechat.com
bestcdnforbusiness.com
bizrateservices.com
cddn.site
cxizi.net
favicon.click
j-queries.com
jquery-analitycs.com
jqueryanalise.xyz
koinweb.site
lebs.site
magentorates.com
pixasbay.com
sonol.site
teamsystems.info
towbarchat.com
undecoveria.com
webtrans.site
wosus.site
xciy.net
xoet.site
yxxi.net
yzxi.net

# Reference: https://twitter.com/MBThreatIntel/status/1279651033883439105

kttape.com/pub/static/frontend/Plumtree/kttapeb2b/en_US/mage/mail.js

# Reference: https://twitter.com/MBThreatIntel/status/1279523525192081408

cloud-flares.host

# Reference: https://twitter.com/wwp96/status/1279551267698888704

jquerycloud.host

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/
# Reference: https://twitter.com/MBThreatIntel/status/1280180299112919041
# Reference: https://www.virustotal.com/gui/ip-address/31.220.60.108/relations

cdn-xhr.com
hivnd.net
hixrq.net
idpcdn-cloud.com
joblly.com
rackxhr.com
thxrq.com

# Reference: https://twitter.com/unmaskparasites/status/1280569151833223168

cdn-google-analytics.com

# Reference: https://twitter.com/p5yb34m/status/1111707577685991424

givemejs.cc

# Reference: https://twitter.com/jeromesegura/status/1121811483195633670
# Reference: https://blog.malwarebytes.com/cybercrime/2019/04/github-hosted-magecart-skimmer-used-against-hundreds-of-e-commerce-sites/

/mage/master/mage.js

# Reference: https://www.symantec.com/security-center/writeup/2018-092007-1208-99 (JSCoffe domains)

beachyripe.com
energycoffe.org
energytea.org
lightbulbs-direct.org
teacoffe.net
ukcoffe.com

# Reference: https://blog.sucuri.net/2018/12/localization-and-customization-of-credit-card-stealing-malware.html

kinfirighbetted.host
sales4reason.com
greatwebstat.com

# Reference: https://www.helpnetsecurity.com/2020/07/08/magecart-group-8/
# Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-A-3.pdf
# Reference: https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-B-1.pdf

adaptivecss.org
adorebeauty.org
anduansury.com
ankese.com
assethomify.com
assetstorage.net
blackriverimaging.org
braincdn.org
citywlnery.org
closetlondon.org
coffemokko.com
coffetea.org
dahlie.org
davidsfootwear.org
dobell.su
elegrina.com
energycoffe.org
etradesupply.org
exrpesso.org
fileskeeper.org
foodandcot.com
freshchat.info
freshdepor.com
frocklay.com
hqassets.com
info-js.link
jewsondirect.com
js-storage.click
jsvault.net
labbe.biz
link-js.link
londontea.net
mage-checkout.org
majsurplus.com
map-js.link
mechat.info
misshaus.org
oakandfort.org
ottocap.org
parks.su
paypaypay.org
pmtonline.su
replacemyremote.org
safeprocessor.com
sagecdn.org
sainester.com
scriptdesire.com
scriptsparadise.com
scriptvault.org
security-payment.su
shourve.com
slickjs.org
smart-js.link
stairany.com
swappastore.com
teacoffe.net
theresevit.com
top5value.com
track-js.link
ukcoffe.com
uthorizecdn.com
verywellfitnesse.com
walletgear.org
weblibscdn.com

# Reference: https://twitter.com/unmaskparasites/status/1283084460519456771

cdnlistrakbi.com

# Reference: https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html
# Reference: https://www.virustotal.com/gui/ip-address/8.208.19.101/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.77.10/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.99.41/relations

analytics-core.com
analytics-ssl.com
fonts-googlemaps.com
fonts-gstatic.com
fontsgoogle-apis.com
fontsgoogleapis.com
google-conf.com
google-console.com
google-core.com
google-sert.com
dash.google-console.com
fonts.fontsgoogleapis.com
ssl.analytics-core.com
/app/design/frontend/Magento/luma/media/mage.png
/pub/media/downloadable/mage.png

# Reference: https://twitter.com/felixaime/status/1287408636164284419

cdn-filestorm.com
cloud-sources.com

# Reference: https://twitter.com/500mk500/status/1288482532774891521
# Reference: https://www.virustotal.com/gui/ip-address/8.211.36.239/relations
# Reference: https://www.virustotal.com/gui/domain/rooplancdn.com/detection

rooplancdn.com

# Reference: https://twitter.com/felixaime/status/1288604510802325509

shopify-sales.com

# Reference: https://twitter.com/felixaime/status/1288601153400446976
# Reference: https://www.virustotal.com/gui/ip-address/47.88.14.111/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.101.50.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.84.18/relations
# Reference: https://twitter.com/felixaime/status/1301090258671542272

adw-gooqle.com
blog-mage.com
cailpercovers.com
cheeseceke.com
cioubfiare.com
claristokp.top
clickstrackings.com
cloubfiare.com
cloudflaea.com
cloudfliare.com
googie-seo.com
google-ahatytics.com
google-anatytics.com
google-ssm.com
gooqieapis.com
jquery-doc.com
jquery-magento.com
jqueryupdate.com
magenlo.com
magento-update.com
marketing-yahoo.com
optimized-js.com
path-magento.com
script-magento.com
sucuil.net
tag-managers.com
up-tracking.com

# Reference: https://twitter.com/unmaskparasites/status/1288922935240077313

http://31.214.157.134/in.php
/setup/performance-toolkit/files/search_terms.php

# Reference: https://twitter.com/AffableKraut/status/1290031871670104066
# Reference: https://twitter.com/AffableKraut/status/1290031876892057600
# Reference: https://www.virustotal.com/gui/ip-address/37.252.5.111/relations
# Reference: https://gist.github.com/krautface/b65cb1e717038f000d4d9dfd860830ea

cdn-adsense.com

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/
# Reference: https://otx.alienvault.com/pulse/5f2c453b5b063dda49dd855f
# Reference: https://www.virustotal.com/gui/ip-address/51.83.209.11/relations

cigarpaqe.com
fleldsupply.com
pushcrew.pw
winqsupply.com
zoplm.com

# Reference: https://twitter.com/felixaime/status/1292567951762231299

cdncom.site

# Reference: https://twitter.com/AffableKraut/status/1293104085835689984
# Reference: https://www.virustotal.com/gui/domain/googapi.com/detection

googapi.com

# Reference: https://twitter.com/felixaime/status/1295796245588512768

payprocessor.net

# Reference: https://twitter.com/felixaime/status/1295800211416190976
# Reference: https://www.virustotal.com/gui/ip-address/188.209.49.71/relations

clipboardplugin.com
devtoolsforweb.com
variousscripts.com
topcc.biz
topcc.pw
topcc.store
topcc.su

# Reference: https://twitter.com/unmaskparasites/status/1295816804133199878
# Reference: https://twitter.com/AffableKraut/status/1295817245017493507

amastybootstrap.host
amastybootstrap.online
amastybootstrap.store
bootstrapcd.host
bootstrapcd.online
bootstrapcss.host
bootstrapcss.online
cdnbootstrap.host
cdnbootstrap.store
dbbootstrap.online

# Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations

cdn-jquerystatic.ddns.net
static-jquery.sytes.net

# Reference: https://www.virustotal.com/gui/ip-address/91.211.247.69/relations

cvv2.name

# Reference: https://www.virustotal.com/gui/ip-address/47.241.7.41/relations

acloudsapi.com
securebnp-server.com
securebnp1-update.com
secureing-update.com

# Reference: https://twitter.com/JCyberSec_/status/1298929497354448901

gaminpit.com

# Reference: https://twitter.com/MBThreatIntel/status/1299380573966802944
# Reference: https://www.virustotal.com/gui/ip-address/108.62.12.46/detection

content-analytics-server.com

# Reference: https://twitter.com/felixaime/status/1300335046029606912

lighting-spot.com/pub/media/js/jscol.min.js
lighting-spot.com/pub/media/js/lighting.js

# Reference: https://twitter.com/sansecio/status/1304043546970927104
# Reference: https://www.virustotal.com/gui/ip-address/80.78.254.128/relations

sansec.biz
csp.sansec.biz

# Reference: https://twitter.com/sansecio/status/1305041618744086528
# Reference: https://twitter.com/sansecio/status/1305461119314690048
# Reference: https://sansec.io/research/largest-magento-hack-to-date
# Reference: https://otx.alienvault.com/pulse/5f5f9a8ba62718db52b64700
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.244.76/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.245.32/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.245.93/relations

ajaxcloudflare.com
imags.pw
mcdnn.me
mcdnn.net
myicons.net
data-id-click.ru
divamoda-tds.ru
justwe-track.ru

# Reference: https://twitter.com/sansecio/status/1306190540963282946

facelook.no/en_US/pixel.js

# Reference: https://twitter.com/unmaskparasites/status/1308419144048668672

http://94.158.244.55

# Reference: https://twitter.com/MBThreatIntel/status/1310703704396279808

static-trustpilot.com

# Reference: https://twitter.com/felixaime/status/1310835184917458944
# Reference: https://www.virustotal.com/gui/ip-address/161.117.237.217/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.14.12.199/relations
# Reference: https://www.virustotal.com/gui/ip-address/6.9.3.11/relations

acdn.space
ancdn.site
ancdnto.site
arcdn.site
bcdn.space
cacdn.site
ccdn.space
cdna.site
cdna.space
cdnb.site
cdnb.space
cdnc.site
cdnc.space
cdncom.site
cdnd.site
cdnd.space
cdne.site
cdne.space
cdnf.site
cdnf.space
cdng.site
cdng.space
cdnh.site
cdnh.space
cdni.site
cdni.space
cdnj.site
cdnj.space
cdnk.site
cdnk.space
cdnl.site
cdnl.space
cdnm.site
cdnm.space
cdnn.site
cdnn.space
cdno.site
cdno.space
cdnp.site
cdnp.space
cdnq.site
cdnq.space
cdnr.site
cdnr.space
cdns.site
cdns.space
cdnt.site
cdnt.space
cdnu.site
cdnu.space
cdnv.site
cdnv.space
cdnw.site
cdnw.space
cdnx.site
cdnx.space
cdny.site
cdny.space
cdnz.site
cdnz.space
dcdn.space
fcdn.space
frcdn.site
gcdn.space
gtacdn.site
gtag.site
gtage.site
gtamanag.site
gtcdn.site
gtgcdn.site
gtmcdn.site
hcdn.space
icdn.space
jcdn.space
kcdn.space
ncdn.space
ocdn.space
qcdn.space
tcdn.space
usacdn.site
uscdn.site
wcdn.space
xcdn.space
zcdn.space

# Reference: https://www.virustotal.com/gui/ip-address/45.32.178.26/relations

acache.pw
adev.pw
asite.pw

# Reference: https://twitter.com/felixaime/status/1310840704801951744

jquerycss.online
jquerycss.space
jquerycss.store
jquerycss.tech
jquerycss.website

# Reference: https://twitter.com/JWilsonSecurity/status/1311140720498147334
# Reference: https://www.virustotal.com/gui/domain/ride4speed.com/relations

ride4speed.com

# Reference: https://twitter.com/AffableKraut/status/1311330609546104832

googleanalytics.monster
googleanalytics.buzz
google-analytics.monster
google-analytics.buzz
googletagmanager.cyou
google-analytics.icu
google-analytics.club
googletagmanager.top
google-analytics.cyou
googleanalytics.top
googleanalytics.cyou
statanalytic.cyou
googleshopanalytic.icu
gstatic.cyou
gstatic.club

# Reference: https://twitter.com/MBThreatIntel/status/1311423125582540802

adsojs.com
cdndeskpro.com
cdnprog.com
faceapiget.com
facecdnget.com
fbpixelget.com
gstaticapi.com
keywestcdn.com
klaviyo.host
lightgetjs.com
listrakjs.com
mediabtracker.com
meidiaplus.com
section.ws
sectionget.com
sumome.net
swiftypecdn.org
uniquegetapi.com
findericons.com/favicon.ico

# Reference: https://unit42.paloaltonetworks.com/malicious-coinminers-web-skimmer/

metahtmlhead.com

# Reference: https://twitter.com/rootprivilege/status/1311731116345237509
# Reference: https://blog.sucuri.net/2021/01/magento-php-injection-loads-javascript-skimmer.html
# Reference: https://www.virustotal.com/gui/ip-address/5.135.247.140/relations

underscorefw.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.90.81/relations

fontsgoogle-api.com
googleapis-fonts.com

# Reference: https://twitter.com/MBThreatIntel/status/1313137479512276995
# Reference: https://www.virustotal.com/gui/ip-address/188.68.220.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.184.253.166/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.245.128.231/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.89.184.107/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.254.170.245/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.254.84.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.53.125.202/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.14.9/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.20.61/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.27.102/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.72.188/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.79.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.65.45/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.210.68.59/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.143.29.164/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.144.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.145.190/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.147.241/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.148.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.148.30.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.148.31.102/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.148.31.214/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.180.233/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.180.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.183.160/relations

admin-autorization.com
bing-analytics.com
bing-insert.com
bootstrap-java.com
cdn-jquery.com
checkout-sagepay.com
connect-facebook.com
google-analytics.top
google-anylysis.com
google-apic.com
google-assignments.com
google-assistant.com
google-checkout.com
google-connect.com
google-modile.com
google-money.com
google-payment.com
google-query.com
google-sale.com
google-sanek.com
google-smart.com
google-standard.com
google-taq.com
google-tasks.com
google-worldpay.com
jquery-assets.com
jquery-assist.com
jquery-insert.com
jquery-migrate.com
live-sagepayment.com
pay-sagepay.com
pay-u-biz.com
payment-sagepay.com
payment-worldpay.com
paypal-assist.com
paypal-debit.com
paypal-vendor.com
paypal-worldpay.com
paypalapiobjects.com
payu-biz.com
sagepay-live.com
sagepay-world.com
yahoo-manager.com
yahoo-tasks.com
cdn.jquery-migrate.com

# Reference: https://www.virustotal.com/gui/ip-address/47.245.128.230/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.181.56/relations

cdnanalyticss.top
google-picaso.com
promakerboi.top

# Reference: https://twitter.com/AffableKraut/status/1313600312045907973

shopifyst.com

# Reference: https://twitter.com/unmaskparasites/status/1313913253035159553
# Reference: https://www.virustotal.com/gui/ip-address/176.123.3.85/relations

ay64.club
by222.site
cyan24.club
dynrdns.site
googleanalytics.icu
idssl.site
shopstatanalytics.store
statanalytic.site

# Reference: https://twitter.com/malwareinfosec/status/1349425176983658497
# Reference: https://www.virustotal.com/gui/ip-address/8.208.102.232/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.24.81/relations

facebookapimanager.com
tag-manager.net
tags-manager.com

# Reference: https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/
# Reference: https://www.virustotal.com/gui/ip-address/198.187.31.243/relations
# Reference: https://twitter.com/MBThreatIntel/status/1314298615204995072

playbacknows.com

# Reference: https://twitter.com/jeromesegura/status/1137087208630833152

jquers.com
jqueres.com

# Reference: https://twitter.com/Jacob_Pimental/status/1316173250850942977
# Reference: https://twitter.com/Jacob_Pimental/status/1316174498073399296
# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.154/relations

dataprocessor.net
luhnvalidator.com
stairany.com

# Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html

polobear.shop

# Reference: https://twitter.com/marcelmalware/status/1140723183584272386
# Reference: https://www.virustotal.com/gui/domain/jquery.su/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.97.167/relations

certicodeplus.cn
cloudflare.su
cloudflareplus.com
cloudflareplus.net
cloudflarepro.info
cloudflarepro.name
cloudflareshop.com
coomperative.com
glohtoris.top
googleexpert.name
googleinfo.name
googlemaster.info
googlemaster.name
googleplus.name
googletag.info
googletag.name
jquery.su
jquery24.com
jqueryexpert.com
jqueryinfo.com
jsstroy.com
magentoinfo.name
magentoinfo.org
magentoportal.com
magentostore.org
mycloudflare.net
paypai.xyz
procloudflare.com
procloudflare.net

# Reference: https://www.virustotal.com/gui/ip-address/195.54.167.88/relations

alipayservice.top
alipaysecurity.top
unionpayinternational.services

# Reference: https://twitter.com/AffableKraut/status/1325157786032992258
# Reference: https://twitter.com/AffableKraut/status/1325157787291168775

aws-amazon.site
freshdesk.space
gaming-spirit.xyz
gaminpit.com
googletagmanager.site
gooogletagsmanage.com
karovi.best
kckaa.com
kxotic.me
newoldtime.site
newoldtime.space
riskified.site
shipstation.space
signifyd.site
tiros.xyz

# Reference: https://www.virustotal.com/gui/ip-address/47.91.76.198/relations

google-site-verification.com
googlecloud-verification.com
googletags-manager.com
jquerydll.com
script-analytic.com
script-analytics.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.76.69/relations

apibaseajax.com
reactjsget.com
statsaps.com

# Reference: https://twitter.com/EKFiddle/status/1326245935559692289
# Reference: https://www.virustotal.com/gui/ip-address/162.241.201.20/relations

artichgroup.com

# Reference: https://twitter.com/rootprivilege/status/1326231381169512450
# Reference: https://www.virustotal.com/gui/ip-address/194.59.40.37/relations

jquerylib-min.com
jquerylib-min.net
onlinecdn-js.com

# Reference: https://www.riskiq.com/resources/research/magecart-ant-and-cockroach-skimmer/
# Reference: https://urlscan.io/search/#google-statik.pw
# Reference: https://www.virustotal.com/gui/ip-address/217.12.204.185/relations

2binary-education.pw
ads2.adverline.com/retargetproduit/partntertag/103754_tag.js
alexa-rank.pw
batbing.com
bgznnfzn.pw
checkip.biz
consoler.in
gnwnprnf.pw
google-statik.pw
niywqcnp.pw
pornodrive.pw
pornostyle.pw
portal-a.pw
portal-b.pw
portal-c.pw
portal-d.pw
portal-e.pw
portal-f.pw
recaptcha-in.pw
search-components.pw
sexrura.pw
tattoopad.pw
xnprnfzn.pw

# Reference: https://www.virustotal.com/gui/ip-address/185.236.232.88/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.44.45.58/relations
# Reference: https://otx.alienvault.com/indicator/domain/gtagmanagers.com
# Reference: https://urlscan.io/result/fcd59e67-62ae-4d44-904a-51208ed82f3e
# Reference: https://hybrid-analysis.com/sample/309d6cd27991b14cffe004ffbf3844dec6e050e2ed1604558627fa3077599032

gtagmanagers.com

# Reference: https://securityaffairs.co/wordpress/111009/cyber-crime/sucuri-software-skimmer.html

terminal4.veeblehosting.com/~sucurrin/i/gate.php
/~sucurrin/
/sucurrin/

# Reference: https://twitter.com/rootprivilege/status/1331766420317773826

zago-store.vn/pub/health_check.php

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/
# Reference: https://twitter.com/AffableKraut/status/1333258524219072515

adsometrick.com
apptegmaker.com
googletage.com
indesiter.com
tag-metrix.com
tawktalk.com

# Reference: https://twitter.com/AffableKraut/status/1334745410750046208

abcanalytics.net
adsymptotic.net
artestfut.com
artfut.net
iofrontcloud.com
outbrains.net
upsellit.io
zdassets.net

# Reference: https://twitter.com/EKFiddle/status/1334908783894491138
# Reference: https://twitter.com/rootprivilege/status/1335018000227868672
# Reference: https://sansec.io/research/svg-malware

budoshop.si/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css
budoshop.si/pub/health_check.php
myfisherstore.com/checkout/%7B%7BMEDIA_URL%7D%7Dstyles.css
myfisherstore.com/pub/health_check.php

# Reference: https://twitter.com/AffableKraut/status/1335501765031174145
# Reference: https://www.virustotal.com/gui/ip-address/51.89.179.232/relations

jquerycdn.net
jquerycss.xyz
jquerysapi.com
js-jquery.com
jslibcdn.net

# Reference: https://www.group-ib.com/blog/fakesecurity_raccoon (# FakeSecurity)

cloud-js.co.za
host-js.co.za
magento-cloud.co.za
magento-js.co.za
magento-security.co.za
marketplace-magento.co.za
marketplacemagento.co.za
node-js.co.za
payment-js.co.za
security-js.co.za
web-js.co.za

# Reference: https://twitter.com/sansecio/status/1336319799501078529 (# FakeSecurity)
# Reference: https://twitter.com/AffableKraut/status/1336342947613306881

bing-statistic.co.za
bing-statistic.org.za
bing-statistic.web.za
cdn-jquery.co.za
cdn-jquery.org.za
cdn-jquery.web.za
cdn-js.co.za
cdn-js.org.za
cdn-js.web.za
chrome.co.za
chrome.org.za
chrome.web.za
font-google.co.za
font-google.org.za
font-google.web.za
g00gle.africa
g00gle.co.za
g00gle.org.za
g00gle.web.za
godaddy.co.za
godaddy.org.za
godaddy.web.za
google-script.co.za
google-script.org.za
google-script.web.za
google-scripts.co.za
google-scripts.org.za
google-scripts.web.za
javascript.co.za
javascript.org.za
javascript.web.za
js-google.co.za
js-google.org.za
js-google.web.za
magent0.co.za
magent0.org.za
magent0.web.za
magento-connect.co.za
magento-connect.org.za
magento-connect.web.za
magento-content.co.za
magento-content.org.za
magento-content.web.za
microsoft.co.za
microsoft.org.za
microsoft.web.za
mozilla.co.za
mozilla.org.za
mozilla.web.za
opera.co.za
opera.org.za
opera.web.za
yah00.co.za
yah00.org.za
yah00.web.za

# Reference: https://www.virustotal.com/gui/ip-address/169.239.182.46/relations
# Reference: https://twitter.com/AffableKraut/status/1336352752478334977

google-statistic.com
google-statistic.net
yahoo-statistic.com
yahoo-statistic.net

# Reference: https://www.virustotal.com/gui/domain/google-statistics.com/relations

google-statistics.com

# Reference: https://twitter.com/500mk500/status/1336333922213404673
# Reference: https://www.virustotal.com/gui/ip-address/8.208.99.195/relations

comepropay54.net

# Reference: https://twitter.com/sansecio/status/1336614850047381506
# Reference: https://www.virustotal.com/gui/ip-address/89.108.90.123/relations

cloud-iq.net

# Reference: https://www.virustotal.com/gui/ip-address/89.108.90.125/relations

brandcdn.net

# Reference: https://twitter.com/kyleehmke/status/1336694242685702147

google-register.com
webspagestat.com

# Reference: https://twitter.com/AffableKraut/status/1337485794940956675
# Reference: https://twitter.com/AffableKraut/status/1337491084960739329
# Reference: https://twitter.com/500mk500/status/1337499684370255872
# Reference: https://pastebin.com/Xf4iGu9q

adrequest.xyz
agrorek.site
apiiiiii.com
appraisalqpm.com
artifacia.store
bigdomain.in
businesslocationfinder.org
cloudfront.pro
comebizframe.com
evamedia.top
evanalitic.com
g-content.bid
golecode.com
gooaglesyndication.com
google-stupidix.com
googleadservicees.com
googleais.com
googlecodelibs.com
googlesyndicatiofn.com
googlesyndiction.com
googletagmanag-er.com
googlgr.com
googlnalytics.com
gytmoogletagmanager.com
hs-script.com
html5update.com
javascriptcdn.stream
jquerry.online
jquerytutorialjs.com
jss-mautic.com
koobecaf.info
mediapays.info
ml-api.pw
nearsightedraccoon.com
polygons.cloud
professionalcdn.com
raku10shop.net
realtracking.ninja
removeclickfunnels.com
rotate4ads.com
seetestnow.com
sitespy.in
sublytics-5d6fcf0a813fd.com
thesqt.online
trackedlink.biz
visitorhunter.com
weathers.pw
xhtmls.cc

# Reference: https://twitter.com/jfslowik/status/1337465833602203648

centosupdatecdn.com
jqery.net

# Reference: https://twitter.com/AffableKraut/status/1337682688233398273

googie-analytisc.com
google-analytisc.com
google-ecommerce.com
google-science.com
google-trusts.com

# Reference: https://www.virustotal.com/gui/domain/google-analysis.com/detection

google-analysis.com

# Reference: https://twitter.com/gwillem/status/1339895713405280265
# Reference: https://www.virustotal.com/gui/file/2602da2aafea7a632d69654269c923d33d23bb72176bee9b5cd2e602bd3c93c3/detection
# Reference: https://www.virustotal.com/gui/file/4321b96d5ee4f89baeca39d24a7808190129b1115d1236297e191c4706444090/detection
# Reference: https://www.virustotal.com/gui/file/85b74ceae400d70ab81aa8e0f1412689196e9eead3fc3dbe33df26af7fac33c9/detection
# Reference: https://www.virustotal.com/gui/file/89ad715d0c924625fb4af392353e07c97b4e6a23fd65ef845690900e5d3dbb1d/detection

hostreselling.com
jquerysmartstack.com

# Reference: https://community.riskiq.com/article/14924d61
# Reference: https://urlscan.io/search/#jquerycloud.com
# Reference: https://www.virustotal.com/gui/ip-address/8.211.0.55/relations

jquerycloud.com
/js/dovesfarm.js

# Reference: https://twitter.com/VK_Intel/status/1162434460731813893
# Reference: https://www.zscaler.com/blogs/security-research/magecart-hits-again-leveraging-compromised-sites-and-newly-registered-domains

cloudflara.org
googletagmanager-service.com

# Reference: https://twitter.com/500mk500/status/1339707412316626945
# Reference: https://www.virustotal.com/gui/ip-address/185.154.13.210/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.254.129.13/relations

gstatica.space
gstaticc.space
gstaticd.space
gstatice.space
gstaticf.space
gstaticq.space
gstaticr.space
gstatics.space
gstaticv.space
gstaticw.space
gstaticx.space
gstaticz.space

# Reference: https://twitter.com/rootprivilege/status/1339751739604365312

printcss.host

# Reference: https://twitter.com/sansecio/status/1339914201662443520
# Reference: https://www.virustotal.com/gui/ip-address/162.241.222.203/relations

hsbc-secures.com
hsbcaccts.com
hsbcsecuressl.com
nmdatast.com
ushsbcsecure.com

# Reference: https://twitter.com/AffableKraut/status/1340035274450079744
# Reference: https://twitter.com/500mk500/status/1340048171779633153

paymaster-ssl.ru

# Reference: https://twitter.com/makflwana/status/1341239469836357633
# Reference: https://www.virustotal.com/gui/ip-address/176.123.7.116/relations

googlessl.icu
idtransfer.icu
idtransfer.me

# Reference: https://www.group-ib.com/blog/ultrarank
# Reference: https://otx.alienvault.com/pulse/5fe4cb300b0a9b6655a11de1

45.141.84.239:1443
googletagsmanager.co
googletagsmanager.info
s-panel.su

# Reference: https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce

zg9tywlubmftzw5ldza.com
zg9tywlubmftzw5ldze.com
zg9tywlubmftzw5ldze0.com
zg9tywlubmftzw5ldze1.com
zg9tywlubmftzw5ldzew.com
zg9tywlubmftzw5ldzex.com
zg9tywlubmftzw5ldzey.com
zg9tywlubmftzw5ldzez.com
zg9tywlubmftzw5ldzg.com
zg9tywlubmftzw5ldzi.com
zg9tywlubmftzw5ldzk.com
zg9tywlubmftzw5ldzm.com
zg9tywlubmftzw5ldzq.com
zg9tywlubmftzw5ldzu.com
zg9tywlubmftzw5ldzy.com

# Reference: https://www.virustotal.com/gui/ip-address/47.90.242.121/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.91.28.226/relations

trustcdnjs.com

# Reference: https://www.virustotal.com/gui/ip-address/161.117.89.16/relations
# Reference: https://urlscan.io/result/2cbc4a8f-eff1-4ed2-8fcf-09514c612e19/
# Reference: https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/
# Reference: https://urlscan.io/domain/myxintad.com

jsglobal.top
myxintad.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.89.255/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations

connecstaff.com
pubmatgic.com

# Reference: https://www.virustotal.com/gui/ip-address/8.209.108.15/relations

awskit.com
awsprog.com
keywestapi.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.24.53/relations

pixeltrack.top

# Reference: https://twitter.com/p0x53/status/1343649574674550784
# Reference: https://www.virustotal.com/gui/ip-address/176.119.1.157/relations

amazon-server12-cdn.com
amazon-server15-cdn.com

# Reference: https://twitter.com/felixaime/status/1343958003905671173

jerrysmusic.com/js/varien/validation.js

# Reference: https://twitter.com/marcelmalware/status/1277615543013519362

gtows.com/wp-content/js/var.js

# Reference: https://twitter.com/sinnadabueno/status/1344078328278482946

userway-api.com

# Reference: https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html

java-e-shop.com
soulmagic.biz.fozzyhost.com

# Reference: https://twitter.com/malwareinfosec/status/1347590799249219584
# Reference: https://www.virustotal.com/gui/ip-address/102.130.115.168/relations

cdn-cloud.co.za
cdn-jquery.biz
cdn-jquery.net
cdn-jquery.net.za
cdn-jquery.org
cdn-jquery.web.za
cdn-jquery.org.za
cdn-stat.co.za
cdn-stat.org.za
cdn-stat.web.za
cdn-update.co.za

# Reference: https://twitter.com/malwareinfosec/status/1347598539589709824

veterinaryconcepts.com/errors/enx.php?data=

# Reference: https://twitter.com/500mk500/status/1347687209844027392
# Reference: https://urlscan.io/result/0a34d7a1-aef8-45d3-b71a-71d68d66530b/
# Reference: https://urlscan.io/result/838576c6-7d97-4821-86cd-6d463d21782b/
# Reference: https://www.virustotal.com/gui/ip-address/193.38.54.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.4/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.6/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.7/relations

cloudchimp.online
cloudchimp.tech
mail-chimp.site
mailchimp.press
printcss.site
supportpay.club
tagmanager.online
tagmanager.site
tagmanager.store
tagmanager.tech

# Reference: https://twitter.com/felixaime/status/1351456431086698498
# Reference: https://twitter.com/malwareinfosec/status/1351584550099435526
# Reference: https://twitter.com/p0x53/status/1352188052433633280
# Reference: https://www.virustotal.com/gui/ip-address/109.199.125.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.92.206.12/detection

styl.click
styl.host
styl.press
analyst.uno
magento.uno
publish.uno
servers.uno
sql.uno
vms.uno

# Reference: https://twitter.com/AffableKraut/status/1260829836198711296

analitic.club
felers.club
tags-analitic.icu
tags-css.icu

# Reference: https://twitter.com/AffableKraut/status/1348165316589846532

fbevents.host
fbevents.site
fbevents.store
fbevents.tech

# Reference: https://twitter.com/AffableKraut/status/1348525412415107072
# Reference: https://www.virustotal.com/gui/ip-address/45.155.38.3/relations

cdn-google-cloudflare.com

# Reference: https://twitter.com/AffableKraut/status/1348684891718901762
# Reference: https://www.virustotal.com/gui/ip-address/102.130.114.139/relations
# Reference: https://www.virustotal.com/gui/ip-address/102.130.114.153/relations
# Reference: https://www.virustotal.com/gui/ip-address/102.130.114.147/relations

asp-cloud.org.za
google-document.co.za
google-js.co.za
google-js.org.za
google-js.web.za
google-network.co.za
google-statistic.co.za
google-statistic.org
google-statistic.org.za
google-statistic.web.za
jquery.africa
jquery.org.za
lib-cloud.org.za
lib-cloud.web.za
mage.org.za
mage.web.za
magento.web.za
node-js.org.za
node-js.web.za
nodejs.org.za
yahoo-statistic.org.za
yahoo-statistic.web.za

# Reference: https://community.riskiq.com/article/5bea32aa

statexplore.com
jquery-dll.net

# Reference: https://twitter.com/AffableKraut/status/1351390506484445184
# Reference: https://twitter.com/AffableKraut/status/1351390507759529984
# Reference: https://twitter.com/AffableKraut/status/1351390508719943680
# Reference: https://twitter.com/AffableKraut/status/1430075608143384580
# Reference: https://gist.github.com/krautface/3957a1f6d21cb201fefb8327ecb3dfdd
# Reference: https://gist.github.com/krautface/8e4706bc1142f5d14c3fb15a8a17a7ed
# Reference: https://gist.github.com/krautface/e80d3dbf7cbc49a6449ba3355b6af327
# Reference: https://gist.github.com/krautface/e16ad2ccf30612378e0f22699982dbf5
# Reference: https://gist.github.com/krautface/e31ca7282537ac3858a72295b7d62dad
# Reference: https://gist.github.com/krautface/cd29d552cb1edd50059ae541dfda9532

01phone.uno
0days.uno
0fx.club
0night.xyz
0to1.buzz
0xand.buzz
0york.xyz
114oo.icu
189027.icu
1place.buzz
1sterr.uno
1time.buzz
1to3.buzz
1xbe.icu
221u7.cyou
24hrs.fun
2days.fun
2every.fun
2nght.xyz
2now.cyou
3dw.buzz
3dwarfs.xyz
3dworks.club
3sombreros.xyz
3x3x3x.xyz
404p.icu
4evver.buzz
4mer.buzz
4youu.buzz
5leos.xyz
5meter.fun
5star.uno
5x5x5.cyou
64bitss.club
666devil.fun
6drops.buzz
6tries.uno
7chance.xyz
7digits.us
7game.fun
7luck.buzz
80srock.club
8er.uno
8planet.xyz
8words.xyz
99of100.xyz
9gag.uno
9precept.xyz
9tuvw.xyz
a42.buzz
absorb.buzz
abspl.xyz
amads.buzz
amads.uno
amads.xyz
amads2.xyz
ambien.buzz
amlog.buzz
arriver.buzz
ax128.icu
ay64.club
b17.monster
badger.uno
bbonus.xyz
blacktrade.net
brainr.xyz
broadw.xyz
bx333.cyou
by222.site
c982.link
coals.fun
coas.uno
commv.club
croat.uno
cx1md.cyou
cyan24.club
d883.click
deepe.icu
deriv.fun
dredn.uno
dropz.fun
dx26cmd.icu
dynrdns.site
e-holodilnik.com
e141.icu
ehrmen.xyz
enabler.buzz
errno.xyz
estim.buzz
ext22.icu
eyes2u.site
f1racing.icu
f8822.buzz
floaty.buzz
foldr.xyz
freejob.uno
frozn.xyz
fx555.cyou
fykes.club
g8super.monster
g98.monster
gigo.buzz
google-analytics.buzz
google-analytics.club
google-analytics.cyou
google-analytics.icu
google-analytics.monster
googleanalytics.buzz
googleanalytics.cyou
googleanalytics.icu
googleanalytics.monster
googleanalytics.top
googleshopanalytic.icu
googletagmanager.cyou
googletagmanager.top
gravit.xyz
greml.xyz
grosss.club
gstatic.club
gstatic.cyou
gx717.icu
gym365.site
herbo.xyz
hick.buzz
hihihi.cyou
hija.buzz
hint.fun
holidaygo.ru
hostssl.uno
hostssl.xyz
hx24.cyou
hyper1.club
iamsuch.fun
ifilez.uno
inits.fun
intr0.cyou
irrati.uno
ix85.cyou
iyork.club
jeepp.fun
jobber.fun
jockey.monster
johndoe.icu
joinem.uno
jx22.icu
jyjy.site
kanken.ru
keepr.buzz
klear.buzz
klingon.monster
knowit.buzz
kraftz.uno
kx482.icu
kyat.club
lassoz.xyz
lazyfox.icu
limitedd.xyz
lizrd.xyz
loll0l.xyz
lx05.cyou
lynx1.site
merph.fun
miners.fun
mirr.buzz
misstr.xyz
monk.monster
mx11.shop
mythis.store
n0ne.cyou
narrr.xyz
nerol.xyz
noth.buzz
nozzl.uno
nx44.fun
nyvip.store
objec.fun
objen.fun
om.sb
oppen.icu
oreal.fun
originel.buzz
ox95.top
oyer.club
ozzyz.buzz
padmin2.xyz
pens.monster
peppp.uno
popcrn.icu
posr.uno
prods.uno
propty.xyz
px22.xyz
pxxx.xyz
pyrex.site
qee.buzz
quake.buzz
questn.fun
quickerr.xyz
quicky.cyou
qx48.buzz
qyizz.store
rebor.xyz
rebrn.xyz
reddys.icu
restt.xyz
rollr.buzz
rxazz.uno
rxbet.uno
rxch.uno
rxchg.uno
rxdd.uno
rxdex.uno
rxem.uno
rxemb.uno
rxfff.uno
rxgreed.uno
rxgrow.uno
rxhop.uno
rxindia.uno
rxint.uno
rxjoke.uno
rxkoz.uno
rxled.uno
rxmod.uno
rxnop.uno
rxooo.uno
rxpro.uno
rxquz.uno
rxrch.uno
rxstd.uno
rxtmp.uno
rxuno.uno
rxvvv.uno
rxwax.uno
rxxx.uno
rxyz.uno
rxzip.uno
ryanz.cyou
rybbon.cyou
rycycle.cyou
ryddle.club
ryderz.cyou
ryer.club
ryeseed.club
ryezon.cyou
ryfer.cyou
ryggle.cyou
rygle.cyou
ryhed.cyou
ryhson.cyou
ryibol.cyou
ryicat.cyou
ryjoke.cyou
rykman.cyou
ryloth.cyou
rymour.cyou
rynder.cyou
ryots.cyou
ryprop.cyou
ryquoko.cyou
ryren.cyou
ryser.cyou
rytlab.cyou
ryuuk.cyou
ryvers.cyou
ryweak.cyou
ryxmas.cyou
ryyyy.cyou
ryzone.cyou
shopssl.xyz
shopstatanalytics.store
sportloto.buzz
sstockk.xyz
sstrip.uno
statanalytic.cyou
steelz.uno
streetrac.icu
stress.buzz
sub0.monster
sxamp.uno
sxbet.uno
sxcad.uno
sxdmp.uno
sxerr.uno
sxfnc.uno
sxgear.uno
sxhit.uno
sxint.uno
sxjump.uno
sxklap.uno
sxldr.uno
sxmnt.uno
sxnem.uno
sxobj.uno
sxpro.uno
sxqck.uno
sxrock.uno
sxsok.uno
sxterm.uno
sxung.uno
sxvid.uno
sxwww.uno
sxxx.uno
sxyz.uno
sxzz.uno
sxzz.xyz
syamoto.club
syberian.club
sycamor.club
sydne.club
syenna.club
syfer.club
sygna.club
syhire.club
syidim.club
syjet.club
sykzer.club
sylamine.club
symbiond.club
synchros.club
synjet.site
syomi.club
syphons.club
syqqure.club
syrreal.club
system31.club
sytcom.club
syultra.club
syvere.club
sywang.club
syxteen.club
syyy.club
syzu.club
tanks.cyou
tickis.club
tremol.xyz
tropicl.fun
turb.buzz
txarb.uno
txbor.uno
txcrn.uno
txdln.uno
txesc.uno
txflt.uno
txgnd.uno
txhwnd.uno
txinp.uno
txjack.uno
txkrn.uno
txlist.uno
txlost.uno
txmag.uno
txnop.uno
txogr.uno
txport.uno
txqr.uno
txred.uno
txset.uno
txtds.uno
txuno.uno
txvol.uno
txweb.uno
txxen.uno
txyzz.uno
txzer.uno
tyador.club
tybrown.club
tyctok.club
tydrew.club
tyebas.club
tyffoo.club
tyggle.club
tyhinz.club
tyings.club
tyjer.club
tykers.club
tylerz.club
tympan.club
tyndall.club
tyosophy.club
typesett.club
tyquest.club
tyrole.club
tyssian.club
tytrat.club
tyultra.club
tyvolume.club
tywing.club
tyxtyx.club
tyyear.club
tyzone.club
ultim.fun
ultrav.fun
unkel.uno
uoycc.cyou
user42.xyz
uvlamp.buzz
uxand.uno
uxbtn.uno
uxclk.uno
uxdrop.uno
uxeof.uno
uxfog.uno
uxgot.uno
uxhot.uno
uxids.uno
uxjob.uno
uxkom.uno
uxlamp.uno
uxmed.buzz
uxnex.buzz
uyarray.club
uybusiness.club
uycreate.club
uydamage.club
uyembed.club
uyfrost.club
uygreat.club
uyhotline.cyou
uyignite.cyou
uyjingle.cyou
uyknight.cyou
uymiddle.cyou
uynight.cyou
vacuum5.club
vanad.uno
vdr.monster
versn.xyz
volc.uno
voltage.fun
warr.club
wick.buzz
worldz.buzz
wron.xyz
wyomng.icu
xchgr.xyz
xfilesx.club
xmass.xyz
xports.xyz
xrayz.buzz
yellw.fun
yets.xyz
ynter.xyz
yorkzz.buzz
yoyoyo.cyou
zerr.club
zetas.buzz
zetas.club
zetas.fun
zetas.monster
zetas.xyz

# Reference: https://twitter.com/rootprivilege/status/1352625063212666880
# Reference: https://twitter.com/unmaskparasites/status/1352743873714348033
# Reference: https://lukeleal.com/research/posts/magento2-skimmer-testserver-php/

bardven.com/testServer.php
pedlitz.com/testServer.php

# Reference: https://twitter.com/AffableKraut/status/1352693061336371200
# Reference: https://www.virustotal.com/gui/ip-address/169.239.183.80/relations

ajax-plugin.org
cdn-ajax.co.uk
cdn-cloudflare.biz
cdn-js.co.uk
cdn-magento.com
cdn-plugins.org
cdn-rackspace.com
cloud-plugins.org
js-widget.com
plugin-ajax.com
widget-ajax.co.uk
widget-js.co.uk

# Reference: https://twitter.com/malwrhunterteam/status/1354431227802095619
# Reference: https://www.virustotal.com/gui/ip-address/34.85.13.9/relations

jquery-scdn.com

# Reference: https://twitter.com/jeromesegura/status/1354598447022653442
# Reference: https://www.virustotal.com/gui/ip-address/188.227.57.93/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.119.130/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.72.238/relations

google-analuting.com
google-conversion.com
google-gateway.com
google-note.com
google-squery.com
paypal-moneypay.com

# Reference: https://twitter.com/AffableKraut/status/1355263804872024072
# Reference: https://twitter.com/AffableKraut/status/1355263805899595783

aws-amazon.site
extrn.ru
freshdesk.space
google-analytics.su
kckaa.com 
newoldtime.site
newoldtime.space
riskified.site
shipstation.space
signifyd.site
strat-o-matic.org
tolinkjpattr.com
tywyvern.com

# Reference: https://twitter.com/unmaskparasites/status/1356378296292806657
# Reference: https://twitter.com/AffableKraut/status/1356412371334529024

advertising-cdn.com
africa-best-dating.com
google-adwert.com
google-adwersting.com
new-adversting.com

# Reference: https://twitter.com/jeromesegura/status/1356654794098626560
# Reference: https://twitter.com/MBThreatIntel/status/1357028912677613568
# Reference: https://www.virustotal.com/gui/ip-address/144.202.119.63/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.77.125.110/relations
# Reference: https://blog.malwarebytes.com/cybercrime/2021/02/credit-card-skimmer-piggybacks-on-magento-1-hacking-spree/

auxbeam-img.cloud
cdnmaeva.top
costway.top
crazyvaps.info
hdanalyse.com
hdenvironement.com
hdpopulation.com
motoxpricambi.top
securityxx.top
/costway.js
/mcostway.js

# Reference: https://twitter.com/virelli/status/1359465087204024325

beyondhealth.com/media/js/a1def6c62256906029767cb784323ab3.js

# Reference: https://twitter.com/kyleehmke/status/1360189186578513920
# Reference: https://www.virustotal.com/gui/ip-address/45.155.37.122/relations

gtmtagmanager.com

# Reference: https://twitter.com/AffableKraut/status/1360319951182180355

adfast.tech
getquantum.space
heatmap-customer-tracking.com
intellibs.net
ipmarketing.biz
jquery-library-code.ru
jsdeliddvr.net
media-rotator.net
mktracking.com
popstat.net
push.report
rotationmessage.net
salesbeeapi.com
statgecko.com
statisticsfree.com
weathermap.biz

# Reference: https://twitter.com/AffableKraut/status/1360343813454245893
# Reference: https://sansec.io/research/google-apps-script
# Reference: https://www.virustotal.com/gui/ip-address/91.194.11.205/relations

analit.tech
hotjar.host
pixelm.tech

# Reference: https://twitter.com/500mk500/status/1361061870061424653
# Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.200.85.137/relations

blondescript.info
blondescript.net
blondescript.org
coollandpage.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.38.97.71/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.203.198.177/relations
# Reference: https://urlscan.io/result/533860b5-b101-483a-8716-d8bd19c57679/

clickandunder.com
gdprmysites.co
javaskript.pw
json-jquery.icu
statistikajsscrypt.com

# Reference: https://twitter.com/benkow_/status/1222457832810991616
# Reference: https://www.virustotal.com/gui/domain/bamblbee.store/relations

bamblbee.store

# Reference: https://twitter.com/AffableKraut/status/1363366240039952387

google-tag.com

# Reference: https://urlscan.io/result/256f6bae-84f0-488e-9e15-47ae15760cc6/
# Reference: https://www.virustotal.com/gui/ip-address/45.145.64.143/relations

fbanalytic.org

# Reference: https://twitter.com/unmaskparasites/status/1364675090256785411

elume.org

# Reference: https://twitter.com/unmaskparasites/status/1364652993971245060
# Reference: https://www.virustotal.com/gui/ip-address/45.142.213.172/relations

googlecdn-api.com
jquery-in.com
jquery-ini.com
mastercvv.in
sert-googlefonts.com

# Reference: https://www.virustotal.com/gui/ip-address/34.65.43.209/relations

evolutagain.ru
huntes.ru
manualseos.ru
seocmson.ru

# Reference: https://gist.github.com/krautface/b97dfcb3e07d74ebc2eab7f1051923d2

bulder.online

# Reference: https://twitter.com/sansecio/status/1367404202461450244
# Reference: https://twitter.com/unmaskparasites/status/1370579966069383168
# Reference: https://urlscan.io/result/293c311f-900b-4662-9b5d-c1d0b11cead7/
# Reference: https://www.virustotal.com/gui/ip-address/195.123.217.18/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.166.246.34/relations

facedook.host
predator.host
pathc.space
redorn.space
zeborn.pw

# Reference: https://urlscan.io/result/6dea6218-8a34-4f48-931e-93fa1677faf6/

googletagmanaaer.com

# Reference: https://www.virustotal.com/gui/ip-address/5.34.179.116/relations

google-jquery.eu

# Reference: https://twitter.com/TeamDreier/status/1368955262900592640
# Reference: https://www.virustotal.com/gui/ip-address/185.238.171.228/relations
# Reference: https://www.virustotal.com/gui/ip-address/35.228.62.27/relations

cloubfiare.net
googiemanager.com
googlemanagerads.com
googlemgr.net
gooqleads.net
gooqlescript.com
qodaddy.net

# Reference: https://twitter.com/TeamDreier/status/1369617099023388672

google-codes.com
google-thumbs.com
google-worlds.com
paypal-merchant.com
paypal-merchants.com

# Reference: https://twitter.com/jfslowik/status/1369745187480559617

analytics-cdn.net
analytics-ssl.net

# Reference: https://twitter.com/unmaskparasites/status/1370151988285992960
# Reference: https://twitter.com/rootprivilege/status/1370394651509678080

content-analytics-server.com
pagemonitor-server.com
templatesurvey.com

# Reference: https://www.group-ib.com/blog/e1rb

cdn-gstat.com
cdn-host.org
google-analitics.org
jquery-live.com
jquery-on.com
telrshop.com

# Reference: https://twitter.com/MBThreatIntel/status/1371877118909378568

adextech.com/tr/echo/advisor.min.js

# Reference: https://twitter.com/rcwht_/status/1374016465444220932
# Reference: https://www.virustotal.com/gui/ip-address/8.209.70.103/relations

ssl-authorization.com

# Reference: https://twitter.com/unmaskparasites/status/1374806612611723264

wedelf.com/wip/reverse.min.js

# Reference: https://twitter.com/unmaskparasites/status/1374812123562319872
# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.143/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.87.144.10/relations

agilityscripts.com
amazonawscdn.com
cdnforplugins.com
devlibscdn.com
mirasvit.net
secure4d.net
seoagregator.com
speedtransaction.com
spotforassets.com
v2-zopim.com
webadstracker.com

# Reference: https://twitter.com/MBThreatIntel/status/1375516616243474438

un5.ffox.site

# Reference: https://twitter.com/TeamDreier/status/1375149879664709638
# Reference: https://www.virustotal.com/gui/ip-address/35.228.228.1/relations

bing-visitors.com
googieads.com
googieupdate.com
google-site-verification.net
googleadservlces.com
googlegtm.com
jquerylast.com
yahoo-tracker.com

# Reference: https://twitter.com/MBThreatIntel/status/1376662429229142022
# Reference: https://twitter.com/rootprivilege/status/1549799944835371008
# Reference: https://www.virustotal.com/gui/ip-address/194.61.25.77/relations
# Reference: https://www.virustotal.com/gui/ip-address/77.83.36.33/relations

jqueri-web.at
jqueri.at
jqueridev.at
jqueriweb.at
jsdelivr.at

# Reference: https://twitter.com/unmaskparasites/status/1377383696009895939

brewtees.com/jquery/

# Reference: https://twitter.com/unmaskparasites/status/1378065215565168641
# Reference: https://twitter.com/unmaskparasites/status/1378065738422874114
# Reference: https://www.virustotal.com/gui/ip-address/198.27.64.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.91.78.128/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.69.32/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.96.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.211.41.122/relations

googletagmanagers.com
googletagsmanagers.com
fonts-analytics.com
fontsgstatic.com
googlefonts-api.com
googlefonts-dns.com
jquery-dns.com
jquery-ssl.com
page2adgooglesyndication.com
stackpathbootstrapcdn.com

# Reference: https://urlscan.io/result/e76a66c0-403e-4099-a673-ecb322b99f7e/
# Reference: https://urlscan.io/result/14b99a92-2ec2-4327-a0f1-a0249e4513be/
# Reference: https://www.virustotal.com/gui/ip-address/203.91.116.53/relations

cdnjsapis.com
jquery-analytics.com

# Reference: https://urlscan.io/result/a38d860f-b1a2-432c-a8ff-a4132c0f8293/

jquery-google.com

# Reference: https://twitter.com/rootprivilege/status/1379096986897408001
# Reference: https://lukeleal.com/research/posts/magento2-payprocess-obj_31337-skimmer/

payprocess.org
processpayment.cc

# Reference: https://www.virustotal.com/gui/ip-address/8.208.78.46/relations

cdn-alipearlhair.com
livechatlnc.com
paypalobjacts.com
tagmanaqer.com

# Reference: https://twitter.com/AffableKraut/status/1380022960627593216
# Reference: https://twitter.com/AffableKraut/status/1380022963160895490
# Reference: https://twitter.com/AffableKraut/status/1380022987626328065
# Reference: https://www.virustotal.com/gui/ip-address/176.9.51.172/relations

aramorganstake.com
cdnnetworking.com
cdnnetwrk.com
csscdnnett.com
fivemofreegate.com
fonts.services
gegelanallitics.com
google-analytics.org
googleanalyse.website
googlecashstat.com
healcodes.com
huggy.tech
joopsjeemz.com
liquidibi.com
manutdfuns.com
remincss.com
sellait.com
sixmofreegate.com
snowdronedge.com

# Reference: https://www.virustotal.com/gui/ip-address/144.76.57.177/relations

aldyen.com
braitnreegateway.com
cobrosya.net
cullqi.com
cyberesources.com
e-posnets.com
epayou.net
eurocommerces.net
filows.com
khipus.net
mercadopagos.net
mindbodyonlines.com
oppwwa.com
paypluge.com
paypulatam.com
redysys.net
sinetesis.com
stripies.com
transbanks.net
vivapayments.net
vnmnet.net
xpaymentes.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.78.196/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.92.202/relations

amazon-sert.com
analyticsfonts.com
fontsgoogles.com
googlefonts-map.com

# Reference: https://www.virustotal.com/gui/ip-address/192.187.120.45/detection
# Reference: https://www.virustotal.com/gui/ip-address/35.197.229.31/relations
# Reference: https://urlscan.io/result/14d969b1-dc3e-4803-8b8a-9a3356f44a79/

googl-mail.com
googl-service.com

# Reference: https://www.virustotal.com/gui/ip-address/98.129.19.208/relations

script-manager.com
scriptmgr.com

# Reference: https://www.virustotal.com/gui/ip-address/96.126.108.31/relations

scriptdispense.com

# Reference: https://twitter.com/TeamDreier/status/1383696994380648448
# Reference: https://www.virustotal.com/gui/ip-address/95.217.250.26/relations

googlemanagerapi.com

# Reference: https://www.virustotal.com/gui/ip-address/149.28.245.206/relations

api-hotjar.com

# Reference: https://twitter.com/AffableKraut/status/1383964524110245888

analistnet.site
analiticnet.site
analiticsnet.site
analiticweb.site
analylicweb.site
analystclick.site
analysttraffic.site
analystview.site
analystweb.site
analyticlick.site
analyticmanager.site
analyticview.site
clickanalyst.site
clickanalytic.site
foundanalyst.site
foundanalytic.site
managertraffic.site
netanalist.site
netanalitic.site
netanalitics.site
nettraffic.site
siteanalist.site
siteanalitic.site
siteanalitics.site
siteanalyst.site
siteanalytic.site
sitetraffic.site
trafficanalyst.site
trafficanalytics.site
trafficcloud.site
trafficweb.site
unpkgtraffic.site
viewanalyst.site
viewanalytic.site
webanalitic.site
webanalitics.site
webanalylic.site
webanalyst.site

# Reference: https://twitter.com/TeamDreier/status/1384089703599595526
# Reference: https://www.virustotal.com/gui/ip-address/34.125.75.72/relations

ajaxtracker.com
analytics-gtm.com
cdn-cgi.net
doubiecliick.net
jquery-ui.net

# Reference: https://twitter.com/rootprivilege/status/1384357710603292676

cdn-frontend.com

# Reference: https://www.virustotal.com/gui/ip-address/103.232.215.140/relations

jcsscpt.com
jcsscpt.net
sscyulept.com

# Reference: https://www.virustotal.com/gui/ip-address/104.219.248.46/relations

legacy-scripts.com

# Reference: https://twitter.com/AffableKraut/status/1384553513842352130

conf-localhost.com
facebooknetworks.com
secure-conf.com

# Reference: https://twitter.com/AffableKraut/status/1384546205921943552
# Reference: https://urlscan.io/search/#filename:%22google.analytics.b.js%22

/google.analytics.b.js

# Reference: https://twitter.com/TeamDreier/status/1384818143156129792

coupon-popup.net
dns-servers-update.net

# Reference: https://www.virustotal.com/gui/ip-address/8.208.86.98/detection
# Reference: https://urlscan.io/result/420f0ac5-d7b4-4417-9985-ce325c4feeb4/

ssl-center.com

# Reference: https://www.virustotal.com/gui/ip-address/135.181.34.206/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.148.120.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.93/relations
# Reference: https://www.virustotal.com/gui/ip-address/61.164.109.218/relations
# Reference: https://www.virustotal.com/gui/ip-address/67.205.167.220/relations
# Reference: https://www.virustotal.com/gui/ip-address/44.227.238.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.124.42.69/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.248.102.2/relations

js-cdn.club
js-cdn.host
js-cdn.info
js-cdn.net
js-cdn.online
js-cdn.org
js-cdn.pw
js-cdn.ru
js-cdn.site
js-cdn.top
js-cdn.xyz

# Reference: https://www.virustotal.com/gui/ip-address/45.33.20.246/relations

1001-font.com
alexa-tracking.com
ali-clicks.com
analytics-website-services.com
analytix.host
cdn-hosted.com
cdn-js-query.com
code-scripts.com
count-stats.com
data-analytics.club
dr-cdn.com
glatrac.com
goolgeapis.com
jquery-custom-plugin.com
js-cdn.com
jscriptlibrary.org
kissmetrics-analytics.com
quikianalytics.site
securemy-js.com
staticjs-webui-library.com
tagblock-analytics.com
toolscript-js.com
tracfb.com
track-link.site
trackr.website
vnlyse.com
yanalyics.com

# Reference: https://www.virustotal.com/gui/ip-address/96.126.117.191/relations

cdn-aws.com
clicktracking321.com
google-analytics-premium.com
fonts-community.com
fonts-directory.com
leadcap-js.com

# Reference: https://www.virustotal.com/gui/ip-address/106.187.48.151/relations
# Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations
# Reference: https://www.virustotal.com/gui/ip-address/162.243.186.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.12.12.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.53.168.6/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.220.168.154/relations

jquery-cdn.info
jquery-cdn.me
jquery-cdn.net
jquery-cdn.org
jquery-cdn.pw
jquery-cdn.ru
jquery-cdn.tk

# Reference: https://www.virustotal.com/gui/ip-address/148.72.213.55/relations

jquerys.ga
jquerys.ml
jquerys.tk

# Reference: https://www.virustotal.com/gui/ip-address/104.28.1.107/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.128.115/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.208.80.82/relations
# Reference: https://www.virustotal.com/gui/ip-address/198.54.116.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/63.141.229.19/relations
# Reference: https://www.virustotal.com/gui/ip-address/93.174.93.164/relations

jquerys.info
jquerys.net
jquerys.org
jquerys.ru
jquerys.site
jquerys.xyz

# Reference: https://www.virustotal.com/gui/ip-address/141.8.226.58/relations

ddcdn.pw

# Reference: https://www.virustotal.com/gui/ip-address/178.63.30.117/relations

ml-js.com
peretrax-js.com

# Reference: https://www.virustotal.com/gui/ip-address/217.12.202.82/relations

cloud-js.link
js-cloud.xyz
scripteleven.ru

# Reference: https://www.virustotal.com/gui/ip-address/202.222.31.77/detection

js-cloud.net

# Reference: https://www.virustotal.com/gui/ip-address/185.91.175.226/relations

bootstrap-cdn.com

# Reference: https://www.virustotal.com/gui/domain/cdn-magento.com/detection

cdn-magento.com

# Reference: https://www.virustotal.com/gui/ip-address/167.99.163.243/relations

ssl-google.com

# Reference: https://www.virustotal.com/gui/ip-address/34.102.136.180/relations

googlefi.info
ssl-facebook.com
paymentssecured.com
tatteredscript.com

# Reference: https://www.virustotal.com/gui/ip-address/50.63.51.92/relations

ssl-cloud.com

# Reference: https://www.virustotal.com/gui/ip-address/185.141.25.37/relations

ssl-analytics.com

# Reference: https://www.virustotal.com/gui/ip-address/192.64.119.207/detection

ssl-aws.com

# Reference: https://www.virustotal.com/gui/ip-address/37.120.206.98/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.245.255.10/relations

fontawesome.dev
g-metrics.me
jquerys.me
ooolll.me

# Reference: https://www.virustotal.com/gui/ip-address/64.70.19.203/relations

jquerys.ws

# Reference: https://www.virustotal.com/gui/ip-address/95.216.161.60/detection

ssl-cloud.me

# Reference: https://twitter.com/josh_larsen/status/1388892152680288262

evilcdn.com

# Reference: https://twitter.com/virusbtn/status/1387795316682940421
# Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html
# Reference: https://documents.trendmicro.com/assets/Appendix_Water-Pamola-Attacked-Online-Shops-Via-Malicious-Orders.pdf

77i.co
auth1html.site
basic-authentication.live
cloudlstorage.com
googleoapis.com
xf6.site

# Reference: https://twitter.com/unmaskparasites/status/1390027415615795200

renokonnect.com/stats/js/jcrop/jcrop.min.js

# Reference: https://www.circleid.com/posts/20210506-deep-dive-into-known-magecart-iocs-connected-internet-properties/

fastmycdn.com
statistik.site
webinformer.biz
zigzapframe.biz

# Reference: https://www.virustotal.com/gui/ip-address/34.95.57.185/detection
# Reference: https://www.virustotal.com/gui/ip-address/35.203.186.155/relations

purechal.com

# Reference: https://twitter.com/MBThreatIntel/status/1392887777902030853

houseofdesigners.in/scure.php

# Reference: https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/

kermo.pw
thesun.pw
zolo.pw
/m1_2021_force

# Reference: https://twitter.com/unmaskparasites/status/1394762869233786880

bingfindapi.com
bulder.online
foundstyle.online
fountm.online
gstatcs.com
jqwereid.online
webfaset.com

# Reference: https://twitter.com/sansecio/status/1395765199169261570

sanseclabs.com

# Reference: https://twitter.com/sansecio/status/1395770562769788929

pay.mollie.nl/checkout/v3/css/global.css

# Reference: https://twitter.com/unmaskparasites/status/1397030574749982722

celolum.com

# Reference: https://www.riskiq.com/blog/external-threat-management/mobile-inter/
# Reference: https://otx.alienvault.com/pulse/60afd2d5ce95a296d0f9323e

google-analyticss.com
google-downloader.com
google-pick.com
google-sens.com
google-turn.com
gooqle.ru.oitx.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1398037002923110400

gstaticsfonts.com

# Reference: https://twitter.com/AffableKraut/status/1398056214492291074

fonts-gstatics.com
googles-analytic.com

# Reference: https://twitter.com/AffableKraut/status/1398148316886491143
# Reference: https://twitter.com/AffableKraut/status/1428417456998060037
# Reference: https://gist.github.com/krautface/e213d52bbd1f6a278570afb1ae64a05e

adminbox.site
adminet.site
adminet.space
adminpan.site
allforyour.site
amasterweb.site
analist-net.site
analist-net.space
analist-rete.space
analistcloud.space
analistnet.site
analistnet.space
analistnetwork.site
analistnetwork.space
analistpanel.site
analistrete.site
analistsite.site
analistsite.space
analisttab.site
analisttab.space
analistweb.site
analistweb.space
analitic-site.site
analitic-site.space
analitic-tab.site
analitic-tab.space
analiticnet.site
analiticpanel.site
analiticpanel.space
analitics-panel.site
analitics-site.site
analitics-site.space
analitics-tab.site
analitics-web.space
analiticsblock.site
analiticsblock.space
analiticsite.site
analiticsite.space
analiticsnet.site
analiticspanel.site
analiticspanel.space
analiticssite.site
analiticssite.space
analiticstab.site
analiticstab.space
analiticsweb.site
analiticsweb.space
analitictab.site
analitictab.space
analiticweb.site
analizeport.site
analizerete.site
analylicweb.site
analystclick.site
analysttraffic.site
analystview.site
analystweb.site
analyticlick.site
analyticmanager.site
analyticview.site
aneweb.site
assiststore.site
blockanalist.site
blockanalist.space
blockanalitics.site
blocktestnet.space
bootstrapload.site
cartmainer.site
cdnetworker.site
cdnetworker.space
cleanerjs.site
clickanalyst.site
clickanalytic.site
cloudjs.site
cloudtester.site
commenter.site
connectweb.space
domainclean.site
domainet.site
domainet.space
fastloader.site
fastupload.space
flexposter.site
foundanalyst.site
foundanalytic.site
goodstats.site
hardtester.site
httpanel.site
httpanel.space
interage.site
ipcounter.site
jscleaner.site
lanetester.site
lanlocker.site
lanlocker.space
libloader.site
libminifaer.site
libstorage.space
linkerage.site
linkerange.site
listmanager.space
loockerweb.site
lookingstore.site
magengine.site
managerage.site
managerage.space
managertraffic.site
masterlinker.site
masternet.space
masterport.site
minanalize.site
minimazerjs.site
minlibscdn.space
net-analist.site
net-analist.space
net-analitic.space
netanalist.site
netanalist.space
netanalisttest.space
netanalitic.site
netanalitic.space
netanalitics.site
netcontrol.site
netpanel.site
netstart.space
nettestpanel.site
nettinganalist.site
nettinganalist.space
nettingpanel.site
nettingtest.site
nettraffic.site
networkanalist.site
networkanalist.space
onlinecount.site
onlinecounter.site
onlinerpage.site
owlloader.site
owlplugin.site
ownerpage.site
pagecacher.site
pagecleaner.site
pagegine.site
pagelettermass.site
pagenator.site
pagesocket.site
pagestater.site
pagesupport.site
pageviewer.site
panel-analitic.site
panel-analitic.space
panelake.site
panelake.space
panelaker.site
panelan.site
panelanalist.site
panelanalist.space
panelanalitics.site
panelanalitics.space
panelblock.site
panelnetting.site
panelocker.site
placepager.site
planetspeed.site
portviewer.site
producteditor.site
reteanalitics.site
retenetweb.site
saverplanel.site
sectimer.site
securefield.site
seeweb.space
sellmanager.site
shoppingmetod.site
showproduct.site
site-analitic.site
site-analitic.space
site-analitics.site
site-analitics.space
siteanalist.site
siteanalist.space
siteanalitic.site
siteanalitic.space
siteanalitics.site
siteanalitics.space
siteanalyst.site
siteanalytic.site
sitengine.site
sitesecure.space
sitetraffic.site
slickclean.site
slotmanager.site
slotshower.site
spaceclean.site
spacecom.site
speedstress.site
speedtester.site
speedtester.space
sslmanager.site
sslsecurer.site
starnetting.site
statetraffic.site
statsclick.site
storepanel.site
suporter.site
tab-analitic.site
tab-analitic.space
tab-analitics.site
tab-analitics.space
tabanalist.site
tabanalist.space
tabanalitic.site
tabanalitic.space
tabanalitics.site
tabanalitics.space
targetag.space
tawk-manger.site
telanet.site
trafficanalyst.site
trafficanalytics.site
trafficcloud.site
trafficsanalist.site
trafficsee.site
trafficweb.site
unpkgtraffic.site
versionhtml.site
viewanalyst.site
viewanalytic.site
viewonline.space
web-analitics.space
webanalist.site
webanalist.space
webanalitic.site
webanalitics.site
webanalitics.space
webanalylic.site
webanalyst.site
webmode.site
webtable.site
woodyday.top

# Reference: https://www.virustotal.com/gui/ip-address/47.91.77.83/relations

google-opinion.com

# Reference: https://twitter.com/AffableKraut/status/1399786791931101192

googie-analytics.online
googie-analitycs.site
googie-analytics.website
googletagsmanager.website

# Reference: https://twitter.com/TracerSpiff/status/1399840920057659404

googie.host

# Reference: https://twitter.com/rootprivilege/status/1400850998063632389
# Reference: https://lukeleal.com/research/posts/analiticsweb-skimmer/

analiticsweb.site

# Reference: https://www.virustotal.com/gui/ip-address/47.74.9.12/relations

skin-jquery.com

# Reference: https://twitter.com/rootprivilege/status/1404595455065870336
# Reference: https://lukeleal.com/research/posts/hotjar-dot-info-skimmer/

hotjar.info

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations

javasrtscript.com

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.96/relations

cloudappcdn.com

# Reference: https://twitter.com/unmaskparasites/status/1407433077048057856

addjs.co
addsc.co
jss.lt
jsz.lt
ujl.me
ujq.me
vdf.me
vdf.xyz

# Reference: https://www.virustotal.com/gui/ip-address/64.190.62.111/relations

magento.host

# Reference: https://twitter.com/AffableKraut/status/1408512205289660429

cdn-doubleclick.net
chimpstatic-cdn.com
cloudflare-cdnjs.com
cloudflare-ssl.com
fontgoogleapis.com
static-doubleclick.com
static-zdassets.com
tatic-hotjar.com
widget-freshworks.com

# Reference: https://twitter.com/unmaskparasites/status/1408561524235374602

renokonnect.com/stats/js/jcrop/jcrop.min.js
sgtrek.com/jquery/jQuery.viewer.js

# Reference: https://blog.malwarebytes.com/cybercrime/2021/06/lil-skimmer-the-magecart-impersonator/
# Reference: https://www.virustotal.com/gui/ip-address/87.236.16.107/relations

bebedepotplus.site
bebedepotplus.website
cdnattn.site
cloudfiare.site
dirsalonfurniture.site
dogdug.website
estrategia-script.site
facebookmanagers.pw
ganan-script.site
googie.website
googleapis.website
googletagmanager.space
gorillawhips.site
jquery.fun
perfecttux.site
perfecttux.website
postguard.website
tidio.fun
win-activar.site
win-script.website
win-scripto.site

# Reference: https://twitter.com/rootprivilege/status/1409575929165193226
# Reference: https://www.virustotal.com/gui/ip-address/89.108.116.218/relations

toolser.pw

# Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations

googleapis.site

# Reference: https://www.virustotal.com/gui/ip-address/163.172.117.25/relations

googleapis.me
googlfonts.com

# Reference: https://www.virustotal.com/gui/ip-address/194.58.123.10/relations

googleapis.tk

# Reference: https://www.virustotal.com/gui/ip-address/31.187.64.40/relations

analytics-scripts.ml
font4u.ga
googleapis.ml

# Reference: https://www.virustotal.com/gui/ip-address/104.27.185.122/detection

googleapis.ga

# Reference: https://www.virustotal.com/gui/ip-address/193.37.212.63/relations

googleapis.gq

# Reference: https://www.virustotal.com/gui/ip-address/209.126.103.139/relations

sites-analytic.com

# Reference: https://www.virustotal.com/gui/ip-address/195.123.222.43/relations

hot-jar.com
hotjar-analytics.com

# Reference: https://twitter.com/AffableKraut/status/1411229363685806082
# Reference: https://www.virustotal.com/gui/ip-address/8.209.68.13/relations

apayments.top
stripe-auth-api.com

# Reference: https://twitter.com/felixaime/status/1349261822591954946
# Reference: https://twitter.com/500mk500/status/1411680465086525440
# Reference: https://www.virustotal.com/gui/ip-address/147.135.1.203/relations

cdngateways.com
cdncontentdelivery.com
query.network
jqueny.com
securecontentssl.com
site-counter.com

# Reference: https://www.virustotal.com/gui/ip-address/165.232.142.149/relations
# Reference: https://www.virustotal.com/gui/ip-address/206.81.5.96/relations
# Reference: https://www.virustotal.com/gui/ip-address/37.1.204.37/relations

adsclick.click
apps-analytics.net
awesomelytics.com
bootstrapmin.website
caphyon-analytics.com
cdnstreamfree.com
cdnstreamlive.com
cdnze.com
cookiebot.org
cosmjs.com
evolvemediametrics.com
facehttpsk.net
fix-fonts.com
fontapis.com
hatenaclick.site
informesanaliticos.com
jquery.im
jquerycdn.top
jquerynetwork.best
jsdeliavr.net
mage-seooptimization.com
measurablemetrics.co
mecontentassent.website
mob-api.net
owlanalytics.io
owlcdn.com
potokcdn.com
proclaim-api.net
sites-mark.com
tagsrv.com
webfontcdn.com
webs-meter.com
webs-metric.com
zscript1.com
ztrack1.com

# Reference: https://www.virustotal.com/gui/ip-address/185.26.99.122/relations

zscript.site
ztrack.site

# Reference: https://twitter.com/unmaskparasites/status/1413251798345736197
# Reference: https://twitter.com/Ledtech3/status/1413256014569345036

sslapis.com

# Reference: https://twitter.com/unmaskparasites/status/1412932692077731841

banheirasdoka.com.br/skin/frontend/rwd/default/lib/b.js
banheirasdoka.com.br/skin/frontend/rwd/default/lib/route.php
design2mall.com/js/mage/translate.min.js
design2mall.com/skin/frontend/rwd/default/js/lib/route.php
tallerheels.com/skin/frontend/rwd/default/lib/route.php
/skin/frontend/rwd/default/lib/b.js
/skin/frontend/rwd/default/lib/route.php
/skin/frontend/rwd/default/js/lib/route.php

# Reference: https://twitter.com/AffableKraut/status/1414459135052111878
# Reference: https://www.virustotal.com/gui/ip-address/37.46.130.142/relations

cdn-library.net
cdn-library.su
jquery-library.net

# Reference: https://twitter.com/unmaskparasites/status/1414732273543356419

wooanalytics.biz

# Reference: https://twitter.com/AffableKraut/status/1415734360213528581
# Reference: https://twitter.com/AffableKraut/status/1415742977083908104
# Reference: https://twitter.com/MBThreatIntel/status/1432859477271711749
# Reference: https://www.virustotal.com/gui/ip-address/47.254.184.114/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.64.30/relations
# Reference: https://www.virustotal.com/gui/ip-address/87.251.79.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.219.62.215/relations

banca-unicredit.com
google-activate.com
google-activated.com
google-create.com
google-gate.com
google-merchants.com
google-pays.com
google-sagepay.com
jquery-migrates.com
merchant-analytics.com
paypal-analitics.com
paypal-pays.com

# Reference: https://twitter.com/p0x53/status/1415976988100096000

cdncontainer.com
hottrackcdn.com
shoppersbaycdn.com
webscriptcdn.com

# Reference: https://twitter.com/MBThreatIntel/status/1416169274641510400

pagegine.site

# Reference: https://twitter.com/AffableKraut/status/1416854101246291969
# Reference: https://www.virustotal.com/gui/ip-address/195.54.160.61/relations

cdn-plugin.co.uk
cdn-plugin.us
cdnplugin-info.cloud
data-cdn.site
data-log.site
data-update.site
dev-connect.cloud
dev-connect.co.uk
dev-connect.com.de
dev-connect.one
dev-connect.us
dev-connect.work
formstats.us
google-info.us
google-stats.work
nice-cdn.site
plugin-app.cloud
plugin-app.org
plugin-connect.one
plugin-connect.us
pro-cdn-data.site
pro-cdn2.site
ticket-stat.site
trafficstats.business
trafficstats.co
trafficstats.company
trafficstats.us

# Reference: https://twitter.com/AffableKraut/status/1416865169326673925

adminbox.site
adminpan.site
analist-net.site
analist-net.space
analist-rete.space
analistpanel.site
analistrete.site
analiticpanel.site
analiticpanel.space
analitics-panel.site
analitics-site.site
analitics-site.space
analitics-web.space
analiticspanel.site
analiticspanel.space
analiticsweb.space
blockanalitics.site
cloudjs.site
fastloader.site
ipcounter.site
net-analist.site
net-analist.space
net-analitic.space
onlinecount.site
panel-analitic.site
panel-analitic.space
panelanalist.site
panelanalist.space
panelanalitics.site
panelanalitics.space
reteanalitics.site
web-analitics.space
webanalitics.space

# Reference: https://twitter.com/tiketiketikeke/status/1417072955675144194
# Reference: https://twitter.com/AffableKraut/status/1417141954186465285
# Reference: https://www.virustotal.com/gui/ip-address/159.69.209.43

goolgestats.com
gstaticnets.com
mtdnsstatic.com
mtndnsstatec.com
mtndnsstatecs.com
mtndnsstatic.com
ntndnsstatic.com

# Reference: https://twitter.com/felixaime/status/1417134452103335936
# Reference: https://www.virustotal.com/gui/ip-address/69.175.91.242/relations
# Reference: https://imp0rtp3.wordpress.com/2021/08/12/tetris/
# Reference: https://otx.alienvault.com/pulse/611d0d9877560b71ff3f7e59

google-drivers.com
googledrivers.com

# Reference: https://twitter.com/felixaime/status/1418119972858044422
# Reference: https://twitter.com/matthieu_faou/status/1471600401183084550

hotjar.net
visitortrack.net
webfx.bz
webffx.bz

# Reference: https://twitter.com/AffableKraut/status/1420424683758002178
# Reference: https://twitter.com/AffableKraut/status/1420424686366756870

api-facebook.net
api-localhost.com
cdn-bootstrapcdn.com
conect-facebook.net
core-static.com
ssl-doubleclick.net
tr-snapchat.com
uc-widget-freshworks.com
webstatistisc.org

# Reference: https://twitter.com/p0x53/status/1420758015884488711

roi-traffic.icu

# Reference: https://www.virustotal.com/gui/ip-address/139.59.66.9/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.43.160.43/relations

corejquery.com
js-jquery.org
sjquery.com

# Reference: https://twitter.com/unmaskparasites/status/1422681441146605570
# Reference: https://www.virustotal.com/gui/ip-address/185.246.130.169/relations

adwords-track.com
adwords-track.top
clickinks-api.com
drhorveys.com
drnarveys.com
font-staticx.com
fontsctatic.com
fontsctaticx.com
fontstatics.com
fontstaticx.com
frontstatics.com
g-staticx.com
gctatic.com
gctatics.com
google-tagmanager.com
googlestaticx.com
googlestatix.com
googletagmahager.com
googletagnamager.com
gstaticx.com
gstaticxs.com
scaraabresearch.com
staticzd-assets.com

# Reference: https://twitter.com/AffableKraut/status/1422819706394882051
# Reference: https://www.virustotal.com/gui/ip-address/193.105.134.147/relations

ga-track.com
hs-scrlpts.com

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.66/relations

jqueryui.at

# Reference: https://www.perimeterx.com/tech-blog/2021/evolution-of-a-magecart-attack-leveraging-recaptcha-tech-domain/

recaptcha.tech

# Reference: https://twitter.com/MBThreatIntel/status/1433104999152697344

cloud-app.shop
trafficapps.business
trafficapps.org
trafficapps.quest
trafficapps.us
wp-extension.cloud
wp-extension.work
xenapp.blog

# Reference: https://twitter.com/p0x53/status/1438147940103581699

googletagmanager.info

# Reference: https://www.virustotal.com/gui/ip-address/185.198.56.73/relations

adwalte.info
cdjs.online
cdn3.info
cdncloud.space
cloudapi.online
cookies.coffee
domclick.network
go111111ogleapis.com
golesyndication.com
google-anailyticss.com
googleapis.net
googecode.com
googleftagmanager.com
googletagmanager.xyz
googletagmanagerdservices.com
googlesyndicatio.com
googlesyndiation.com
googlesyndicatiofn.com
googlesyndicatsion.com
googletongji.com
gooogletagmanager.com
gotitlogle-analytics.com
gugle.cf
javscript.pw
jquery-uim.download
jsunifile.bid
my-seo.top
netcdn-cdn.com
netanalitics.space
soogletagmanager.com

# Reference: https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/

adaptivestyles.com
carders.best
csjquery.com
faviconx.com
fonts-googleapi.com
fontsgoooglestatic.com
googleatagmanager.com
googlestag.com
googletagmamager.com
googletagmanagen.com
googletaqmanager.com
googletaqmanaqer.com
jquery-statistika.info
panelsaveok.com
v2zopim.com
validbins.su
validcvv.ru
validshop.sx

# Reference: https://www.virustotal.com/gui/ip-address/72.52.179.174/relations

google-anayltics.com

# Reference: https://twitter.com/unmaskparasites/status/1438262156298911744

intexys.fr/js/mirasvit/mira.js
intexys.fr/js/tbt/trl.js
intexys.fr/js/tiny_mce/tiny_mce_popup.php

# Reference: https://twitter.com/unmaskparasites/status/1445488898365214733
# Reference: https://www.virustotal.com/gui/ip-address/85.192.56.45/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.173.214.126/relations

adslstickerfi.world
authnetcim.net
authorlze.net
bralntree.com
strlpe.net

# Reference: https://twitter.com/sansecio/status/1445748280118317073
# Reference: https://www.virustotal.com/gui/ip-address/185.251.90.109/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.12.204.185/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.173.214.113/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.173.214.126/relations

apiscaptcha.com
batbings.com
chimpstatics.com
chimpstatics.xyz
clearfix.xyz
express-pay-online.com
gtagstatic.com
payp-express.com
re-captha.com
recaptcha-analytics.com
recaptcha-in.pw
recaptcha.tech
recaptha.com

# Reference: https://www.virustotal.com/gui/ip-address/176.113.81.124/relations

log-inmember.com
loginclient.net

# Reference: https://www.virustotal.com/gui/ip-address/195.22.149.186/relations

googietagmanager.com

# Reference: https://www.virustotal.com/gui/ip-address/194.87.253.36/relations

jquerydll.net
googlensmanager.com

# Reference: https://www.virustotal.com/gui/ip-address/46.8.158.191/relations

easy-wb1auth.com
easy1-webca.net

# Reference: https://www.virustotal.com/gui/ip-address/46.172.91.28/relations

js-inst.su
js-sistem.su
js-star.su
save-js.su
star-js.su

# Reference: https://twitter.com/AffableKraut/status/1450109837543628805

dyadonline.monster

# Reference: https://twitter.com/MBThreatIntel/status/1452690744544665601
# Reference: https://www.virustotal.com/gui/ip-address/185.186.142.69/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.204.3.48/detection

jquerylibs.net
jqueryllc.net
magento-plugin.com
trustdomains.net

# Reference: https://twitter.com/AffableKraut/status/1451622631715835904
# Reference: https://www.virustotal.com/gui/ip-address/89.108.109.237/relations

sentry-cdn.io

# Reference: https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/

abtasty.net
adsrvr.biz
alligaturetrack.com
artesfut.com
brands-watch.com
clickcease.biz
climpstatic.com
cloud-chart.net
cookieslaw.org
crisconnect.net
dc-storm.org
demo-metrics.net
digital-speed.net
getambassador.net
hal-data.org
iofrontcloud.com
librarysetr.com
libsconnect.net
listrakbi.biz
mantisadnetwork.org
marklibs.com
megalixe.org
murdoog.org
opendwin.com
rawgit.net
rolfinder.com
sleefnote.com
speed-metrics.com
tevidon.com
troadster.com
webflows.net
api.abtasty.net
apis.murdoog.org
app.iofrontcloud.com
app.rolfinder.com
cdn.cookieslaw.org
cdn.getambassador.net
cdn.megalixe.org
con.digital-speed.net
css.tevidon.com
dev.crisconnect.net
graph.cloud-chart.net
js.artesfut.com
js.demo-metrics.net
js.librarysetr.com
js.rawgit.net
js.speed-metrics.com
m.brands-watch.com
nypi.dc-storm.org
st.adsrvr.biz
stage.libsconnect.net
stage.sleefnote.com
static.mantisadnetwork.org
static.opendwin.com
stst.climpstatic.com
tag.listrakbi.biz
web.webflows.net

# Reference: https://twitter.com/MBThreatIntel/status/1457804685327224833
# Reference: https://twitter.com/MBThreatIntel/status/1469023858569089031

static1.xyz
static2.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1472995976507916290

bootstrap1.xyz
bootstrap2.xyz
/s/us_cdl.js

# Reference: https://twitter.com/MBThreatIntel/status/1458185084201148416

bludigital.cyou

# Reference: https://twitter.com/unmaskparasites/status/1457896674374815750

firchtech.xyz

# Reference: https://twitter.com/unmaskparasites/status/1458905989130829832

webcachespace.net

# Reference: https://www.virustotal.com/gui/ip-address/45.146.166.186/relations

webcachespace.com
webprohoster.com

# Reference: https://www.virustotal.com/gui/ip-address/8.209.65.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.211.6.123/relations

analythics.com
analythics.xyz
cdn-manager.com
cdn-manager.me
cdn-manager.xyz
spotifylatepayment.com

# Reference: https://twitter.com/unmaskparasites/status/1460424711825887236
# Reference: https://www.virustotal.com/gui/ip-address/91.132.139.192/relations

googletrackevent.com

# Reference: https://decoded.avast.io/threatresearch/avast-q321-threat-report/
# Reference: https://www.virustotal.com/gui/ip-address/193.203.203.240/relations

ganalitics.com

# Reference: https://www.virustotal.com/gui/ip-address/80.211.182.208/relations

ganalitics.site

# Reference: https://twitter.com/unmaskparasites/status/1448408373863403520

corpanalytics.info

# Reference: https://twitter.com/unmaskparasites/status/1435749969105874947
# Reference: https://twitter.com/unmaskparasites/status/1458241033058222081
# Reference: https://www.virustotal.com/gui/ip-address/174.138.117.217/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.55.224.107/relations

cgtag.com
cgtags.com
curenciesapp.com
icosenses.com
tags.ws

# Reference: https://sansec.io/research/ecommerce-malware-linux-avp
# Reference: https://www.virustotal.com/gui/file/2d422affb9727b71b0e1610568bea8643892d99bdaed99269a10e7554c88437b/detection

http://103.233.11.28
103.233.11.28:443
/jQuery_StXlFiisxCDN.php

# Reference: https://twitter.com/felixaime/status/1462512317405536262

inslco.bar

# Reference: https://twitter.com/0xbadad/status/1462913839381504007

booctstrap.com

# Reference: https://twitter.com/rootprivilege/status/1465763408901337092

convert-server.com

# Reference: https://twitter.com/sansecio/status/1467865884362346500

nekrva6s.beget.tech

# Reference: https://community.riskiq.com/article/2efc2782

woocheck.tk

# Reference: https://www.virustotal.com/gui/domain/validcc.su/relations

validcc.su

# Reference: https://twitter.com/AffableKraut/status/1472959218823090178
# Reference: https://gist.github.com/krautface/8f2196c9aad5d4f5cc91237eb9c71205

allofussoupdip.buzz
allofussoupdip.xyz
alloyz.xyz
broadcas.buzz
bunnyy.buzz
cradle.uno
crowcrown.fun
denwr.uno
diggr.fun
epsilon.buzz
excelnt.buzz
foamfoam.xyz
focuss.xyz
gratiss.buzz
growlz.xyz
hairbarnyc.xyz
homini.xyz
hoppr.buzz
indee.fun
interes.uno
joggl.uno
jumpr.fun
kemp.buzz
klerna.buzz
lazylee.xyz
leakg.xyz
modrn.buzz
moette.buzz
moette.uno
moette.xyz
mozes.buzz
nerox.xyz
newral.xyz
oppos.uno
oppress.fun
prework.uno
prodo.fun
quento.xyz
quinz.xyz
ratino.buzz
rockman.buzz
stuckr.xyz
swisz.xyz
teamlead.buzz
thefthing.xyz
trollo.buzz
uniteds.uno
unsubscr.uno
uxong.buzz
uxprot.buzz
uxqez.buzz
uxrod.buzz
uxsad.buzz
uxtom.buzz
uxuvl.buzz
uxvol.buzz
uxwww.buzz
uxxen.buzz
uxyes.buzz
uxzone.buzz
uyoper.cyou
uypartial.cyou
uyquest.cyou
uyronder.cyou
uystatic.cyou
uytrial.cyou
uyunion.cyou
uyverified.cyou
uyworld.cyou
uyxenon.cyou
uyyellow.cyou
uyzambia.cyou
verygood.fun
voluntee.fun
vxart.buzz
vxbin.buzz
vxcom.buzz
vxdig.buzz
vxegg.buzz
vxfog.buzz
vxgoto.buzz
vxhop.buzz
vximg.buzz
vxjan.buzz
vxkap.buzz
vxliz.buzz
vxman.buzz
vxnix.buzz
vxogr.buzz
vxpro.buzz
vxqck.buzz
vxrok.buzz
vxsom.buzz
vxtyp.buzz
vxuno.buzz
vxvax.buzz
vxwid.buzz
vxxor.buzz
vxyes.buzz
vxzet.buzz
vyanswer.cyou
vybroken.cyou
vycricket.cyou
vydeal.cyou
vyeconomy.cyou
vyfridge.cyou
vygamma.cyou
vyheal.cyou
vyident.cyou
vyjeep.cyou
vykeep.cyou
vylead.cyou
vymoon.cyou
vynoble.cyou
vyopress.cyou
vypromo.cyou
vyqueer.cyou
vyrebel.cyou
vysocket.cyou
vytrail.cyou
vyultimate.cyou
vyverify.cyou
vyworld.cyou
vyxerox.cyou
vyyoung.cyou
vyzummer.cyou
wermnt.buzz
wrack.buzz
wxano.buzz
wxbuf.buzz
wxcop.buzz
wxdom.buzz
wxext.buzz
wxfom.buzz
wxgon.buzz
wxhop.buzz
wximb.buzz
wxjob.buzz
wxkit.buzz
wxlot.buzz
wxmac.buzz
wxnil.buzz
wxorg.buzz
wxpro.buzz
wxqot.buzz
wxred.buzz
wxsot.buzz
wxtod.buzz
wxuvl.buzz
wxvid.buzz
wxwww.buzz
wxxor.buzz
wxyer.buzz
wxzet.buzz
wyadoo.cyou
wybeeper.cyou
wycrock.cyou
wydeer.cyou
wyerrn.cyou
wyfloating.cyou
wygreat.cyou
wyhidden.cyou
wyinternet.cyou
wyjoker.cyou
wykombo.cyou
wyleaf.cyou
wymoney.cyou
wyndzor.cyou
wyobject.cyou
wyproduct.cyou
wyquote.cyou
wyroller.cyou
wysocket.cyou
wytrade.cyou
wyulkar.cyou
wyvolcano.cyou
wywear.cyou
wyxellent.cyou
wyyear.cyou
wyzummer.cyou
xcelnt.xyz
xmess.xyz
xxand.buzz
xxbit.buzz
xxcom.buzz
xxdoc.buzz
xyareno.cyou
xybombero.cyou
xycryxes.cyou
xydripper.cyou
ypsilon.buzz
zetas.quest

# Reference: https://geminiadvisory.io/magecart-google-tag-manager/

ganalitis.com
pixupjqes.tech
googleadwordstrack.com
googleadwordswidget.com
googletagstorage.com
googletagswidget.com
googletagwidgets.com
googletrackevent.com

# Reference: https://www.virustotal.com/gui/ip-address/91.242.229.96/relations

gstatsc.com
gstatuslink.com

# Reference: https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html

apiujquery.com

# Reference: https://www.virustotal.com/gui/domain/gstatic-cn.com/relations

# gstatic-cn.com # Note: under investigation

# Reference: https://twitter.com/rootprivilege/status/1476671161073541122

dyneff.fr/health_check.php

# Reference: https://twitter.com/unmaskparasites/status/1476741426633265157

cdn-s11.azureedge.net

# Reference: https://twitter.com/unmaskparasites/status/1424805950645358593
# Reference: https://twitter.com/unmaskparasites/status/1424805639214157827

aathitiyapravash.in/image/jquery_v14v.js
aathitiyapravash.in/image/jQuery_v176.js
avir.ir/image/favicon.js

# Reference: https://twitter.com/brianlinux/status/1478249807558885379
# Reference: https://www.virustotal.com/gui/ip-address/5.230.28.78/relations

googleadwordstrack.com

# Reference: https://www.virustotal.com/gui/ip-address/45.142.212.194/relations

fonts-cdn.com

# Reference: https://www.virustotal.com/gui/ip-address/194.156.99.212/relations

fonts-static.com

# Reference: https://www.virustotal.com/gui/ip-address/45.142.212.243/relations

zdassets-static.com

# Reference: https://twitter.com/AffableKraut/status/1479641280040902661
# Reference: https://twitter.com/AffableKraut/status/1488262668091805697
# Reference: https://www.virustotal.com/gui/ip-address/176.97.70.103/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.252.177.247/relations

brilliantclub.website
interclub.website
siing-amoueon.top
sing-amoeuon.top
sombo.top

# Reference: https://twitter.com/500mk500/status/1482310341711347713
# Reference: https://urlscan.io/result/11a16239-5de7-412a-af89-5f0e1dd3cc22/

cdntraff.info

# Reference: https://www.virustotal.com/gui/domain/jsfeedadsget.com/detection

jsfeedadsget.com

# Reference: https://ti-research.io/ioc_extender/?name=ET_Magecart

sauvage-paysage.com

# Reference: https://ti-research.io/ioc_extender/?name=ET_Magecart

g00glestatic.com
gaelytics.com

# Reference: https://www.virustotal.com/gui/ip-address/190.2.139.23/relations

cdn-binteractive.com
cdn1-comingsoon.net
cdn8.info
cdndore.com
cdnpage.net
cloud-info.email
cloud-info.express
clodoudfront.net
clusterscloud.com
cooogle.net

# Reference: https://www.virustotal.com/gui/ip-address/179.177.63.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.251.42.9/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.218.22.193/relations

jquerylab.com
jquerymedia.com
jquerypulse.com
jquerypure.com
jqueryspace.com
staticpolars.com

# Reference: https://twitter.com/sansecio/status/1485598267975114762
# Reference: https://twitter.com/sansecio/status/1485598270554529794

jsallow.com
reqsolutions.org

# Reference: https://www.virustotal.com/gui/ip-address/47.88.27.175/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.53.125.150/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.77.82/relations

assets-protect.com
google-analuzing.com
google-boom.com
google-globals.com

# Reference: https://twitter.com/sansecio/status/1486000220647444491
# Reference: https://twitter.com/sansecio/status/1486258634409623552

naturalfreshmall.com

# Reference: https://twitter.com/rootprivilege/status/1486419929720967168
# Reference: https://www.virustotal.com/gui/ip-address/212.224.124.86/relations
# Reference: https://www.virustotal.com/gui/ip-address/54.86.140.52/relations
# Reference: https://lukeleal.com/research/posts/tracking-pixel-phishing-countermeasure/

content-cdn.com
images-cdn.info
nextstatic-cdn.com
trans-cdn.com

# Reference: https://twitter.com/AffableKraut/status/1487939215774081026
# Reference: https://twitter.com/AffableKraut/status/1487939224145993730

chaosfab.com/2020/data1/images/data/ppbtns.html
fraudlabpros.at

# Reference: https://twitter.com/AffableKraut/status/1488240428734365701
# Reference: https://www.virustotal.com/gui/ip-address/185.234.247.55/relations
# Reference: https://urlscan.io/result/32d776df-c57e-492f-ac09-0f17f197059e/

bootstraplaver.online

# Reference: https://twitter.com/MBThreatIntel/status/1488241823378075649

getfrontendlib7.xyz

# Reference: https://twitter.com/AffableKraut/status/1488376093254029313

http://185.4.65.144
http://37.1.211.211
http://37.1.217.23
http://5.45.83.223 
http://66.11.117.40
aqaja.com
checkouts.best

# Reference: https://twitter.com/AffableKraut/status/1488375539421306882
# Reference: https://www.virustotal.com/gui/ip-address/37.120.234.105/relations

avalong-analytics.org
communigate.icu
earlymorningcigarette.com
fontawesome.dev
golt.xyz
indesiter.com
jquerymain.com
recaptcha.cc
rxtds.com
seoanalitycs.com
seostat.org
yoursafepayments.com

# Reference: https://twitter.com/MBThreatIntel/status/1488954638103547904
# Reference: https://www.virustotal.com/gui/ip-address/78.47.155.179/relations

analiticash.com
analiticmanager.com
analiticsstat.com
cashgooglestat.com
cdncashcontent.com
cdncashcontents.com
cdncssontents.com
cdnfastcss.com
cdngcontents.com
cdngconts.com
cdnjsontents.com
cssdataf.com
cssimghost.com
googlestatanal.com
googlestatanale.com
imagescdns.com
imgcssnet.com
jsdataf.com
jsdatastat.com
mediasdnb.com
mediasdnnet.com
mediasdnnets.com
mtdnsstatic.icu
mtndnsstaticser.com
mtndnsstaticx.com
mxdnsstateces.icu
mxdnsstatecs.icu
nnetsmedias.com
ntnpstatica.com
ntpstatica.com
ntsndnsstatics.com
ntxndnsstatics.com
pagofacily.com
statetsmedias.com
staticcash.com
staticocontents.com
js.analiticash.com
js.analiticmanager.com
js.analiticsstat.com
js.cashgooglestat.com
js.cdncashcontent.com
js.cdncashcontents.com
js.cdncssontents.com
js.cdngcontents.com
js.cdngconts.com
js.cdnjsontents.com
js.cssdataf.com
js.cssimghost.com
js.googlestatanal.com
js.googlestatanale.com
js.imagescdns.com
js.imgcssnet.com
js.jsdataf.com
js.jsdatastat.com
js.mediasdnb.com
js.mediasdnnet.com
js.mediasdnnets.com
js.mtdnsstatic.icu
js.mtndnsstaticser.com
js.mtndnsstaticx.com
js.mxdnsstateces.icu
js.mxdnsstatecs.icu
js.nnetsmedias.com
js.ntnpstatica.com
js.ntpstatica.com
js.ntsndnsstatics.com
js.ntxndnsstatics.com
js.statetsmedias.com
js.staticcash.com
js.staticocontents.com

# Reference: https://twitter.com/MBThreatIntel/status/1489007692240752641

cdn-cloudmedia.com

# Reference: https://www.virustotal.com/gui/domain/cdn-yahoo.com/relations

cdn-yahoo.com

# Reference: https://twitter.com/felixaime/status/1498055426230738944

tagmanagerstatic.com

# Reference: https://twitter.com/felixaime/status/1500812201262829568

633786e01e.nxcli.net

# Reference: https://twitter.com/sansecio/status/1502322526709551104

stylesfound.com

# Reference: https://community.riskiq.com/article/a472ec2d
# Reference: https://www.riskiq.com/blog/external-threat-management/magecart-group8-hosting-patterns/
# Reference: https://www.virustotal.com/gui/ip-address/190.2.139.23/relations
# Reference: https://otx.alienvault.com/pulse/6142f70ea663fff6bc350288

impressart.net
lastdaysonlines.com
palletforks.net
webtoolsapp.com

# Reference: https://twitter.com/unmaskparasites/status/1519784855730499585
# Reference: https://www.virustotal.com/gui/ip-address/188.68.222.146/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.101.50.140/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.53.124.42/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.249.145.91/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.38.180.69/relations

app-cloudflare.com
appcloudflare.com
cdn-optimizely.com
cdn-trackjs.com
get-bootstrap.com
livehotjars.com
static-affilate.com

# Reference: https://twitter.com/EKFiddle/status/1522282636542197762
# Reference: https://www.virustotal.com/gui/ip-address/194.104.136.113/relations

accsbapp.com
cloudflaes.com

# Reference: https://twitter.com/AvastThreatLabs/status/1499347571969511426
# Reference: https://decoded.avast.io/pavlinakopecka/web-skimming-attacks-using-google-tag-manager/
# Reference: https://www.virustotal.com/gui/ip-address/77.75.230.130/relations

cloudgstats.com
cdncscloud.com
gtagmagr.com
pixstatics.com

# Reference: https://www.virustotal.com/gui/ip-address/47.88.218.85/relations
# Reference: https://www.virustotal.com/gui/ip-address/95.213.204.180/relations

analyzer-js.com

# Reference: https://twitter.com/AffableKraut/status/1523693678551740418
# Reference: https://twitter.com/EKFiddle/status/1523714436896202752
# Reference: https://www.virustotal.com/gui/ip-address/206.188.197.50/relations

google-tags.com
tag-google.com

# Reference: https://twitter.com/unmaskparasites/status/1523791136988352512
# Reference: https://www.virustotal.com/gui/ip-address/223.252.173.166/relations

issuspsorry.online

# Reference: https://twitter.com/EKFiddle/status/1526684723149344768
# Reference: https://www.virustotal.com/gui/ip-address/198.54.115.32/relations
# Reference: https://www.virustotal.com/gui/ip-address/37.19.192.30/relations

jamescjonas.top
socialanalyticweb.com
gorlon.in.ua
napas.biz.ua

# Reference: https://twitter.com/unmaskparasites/status/1526659924058460160

pixelgoogle.xyz

# Reference: https://twitter.com/sansecio/status/1526518050865954816
# Reference: https://twitter.com/unmaskparasites/status/1530405066590474240

papershoppers.com
/js/3uPop.js

# Reference: https://twitter.com/sansecio/status/1526490490497032193
# Reference: https://twitter.com/sansecio/status/1541345598007193605

sanguinelab.net
sansec.biz
sansec.us
sanseclabs.com
sanzsec.com
/gate.php?card_num=

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030663.html
# Reference: https://www.virustotal.com/gui/ip-address/89.36.224.122/relations

authorizen.net
js.authorizen.net

# Reference: https://twitter.com/sansecio/status/1529146291535634438

arnottindustries.com/js/tiny_mce/plugins/contextmenu/editor_plugin_scr.js

# Reference: https://www.virustotal.com/gui/ip-address/185.150.162.28/relations
# Reference: https://www.virustotal.com/gui/ip-address/209.250.244.63/relations
# Reference: https://www.virustotal.com/gui/ip-address/95.179.179.138/relations

brbr.buzz
jquery-analytics.xyz
jquery-common.xyz
jquerystatic.xyz
staj.xyz
tokenkit.tk

# Reference: https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/

106.15.179.255:443
dratserv.bar
sotech.fun
techlok.bar
/jQuery_StXlFiisxCDN.php

# Reference: https://twitter.com/sansecio/status/1532361233365598209

cdn.stripe.ngrok.io

# Reference: https://twitter.com/sansecio/status/1532763512887459841

pluginmagento.com

# Reference: https://twitter.com/sansecio/status/1534862125470035970
# Reference: https://www.virustotal.com/gui/ip-address/185.63.190.184/relations

scanalytic.org
cdn.scanalytic.org

# Reference: https://twitter.com/rootprivilege/status/1536197955728048128
# Reference: https://lukeleal.com/research/posts/staticounter/

staticounter.net
js.staticounter.net

# Reference: https://twitter.com/unmaskparasites/status/1536454343280340992

biftick.com

# Reference: https://twitter.com/felixaime/status/1536999558823219200

ambrosia-solingen.de/js/prototype/form.js
ariaperfume.com/js/extjs/ext.js
textilia.be/flash/accept.js

# Reference: https://twitter.com/felixaime/status/1537327680345063425
# Reference: https://www.virustotal.com/gui/ip-address/172.86.75.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.137.105/relations

ads-google-analytics-shop.info
googleadsanalytics.info
usaayurveda.com/js/prototype/form.js

# Reference: https://twitter.com/felixaime/status/1537458621726052354

google-track.com
cdn.google-track.com

# Reference: https://twitter.com/rootprivilege/status/1537799222681956352

cdn-fonts.com

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/

abtasty.net
accutics.org
adsrvr.biz
alexametrics.net
alligaturetrack.com
artesfut.com
base-code.org
bayforall.biz
boxsearch.org
brands-watch.com
celebrosnlp.org
clarlity.com
clickcease.biz
cloud-chart.net
cookieslaw.org
crisconnect.net
dc-storm.org
demo-metrics.net
digital-metric.org
digital-speed.net
druapps.org
dwin-co.jp
dwin1.org
etakeawaymax.biz
feedaty.org
g-livestatic.com
getambassador.net
global-search.net
hal-data.org
hs-analytics.org
imagero.org
iofrontcloud.com
jsdelivr.biz
klarnacdn.org
librarysetr.com
libsconnect.net
listrakbi.io
listrakbi.org
livechatsinc.net
lookmetric.com
lookmind.net
lpsnmedia.org
mantisadnetwork.org
marklibs.com
moonflare.org
mosindup.com
murdoog.org
newrelc.net
nomalert.org
nosto.org
opendwin.com
outbrains.net
owneriq.org
pepperjams.org
pinnaclecart.io
purechat.org
quatserve.com
rawgit.net
rolfinder.com
shopvisible.org
sjsmartcontent.org
sleefnote.com
sleeknote.org
snapengage.io
speedcurve.org
speedstester.com
stat-analytics.org
tevidon.com
tomafood.org
trackedlink.org
troadster.com
trustedport.org
webflows.net
accdn.lpsnmedia.org
amplify.outbrains.net
apis.murdoog.org
app.iofrontcloud.com
app.mosindup.com
app.nomalert.org
app.purechat.org
app.rolfinder.com
cdn.accutics.org
cdn.alexametrics.net
cdn.alligaturetrack.com
cdn.base-code.org
cdn.boxsearch.org
cdn.cookieslaw.org
cdn.getambassador.net
cdn.hs-analytics.org
cdn.jsdelivr.biz
cdn.nosto.org
cdn.pinnaclecart.io
cdn.speedcurve.org
cdn.tomafood.org
cdn.trustedport.org
common.quatserve.com
con.digital-speed.net
content.digital-metric.org
css.tevidon.com
dev.crisconnect.net
epos.bayforall.biz
graph.cloud-chart.net
h.lookmind.net
img.etakeawaymax.biz
js.artesfut.com
js.g-livestatic.com
js.imagero.org
js.librarysetr.com
lp.celebrosnlp.org
m.brands-watch.com
m.sleeknote.org
nypi.dc-storm.org
px.owneriq.org
r.klarnacdn.org
s1.listrakbi.org
sdk.moonflare.org
search.global-search.net
st.adsrvr.biz
stage.sleefnote.com
static.clarlity.com
static.druapps.org
static.lookmetric.com
static.mantisadnetwork.org
static.newrelc.net
static.opendwin.com
t.trackedlink.org
web.dwin-co.jp
web.livechatsinc.net
web.speedstester.com
web.webflows.net
xn--v1a.lookmind.net

# Reference: https://twitter.com/sansecio/status/1539252937486127104
# Reference: https://www.virustotal.com/gui/ip-address/185.253.33.190/relations

cdn-fastimages.net
quickespark.net
cdn.quickespark.net

# Reference: https://twitter.com/felixaime/status/1539539440942686208

apipauy.com

# Reference: https://twitter.com/EKFiddle/status/1540019849581105152

apfeltee.de/js/prototype/form.js

# Reference: https://twitter.com/EKFiddle/status/1540094462340108289

hubberstore.com

# Reference: https://twitter.com/EKFiddle/status/1540070708377559040

ariaperfume.com/errors/default/403.php
cafeunido.com/pub/errors/default/403.php
cafeunido.com/pub/media/flag/flag.js
candlemaking.com/media/email/logo/default/az1.js

# Reference: https://twitter.com/EKFiddle/status/1540377960351293442

contactsform.com

# Reference: https://twitter.com/sansecio/status/1540742673094438913

cdn-mediacloud.com
cdn-webhub.com

# Reference: https://twitter.com/sansecio/status/1541375801387614212

affirmcdn.com
t.affirmcdn.com

# Reference: https://twitter.com/EKFiddle/status/1541447869491601408

bsvholdingsa.com/js/lib/ico.svg
code2a.com/js/lib/translate.js

# Reference: https://twitter.com/MBThreatIntel/status/1541549810150346752

cloudflareinside.com
nortonpost.net
rimpstatic.net
ping.rimpstatic.net
tag.nortonpost.net

# Reference: https://twitter.com/unmaskparasites/status/1542237945779826688
# Reference: https://www.virustotal.com/gui/ip-address/149.56.118.126/relations

cdntaggoogle.com
pringleshop.cc

# Reference: https://twitter.com/sansecio/status/1542508263064932352
# Reference: https://www.virustotal.com/gui/ip-address/185.63.190.203/relations

tempeasy.net
s.tempeasy.net

# Reference: https://twitter.com/felixaime/status/1542531512758837249
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.20/relations

apigstatic.com

# Reference: https://www.virustotal.com/gui/ip-address/185.63.190.210/relations

gatestatic.com
js.gatestatic.com

# Reference: https://twitter.com/EKFiddle/status/1543997043546341376
# Reference: https://www.virustotal.com/gui/ip-address/185.253.33.176/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.63.190.141/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.108.109.26/relations

geotac.net
knowledgecdn.org
sale-alerts.com
js.knowledgecdn.org
m.sale-alerts.com
s.geotac.net

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.45/relations

cenbase.org
cdn.cenbase.org

# Reference: https://twitter.com/MBThreatIntel/status/1544019143841574913
# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.47/relations

omniworked.com
h.omniworked.com

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.48/relations

contmount.net
p.contmount.net

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.53/relations

sentrymap.net
h.sentrymap.net

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.55/relations

anyonecdn.net
s.anyonecdn.net

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.36/relations

jmpduco.jp
co.jmpduco.jp

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.35/relations

signefyd.com
js.signefyd.com

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.254/relations

claritycdn.com
c.claritycdn.com

# Reference: https://www.virustotal.com/gui/ip-address/185.253.32.157/relations

transitfex.com
static.transitfex.com

# Reference: https://twitter.com/EKFiddle/status/1544076272694743040
# Reference: https://www.virustotal.com/gui/ip-address/141.98.82.244/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.188.62.10/relations

axaro.buzz
axbit.buzz
axcat.buzz
axdiv.buzz
axelf.buzz
axfin.buzz
axgit.buzz
axhog.buzz
axist.buzz
axjmp.buzz
axkid.buzz
axlok.buzz
axmem.buzz
axnxt.buzz
axord.buzz
axpot.buzz
axqrt.buzz
axrub.buzz
axsil.buzz
axtik.buzz
axund.buzz
axvac.buzz
axwok.buzz
axxor.buzz
axyes.buzz
axzet.buzz
bxant.buzz
bxbot.buzz
bxcit.buzz
bxdoc.buzz
bxelf.buzz
bxfog.buzz
bxgit.buzz
bxhit.buzz
bxirc.buzz
bxjog.buzz
bxkop.buzz
bxled.buzz
bxmod.buzz
bxnor.buzz
bxost.buzz
bxpic.buzz
bxqol.buzz
bxred.buzz
bxsot.buzz
bxtik.buzz
bxuno.buzz
bxviz.buzz
bxwok.buzz
bxxtr.buzz
bxyes.buzz
bxzil.buzz
cxand.buzz
cxbet.buzz
cxcip.buzz
cxdex.buzz
cxelc.buzz
cxfat.buzz
cxgit.buzz
cxhat.buzz
cxirc.buzz
cxjmp.buzz
cxkid.buzz
cxlot.buzz
cxmix.buzz
cxnix.buzz
cxopt.buzz
cxpet.buzz
cxqip.buzz
cxred.buzz
cxsum.buzz
cxtik.buzz
cxunk.buzz
cxvec.buzz
cxwik.buzz
cxxor.buzz
cxyob.buzz
cxzet.buzz
dxarc.buzz
dxbit.buzz
dxcop.buzz
dxdel.buzz
dxext.buzz
dxfog.buzz
dxget.buzz
dxhit.buzz
dxirc.buzz
dxjog.buzz
dxkit.buzz
dxloc.buzz
dxman.buzz
dxnox.buzz
dxorg.buzz
dxpig.buzz
dxqck.buzz
dxred.buzz
dxsit.buzz
dxtea.buzz
dxund.buzz
dxvin.buzz
dxwok.buzz
dxxen.buzz
dxyes.buzz
dxzoc.buzz
examn.buzz
exbit.buzz
excal.buzz
exdop.buzz
execs.buzz
exfin.buzz
exgrw.buzz
exhit.buzz
exigl.buzz
exind.buzz
exjob.buzz
exkal.buzz
exlic.buzz
exmid.buzz
exner.buzz
exods.buzz
exprt.buzz
exqod.buzz
exrit.buzz
exset.buzz
extrm.buzz
exurc.buzz
exvol.buzz
exwin.buzz
exxen.buzz
exytd.buzz
exzip.buzz
fxalt.pics
fxbet.pics
fxcit.pics
fxdwl.pics
fxeho.pics
fxfog.pics
fxget.pics
fxhot.pics
fxink.pics
fxjet.pics
fxkid.pics
fxlot.pics
fxmid.pics
fxnix.pics
fxopt.pics
fxpit.pics
fxqub.pics
fxsed.pics
fxund.pics
fxvet.pics
fxwok.pics
fxxid.pics
fxyep.pics
fxzip.pics
gxarc.pics
gxbit.pics
gxcut.pics
gxdoc.pics
gxemp.pics
gxfog.pics
gxgot.pics
gxhop.pics
gximp.pics
gxjog.pics
gxkit.pics
gxliz.pics
gxmod.pics
gxnop.pics
gxorg.pics
gxpet.pics
gxqus.pics
gxrop.pics
gxsof.pics
gxtok.pics
gxuno.pics
gxvin.pics
xxkep.buzz
xxlid.buzz
xxmod.buzz
xxnex.buzz
xxorg.buzz
xxpos.buzz
xxqck.buzz
xxred.buzz
xxset.buzz
xxtec.buzz
xxund.buzz
xxvec.buzz
xxwex.buzz
xxxyz.buzz
xxyop.buzz
xxzet.buzz
zxarc.buzz
zxbod.buzz
zxchk.buzz
zxdoc.buzz
zxext.buzz
zxfog.buzz
zxgod.buzz
zxhog.buzz
zxind.buzz
zxjep.buzz
zxkid.buzz
zxlex.buzz
zxmid.buzz
zxnix.buzz
zxopr.buzz
zxpro.buzz
zxqud.buzz
zxrop.buzz
zxset.buzz
zxtok.buzz
zxund.buzz
zxvoc.buzz
zxwww.buzz
zxxer.buzz
zxymb.buzz
zxzip.buzz
0hero.xyz
0nero.xyz
0troll.pics
0versn.xyz
0zero.club
1clan.buzz
1done.lol
1fun.buzz
1plac.buzz
1time.fun
2blu.cloud
2blue.xyz
2moon.buzz
2morrow.fun
2send.pics
3bri.lol
3free.lol
3mmer.uno
3ster.xyz
3tree.buzz
4cast.fun
4core.buzz
4door.one
4eign.fun
4give.xyz
4tune.buzz
5dive.one
5goods.xyz
5hive.homes
5hive.xyz
5starz.uno
5strz.buzz
6brix.quest
6sixsix.buzz
6tier.xyz
6trix.buzz
6trix.cloud
6tweaks.xyz
7day.buzz
7down.xyz
7dwarfs.one
7raven.fun
7raven.uno
8er.fun
8great.xyz
8height.buzz
8mate.buzz
8orz.buzz
8rate.xyz
9dime.buzz
9line.lol
9prime.buzz
9st.uno
9time.buzz
9unit.xyz
allegry.xyz
anaconda.buzz
analyticz.monster
anarch.buzz
arnoldzz.xyz
aromax.xyz
ayarro.cyou
aybrandy.cyou
aycopper.cyou
aydigger.cyou
ayeffort.cyou
ayformal.cyou
aygopher.cyou
ayharmony.cyou
ayimbue.cyou
ayjacker.cyou
aykernel.cyou
aylizard.cyou
aymoment.cyou
aynickel.cyou
ayobject.cyou
ayprotect.cyou
ayquiz.cyou
ayremote.cyou
aystraight.cyou
aytoken.cyou
ayunion.cyou
ayversion.cyou
aywicked.cyou
ayxenoz.cyou
ayyield.cyou
ayzorro.cyou
birdsmans.xyz
brewnow.buzz
brizzer.xyz
brokery.cyou
buzzardd.buzz
byathlone.cyou
byballoon.cyou
bycoffee.cyou
bydriver.cyou
byelaw.cyou
byffalo.cyou
bygdata.cyou
byhello.cyou
byindex.cyou
byjacker.cyou
bykrafter.cyou
byladder.cyou
bymiddle.cyou
bynothing.cyou
byoxide.cyou
byprimary.cyou
byqueen.cyou
byrocket.cyou
bystrict.cyou
bytropics.cyou
byuniform.cyou
byvictory.cyou
bywerner.cyou
byxenos.cyou
byyttrium.cyou
byzitter.cyou
calcz.fun
candyz.fun
clickr.cyou
crabbery.sbs
craftor.fun
cyanide.cyou
cybinary.cyou
cyclonez.cyou
cydrix.cyou
cyentrance.cyou
cyfrix.cyou
cygwin.cyou
cyhrono.cyou
cyirrevoke.cyou
cyjabber.cyou
cykatering.cyou
cylunar.cyou
cymanner.cyou
cynexus.cyou
cyonide.cyou
cyprobe.cyou
cyquery.cyou
cyreader.cyou
cysoccer.cyou
cytracker.cyou
cyunique.cyou
cyviral.cyou
cywonder.cyou
cyxinet.cyou
cyyellow.cyou
cyzapper.cyou
deeer.uno
domin.uno
drawnd.quest
dreamcas.cfd
dresso.uno
dyaroses.cyou
dybreaker.cyou
dyction.cyou
dydactic.cyou
dyecins.cyou
dyflector.cyou
dygger.cyou
dyhromic.cyou
dyincludes.cyou
dyjital.cyou
dykracker.cyou
dylorean.cyou
dymanager.cyou
dynamites.cyou
dyoxise.cyou
dyprecate.cyou
dyquiz.cyou
dyrector.cyou
dystrict.cyou
dytergent.cyou
dyurgent.cyou
dyving.cyou
dyworking.cyou
dyxiland.cyou
dyyourself.cyou
dyzraptor.cyou
eagly.online
echoz.lol
ergonom.buzz
essencyx.xyz
exodig.xyz
eyarrange.cyou
eybrillow.cyou
eychmann.cyou
eydread.cyou
eyeseeker.cyou
eyffell.cyou
eygreement.cyou
eyhenmann.cyou
eyirrigate.cyou
eyjoyeer.cyou
eykermann.cyou
eyleyrz.cyou
eymixer.cyou
eyngineer.cyou
eyorganic.cyou
eyphemery.cyou
eyquickly.cyou
eyrental.cyou
eysocket.cyou
eytoken.cyou
eyusual.cyou
eyvisual.cyou
eyworker.cyou
eyxorux.cyou
eyyesterday.cyou
eyzolter.cyou
famouz.store
forbird.buzz
formals.buzz
fromusa.xyz
frozzen.buzz
fyallow.cyou
fybrillic.cyou
fyction.cyou
fydback.cyou
fyerwall.cyou
fyfrogs.cyou
fygures.cyou
fyhronicle.cyou
fyintero.cyou
fyjimoto.cyou
fyktions.cyou
fyllerman.cyou
fymarito.cyou
fyngicide.cyou
fyopacity.cyou
fyprivacy.cyou
fyquestn.cyou
fyrocket.cyou
fysicals.cyou
fytprint.cyou
fyurbanic.cyou
fyworkout.cyou
fyxious.cyou
fyyellow.cyou
fyzionics.cyou
gottas.buzz
grapez.buzz
greetin.buzz
griver.quest
grossry.site
gyaranaz.cyou
gybreaking.cyou
gycookies.cyou
gydmanic.cyou
gyeffort.cyou
gyfrozery.cyou
gygenotes.cyou
gyhamster.cyou
gyinterest.cyou
gyjumper.cyou
gyktionary.cyou
gyleading.cyou
gymorning.cyou
gynothing.cyou
gyography.cyou
gypnothic.cyou
gyquestn.cyou
gyroscope.cyou
gysmalltalk.cyou
gytraulic.cyou
gyurbanic.cyou
gyvocabulary.cyou
gyweekend.cyou
harmoon.xyz
heartyz.xyz
herbalz.xyz
hovr.monster
hubbble.buzz
indid.buzz
internl.xyz
intrst.sbs
iqtester.xyz
istat.buzz
jeepper.buzz
jeepr.cfd
jekel.xyz
joggle.buzz
justdo.cyou
kampaign.fun
komby.uno
komodor.sbs
kopper.uno
krown.buzz
lampz.fun
leoprd.fun
linguic.pics
lordsofrock.uno
lynxer.monster
mammt.buzz
megaz.space
mickeym.buzz
microz.xyz
mixtrz.online
nazaretz.xyz
nickelz.xyz
nickl.store
nockk.cfd
nopp.buzz
oblivio.buzz
oppressr.cfd
orego.buzz
orx.buzz
oxmid.xyz
picos.pics
pigin.xyz
precisel.buzz
preparic.site
projer.xyz
qolls.buzz
quanto.sbs
qubic.fun
questnz.xyz
quickl.online
razo.quest
restor.uno
restorat.sbs
revolve.buzz
rikroll.xyz
secondry.autos
statanalytics.xyz
strangr.fun
strifer.fun
strimmr.buzz
stubb.buzz
tokend.space
torquse.uno
trickly.xyz
trimmr.club
trytogo.online
ultimatez.cfd
undone.buzz
unforg.fun
unrel.lol
untell.xyz
varname.buzz
vectr.quest
vizrd.xyz
vorm.buzz
warrant.sbs
widgt.xyz
wizrd.cloud
wondr.buzz
wormz.buzz
xeno.buzz
xtremo.lol
xtrict.xyz
xtrim.fun
xxfor.buzz
xxgot.buzz
xxhit.buzz
xxirc.buzz
xxjog.buzz
xyforward.cyou
xygrabber.cyou
xyhover.cyou
xyinterrupt.cyou
xyjumper.cyou
xykombo.cyou
xylesson.cyou
xymoon.cyou
xyneedle.cyou
xyopera.cyou
xypromo.cyou
xyquest.cyou
xyroman.cyou
xystream.cyou
xytracker.cyou
xyunique.cyou
xyvery.cyou
xyworld.cyou
xyxylene.cyou
xyyclept.cyou
xyzigzag.cyou
yankeyz.cfd
yeartwo.buzz
yellw.xyz
yesllow.homes
yester.uno
yttrim.uno
zetas.cfd
zetas.me
zetas.shop
zyambient.cyou
zybridge.cyou
zycross.cyou
zydrive.cyou
zyeffort.cyou
zyfrozen.cyou
zygophyte.cyou
zyhandle.cyou
zyinternal.cyou
zyjumper.cyou
zykenia.cyou
zyluss.cyou
zymase.cyou
zynarrow.cyou
zyomide.cyou
zypper.cyou
zyquick.cyou
zyrock.cyou
zyslave.cyou
zytrick.cyou
zyultimate.cyou
zyvictory.cyou
zyworker.cyou
zyxpert.cyou
zyypper.cyou
zyzeolite.cyou

# Reference: https://www.virustotal.com/gui/ip-address/185.253.33.181/relations

freellock.com
cdn.freellock.com

# Reference: https://twitter.com/EKFiddle/status/1544348118593941504
# Reference: https://twitter.com/MBThreatIntel/status/1544743417745289216

collectingstatistics.net
javascriptmagneto.net
jsconfigur.net
jsconfigur.org

# Reference: https://twitter.com/sansecio/status/1545097814945845248
# Reference: https://www.virustotal.com/gui/ip-address/38.132.99.214/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.239.55.67/relations

cloudestreem.com
systemcloud.in
/api/id/IEKAOIEKAOIEKAO
/IEKAOIEKAOIEKAO

# Reference: https://twitter.com/sansecio/status/1545159974254362626

html5decode.net
/redirect-non-site.php?datasend=

# Reference: https://twitter.com/unmaskparasites/status/1545463671492681731

pingurlx.com

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_Magecart.json

01scambiomoda.net
2015onlineshop.com
20180426.com
24sevenprinting.org
24wp.org
29wp.org
2nt6.com
3-easy.xyz
360-3d.info
360popads.com
360popunderfire.com
36obuy.org
38027.info
3dartevideo.com
3hourweb.com
3rfm.com
actual-textile.com
artistgossip.info
asamtechnologies.com
asapmobilelocksmithsny.com
assistmail.net
autocustomcarpets.org
autodealerjournal.com
autoricambiteam.com
bantin113online.com
besttowerfanreview.com
blossomdigital.net
bmoar.com
borac.org
borderleads.net
bournelegacy2012.com
bournelegacy2012.info
bovyc.info
bowobcloud1.com
boxmovihd.com
cartix.org
cartme.org
casadellaturadio.com
casamadeleine.info
casaspremoldadas.net
case-lagodorta.com
cashpeels.com
casino-pokerdom.com
casitasduquesa.com
casquebeatsspascherr.com
cassandragraisford.com
cat-lovely.com
causeun.com
cbtagclouds.com
cdtk9.com
celeb2vote.com
celltheraphy.net
click-fraud-detection.com
clicktictac.com
clipsexteen.com
clixapper.com
cloud-info.click
clunder.net
cms-skin.com
cmsucoz.com
codecomplete4u.com
codelessay.info
codingbutler.com
codnetnewsletter.com
coffeebrewerdenver.info
coffeemakercolumbus.info
coffeeshoprestaurant.info
consultabotox.com
consultoriocanino.com
contextrtb.com
contribusourcesyndication.com
controlwebadmin.com
conversiongold2.com
conversioninabox.com
convertizrds.com
cookiescript.cdn8.info
cookingequipmentguides.com
cool-board.info
cool-cool.info
cool-fashion.info
cool-her.info
cool-herstyle.info
cool-key.info
cool-mystyle.info
cool-top.info
coolcounters.net
coordenadas-gps.info
cople.info
corissapoley.com
cosmicvent.net
cosmosoftsolutions.com
countybuck.com
coureleads.com
cppgf.com
cracks4free.info
crackthecode.info
custom-webdesigns.net
customgaugepanelsinhampsteadnc.com
cyber-25.info
cyberstampedeinc.com
cykahax.net
cyklist.info
cyzyk.info
d-artchitex.com
da-redirect.info
daftar-pokeronline.com
daoblockscenter.com
dev-extension.cloud
dfdffgff.kitewhite.online
downloadreview.net
dressforyouka.com
elunlversal.com
freeaudiovideodelivery.com
freechoiceact.net
freedominvestingsystem.com
freedownloadreviewed.com
freeinternetvideopoker.com
freelancerfree.com
freepokercostarica.com
freesearchworld.com
freewebsitetrafic.com
freitagautomobile.com
friendpetsclub.com
fromtheendzone.com
fruitybarre.com
fushigi-yume.com
gacsapps.com
gadgea.com
gadget-solutions.com
gallerialabronica.com
galloom.com
getleadfeeder.com
grandriverinspection.com
graycardinals.com
greetingsfromhb.com
imzaj.com
in-management.info
inard.info
incinflorida.com
includejs.net
indatwa.net
india-luxury-travel-packages.com
indobacklinks.com
indovertiser.com
inferactive.net
info-angebote.info
info-circle-area.com
info-e-cigarette.com
infocirclearea.com
infocus52.com
infoeduonline.info
infoguiaguadalajara.com
infomusculacao.com
infoserveconsultants.com
infpoker.com
ingilteredilokulu.org
inieshop1.com
inlscorp.com
inspirationalquotesandsayings.com
jogja-handycraft.info
johngoodmandesign.com
johnsbogers.com
jople.info
joshuahunt.info
joyeriaenpontevedra.com
jqwp.org
jscrpt.info
kimchisan.com
kimhuetea.com
kimiawebsitedesign.com
kinoskachka.com
kiralikgunlukdaire.net
klasfm.info
klin9.info
koddostu.net
kolnossystems.com
konkhmer8.info
kvazis.fvds.ru
mfhfeeds.com
mgtct02.net
miamimuseum.info
microfin.info
miderea.com
mybestmediadownloads.com
myclickmonitor.com
mycrews.info
mydearmishima.com
mydon.org
myhurtbaby.com
myluckymarriage.com
myogisaputra.info
myprestatheme.com
myreklama.org
mysimplename.com
myskop.com
myweb-tools.info
myxomop.net
n1te1337.com
n284adserv.com
n285adserv.com
nannieroth.info
navegaengalego.com
naverle.com
ndezo.net
nekretnine365.info
neley888.info
neohealthnews.com
nerds-down.com
net-city.info
net-fortune-telling.info
netrotator.net
newimagemagazine.info
newm33arads.com
newrooseveltinitiave.com
newrus.net
newsvidnews.info
nfsgames.info
nfwebminer.com
nguoiay.info
nguyenthikieuquan.com
nhacaipoker.com
niaz22.com
nikscenes.info
nimbuzzer-java.com
nitrostats.com
njsa-assignments.com
nntindia.org
nosleeppress.com
noticiasnicaragua.info
notno.info
notraff.com
optionsm-stats.com
optom-iz-kitaya.com
opvar.com
oracleinsider.com
oracyweb.com
orangewebscape.com
orc-my.com
organicvillagenyc.com
organizingdealers.info
orthodontistqld.com
osatjobs.info
otitez.org
plugin-connect.cloud
pokerdestek.com
polskiandi.com
pommenoir.com
popads.info
porno-hab.com
pos-in-dubai.com
potteryandglasscollectiblesx16.info
ppcindonesia.net
practicefieldadv.com
praguemost.info
pralilipiped.net
preferredbenefitpartners.com
premium-software.info
prentissw.com
pressing-arcenciel.com
pricefeel.info
pricesee.info
pricesix.info
prim-vod.com
printerkaosmurah.com
prizrakov.net
puzzlesgamesplusb3.info
radio-constantine.org
radiovideoads.com
ragonese.net
ralphsells.info
randompatternsmusic.com
raymond-mill.org
rdrbackup.com
reachingforyourhand.com
reportersinc.info
reptibious.com
reviewerplus.info
reyfiles.com
rezekidarisms.com
rhythm9.com
ricondamaintenance.com
ridewithtraiv.com
ridingmowersendofseason.info
ripsawdesign.com
rispostaindia.info
ristorantedabeni.com
riverfrontgrumble.com
rjmungo.com
rmrefer.com
robertostrizzi.com
rotation-media.net
skolske-knjige.net

# Reference: https://twitter.com/MBThreatIntel/status/1549086388024254465
# Reference: https://twitter.com/unmaskparasites/status/1549172191572267008
# Reference: https://www.virustotal.com/gui/ip-address/223.252.173.12/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.239.41.205/relations

checkmag.shop
clientswebstat.online
finteza.online
funeldata.com
help-chat.shop
jstat.shop
issuspsorry.online
kgrs.shop
online-chat.shop
online-support.best
paymentpay.shop
visualwebsiteoptimizer.online
/api/id/854OIEKAOIEKAOIEKA
/854OIEKAOIEKAOIEKA

# Reference: https://www.virustotal.com/gui/ip-address/223.252.173.168/relations

googlecom.click

# Reference: https://twitter.com/sansecio/status/1554902168108294144
# Reference: https://www.virustotal.com/gui/ip-address/103.253.43.232/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.54.174.154/relations

clickstat.eu
cloud-zdassets.com
crprtd.com
drubofast.com
flexchat.shop
ghtrs.com
gtpely.com
hstatbuy.shop
iocloud.shop
liveclick.shop
masmag.shop
msft-tools.net
stopyfy.com
webmastersite.shop
zitye.com

# Reference: https://twitter.com/MalwareInfosec/status/1559281030283939841
# Reference: https://www.virustotal.com/gui/ip-address/23.106.215.227/relations

webtemplatedelivr.com

# Reference: https://twitter.com/rootprivilege/status/1559238666077081600
# Reference: https://www.virustotal.com/gui/ip-address/167.235.20.31/relations
# Reference: https://www.virustotal.com/gui/ip-address/49.12.223.222/relations

101request.com
99request.com
drrequest.com
request101.com
requestbee.com
ab.ro.lt

# Reference: https://blog.group-ib.com/switching-side-jobs
# Reference: https://www.virustotal.com/gui/ip-address/82.180.173.146/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.180.173.187/relations

designestylelab.com
congolo.pro
gvenlayer.com
metahtmlhead.com
nmdatast.com
seclib.org
vamberlo.com
winsiott.com

# Reference: https://twitter.com/rootprivilege/status/1562998526329495553
# Reference: https://www.virustotal.com/gui/ip-address/85.239.54.210/relations

united81.com

# Reference: https://twitter.com/MBThreatIntel/status/1567533004297490437

stripefaster.com

# Reference: https://twitter.com/unmaskparasites/status/1567604988750483457
# Reference: https://www.virustotal.com/gui/ip-address/77.91.74.92/relations

gtmapicss.com
gtsmapicss.com
jqstylemin.com
jqstylemini.com
jqstyleminjs.com
sanapicss.com

# Reference: https://twitter.com/MBThreatIntel/status/1572316461615677440
# Reference: https://www.virustotal.com/gui/ip-address/192.236.209.185/relations
# Reference: https://www.virustotal.com/gui/ip-address/51.75.49.254/relations

stats-doubleclick.com

# Reference: https://www.virustotal.com/gui/ip-address/195.22.149.218/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.203.192.227/relations

cloudfsnbg.cc
google-application.com
google-bootstrap.com
google-clipboard.com
google-font.com
google-ltag.com
google-manager.com
google-portal.com
google-server.com
google-work.com
_mta-sts.cloudfsnbg.cc

# Reference: https://twitter.com/unmaskparasites/status/1572635560153612288
# Reference: https://www.virustotal.com/gui/ip-address/94.131.107.62/relations

gjsmini.com
goojsytle.com
stylecssmini.com

# Reference: https://twitter.com/MBThreatIntel/status/1573059941619081221

guyacave.fr/js/tiny_mce/themes/modern/validate.js

# Reference: https://twitter.com/MBThreatIntel/status/1577039325157822464
# Reference: https://www.virustotal.com/gui/ip-address/142.11.211.60/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.20.40.156/relations

assetsclick.com
assetsfind.com
assetspower.com
assetsspace.com
megaebun.ru
stripecheck.com

# Reference: https://twitter.com/MBThreatIntel/status/1578483645568147456
# Reference: https://twitter.com/EKFiddle/status/1578497647857762304

fleuriste.ca/static/version1664884145/_cache/merged/510ae23a9c13df084a8608806e1bb5be.min.js
gs27usa.com/translations/tw/mails.php

# Reference: https://twitter.com/MBThreatIntel/status/1579869056819396609

cdn-mediahub.com

# Reference: https://www.virustotal.com/gui/ip-address/103.109.101.137/relations

payce-google.com
payse-google.com

# Reference: https://twitter.com/sansecio/status/1587034728292646913
# Reference: https://www.virustotal.com/gui/ip-address/176.99.6.185/relations

altersave.org
js.altersave.org

# Reference: https://twitter.com/AffableKraut/status/1587457210564726791
# Reference: https://urlscan.io/result/f14c5092-9bec-4985-91be-a4601d39ddac/

lalalatatata.com

# Reference: https://www.virustotal.com/gui/ip-address/188.114.97.3/relations

jscdnstore.pw

# Reference: https://twitter.com/unmaskparasites/status/1593321085323595776

aspoln.info

# Reference: https://twitter.com/c0d3inj3cT/status/1594974179463499778
# Reference: https://www.zscaler.com/blogs/security-research/black-friday-scams-4-emerging-skimming-attacks-watch-holiday-season

artmodecssdev.art
cdn-common.com
cdn-webcloud.com
devjs.biz
html5decode.biz
html5decode.com
html5decode.org
java-cloud.biz
java-cloud.net
java-cloud.org
magento-cloud.biz
magento-cloud.com
magento-cloud.net
magento-cloud.org
modersecure.com
mozillajs.biz
mozillajs.net
mozillajs.org
payment-analytics.info
stirepoint.com

# Reference: https://twitter.com/SinghSoodeep/status/1598320639961710596
# Reference: https://www.virustotal.com/gui/ip-address/46.30.40.108/detection

cdn-jsnode-call.com
cvv-news.store
cvv-private.online
cvv-private.space
cvv24.cc
cvv24.site
cvv24.store
cvvamoggrcopaeehscyic6xu3q5lbameo3kv3q3ptpfa5bsq2vrbjsad.onion
cvvhub.at
cvvhub.in
cvvhub.site
cvvhub.store
cvvhub.su
www-cvvhub.ru

# Reference: https://www.virustotal.com/gui/ip-address/34.171.171.32/relations
# Reference: https://www.virustotal.com/gui/ip-address/51.91.209.190/relations

jquerystatistik.com
jqurystatistic.com
statistiktrafiktrubest.com
statistiktrafiktrubest.net

# Reference: https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
# Reference: https://www.virustotal.com/gui/ip-address/193.3.19.36/relations

2blu.cloud
7raven.uno
add222.golf
bind853.me
blind227.boutique
block714.mobi
bus527.cfd
composition375.digital
depth305.digital
dig159.digital
door111.network
earn454.live
follow707.cloud
gymorning.cyou
heavy689.immo
hinder799.cyou
hovr.monster
literature539.space
lynxer.monster
mn-vps.art
nothing536.loan
operator595.city
passenger210.bar
reduction925.cc
salt204.me
slavery588.biz
someone332.bond
strimmr.buzz
supper728.gifts
temple321.bar
wa-track.com
war740.engineer
bx46558954.block714.mobi
6383573447.dig159.digital
a139127292.dig159.digital
ad51503046.dig159.digital
au54908186.add222.golf
b752190403.dig159.digital
bu4177319.passenger210.bar
ck40780353.hinder799.cyou
cn24778728.composition375.digital
dr16228601.party257.engineer
ei18376437.operator595.city
fe50866349.operator595.city
ga71625840.door111.network
ic28610131.door111.network
kv6922771.door111.network
mq16264526.temple321.bar
oe45905490.reduction925.cc
temple321.earn454.live
tracker.web-cockpit.jp
w4451.wa-track.com
w7415.lb.wa-track.com
wl63518921.nothing536.loan
yq40826.bind853.me
yv32724828.operator595.city

# Reference: https://www.virustotal.com/gui/ip-address/172.64.80.1/relations

cdnjs.pw

# Reference: https://www.mertsarica.com/magecart-ile-mucadele/

/js/6cb1e31ff2f343a9d576d889bfcbde0e.js
/6cb1e31ff2f343a9d576d889bfcbde0e.js

# Reference: https://www.virustotal.com/gui/ip-address/162.19.175.7/relations

jquery-mobile.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven

2xdepp.com

# Reference: https://www.virustotal.com/gui/ip-address/185.157.160.171/relations

magento-cdn.net

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336

antohub.shop
app-stat.com
jquery-node.com
nebiltech.shop
okqtfc1.org
rithdigit.cyou
yachtbars.fun
cdn.nebiltech.shop

# Reference: https://twitter.com/unmaskparasites/status/1633894598908219392

git-authorize.net

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/03/hunter-skimmer
# Reference: https://otx.alienvault.com/pulse/641b199b876ff4d23aab375c

1537la.buzz
1537li.buzz
1537lx.buzz
1568la.buzz
1568li.buzz
1568lx.buzz
1599la.buzz
1599li.buzz
1599lx.buzz
1599lz.buzz
1630lz.buzz
appcloud1.buzz
appcloud19.buzz
appcloud2.buzz
appcloud20.buzz
appcloud3.buzz
appcloud5.buzz
araboxtv.sbs
blindsmax.sbs
bubapeq.quest
dev-extension.one
dev-extension.us
hedeya.sbs
inspirefitness.sbs
motherearthlabs.sbs
nasaservers.sbs
newarriwal.quest
paramountchemicals.sbs
peqart.sbs
remediadigital.sbs
roboshop.sbs
schmerzfrei-shop.sbs
swsgswsg.sbs
thecornerstoreau.sbs
ultracoolfl.sbs

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/03/new-kritec-skimmer
# Reference: https://otx.alienvault.com/pulse/641c8658102b428a20157ffc

accotech.quest
apexit.yachts
bereelec.quest
cloud-cdn.org
cloveselec.quest
defimob.bar
entrydelt.sbs
flagmob.quest
flowit.pics
gemdigit.pics
gretit.yachts
klstech.shop
kouelec.cyou
kritec.pics
kruktech.shop
lavutele.yachts
ledeehub.shop
nevomob.quest
nujtec.shop
obfuscator.io
oumymob.shop
paunit.pics
pracelec.yachts
prijetech.shop
regtech.sbs
sanpatech.shop
screenmet.sbs
shokomob.sbs
shotsmob.sbs
smestech.shop
sorotele.yachts
tochdigital.pics
ukatec.pics
vitalmob.pics
vuroselec.quest

# Reference: https://www.virustotal.com/gui/ip-address/195.242.110.130/relations

nespomob.sbs
cdn.shotsmob.sbs

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/

info-stat.ws

# Reference: https://cyberweek.ae/materials/D4%20TRACK%202%20-%20APT%20Attacks%20On%20Crypto%20Exchange%20Employees%20-%20Heungsoo%20Kang.pdf

analyticsfit.com

# Reference: https://www.virustotal.com/gui/ip-address/23.88.97.138/relations

js-jquerylibs.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art
# Reference: https://otx.alienvault.com/pulse/644ba6b9255f619b29fc7ac3

daichetmob.sbs
genlytec.us
interytec.shop
pyatiticdigt.shop
shumtech.shop
stacstocuh.quest
zapolmob.sbs

# Reference: https://unit42.paloaltonetworks.com/internet-threats-late-2022/
# Reference: https://www.virustotal.com/gui/file/eaadde9a724180a0318c13a9399ec30bda7a3ec6399ff43b8b7207bf0e74332b/detection

personallydeliver.com

# Reference: https://twitter.com/unmaskparasites/status/1653895004287537152
# Reference: https://www.virustotal.com/gui/ip-address/194.4.49.208/relations

codesejquery.com
codesjquery.com
gojqswejs.com
gojqueryajax.com
gojqwejs.com
gojqwerjs.com
jspixjqurey.com
jspqurey.com

# Reference: https://sansec.io/research/postponed-exfiltration-evades-detection
# Reference: https://www.virustotal.com/gui/ip-address/185.142.238.71/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.142.238.77/relations
# Reference: https://www.virustotal.com/gui/ip-address/198.54.117.242/relations

gogletags.click
gtag-analytics.com
pickuptestold.site
cdn.gogletags.click
cdn.gtag-analytics.com
cdn.pickuptestold.site
gt473829.pickuptestold.site

# Reference: https://twitter.com/threatcat_ch/status/1661006743340724224
# Reference: https://twitter.com/unmaskparasites/status/1661052684366143489
# Reference: https://www.virustotal.com/gui/ip-address/91.202.5.222/relations

cdnjsbrt.com
cdnjstat.com
marhamteb.com
miagw1b-1.net
vk-0y7l5hkf.ru
webstatlstics.net
www111.site

# Reference: https://twitter.com/unmaskparasites/status/1673811920263208960

fedgeat.com

# Reference: https://www.virustotal.com/gui/ip-address/188.114.96.4/relations

cloudfarle.com
cdn.cloudfarle.com

# Reference: https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
# Reference: https://www.virustotal.com/gui/ip-address/194.50.153.45/relations

byvlsa.com
cdnreport.net
chatwareopenalgroup.net
woocommerce.im
yoursmartpanel.com
emv1.byvlsa.com
emv1.google-site-verification.com

# Generic

/assets/lfg.js
/cdn/ga.php?analytic=
/js/ga.php?analytic=
/p/ga.php?analytic=
/ga.php?analytic=
/5d1cbc8c073d4.js
/5d4cdc4cdf344.js
/5e7fa6489b31a.js
/dsc-statistic.js
/subscriptioninsider.com.js
/adsbygoogle/
/adsbygoogle/ads.js
/baypressservices/
/baypressservices/baypr.js
/check_cvv2_number_script.js
/code/zipboss.dev.js
/gtm-connect/wp-share.min.js
/images/js/googleapi.js
/javascript/checkcheckout.js
/js/a1def6c62256906029767cb784323ab3.js
/js/afterpay/checkout/idev_onestep.js
/js/check_analystic.js
/js/customize-gtag.min.js
/js/extjs/fix-defer-after.js
/js/footer-link.js
/js/mage/cookies.js
/js/mage/google.js
/js/scriptaculous/print.js
/js/dsc-statistic.js
/js/varien/js.js.pagespeed.jm.aFn_GvyNS2.js
/mainer/myscr109881.js
/my/vmart.js
/103754_tag.js
/a1def6c62256906029767cb784323ab3.js
/ac-analytics.js
/authorze.js
/markberg.dk.js
/qcore.js
/plugins/republicadealberdi.js
/republicadealberdi.js
/rimzoneonline/code.js
/silver/acor.js
/static/gstatic-hander.js
/googletag-manager?connect=
/gstatic-hander.js
/zipboss.dev.js
/sello-ecommerce.js
