The code is being injected into target websites, possibly through a malvertising campaign. I would recommend blocking the IP address as the simplest option, although I can identify the following domains on that same IP, all of which are likely to be malicious.
| advrzc.myftp.org |
| amyoau.myftp.biz |
| aokljwwsap.serveftp.com |
| bgocodwsiu.myftp.org |
| bpknbvmc.serveftp.com |
| cjhkxfpdw.serveftp.com |
| cvxeitw.serveftp.com |
| cxrhtcau.myftp.biz |
| czwaiys.myftp.org |
| dhdwjwve.myftp.org |
| djqlcce.myftp.org |
| drituglgjh.serveftp.com |
| drpmsmt.serveftp.com |
| ehetlmna.myftp.biz |
| euimho.serveftp.com |
| fvyzhy.serveftp.com |
| hljozqutc.myftp.org |
| hlwswbaap.serveftp.com |
| hwtlzdxic.serveftp.com |
| idoplhj.serveftp.com |
| iyrseedlt.myftp.biz |
| lkuvivr.myftp.biz |
| lxeoic.myftp.org |
| orrlnypdvz.myftp.biz |
| osuqlc.myftp.org |
| plwxycxij.myftp.org |
| pmkawqgvob.myftp.org |
| puifnjav.myftp.biz |
| sbrckuod.serveftp.com |
| thtnuj.myftp.biz |
| ucuqgd.myftp.org |
| uqqyscgq.myftp.org |
| uuzkpb.myftp.biz |
| welfcsuybw.serveftp.com |
| ykypxoub.myftp.org |
| yrziqui.serveftp.com |
| yxoiyjbjt.myftp.biz |
No comments:
Post a Comment