Iframes generator: http://wordpresstest2.info/1.txt

If your site is loading hidden iframes from *.ftp1.biz/pony, look for a curlor file_get_contents call to http://wordpresstest2.info/1.txt.When you visit this site, it generates random iframes:

http://lsghmr.ftp1.biz/pony (
http://rchscbul.ftp1.biz/pony (

That are displayed on the compromised sites.

Leave a Reply

Your email address will not be published. Required fields are marked *