Is your Google Analytics code malicious? – Sansec
Tags
country: Netherlands Romania Russia
attack-pattern: Data Impersonation - T1656 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID c5bdd01f-d1f8-4e64-b7e0-227301efa198
Fingerprint 8c20a500e11e33af
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 6, 2018, midnight
Added to db Oct. 22, 2023, 10:38 p.m.
Last updated Nov. 17, 2024, 6:31 p.m.
Headline Is your Google Analytics code malicious?
Title Is your Google Analytics code malicious? – Sansec
Detected Hints/Tags/Attributes 29/2/14
Source URLs
Redirection Url
Details Source https://sansec.io/research/fake-google-analytics-malware
Details Redirection http://sansec.io/research/fake-google-analytics-malware
Details Redirection https://sansec.io/research/fake-google-analytics-malware/
URL Provider
Details Provider Source level domain
Details sansec.io sansec.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 221 Sansec - experts in eCommerce security https://sansec.io/atom.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
g-analytics.com
Details Domain 15 
google-analytics.com
Details Domain 1 
decrypt-aes.py
Details Domain 1 
www.hackedstore.com
Details File 18 
analytics.js
Details File 17 
__utm.gif
Details File 1 
utm.gif
Details File 1 
decrypt-aes.py
Details sha256 1 
4d25a9bb5f714290adb1334942e2e94f0c2595f5af50aeb9bc811717650fce08
Details Url 1 
https://www.hackedstore.com/buy
Details Url 1 
https://www.hackedstore.com/buy/paytpvcom/standard/conditions
Details Url 1 
https://www.hackedstore.com/buy/onestepcheckout
Details Url 2 
https://g-analytics.com/libs/1.0.10/analytics.js
Details Url 1 
https://g-analytics.com/libs/1.0.$i/analytics.js