{ "type": "Domain", "indicator": "webadstracker.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/webadstracker.com", "alexa": "http://www.alexa.com/siteinfo/webadstracker.com", "indicator": "webadstracker.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2938466124, "indicator": "webadstracker.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6142f70ea663fff6bc350288", "name": "Magecart Group 8: Patterns in Hosting Reveal Sustained Attacks on E-Commerce", "description": "Magecart Group 8 has been targeting online retailers since 2016. This distinct skimming group first came to light when RiskIQ, led by researcher Yonathan Klijnsma, analyzed its skimmer in 2017 and exposed attacks on Nutribullet in February 2020 and MyPillow and Amerisleep in 2019.", "modified": "2021-09-16T16:20:25.420000", "created": "2021-09-16T07:49:34.337000", "tags": [ "magecart", "ecommerce" ], "references": [ "https://community.riskiq.com/article/a472ec2d", "https://www.riskiq.com/blog/external-threat-management/magecart-group8-hosting-patterns/" ], "public": 1, "adversary": "Magecart", "targeted_countries": [], "malware_families": [ { "id": "Trojan:JS/Magecart", "display_name": "Trojan:JS/Magecart", "target": "/malware/Trojan:JS/Magecart" } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 251, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 44 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 386945, "modified_text": "1720 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626ee9ed061423decb78e4e9", "name": "NewDom-5-20220501", "description": "ICANN-Dom", "modified": "2022-06-15T00:01:21.489000", "created": "2022-05-01T20:13:33.619000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6203fbcbe54e65a4b63c0f2c", "name": "Magecart Group 8 Activity in Early 2022", "description": "While working to expand our knowledge base on Magecart groups, we have detected both new and familiar Magecart Group 8 activity. We've been tracking Magecart Group 8 activity since 2017, and Group 8 activity remains mostly unchanged in tactics and techniques. Last year, our analysis of Group 8 hosting patterns provided us with new insights into Group 8 activity. We have found that, during early 2022, Group 8 has remained active in much the same way as late last year, and we have identified new indicators of Group 8 behavior.", "modified": "2022-02-09T17:37:15.710000", "created": "2022-02-09T17:37:15.710000", "tags": [ "riskiq", "magecart group", "activity", "intel portal", "intelligence", "february", "community home", "riskiq threat", "search my", "attack surface", "discord", "upgrade" ], "references": [ "https://community.riskiq.com/article/22246ceb/description" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 24 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1574 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://community.riskiq.com/article/a472ec2d", "https://community.riskiq.com/article/22246ceb/description", "https://www.riskiq.com/blog/external-threat-management/magecart-group8-hosting-patterns/" ], "related": { "alienvault": { "adversary": [ "Magecart" ], "malware_families": [ "Trojan:js/magecart" ], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6142f70ea663fff6bc350288", "name": "Magecart Group 8: Patterns in Hosting Reveal Sustained Attacks on E-Commerce", "description": "Magecart Group 8 has been targeting online retailers since 2016. This distinct skimming group first came to light when RiskIQ, led by researcher Yonathan Klijnsma, analyzed its skimmer in 2017 and exposed attacks on Nutribullet in February 2020 and MyPillow and Amerisleep in 2019.", "modified": "2021-09-16T16:20:25.420000", "created": "2021-09-16T07:49:34.337000", "tags": [ "magecart", "ecommerce" ], "references": [ "https://community.riskiq.com/article/a472ec2d", "https://www.riskiq.com/blog/external-threat-management/magecart-group8-hosting-patterns/" ], "public": 1, "adversary": "Magecart", "targeted_countries": [], "malware_families": [ { "id": "Trojan:JS/Magecart", "display_name": "Trojan:JS/Magecart", "target": "/malware/Trojan:JS/Magecart" } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 251, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 44 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 386945, "modified_text": "1720 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626ee9ed061423decb78e4e9", "name": "NewDom-5-20220501", "description": "ICANN-Dom", "modified": "2022-06-15T00:01:21.489000", "created": "2022-05-01T20:13:33.619000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6203fbcbe54e65a4b63c0f2c", "name": "Magecart Group 8 Activity in Early 2022", "description": "While working to expand our knowledge base on Magecart groups, we have detected both new and familiar Magecart Group 8 activity. We've been tracking Magecart Group 8 activity since 2017, and Group 8 activity remains mostly unchanged in tactics and techniques. Last year, our analysis of Group 8 hosting patterns provided us with new insights into Group 8 activity. We have found that, during early 2022, Group 8 has remained active in much the same way as late last year, and we have identified new indicators of Group 8 behavior.", "modified": "2022-02-09T17:37:15.710000", "created": "2022-02-09T17:37:15.710000", "tags": [ "riskiq", "magecart group", "activity", "intel portal", "intelligence", "february", "community home", "riskiq threat", "search my", "attack surface", "discord", "upgrade" ], "references": [ "https://community.riskiq.com/article/22246ceb/description" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 24 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1574 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "webadstracker.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "webadstracker.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780422456.2005491 }