Drive-by download attacks have been going on since at least 2014. Campaigns are an essential part of the underground ecosystem because they feed potential new victims into the infection funnel which ultimately translates into revenues for online criminals. During its course, we noted several different exploit kits being pushed by this campaign. The redirection infrastructure had very distinct patterns and shared many of the same server IP addresses over time. We also saw the evolution from dynamic DNS (via sub domains) to domains on dubious top-level domains (TLDs)”]
Source: https://blog.malwarebytes.com/threat-analysis/2017/01/a-look-back-at-the-zyns-iframer-campaign/