The domain is a well known ruse by hackers who prey on its use of the well known Google Analytics domain and brand name to trick unsuspecting users. This tactic is well known, but effective.
A Comprehensive Attack
Interestingly, the attack code will change its behavior based on if a user has DevTools open, and what kind.
For both Chrome and Firefox, the presence of open tools stops the attack. This is a highly sophisticated tactic that helps the attack go undetected by and remain under the radar. Moreover, the attack can use all of the most popular payment gateways. This includes solutions with integrated eCommerce fraud prevention tools like PayPal This allows it to cast a wide net and gives each successful infection the best chance of success.
In addition to the skimming, the malware executes a second attack. This attack sends users to a second fake domain ‘google[.]ssl[.]lnfo[.]cc:‘. This code collects information from Magento’s user admin configuration, which hackers can use to conduct subsequent attacks.