It survived the downfall of other popular exploit kits of its time, but it’s not being used as widely anymore, as it is no longer being publically rented out.
Researchers refer to this process as “Magnigate,” as the exploit kit will use this information to profile the user and decide whether or not to infect them with malware.
For example, researchers at Zscaler saw that one of the campaigns using Magnitude would infect people in Taiwan, but ignore users in countries like South Korea.
Users not targeted for malware distribution will instead be served a decoy website.
To help prevent analysis by researchers, some of the landing pages track the IP address of the user to prevent the user from being served exploits multiple times.
Enabling TSCritical and Drive By targets in policies for ThreatSTOP DNS and IP Firewall Services, protects against exploit kits like Magnitude EK. If you do not have a ThreatSTOP account, for a free trial.