Website Potentially Compromised?

I work for an MSP and a customer received a spoof email that contained links to their own website. However the links have some additions which don’t look right to me.

If you look at the screenshot you can see the top image is the normal member login page URL. The second image is the links contained in the email. The bottom image is what they resolve to once you go to them.

Is this a sign of a compromised website?

Any help is appreciated!

Screenshot 2024-01-18 154256

Apologies this is the correct screenshot.

Screenshot 2024-01-18 154807

Welcome to the Cloudflare Community. :logodrop:

What you see is unlikely to be an indicator of compromise, but that determination is impossible to make with the minimal information provided.

You may want to engage with your WordPress consultants to gain better understanding of why you are seeing the octothorpe in the URL where you are apparently not expecting it.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.