The recent WordPress attacks, using “interestmoments.com” malicious redirect scripts, are linked to the previous one, weatherplllatform attack.
Try our Free site check.
Follow this cleanup guide:
https://guides.magefix.com/2022/09/cdn-weatherplllatform-com/
Malicious URLs
https://short.interestmoments.com/new-way.php
https://long.interestmoments.com/go/diana-way.php?id=670954-3455-834536&pid=2467457&qid=473
https://news.weatherplllatform.com/counter.js?v=3.6.3
https://js.interestmoments.com/scripts/count.js
https://long.interestmoments.com/go/away.php?id=9689546-75-934597645&pid=2324&lid=7933345&from=google
Other URLs:
https://way.specialblueitems.com/src/main.js?v=1.0.1
https://way.specialblueitems.com/src/main.js
https://light.specialblueitems.com/src/step.js?=0.9.8
https://news.weatherplllatform.com/counter.js
way.specialblueitems.com/v8Lsdq?&se_referrer=
way.specialblueitems.com/ghy89Y?&se_referrer=
Malicious automatic downloads:
https://cdn.discordapp.com/attachments/1060587368492580895/1062830652501794867/Setup.zip
Malicious IPs: 193.169.194.63, 159.69.234.10.
Malicious domains: wholegrady.com, thirawogla.com, active-year.com, ill-purchase.pro, frrdlass.com, sarahwestall.com, wirebreeze.com.
https://thirawogla.com/bm3iVx0.Pj3upevvb/m/V_JqZ-DG0v0/NqTJcEylMqjNApwjLVTsQA1wNJzGIgy/MbDOEu
fromCharCode: 104, 116, 116, 112, 115, 58, 47, 47, 108, 111, 110, 103, 46, 105, 110, 116, 101, 114, 101, 115, 116, 109, 111, 109, 101, 110, 116, 115, 46, 99, 111, 109, 47, 103, 111, 47, 97, 119, 97, 121, 46, 112, 104, 112, 63, 105, 100, 61, 57, 54, 56, 57, 53, 52, 54, 45, 55, 53, 45, 57, 51, 52, 53, 57, 55, 54, 52, 53, 38, 112, 105, 100, 61, 50, 51, 50, 52, 38, 108, 105, 100, 61, 55, 57, 51, 51, 51, 52, 53, 38, 102, 114, 111, 109, 61, 103, 111, 111, 103, 108, 101
fromCharCode: 104, 116, 116, 112, 115, 58, 47, 47, 106, 115, 46, 105, 110, 116, 101, 114, 101, 115, 116, 109, 111, 109, 101, 110, 116, 115, 46, 99, 111, 109, 47, 115, 99, 114, 105, 112, 116, 115, 47, 99, 111, 117, 110, 116, 46, 106, 115
AS50321