Are these domains flagged seen the Crypt00-PHP Malware blackhat SEO campaign?

-anythingforwp.com
-awesome4wp.com
-bestnulledscripts.com
-dailynulled.com
-freeforwp.com
-freemiumscripts.com
-getnulledscripts.com
-izplace.com
-mightywordpress.com
-nulledirectory.com
-nulledlistings.com
-nullednet.com
-nulledstylez.com
-nulledwp.com
-nullit.net
-topnulledownload.com
-websitesdesignaffordable.com
-wp-nulled.com
-yoctotemplates.com

Read here: https://forum.avast.com/index.php?topic=52252.msg1153265#msg1153265
and https://www.mywot.com/en/forum/51652-cryptophp-backdoored-pirated-cms-plug-ins-used-for-black-hat-seo

The concept and practices with SEO Spam aren’t new, the scale of this campain with thousands and thousands of website CMS backdoored is however new and unseen.

polonus

The following websites host the actual plug-in and theme files used for direct download:
-bulkyfiles.com
-linkzquickz.com"

polonus

P.S. Consider: https://www.google.com/transparencyreport/removals/copyright/domains/bulkyfiles.com/

Regarding Drupal org downloads the situation was not that bad:

We have only found Drupal themes containing the CryptoPHP backdoor. The backdoor can be found in the ‘template.php’ file, at the very bottom of the file a PHP snippet can be found similar to this:

<?php include('images/social.png'); ?>
At first site all code could look fine, allthough a theme with CryptoPHP can still be there. Full repo checkout should be performed. Abuse by those that malcreate software to spread pseudo-free malcode always has been and will be part of the software world. It is just injecting links to ruin your Google rep.

polonus