Listen to this Post
A recent phishing campaign using Google Ads is targeting users of ManageWP, LLC. The attackers are employing two malicious domains:
- menagewp[.]com (ad URL and redirect)
- orion[.]manaqewp[.]com (phishing page)
The phishing domain closely mimics the legitimate orion.managewp.com, with the letter ‘g’ replaced by ‘q’. Threat actors harvesting ManageWP credentials could compromise WordPress websites for malicious purposes.
You Should Know:
1. Detecting Phishing Attempts
- Check URLs Carefully: Always inspect the domain name for subtle typos (e.g., `manaqewp` vs.
managewp). - Use WHOIS Lookup: Verify domain registration details:
whois manaqewp.com
- Browser Extensions: Install PhishFort or Netcraft Extension to detect phishing sites.
2. Securing ManageWP & WordPress
- Enable Two-Factor Authentication (2FA):
</li> </ul> <h1>For Linux users, use Google Authenticator:</h1> sudo apt install libpam-google-authenticator google-authenticator
– Monitor Active Sessions:
<h1>Check active logins on Linux:</h1> who last
– Block Malicious Domains via Hosts File:
sudo nano /etc/hosts <h1>Add:</h1> 127.0.0.1 menagewp.com 127.0.0.1 orion.manaqewp.com
3. Analyzing Malicious Ads
- Extract Ad Metadata:
curl -sI "http://menagewp.com" | grep -i "location"
- Inspect SSL Certificates:
openssl s_client -connect orion.manaqewp.com:443 | openssl x509 -noout -text
4. Reporting Phishing to Google
- Submit malicious ads to Google’s Phishing Report Tool:
https://safebrowsing.google.com/safebrowsing/report_phish/
What Undercode Say
Phishing remains a critical threat, especially when attackers exploit trusted platforms like Google Ads. Always verify URLs, enforce 2FA, and monitor network traffic. Linux commands like
whois,curl, and `openssl` help analyze threats, while browser extensions add an extra layer of security. Stay vigilant—attackers evolve, but so do defenses.Expected Output:
- Malicious domains blocked in
/etc/hosts. - Phishing ads reported to Google.
- 2FA enabled on ManageWP accounts.
- Suspicious domains investigated via WHOIS and SSL checks.
Relevant URL:
References:
Reported By: Jeromesegura Malvertising – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅Join Our Cyber World:
- Extract Ad Metadata:



