Malware update –

Quick malware update: The site (nice name) is being used to distribute SEO spam and malware (Rhe famous fake AV, say it ain’t so).

You can get details of the code being used here:

$links = base64_decode(file_get_contents($outsourceurl));

Most of the time, it is inserting an eval(base64_decode inside the template-loader.php file from WordPress.

The malicious site is hosted at

Suggestion for hosting companies: Block this IP.

Scan your website for free:
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.