ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://cdnlivechatinc.com/ws.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1781373
IOC: https://cdnlivechatinc.com/ws
IOC Type :url
Threat Type :botnet_cc
Malware: magecart
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS400992 ZHOUYISAT-COMMUNICATIONS
Country:- RU
First seen:2026-04-06 07:57:22 UTC
Last seen:never
UUID:1e2f005e-30d5-11f1-9af6-42010aa4000a
Reporter ander3024
Reward 5 credits from ThreatFox
Tags:LiveChatCDN Magecart Magento skimmer stripe-overlay websocket-c2
Reference: https://urlscan.io/domain/cdnlivechatinc.com

Avatar
ander3024
Magecart iframe overlay skimmer. Two stage WebSocket delivery. Fake Stripe Elements iframe clones real one and exfils card data (PAN exp CVV) every 1s via postMessage. Exfil via wss to cdnlivechatinc.com using AES GCM PBKDF2 SHA256 hardcoded password Ip3YjYQRGZKmy5sR. Active since 2025-09-29. Victim guanabana.es now remediated. WebSocket C2 endpoint. Accepts hello beacon and returns stage 2 JS.