Researchers have identified a credit-card skimming campaign that s been active since mid-April. The campaign seems to be exploiting an older version of ASP.NET, version 4.0.30319, which is no longer officially supported and contains multiple vulnerabilities. In most cases, attackers were seen injecting the skimming code directly into the compromised JavaScript library of the affected site, though in some cases it was loaded remotely. The attackers loaded the skimmer from the remote domain thxrq[.]com.
Source: https://threatpost.com/credit-card-skimmer-imicrosoft-asp-net/157201/