Easy fix for snow.talkingaboutfirms.ga
Following dontkinhooot.tw contamination, attackers are using now snow.talkingaboutfirms.ga for the latest files and DB injections.
This subdomain points to 45.9.150.77 ( Nice IT Services Group Inc. ).
…
Following dontkinhooot.tw contamination, attackers are using now snow.talkingaboutfirms.ga for the latest files and DB injections.
This subdomain points to 45.9.150.77 ( Nice IT Services Group Inc. ).
…
Numerous sites are affected already by for.dontkinhooot[.]tw & lovegreenpencils malware, directing users to:
https://for.dontkinhooot[.]tw/walkers?id=0092
https://irc.lovegreenpencils[.]ga/55ryery?id=22584&rs=2346
This contamination affects PHP files, JS files, wp_posts tables, site URLs.
…
Thousands of sites are recently affected by lovegreenpencils malware, directing users to:
https://dock.lovegreenpencils.ga/m.js?n=nb5
https://cht.secondaryinformtrand.com/m.js?n=nb5
This contamination affects PHP files, JS files, wp_posts tables, wp_options site URLs.
…
Today we performed several cleanups and at least three new malicious networks were detected:
These domains are pointing to a Russian-based IP address: 45.150.206.251.
…
Another wave of hacks is ongoing, this time under declarebusinessgroup.ga.
A cleanup guide is available here: https://guides.magefix.com/2020/08/go-donatelloflowfirstly-ga/
…