JavaScript code in the file /media/js/js-color.min.js on an infected Magento website loads a skimmer and then exfiltrates the stolen data to the malicious domain united81.com.