# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/

magentocore.net

# Reference: https://www.riskiq.com/blog/labs/magecart-keylogger-injection/

abuse-js.link
angular.club
cdn-js.link
docstart.su
govfree.pw
jquery-cdn.top
js-abuse.link
js-abuse.su
js-cdn.link
js-link.su
js-magic.link
js-mod.su
js-save.link
js-save.su
js-start.su
js-stat.su
js-sucuri.link
js-syst.su
js-top.link
js-top.su
jscript-cdn.com
lolfree.pw
mage-cdn.link
mage-js.link
mage-js.su
magento-cdn.top
mageonline.net
mipss.su
mod-js.su
mod-sj.link
sj-mod.link
sj-syst.link
stat-sj.link
statdd.su
statsdot.eu
stecker.su
stek-js.link
syst-sj.link
top-sj.link
truefree.pw

# Reference: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/

http://89.47.162.248
baways.com

# Reference: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/

http://85.93.5.188
http://94.156.133.211
webfotce.me

# Reference: https://twitter.com/bad_packets/status/1043809501516726272

gamacdn.com

# Reference: https://twitter.com/hashtag/magecart?src=hash
# Reference: https://twitter.com/AmiV2/status/1042988934576271360

neweggstats.com

# Reference: https://otx.alienvault.com/pulse/5c9287b3b67a75234fc56b6b

cdnassels.com
cdnmage.com
cmytuok.top
configsysrc.info
js-cloud.com
magejavascripts.com
magesecuritys.com
magescripts.pw
mcloudjs.com
mypiltow.com
secure.livechatinc.org

# Reference: https://twitter.com/jeromesegura/status/1121134552158621696
# Reference: https://twitter.com/bad_packets/status/1121147936203624448
# Reference: https://otx.alienvault.com/pulse/5cd3ef4f22e204745f6672c3

magento-analytics.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada/

cloudmetric-analytics.com
g-analytics.com
ebitbr.com

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/

googletagmanager.eu

# Reference: https://twitter.com/jeromesegura/status/1128387989111853056

jqueryextd.at

# Reference: https://twitter.com/bad_packets/status/1128517905765683201

fontsawesome.gq

# Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/
# Reference: https://otx.alienvault.com/pulse/5ce56f2bc5bbee0a58f7073c

thatispersonal.com
top5value.com
voodoo4tactical.com

# Reference: https://twitter.com/jeromesegura/status/1133160126561394688
# Reference: https://blog.malwarebytes.com/cybercrime/2019/05/skimmer-acts-as-payment-service-provider-via-rogue-iframe/

modest4ever.com

# Reference: https://www.fortinet.com/blog/threat-research/payment-card-details-stolen-magecart.html
# Reference: https://www.virustotal.com/gui/ip-address/178.33.231.184/relations

http://178.33.231.184
adorebeauty.org
all-about-sneakers.org
battery-force.org
blackriverimaging.org
braincdn.org
childsplayclothing.org
citywlnery.org
closetlondon.org
dahlie.org
davidsfootwear.org
dobell.su
elpalaciodehierro.org
etradesupply.org
exrpesso.org
foodandcot.com
freshdepor.com
greatfurnituretradingco.org
jewsondirect.com
kik-vape.org
labbe.biz
lamoodbighats.net
mage-checkout.org
misshaus.org
monocula1caillouet.slickjs.org
nililotan.org
oakandfort.org
ottocap.org
p114343.slickjs.org
pmtonline.su
replacemyremote.org
sagecdn.org
security-payment.su
shop-rnib.org
slickjs.org
swappastore.com
verywellfitnesse.com
walletgear.org

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/06/magecart-skimmers-found-on-amazon-cloudfront-cdn/

cdn-imgcloud.com
font-assets.com
js-cloudhost.com
wix-cloud.com
ww1-filecloud.com

# Reference: https://twitter.com/rommeljoven17/status/1144786273741107200
# Reference: https://www.fortinet.com/blog/threat-research/inter-skimmer-for-all.html
# Reference: https://otx.alienvault.com/pulse/5d1a08ac3f9760423c70c999

tracker-visitors.com
jquery-web.com
jquery-stats.com
jsreload.pw
routingzen.com

# Reference: https://twitter.com/eComscan/status/1147077036692922368

http://89.32.251.136
