Clean analytics.js

Our latest reports indicate many sites are infected by malware.
If your site is affected by recurrent contamination:

  • Your hosting account may be affected by cross-site contamination; or
  • Attackers installed backdoor files: signup.php, wp-stream.php and infect JS core files: jquery-migrate.js and jquery-migrate.min.js.
  • Need help? Let us clean your site.

    Before starting a malware cleanup, follow these steps:

    1. Perform a full backup, including core files, plugins, uploads theme and database.
    Avoid using plugins since it may take longer than expected. If you don’t have tech skills, ask your web host to do it.

    2. Disable public access, to protect your data, reputation and visitors.
    Simply add this line inside your main .htaccess file. If you can’t do it, contact your web host.

    deny from all

    A full cleanup guide is available here:

    Most of these attack origin from Ukraine. Here’s an example: – – [09/Mar/2021:19:25:55 +0100] “GET /wp-json HTTP/2.0” – – [09/Mar/2021:19:25:56 +0100] “POST /wp-json/thrive/ HTTP/2.0” – – [09/Mar/2021:23:05:02 +0100] “POST /signup.php HTTP/2.0”

    Malicious domains:,,

    Malicious files:

    var _0x23e9 & var _0x2825 malware:

    Injected wp_posts:

    Malicious URLs:

    Malicious IPs: ( Nice IT Services Group Inc. )
    ASN: AS49447

    Try our Free site check.