Sansec logo

Malicious GTM containers

Google Tag Manager containers are often used to hide malware. Find the latest malicious GTM IDs here.

Sansec Malware Library

Cyber criminals ❤️ GTM containers

eCommerce threat actors love using GTM containers for a number of reasons.

First, GTM code is hosted by Google, and does not trigger alerts about off-shore servers and bulletproof infrastructure. Also, many sites use CSP, a method to restrict foreign Javascript. They usually whitelist Google domains, so the malware can run unrestricted.

Second, GTM containers are not trivial to inspect. Sometimes threat actors even go so far as to setup a chain of GTM containers, sometimes up to 6 levels deep. These containers are hard to analyse by static analysis tools and require deep inspection.

I found one of these GTM ids on my site!

Your site and/or admin account likely has been compromised. It is strongly recommended to run a malware scanner and run an investigation to find the root cause.

Second, make sure that your own GTM containers are protected by Google 2-factor-authentication.

Current list of malicious GTM containers

These GTM containers have been identified by our eComscan malware detection engine. We crawl more than 400 thousand eCommerce stores per day and identify malicious code.

GTM-WXN4NCG
GTM-N7PP3X2
GTM-TC8JJS2
GTM-NH2LCRH
GTM-MT3XMX7
GTM-W8FXL6X5
GTM-KQF4P5L
GTM-M9Q3LR7
GTM-M6DS7C8
GTM-55SBK75
GTM-572RKHP
GTM-KC9DJLG
GTM-5VS39VW
GTM-WTSJ3SC
GTM-NK8JRQF
GTM-WNRSNMZ
GTM-NZGWCTH
GTM-TNBP8LK
GTM-N6S5V8D
GTM-558TV3D
GTM-PPF8WQW
GTM-WSDRKND
GTM-W4KZD63
GTM-NLH4QC4
GTM-5PJ4D68
GTM-TKFWZ45
GTM-NZT4GS8
GTM-5NTCJ5P
GTM-PC7D7TZ
GTM-5P8RSN3
GTM-TQFNC65
GTM-MQFR2NV
GTM-WHM7KJG
GTM-MCX8BFT
GTM-WP5Z2MD
GTM-KLKXFG9
GTM-K2NR34K
GTM-WJ6S9J6
GTM-K5ZPXSP
GTM-NSTTR9L
GTM-W837TXD
GTM-T78G58G
GTM-N9TF36T
GTM-NKC68MF
GTM-KF5DC95
GTM-5TMJ5CH
GTM-5MC682V
GTM-M4JQ37X
GTM-MC7J23V
GTM-P6X6FSH
GTM-P6WDDJ5
GTM-PC93T7S
GTM-M92CV3G
GTM-MF8QMZG
GTM-PSGMGKC
GTM-TMD8H65
GTM-MR3SLDV
GTM-MGHDWT8
GTM-KX36TXD
GTM-NL6NQGJ
GTM-KS9CDS2
GTM-T73M628
GTM-5R8G3N7
GTM-NFHZMDF
GTM-MJ933VN
GTM-KLVWG5S
GTM-WDRSKFH
GTM-MX7L8F2M
GTM-MF6ZFZZ
GTM-W52PB9H
GTM-NT8PNPZ
GTM-NKV5GMT8
GTM-W4LHV3C
GTM-WP95KK9
GTM-TVKQ79ZS
GTM-M6D53FL
GTM-T9MR3B6
GTM-TQ59HZG
GTM-M2T34WN
GTM-T28MV23
GTM-KRDG8TM
GTM-K4LTVK2
GTM-PB7B4WJX
GTM-NSQDRQH
GTM-PBZFWT
GTM-WJGC2CJ
GTM-TSF3R9C
GTM-KZLWKSD
GTM-NJHPNPW
GTM-N43V97LQ
GTM-5NVFF84
GTM-NTV2JTB4
GTM-56TPTJ8
GTM-PCNFTPH
GTM-PHD259R
GTM-P3GPBLF
GTM-KWPFGXJ
GTM-T8LQ3MN
GTM-5MNHBG3
GTM-KTGCVGT
GTM-52JS5K3
GTM-NBG6F2WS
GTM-KCZFT63
GTM-5GJW66B
GTM-KXD5V8S
GTM-M48MTZQ
GTM-MZB2G2C
GTM-PL4KZSM
GTM-WDBKWDTN
GTM-TGC43ZZ
GTM-KFC63RX
GTM-WKB3MZQ
GTM-5265DQT
GTM-T5J72ZB
GTM-TC6B644
GTM-KX5RSMB
GTM-MZR48MH
GTM-T2D8LKK
GTM-PDS7KRZ
GTM-N3B4VT9D
GTM-5772KFL
GTM-MKCV9JR
GTM-TRDLM7Q
GTM-WFZKNRQ
GTM-MT6784R
GTM-MRC9H4D
GTM-M8DFKLC
GTM-59TGWQ7
GTM-53M24QWG
GTM-T6TJHBR
GTM-N8T88JX
GTM-WWWNW2KJ
GTM-TNWTCWR
GTM-KXKF262
GTM-WVGX7LX
GTM-M9ND4W
GTM-T6Q2FKB
GTM-KFD8FJ6
GTM-WNV8QFR
GTM-P9Z2C2TT
GTM-KGMSGSH
GTM-WQM66DN
GTM-5SF293J
GTM-56RM8M2
GTM-KJWT839

Scan your store now
for malware & vulnerabilities

$ curl ecomscan.com | sh

eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

TwitterLinkedinEmail

Terms & Conditions
|
Privacy & Cookie Policy
Company Reg 77165187
|
Tax NL860920306B01