If your site is currently affected by coolgiftforyou.life redirect malware, you may consider checking theme files, particularly functions.php and template-config.php.
functions.php may have some “good” code left, so make sure you’ll delete malicious lines only. template-config.php is completely malicious.
This type of malware gets triggered when users click on a page, so it’s not automated, opening a new tab which will be redirected to malicious sites.
The original tab remains intact, so chances are high that users will not report it.
You may have a look at our latest cleanup tutorial, if you’re researching on how to clean coolgiftforyou malware:
https://guides.magefix.com/2021/06/clean-driverfortnigtly-malware/
Malicious URLs:
https://coolgiftforyou.life/?u=mr1kd0x&o=f5pp7z3&t=p&cid=2vqmfb93l8qrds
https://thebigest-prizehere2.life/?u=t0apte4&o=znab73
bigprizes-day3.life/?u=ma4pd0d&o=f1v8ykn
take-yourbonuse-now2.life/?u=29ekae3&o=yg0pfzp
mega-prize-area6.life/?u=31epbev&o=pdak7bf
grand-prise-ishere4.life/?u=kcdweky&o=cawpazh
getprizes-now4.life/?u=hufpaew&o=lk2kb0q
higet-prizenow3.life/?u=lr5kaew&o=h578zym
claim-your-prise6.life/?u=xbepd0x&o=bln0lvu
youget-prizes-here2.life/?u=2tgp605&o=y7dk6zp
super-date-here1.com/?u=qt2pd0d&o=wq4wby4&t=hru1
thebigest-prizehere2.life/?u=t0apte4&o=znab73z
findbestyourladies.com/?u=kcdweky&o=ca0pazm
grand-prizes.life/?u=a2ep60t&o=nx8ke99&cid=10odp3u3q988e
bestbenefitsnow.life/?u=lb8k605&o=hybpdzu&m=1&t=2207
best-real-lady.com/?u=0uvw2k7&o=1enrcqk
hotdating-expert.com/?u=ch98kwf&o=kxdwrnu
flirtylocalgirl1.com/?u=5abkd0x&o=gcbpezr
yourdatings4adults1.com/?u=du6paew&o=vkyty5d
gamesex.fun/?u=00lktee&o=1vtma4z
gifthere-now.life/?u=gl0pd0x&o=5b5wknu
lovely-singlelocators.com/?u=7k78hwq&o=ezewunm
vip-datingnow.com/?u=0uvw2k7&o=1enrcqk&t=push
secretsflirt-contact2.com/?u=g8xp605&o=59ykrgm&t=d_xyzxx
secrets-flirtgirl.com/?u=e89p605&o=7yukbz8
take-prizes-now.life/?u=n0tw0k9&o=ane2ycc
findyourmatch.life/?u=tcbkd0x&o=z68pwzz&m=1&t=gallery
datingstarspace.life/?u=z33nu1f&o=thepxe9&m=1&t=035&cid=035
localdatingclub.life/?u=m2lpd0x&o=fx4kbzp&m=1&t=new&c_id=145875307
https://x0dk1rm.meantboneready.top/media/mainstream/all/mb/bootstrap-mini.css
Malicious domains ( first batch ): your-cams-here2.com, bestyourcams.com, extra-prize.life, win-extra-box.life, yourwinningshere.life, prizes.life, gainwinhere.life, yourbigexplosivewin.life, getprizes-now4.life, luckygain.life, coolgiftforyou.life, methodofyourprofit.life, featurewinning.life, super-pizes.life, gifthere-now.life, bestprizesfinder.com, hellowinner12.com, check-prizes4you.life, prizes-4your1.life, prizes-finders.life, real-great-prizes3.life, spotforprizesthere1.com, your-hot-men.com, win-prizes-4now1.life, todayprizesbest.com, your-fast-prize.com, find-topprizes-here.life, winyour-prizes3.life, takeprizesnow1.com, thebigest-prizehere2.life, big-prizes-day-now.life, honeyprize-foru.life, claimyour-prize3.com, prizes-are-here.life, topprizes4you.com, claimyour-prizes-here.life, take-yourprizeshere-now.com, find-your-prizes.com, segmentspaceserve.top, take-prizes-now.life.
Malicious domains ( second batch ): claimwalkfield.top, agodistantanimal.top, agovisitdivide.club, aircornereffect.club, amongloudspot.club, anbitact.club, appearhopelife.top, batexercisebread.top, beautyconditionman.club, beautyrockstate.club, begansimilarproper.top, bellsoground.club, bestbrownbright.top, blackwaterrequire.club, boardoutfrom.top, bottomsuitas.top, burnteethevening.club, caughtinsectoxygen.top, agreeamongmoon.top, hillfullrain.top, rockendmaster.top, callcontainproduce.top, winterdiscusssent.top, planewhereshould.top, goodsailstream.top, guessglasstemperature.top, setrequirequotient.top, pressbrotherbut.top, pricewaterrope.top, oldswimexercise.top, glasscalltwenty.top, travelcrysoldier.top, frontbearcountry.club, centhairmine.club, veryenemyget.top, whosetenshape.top, booktripdog.top, bottomwriterhard.top, funlastwas.top, shapefathershoulders.top, oceanindustryradio.top, chairseemunit.live bankmessageplease.top, observesuncurrent.top, angerfacemagnet.top, replybeenseveral.top, rubhadcourse.top, locatereachslow.top, symbolthatcaptain.top, completeviewthing.top, youngtrueball.top, gentleheadsystem.top, deadandpress.live supportcleartrade.top, surfacegranddark.top, coolwildend.top, explainsettleissue.top, placepossiblegroup.top, appearrockfail.top, anysmellsoil.top, betweentiemix.top, jobballwhat.top, headseasonmiddle.top, hadpopulatesegment.top, sellverbman.top, whatnotfew.top, beautytookvoice.top, melodyelementend.top, milknecessarytoo.top, wishpatterntube.top, handwatercent.top, copyrequirecolour.top, forwardarearound.top, numbersurfacecopy.top, characterwhatnever.top, stretchpatternkey.top, lowforwardevent.top, coattypepattern.top, oxygencaptainlocate.top, tubecutdesign.top, laughbasemusic.top.
Malicious domains ( third batch ): bestprizezone.life, cams-here.life, coolgiftforyou.life, extra-bonus-here.life, best-mainstream-place.life, yourprize.life, takeprizesnow.life, great-winningfuture.life, gloriouswinner.life, get-superprizes-here.life, ruleofyourprofit.life, primerprizezone.life, yourbig-win.life, onemoretest2.top, bonushutering.life, best-bonus-place.life, coolgift4you.life, winprizes-here.life, find-your-prizes.com.
Malicious IPs: 5.189.217.0/24, 5.188.178.10, 5.188.178.75 ( Fast Content Delivery LTD ), 31.44.185.251 ( WebLine LTD ), 5.189.217.115.
Malicious ASNs: AS35029, AS209813.