The error that caused all this:

SERVER DETAILS Web Server: LiteSpeed X-Powered-By: PHP/7.3.33 IP Address: 5.22.249.133 Hosting Provider: CJ2-AS, NL Shared Hosting: 500 sites found (use Reverse IP to download list) Title: WordPress rsaquo; Error

See: https://urlhaus.abuse.ch/url/2118874/
Where detection and malware was missed completely:
https://quttera.com/detailed_report/www.duchessadimotta.com

Where at least the install error testpage was mentioned, but malware not flagged: https://sitecheck.sucuri.net/results/www.duchessadimotta.com/wp-admin/setup-config.php

More sites out there where this was being abused for PHISHING → https://maltiverse.com/search;query=404testpage4525d2fdc;page=1;sort=creation_time_desc

polonus (volunteer 3rd party cold reconnaissance website security-analyst and website error-hunter)

Here we see another abuse of this site issue (flagged by PHISH-tank):
https://nab-alert.mobi/404testpage4525d2fdc

See as given as PHISHING Other:
https://maltiverse.com/url/e32453928d9b2a87d76d2fe17e4179c461598bac3ec2d37107861382ff0e474b

10 av-vendors flag here: https://www.virustotal.com/gui/url/e32453928d9b2a87d76d2fe17e4179c461598bac3ec2d37107861382ff0e474b

pol

More flags and IP-flags:
https://maltiverse.com/url/7968607305fe4aff58118017e6cf9f4ee2e561e742155c4f3b3b4c8c2333b0ea

On IP: https://www.virustotal.com/gui/ip-address/67.199.248.13/relations
from: https://sitereport.netcraft.com/?url=https%3A%2F%2Fnab-alert.mobi%2Fnewpayee

pol

Generic malware found up here: https://maltiverse.com/search;query=404testpage4525d2fdc;page=1;sort=creation_time_desc
But not being flagged here: https://www.virustotal.com/gui/url/c835d3011ac9b1c023b3c8442c5f8e62812133d389f0495e349b9d4670337f41/links

polonus