A new kit for web-based attacks calling itself Lord EK has been spotted at the beginning of the month. The exploit kit leverages a use-after-free vulnerability in Adobe Flash and relies on the ngrok service that can set up a secure connection to expose to the internet local servers behind NATs and firewalls. The kit uses a compromised website for redirecting to a landing page and it is part of a malvertising chain that uses the PopCash ad network.
Source: https://www.bleepingcomputer.com/news/security/new-lord-exploit-kit-pushes-njrat-and-eris-ransomware/