Redirecting window.location.href = "htxps:// the malicious campaign address: → https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=MTM0LjI0OS4xMTYuNzhgW24je3gucGhw~enc
Emotet / heodo infesting Word Press website…
Re: https://urlhaus.abuse.ch/url/173243/ 9 to detect: https://www.virustotal.com/en/url/898773e14088e738cc060034a075546b93b8f707faec84755d6cc53deab7acfa/analysis/
download file analysis:
https://www.virustotal.com/en/file/1bfba15c5ddf08da9f0dafbe7569f7c31a3904e07cda9da1bfb25777f154a9f3/analysis/1554369202/
where avast detects: HTML:RedirME-inf [Trj]

pol

Another one partaking in the same malware campaign: https://urlhaus.abuse.ch/url/173231/
Consider: https://sitecheck.sucuri.net/results/gorniy.seofreelancer.ru
-https://videosupers.pro/bot-detect?h=waWQiOjEwMDE5MjMsInNpZCI6MTAwNzI3MSwid2lkIjo5ODk1LCJzcmMiOjJ9eyJ&bbr=1&si1=&si2= / detected apache/2.4.34 (Win32) PHP/7.2.10
On infector Outdated Software Detected
Nginx under 1.15.6

polonus