LIVE_FEED

--:--:--[HIGH]shop-***-deals.com→Magecart skimmer (Group 7)// US-EAST--:--:--[HIGH]wp-***-blog.net→Drive-by iframe → exploit kit// EU-WEST--:--:--[MEDIUM]cdn-***-helper.io→Obfuscated cryptominer (CoinIMP)// AP-SOUTH--:--:--[HIGH]auth-***-login.co→Credential phishing kit (16shop)// EU-CENTRAL--:--:--[MEDIUM]media-***-files.org→Malicious redirect chain → ClickFix// US-WEST--:--:--[HIGH]support-***-desk.com→FakeUpdates / SocGholish payload// US-EAST--:--:--[LOW]track-***-pixel.app→Unauthorized 3rd-party tracker// EU-NORTH--:--:--[MEDIUM]img-***-host.ru→Drive-by download (TLD reputation)// EU-EAST--:--:--[HIGH]api-***-stats.xyz→C2 beacon (Cobalt Strike profile)// AP-EAST--:--:--[LOW]promo-***-coupon.shop→Affiliate cloaking + cookie stuff// US-CENTRAL--:--:--[HIGH]shop-***-deals.com→Magecart skimmer (Group 7)// US-EAST--:--:--[HIGH]wp-***-blog.net→Drive-by iframe → exploit kit// EU-WEST--:--:--[MEDIUM]cdn-***-helper.io→Obfuscated cryptominer (CoinIMP)// AP-SOUTH--:--:--[HIGH]auth-***-login.co→Credential phishing kit (16shop)// EU-CENTRAL--:--:--[MEDIUM]media-***-files.org→Malicious redirect chain → ClickFix// US-WEST--:--:--[HIGH]support-***-desk.com→FakeUpdates / SocGholish payload// US-EAST--:--:--[LOW]track-***-pixel.app→Unauthorized 3rd-party tracker// EU-NORTH--:--:--[MEDIUM]img-***-host.ru→Drive-by download (TLD reputation)// EU-EAST--:--:--[HIGH]api-***-stats.xyz→C2 beacon (Cobalt Strike profile)// AP-EAST--:--:--[LOW]promo-***-coupon.shop→Affiliate cloaking + cookie stuff// US-CENTRAL

← назад към блога

Platform2026-06-186 мин. четене

What We Store and What We Don't: Data Handling at ExploitShield

Before you trust a scanner with your site, you should know what it keeps. Here's exactly what ExploitShield records, why, and for how long.

We scan the public surface of your site the way any visitor's browser would. We do not log in as your users, we do not submit real payment data, and our synthetic checkouts use disposable test values that touch no real account.

What we store is evidence: the script tree, network initiators, and resource hashes from each scan. This is the minimum needed to diff against your baseline and to give you a defensible audit trail when a finding fires.

We do not collect your customers' personal data. The whole point of detecting a skimmer is to stop exfiltration of that data — capturing it ourselves would defeat the purpose, so the pipeline is built to record behavior, not payloads.

Evidence is retained on a rolling window tied to your plan and is deleted on request. If you offboard, your scan history and baselines go with you — we keep no shadow copy of a former customer's site.

свързани_статии

Detecting Magecart Skimmers in 2026: What Changed After Group 12

Threat Intelligence

Anatomy of the 'Fake CAPTCHA → ClickFix' Lure