Magecart is an umbrella term encompassing several different threat groups who typically use the same modus operandi. One of the groups implanted a payment-card skimmer on the check-out page of a legitimate online donation site. Researchers traced the skimmer back to its control panel, a known exfiltration domain at vamberlo[.]com. There are at least 570+ known command-and-control domains for the group, with close to 10,000 hosts actively loading those domains.
Source: https://threatpost.com/card-skimmer-australian-bushfire-donation-site/151841/