Description:We are seeing many compromised sites with remote javascript injected on it. The domains injected are random, but the files hosting the malware generally end with mltools.js, jstools.js or sidename.js.
They are used to infect users visiting the hacked sites to redirect them to Fake AV/Pharma Spam and multiple exploit kits.
Domains: