KongTuke on compromised WordPress sites, DDOS Botnets and Cybercriminal Feuds

Ctrl-Alt-Intel discovered an unauthenticated C2 panel (107.158.128.79) exposing 219 compromised web servers and 4,229 commands; the operator used these WordPress compromises to deploy a malicious plugin (z.php) that staged ClickFix/KongTuke JavaScript (windlrr.com / nitzschi.com), enrolled sites into a Mirai-variant botnet via a downloader (ohshit.sh from 45.141.26.73), and directed mass HTTP-floods against government and rival cybercrime sites; the report includes full command logs, victim metadata (including TGI Fridays), IOCs, and ATT&CK mappings.