← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Old Magecart Domains are Being Bought Up for Monetization
Over the years, we’ve outed many Magecart web-skimming campaigns in reports that denoted IOCs, including malicious domains that attackers used to inject web-skimming JavaScript into browsers or as a destination for the skimmed payment information. Large portions of these malicious domains have been taken up for sinkholing by various parties. However, some of them are kicked offline by the registrar, put on hold, and then eventually released back into the pool of available domains.
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Trojan:JS/Magecart
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | www.cdnanalytics.net | — | 2019-09-19 | |
| hostname | site.cdnanalytics.net | — | 2019-09-19 | |
| hostname | www.ossmaxcdn.com | — | 2019-09-19 | |
| hostname | cdn.contextjs.info | — | 2019-09-19 | |
| domain | cdnanalytics.net | — | 2019-09-19 | |
| domain | ossmaxcdn.com | — | 2019-09-19 | |
| domain | cdnapis.com | — | 2019-09-19 | |
| domain | contextjs.info | — | 2019-09-19 | |
| domain | magelib.com | — | 2019-09-19 | |
| domain | magento-order.com | — | 2019-09-19 | |
| domain | nexcesscdh.net | — | 2019-09-19 | |
| URL | http://cdnanalytics.net/ga.js. | — | 2019-09-19 |
References (1)