PublcWWW reports there are 5,482 sites infected with the cloudflare.solutions malware. The main page of this domain now says: This server is part of an experimental science machine learning algorithms project The Cors.js script adds a handler to every input field on the websites to send its value to the attacker (wssss://cloudflare[.]solutions:8085/) when a user leaves that field. The only sketchy thing is that the script loads the Yandex.Metrika (Yandexs alternative to Google Analytics). Most likely it is done to track the infected sites.”]

