Old Magecart Domains are Being Bought Up for Monetization
released on 2019-09-19 @ 11:57:20 AM
Over the years, we’ve outed many Magecart web-skimming campaigns in reports that denoted IOCs, including malicious domains that attackers used to inject web-skimming JavaScript into browsers or as a destination for the skimmed payment information. Large portions of these malicious domains have been taken up for sinkholing by various parties. However, some of them are kicked offline by the registrar, put on hold, and then eventually released back into the pool of available domains.