Sansec logo

Magecart Early Breach Detection Feed


by Team Sansec

Published in Guides

Sansec operates a crawler network that monitors hundreds of thousands of global stores for signs of Magecart (skimming) attacks. This produces near-realtime visibility in the global attack landscape, and enables us to monitor emerging attacks at a very early stage. It also gives us unique insights in the infrastructure that is used to operate skimming networks.

The crawler network has been operational since 2015. Since then, Sansec has identified more than 60 thousand stores with skimming malware.

The Sansec Early Breach Detection Feed (SEBDEF) is licensed to PSPs, PFIs, LE and financial institutions. Please contact us to discuss how your organization would benefit from our unique data.

The SEBDEF data is exposed in two ways:

  1. Daily delta update push per mail
  2. Delta querying via API endpoint (JSON)

Data format

SEBDEF data contains sets of detections within a given time range. A detection is a status change for a particular domain (has malware: yes/no). Furthermore, each detection has:

  • The parent domain name, with approximate Alexa rank.
  • Platform & version of the detection ecommerce platform, if available.
  • Zero or more signature matches, each with:
    • The specific URL that contained the malware indicator and was referenced from the parent site.
    • A confidence value 1-100. Anything below 90 is low-confidence and may concern a false positive.
    • The relevant code snippet that triggered our heuristic.

Email reporting

Please add "" to your trusted senders, as email messages with malware references may get blocked by some mail gateways.

You will receive a daily text report for the previous 24h.

API polling

If your license covers API access, we will send you API credentials and usage instructions separately.

Please direct implementation assistance requests to [email protected].

Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security


Terms & Conditions
Privacy & Cookie Policy
Company Reg 77165187
Tax NL860920306B01