Latest Mass Compromise of WordPress sites

We are getting lots of questions about the latest mass compromise targeting WordPress sites (redirecting to fake AV) that has affected over 30,000 domains.

The first question is how are these sites getting hacked? On all the cases we analysed, they either had outdated versions of WordPress, or of a plugin. We can safely rule out any new vulnerability on WordPress itself.

We also posted about it a week ago when we detected this malware campaign using .rr.nu domains.

As we promised in the previous post, this is an update to what we are seeing.

More Details

The malicious domains are still pointing to 194.28.114.103 and 194.28.114.102 (same IP’s used by the group behind the sweepstakesandcontestsdo.com and infoitpoweringgathering.com attacks)
More than 200 different .rr.nu domains are being used
We have identified more than 500 variations of the injected URL to random domains names in the .rr.nu TLD:

http://acka38rdact.rr.nu/nl.php http://aising32austral.rr.nu/mm.php?d=1 http://aising32austral.rr.nu/nl.php?p=d http://aising32austral.rr.nu/pmg.php?dr=1 http://aksclo48thinge.rr.nu/nl.php http://anc57erid.rr.nu/mm.php?d=1 http://anc57erid.rr.nu/nl.php?p=d http://anc57erid.rr.nu/pmg.php?dr=1 http://ancisc11oretai.rr.nu/mm.php?d=1 http://ancisc11oretai.rr.nu/nl.php?p=d http://ancisc11oretai.rr.nu/pmg.php?dr=1 http://arcot97icscch.rr.nu/mm.php?d=1 http://arcot97icscch.rr.nu/pmg.php?dr=1 http://arsur59round.rr.nu/mm.php?d=1 http://arsur59round.rr.nu/nl.php?p=d http://asin54grepl.rr.nu/mm.php?d=1 http://asin54grepl.rr.nu/nl.php?p=d http://asin54grepl.rr.nu/pmg.php?dr=1 http://asin54grepl.rr.nu/pmg.php?d=x http://ast85min.rr.nu/mm.php?d=1 http://ast85min.rr.nu/nl.php?p=d http://ast85min.rr.nu/pmg.php?dr=1 http://astre09atyqr.rr.nu/mm.php?d=1 http://astre09atyqr.rr.nu/nl.php?p=d http://astre09atyqr.rr.nu/pmg.php?dr=1 http://astre09atyqr.rr.nu/pmg.php?d=x http://asu31ryc.rr.nu/pmg.php?dr=1 http://ati14onst.rr.nu/mm.php?d=1 http://ati14onst.rr.nu/nl.php?p=d http://ati14onst.rr.nu/pmg.php?dr=1 http://atio79srem.rr.nu/mm.php?d=1 http://atio79srem.rr.nu/pmg.php?dr=1 http://ationi29slands.rr.nu/mm.php?d=1 http://ationi29slands.rr.nu/nl.php?p=d http://ationi29slands.rr.nu/pmg.php?dr=1 http://ationi29slands.rr.nu/pmg.php?d=x http://autho83ritie.rr.nu/nl.php http://ayo39rew.rr.nu/mm.php?d=1 http://ayo39rew.rr.nu/nl.php?p=d http://ayo39rew.rr.nu/pmg.php?d=x http://ban85kmak.rr.nu/mm.php?d=1 http://ban85kmak.rr.nu/nl.php?p=d http://ban85kmak.rr.nu/pmg.php?dr=1 http://bea90utym.rr.nu/mm.php?d=1 http://bea90utym.rr.nu/nl.php?p=d http://bea90utym.rr.nu/pmg.php?dr=1 http://cdeter66minatio.rr.nu/mm.php?d=1 http://cdeter66minatio.rr.nu/pmg.php?dr=1 http://chelpo94landsa.rr.nu/mm.php?d=1 http://chelpo94landsa.rr.nu/nl.php?p=d http://chelpo94landsa.rr.nu/pmg.php?dr=1 http://chread73erspar.rr.nu/pmg.php?dr=1 http://cie69svoi.rr.nu/mm.php?d=1 http://cie69svoi.rr.nu/nl.php?p=d http://cie69svoi.rr.nu/pmg.php?dr=1 http://clear25attra.rr.nu/nl.php http://com04men.rr.nu/mm.php?d=1 http://com04men.rr.nu/nl.php?p=d http://com04men.rr.nu/pmg.php?dr=1 http://comply05artific.rr.nu/mm.php?d=1 http://comply05artific.rr.nu/nl.php?p=d http://dend21ange.rr.nu/mm.php?d=1 http://dend21ange.rr.nu/nl.php?p=d http://dend21ange.rr.nu/pmg.php?dr=1 http://deunce68rtaint.rr.nu/mm.php?d=1 http://deunce68rtaint.rr.nu/pmg.php?dr=1 http://dir39aqi.rr.nu/nl.php?p=d http://dsadva20ntages.rr.nu/pmg.php?dr=1 http://dseede96velopm.rr.nu/mm.php?d=1 http://dseede96velopm.rr.nu/nl.php?p=d http://dwant12sdocu.rr.nu/mm.php?d=1 http://dwant12sdocu.rr.nu/nl.php?p=d http://dwant12sdocu.rr.nu/pmg.php?dr=1 http://eacti41vities.rr.nu/mm.php?d=1 http://eacti41vities.rr.nu/nl.php?p=d http://eacti41vities.rr.nu/pmg.php?dr=1 http://ectors56rushedb.rr.nu/mm.php?d=1 http://ectors56rushedb.rr.nu/nl.php?p=d http://ectors56rushedb.rr.nu/pmg.php?dr=1 http://edu11tch.rr.nu/mm.php?d=1 http://edu11tch.rr.nu/pmg.php?dr=1 http://eepuni61shment.rr.nu/mm.php?d=1 http://eepuni61shment.rr.nu/nl.php?p=d http://eepuni61shment.rr.nu/pmg.php?dr=1 http://eme38dad.rr.nu/mm.php?d=1 http://eme38dad.rr.nu/nl.php?p=d http://enc89efo.rr.nu/mm.php?d=1 http://enc89efo.rr.nu/pmg.php?dr=1 http://enlosu65spicio.rr.nu/mm.php?d=1 http://enlosu65spicio.rr.nu/nl.php?p=d http://enlosu65spicio.rr.nu/pmg.php?dr=1 http://enlosu65spicio.rr.nu/pmg.php?d=x http://ent70als.rr.nu/mm.php?d=1 http://ent70als.rr.nu/nl.php?p=d http://ent70als.rr.nu/pmg.php?dr=1 http://entc97ontr.rr.nu/nl.php?p=d http://ents14publ.rr.nu/mm.php?d=1 http://ents14publ.rr.nu/pmg.php?dr=1 http://erbac03klogwi.rr.nu/mm.php?d=1 http://erbac03klogwi.rr.nu/nl.php?p=d http://erbac03klogwi.rr.nu/pmg.php?dr=1 http://ereaso88nsphas.rr.nu/mm.php?d=1 http://ereaso88nsphas.rr.nu/nl.php?p=d http://ereaso88nsphas.rr.nu/pmg.php?dr=1 http://eregu87latio.rr.nu/mm.php?d=1 http://eregu87latio.rr.nu/nl.php?p=d http://eregu87latio.rr.nu/pmg.php?d=x http://ers49sup.rr.nu/mm.php?d=1 http://ers49sup.rr.nu/pmg.php?dr=1 http://ersepr21essedta.rr.nu/nl.php?p=d http://esarra90ytempe.rr.nu/nl.php http://esed94ownu.rr.nu/mm.php?d=1 http://esed94ownu.rr.nu/pmg.php?dr=1 http://eti10nig.rr.nu/mm.php?d=1 http://eti10nig.rr.nu/nl.php?p=d http://eti10nig.rr.nu/pmg.php?dr=1 http://evaryc13ornerf.rr.nu/pmg.php?dr=1 http://fend10ingd.rr.nu/mm.php?d=1 http://fend10ingd.rr.nu/nl.php?p=d http://ffs06dive.rr.nu/mm.php?d=1 http://ffs06dive.rr.nu/nl.php?p=d http://ffs06dive.rr.nu/pmg.php?dr=1 http://ford53blue.rr.nu/mm.php?d=1 http://ford53blue.rr.nu/nl.php?p=d http://ford53blue.rr.nu/pmg.php?dr=1 http://ged20sha.rr.nu/pmg.php?dr=1 http://gerd84eckpa.rr.nu/mm.php?d=1 http://gerd84eckpa.rr.nu/nl.php?p=d http://gerd84eckpa.rr.nu/pmg.php?dr=1 http://ghl07evel.rr.nu/pmg.php?dr=1 http://gical45exact.rr.nu/mm.php?d=1 http://gical45exact.rr.nu/nl.php?p=d http://gical45exact.rr.nu/pmg.php?dr=1 http://gical45exact.rr.nu/pmg.php?d=x http://gssep81arated.rr.nu/mm.php?d=1 http://gssep81arated.rr.nu/nl.php?p=d http://gssep81arated.rr.nu/pmg.php?dr=1 http://gssep81arated.rr.nu/pmg.php?d=x http://harged63causep.rr.nu/mm.php?d=1 http://hea84dqua.rr.nu/nl.php http://ibl42efar.rr.nu/mm.php?d=1 http://ibl42efar.rr.nu/pmg.php?dr=1 http://icult66uralwr.rr.nu/pmg.php?dr=1 http://iedla63wyers.rr.nu/mm.php?d=1 http://iedla63wyers.rr.nu/nl.php?p=d http://iedla63wyers.rr.nu/pmg.php?dr=1 http://ile68depa.rr.nu/mm.php?d=1 http://ile68depa.rr.nu/nl.php?p=d http://ile68depa.rr.nu/pmg.php?dr=1 http://ilip57feel.rr.nu/mm.php?d=1 http://ilip57feel.rr.nu/nl.php?p=d http://ilip57feel.rr.nu/pmg.php?dr=1 http://ilip57feel.rr.nu/pmg.php?d=x http://ily23visi.rr.nu/mm.php?d=1 http://ily23visi.rr.nu/nl.php?p=d http://ily23visi.rr.nu/pmg.php?dr=1 http://ily23visi.rr.nu/pmg.php?d=x http://ime27glim.rr.nu/mm.php?d=1 http://ime27glim.rr.nu/pmg.php?dr=1 http://ingco06mpris.rr.nu/mm.php?d=1 http://ingco06mpris.rr.nu/nl.php?p=d http://ingco06mpris.rr.nu/pmg.php?dr=1 http://ingg93rant.rr.nu/mm.php?d=1 http://ingg93rant.rr.nu/nl.php?p=d http://ingg93rant.rr.nu/pmg.php?dr=1 http://ingin64terac.rr.nu/mm.php?d=1 http://ingin64terac.rr.nu/pmg.php?dr=1 http://insist18suspen.rr.nu/mm.php?d=1 http://insist18suspen.rr.nu/pmg.php?dr=1 http://ion50mea.rr.nu/mm.php?d=1 http://ionbr82eastna.rr.nu/mm.php?d=1 http://ionbr82eastna.rr.nu/nl.php?p=d http://ionbr82eastna.rr.nu/pmg.php?dr=1 http://ionis90landsi.rr.nu/mm.php?d=1 http://ionis90landsi.rr.nu/nl.php?p=d http://ionis90landsi.rr.nu/pmg.php?dr=1 http://ionis90landsi.rr.nu/pmg.php?d=x http://ionsh64iitet.rr.nu/mm.php?d=1 http://ionsh64iitet.rr.nu/nl.php?p=d http://ionsh64iitet.rr.nu/pmg.php?dr=1 http://ionsh64iitet.rr.nu/pmg.php?d=x http://ippo66npipe.rr.nu/mm.php?d=1 http://ippo66npipe.rr.nu/nl.php?p=d http://ippo66npipe.rr.nu/pmg.php?dr=1 http://ippo66npipe.rr.nu/pmg.php?d=x http://irdcap79turedre.rr.nu/mm.php?d=1 http://irdcap79turedre.rr.nu/nl.php?p=d http://irdcap79turedre.rr.nu/pmg.php?dr=1 http://irstde24clined.rr.nu/mm.php?d=1 http://irstde24clined.rr.nu/nl.php?p=d http://irstde24clined.rr.nu/pmg.php?dr=1 http://iss79ione.rr.nu/pmg.php?dr=1 http://itioni67nggene.rr.nu/mm.php?d=1 http://itioni67nggene.rr.nu/pmg.php?dr=1 http://itsd81evic.rr.nu/mm.php?d=1 http://itsd81evic.rr.nu/pmg.php?dr=1 http://ive49scor.rr.nu/mm.php?d=1 http://ive49scor.rr.nu/nl.php?p=d http://ive49scor.rr.nu/pmg.php?dr=1 http://ixeld52erlya.rr.nu/mm.php?d=1 http://ixeld52erlya.rr.nu/nl.php?p=d http://ixeld52erlya.rr.nu/pmg.php?dr=1 http://jamess84howntr.rr.nu/mm.php?d=1 http://jamess84howntr.rr.nu/nl.php?p=d http://jamess84howntr.rr.nu/pmg.php?dr=1 http://jitsu17quakec.rr.nu/pmg.php?dr=1 http://jokeli59quorent.rr.nu/mm.php?d=1 http://jokeli59quorent.rr.nu/nl.php?p=d http://jokeli59quorent.rr.nu/pmg.php?d=x http://king35dayv.rr.nu/mm.php?d=1 http://king35dayv.rr.nu/nl.php?p=d http://king35dayv.rr.nu/pmg.php?dr=1 http://lanne44rsacqu.rr.nu/mm.php?d=1 http://lanne44rsacqu.rr.nu/nl.php?p=d http://lanne44rsacqu.rr.nu/pmg.php?dr=1 http://laprot98ocolle.rr.nu/mm.php?d=1 http://laprot98ocolle.rr.nu/nl.php?p=d http://laprot98ocolle.rr.nu/pmg.php?d=x http://lia82tio.rr.nu/mm.php?d=1 http://lia82tio.rr.nu/pmg.php?dr=1 http://ligen92tcusto.rr.nu/mm.php?d=1 http://ligen92tcusto.rr.nu/nl.php?p=d http://ligen92tcusto.rr.nu/pmg.php?dr=1 http://line20arpr.rr.nu/mm.php?d=1 http://line20arpr.rr.nu/nl.php?p=d http://line20arpr.rr.nu/pmg.php?dr=1 http://line20arpr.rr.nu/pmg.php?d=x http://llyim30munity.rr.nu/mm.php?d=1 http://llyim30munity.rr.nu/nl.php?p=d http://llyim30munity.rr.nu/pmg.php?dr=1 http://mitexp80ressman.rr.nu/mm.php?d=1 http://mitexp80ressman.rr.nu/nl.php?p=d http://mitexp80ressman.rr.nu/pmg.php?dr=1 http://mplic48ations.rr.nu/nl.php?p=d http://mputer94izeduni.rr.nu/mm.php?d=1 http://mputer94izeduni.rr.nu/pmg.php?dr=1 http://nati40oncau.rr.nu/mm.php?d=1 http://nati40oncau.rr.nu/nl.php?p=d http://nati40oncau.rr.nu/pmg.php?dr=1 http://ncedt18endse.rr.nu/mm.php?d=1 http://ncedt18endse.rr.nu/nl.php?p=d http://ncello05rjuice.rr.nu/mm.php?d=1 http://ncello05rjuice.rr.nu/nl.php?p=d http://ncho61ragef.rr.nu/mm.php?d=1 http://ncho61ragef.rr.nu/pmg.php?dr=1 http://ndantt54raveled.rr.nu/nl.php?p=d http://nesda25ysmine.rr.nu/mm.php?d=1 http://nesda25ysmine.rr.nu/pmg.php?dr=1 http://ngbe82ntse.rr.nu/mm.php?d=1 http://ngbe82ntse.rr.nu/pmg.php?dr=1 http://ngv83ete.rr.nu/mm.php?d=1 http://ngv83ete.rr.nu/nl.php?p=d http://ngv83ete.rr.nu/pmg.php?dr=1 http://nhanc79emayb.rr.nu/mm.php?d=1 http://nhanc79emayb.rr.nu/pmg.php?dr=1 http://nia91nskg.rr.nu/mm.php?d=1 http://nia91nskg.rr.nu/nl.php?p=d http://nia91nskg.rr.nu/pmg.php?dr=1 http://nic99wel.rr.nu/pmg.php?dr=1 http://nke26ptr.rr.nu/mm.php?d=1 http://nke26ptr.rr.nu/nl.php?p=d http://nke26ptr.rr.nu/pmg.php?dr=1 http://nlygpa40rentsre.rr.nu/mm.php?d=1 http://nlygpa40rentsre.rr.nu/pmg.php?dr=1 http://nom21iesa.rr.nu/mm.php?d=1 http://nom21iesa.rr.nu/nl.php?p=d http://nom21iesa.rr.nu/pmg.php?dr=1 http://nonpro77fitpla.rr.nu/nl.php?p=d http://noti12ceco.rr.nu/nl.php http://nsch47edul.rr.nu/nl.php http://nwin54simpl.rr.nu/mm.php?d=1 http://nwin54simpl.rr.nu/nl.php?p=d http://nwin54simpl.rr.nu/pmg.php?dr=1 http://odity02prince.rr.nu/mm.php?d=1 http://odity02prince.rr.nu/pmg.php?dr=1 http://omatav16oidedti.rr.nu/mm.php?d=1 http://omatav16oidedti.rr.nu/nl.php?p=d http://omatav16oidedti.rr.nu/pmg.php?dr=1 http://omist96smoto.rr.nu/mm.php?d=1 http://omist96smoto.rr.nu/nl.php?p=d http://omist96smoto.rr.nu/pmg.php?dr=1 http://onmyse88lfadvis.rr.nu/mm.php?d=1 http://onmyse88lfadvis.rr.nu/pmg.php?dr=1 http://onran41kingtd.rr.nu/mm.php?d=1 http://onran41kingtd.rr.nu/nl.php?p=d http://onran41kingtd.rr.nu/pmg.php?dr=1 http://onran41kingtd.rr.nu/pmg.php?d=x http://onth92send.rr.nu/mm.php?d=1 http://onth92send.rr.nu/nl.php?p=d http://onth92send.rr.nu/pmg.php?dr=1 http://ood46ara.rr.nu/mm.php?d=1 http://ood46ara.rr.nu/nl.php?p=d http://ordonv12ectorct.rr.nu/mm.php?d=1 http://ordonv12ectorct.rr.nu/nl.php?p=d http://ordonv12ectorct.rr.nu/pmg.php?dr=1 http://orkic86kedgra.rr.nu/mm.php?d=1 http://orkic86kedgra.rr.nu/pmg.php?dr=1 http://orksp44erfor.rr.nu/mm.php?d=1 http://orksp44erfor.rr.nu/nl.php?p=d http://orksp44erfor.rr.nu/pmg.php?d=x http://ose23dco.rr.nu/mm.php?d=1 http://ose23dco.rr.nu/nl.php?p=d http://oul44dbe.rr.nu/mm.php?d=1 http://oul44dbe.rr.nu/pmg.php?dr=1 http://ouvech35oicetim.rr.nu/mm.php?d=1 http://ouvech35oicetim.rr.nu/nl.php?p=d http://ouvech35oicetim.rr.nu/pmg.php?dr=1 http://patib47leimpl.rr.nu/nl.php http://pital40relat.rr.nu/mm.php?d=1 http://pital40relat.rr.nu/nl.php?p=d http://pital40relat.rr.nu/pmg.php?dr=1 http://proc30esso.rr.nu/mm.php?d=1 http://proc30esso.rr.nu/nl.php?p=d http://proc30esso.rr.nu/pmg.php?dr=1 http://quic34kprog.rr.nu/mm.php?d=1 http://quic34kprog.rr.nu/nl.php?p=d http://quic34kprog.rr.nu/pmg.php?dr=1 http://rcles12mainde.rr.nu/mm.php?d=1 http://rcles12mainde.rr.nu/pmg.php?dr=1 http://reda90utho.rr.nu/nl.php?p=d http://renw05insim.rr.nu/mm.php?d=1 http://renw05insim.rr.nu/pmg.php?dr=1 http://rie21rcom.rr.nu/mm.php?d=1 http://rie21rcom.rr.nu/nl.php?p=d http://rie21rcom.rr.nu/pmg.php?dr=1 http://riegar47equire.rr.nu/nl.php http://rin43gco.rr.nu/mm.php?d=1 http://rin43gco.rr.nu/nl.php?p=d http://rin43gco.rr.nu/pmg.php?dr=1 http://rmore79riveru.rr.nu/mm.php?d=1 http://rmore79riveru.rr.nu/nl.php?p=d http://rmore79riveru.rr.nu/pmg.php?dr=1 http://rmore79riveru.rr.nu/pmg.php?d=x http://roduc37edter.rr.nu/mm.php?d=1 http://roduc37edter.rr.nu/pmg.php?dr=1 http://rpo66rat.rr.nu/mm.php?d=1 http://rpo66rat.rr.nu/nl.php?p=d http://rpo66rat.rr.nu/pmg.php?dr=1 http://rtfall80shesdo.rr.nu/mm.php?d=1 http://rtfall80shesdo.rr.nu/nl.php?p=d http://rtfall80shesdo.rr.nu/pmg.php?dr=1 http://rtual46damag.rr.nu/mm.php?d=1 http://rtual46damag.rr.nu/nl.php?p=d http://rwest23pasto.rr.nu/mm.php?d=1 http://rwest23pasto.rr.nu/pmg.php?dr=1 http://saffe83ctedp.rr.nu/mm.php?d=1 http://saffe83ctedp.rr.nu/nl.php?p=d http://saffe83ctedp.rr.nu/pmg.php?dr=1 http://saffe83ctedp.rr.nu/pmg.php?d=x http://sang57leca.rr.nu/mm.php?d=1 http://sang57leca.rr.nu/nl.php?p=d http://sang57leca.rr.nu/pmg.php?dr=1 http://sba15gsed.rr.nu/mm.php?d=1 http://sba15gsed.rr.nu/pmg.php?dr=1 http://sbulle06tsconti.rr.nu/mm.php?d=1 http://sbulle06tsconti.rr.nu/nl.php?p=d http://sbulle06tsconti.rr.nu/pmg.php?dr=1 http://sbulle06tsconti.rr.nu/pmg.php?d=x http://sov75erwh.rr.nu/nl.php http://ssoc16alled.rr.nu/pmg.php?dr=1 http://ssurem70ountai.rr.nu/mm.php?d=1 http://ssurem70ountai.rr.nu/pmg.php?dr=1 http://stec31onomi.rr.nu/mm.php?d=1 http://stec31onomi.rr.nu/nl.php?p=d http://stec31onomi.rr.nu/pmg.php?dr=1 http://sup01port.rr.nu/mm.php?d=1 http://sup01port.rr.nu/pmg.php?dr=1 http://syste98msman.rr.nu/mm.php?d=1 http://syste98msman.rr.nu/nl.php?p=d http://syste98msman.rr.nu/pmg.php?dr=1 http://table89smurd.rr.nu/nl.php http://tabsin60dustryr.rr.nu/mm.php?d=1 http://tabsin60dustryr.rr.nu/nl.php?p=d http://tabsin60dustryr.rr.nu/pmg.php?dr=1 http://tabsin60dustryr.rr.nu/pmg.php?d=x http://tarian13cheese.rr.nu/mm.php?d=1 http://tarian13cheese.rr.nu/nl.php?p=d http://tarian13cheese.rr.nu/pmg.php?dr=1 http://teds91potea.rr.nu/pmg.php?dr=1 http://teep29easi.rr.nu/mm.php?d=1 http://teep29easi.rr.nu/nl.php?p=d http://teep29easi.rr.nu/pmg.php?dr=1 http://teep29easi.rr.nu/pmg.php?d=x http://tel90yget.rr.nu/pmg.php?dr=1 http://terda31ytime.rr.nu/mm.php?d=1 http://terda31ytime.rr.nu/nl.php?p=d http://terda31ytime.rr.nu/pmg.php?dr=1 http://tfo04lio.rr.nu/mm.php?d=1 http://tfo04lio.rr.nu/nl.php?p=d http://tfo04lio.rr.nu/pmg.php?dr=1 http://thurse88eksfact.rr.nu/mm.php?d=1 http://thurse88eksfact.rr.nu/nl.php?p=d http://tin04gobs.rr.nu/mm.php?d=1 http://tin04gobs.rr.nu/pmg.php?dr=1 http://tinc36tion.rr.nu/mm.php?d=1 http://tinc36tion.rr.nu/nl.php?p=d http://tingst30iffles.rr.nu/mm.php?d=1 http://tingst30iffles.rr.nu/nl.php?p=d http://tingst30iffles.rr.nu/pmg.php?dr=1 http://tio63nsc.rr.nu/mm.php?d=1 http://tio63nsc.rr.nu/nl.php?p=d http://tio63nsc.rr.nu/pmg.php?dr=1 http://tio63nsc.rr.nu/pmg.php?d=x http://tirela54tingas.rr.nu/mm.php?d=1 http://tirela54tingas.rr.nu/nl.php?p=d http://tirela54tingas.rr.nu/pmg.php?d=x http://tmatri21xvarfo.rr.nu/nl.php?p=d http://tomoti62veform.rr.nu/mm.php?d=1 http://tomoti62veform.rr.nu/pmg.php?dr=1 http://trill18ionsa.rr.nu/mm.php?d=1 http://trill18ionsa.rr.nu/nl.php?p=d http://trill18ionsa.rr.nu/pmg.php?dr=1 http://ttr92acte.rr.nu/mm.php?d=1 http://ttr92acte.rr.nu/nl.php?p=d http://ttr92acte.rr.nu/pmg.php?dr=1 http://ublic19ations.rr.nu/mm.php?d=1 http://ublic19ations.rr.nu/pmg.php?dr=1 http://ues02the.rr.nu/mm.php?d=1 http://ues02the.rr.nu/nl.php?p=d http://ues02the.rr.nu/pmg.php?dr=1 http://untyh37umane.rr.nu/pmg.php?dr=1 http://uotes98satur.rr.nu/mm.php?d=1 http://uotes98satur.rr.nu/nl.php?p=d http://uotes98satur.rr.nu/pmg.php?dr=1 http://usedfr43ontcapa.rr.nu/nl.php?p=d http://vesc01hang.rr.nu/mm.php?d=1 http://vesc01hang.rr.nu/nl.php?p=d http://vesc01hang.rr.nu/pmg.php?dr=1 http://vesr27epla.rr.nu/pmg.php?dr=1 http://view60open.rr.nu/mm.php?d=1 http://view60open.rr.nu/nl.php?p=d http://view60open.rr.nu/pmg.php?dr=1 http://view60open.rr.nu/pmg.php?d=x http://vitalf68ramewor.rr.nu/mm.php?d=1 http://vitalf68ramewor.rr.nu/nl.php?p=d http://vitalf68ramewor.rr.nu/pmg.php?dr=1 http://waranc72hexcit.rr.nu/mm.php?d=1 http://waranc72hexcit.rr.nu/nl.php?p=d http://waranc72hexcit.rr.nu/pmg.php?dr=1 http://winne99rsenab.rr.nu/nl.php http://xercis32enextad.rr.nu/nl.php http://xingsa51ltpreve.rr.nu/mm.php?d=1 http://xingsa51ltpreve.rr.nu/nl.php?p=d http://xingsa51ltpreve.rr.nu/pmg.php?dr=1 http://yer61spr.rr.nu/mm.php?d=1 http://yer61spr.rr.nu/nl.php?p=d http://you94tfi.rr.nu/mm.php?d=1 http://you94tfi.rr.nu/nl.php?p=d http://zead94mits.rr.nu/mm.php?d=1 http://zead94mits.rr.nu/nl.php?p=d http://zead94mits.rr.nu/pmg.php?dr=1 http://zead94mits.rr.nu/pmg.php?d=x

—

If you’re not sure if you’re infected, do a free website malware scan using SiteCheck

Latest Mass Compromise of WordPress sites – More Details

More Details

About Daniel Cid