How to Remove classicpartnerships.com Malware

Last updated: April 21 2022

A new malicious attack is ongoing, this time using the classicpartnerships[.]com domain name.
So far, more than 115 sites are found to be infected with this malware, as reported by PublicWWW.

Try our Free site check.

Cleanup guide is available here:
https://guides.magefix.com/2022/02/ads-specialadves-com-malware/

3/10/2020
Most of the sites affected by classicpartnerships malware, are also affected by SEO spam Japanese keyword hack.
To check the search results, type this in the Google search bar: site:example.com, replacing example.com with your domain name.

Malicious URLs:
hxxps://walk.classicpartnerships[.]com/run.js
hxxps://open.classicpartnerships[.]com/close.js
hxxps://white.classicpartnerships[.]com/refer.php?from=56
hxxps://white.classicpartnerships[.]com/rec.php?from=437
hxxps://simple.classicpartnerships[.]com/ping/
hxxps://scripts.classicpartnerships[.]com/train.js
hxxps://scripts.classicpartnerships[.]com/callme.js
hxxps://event.classicpartnerships[.]com/some.php?id=436&pid=22&sid=4363
hxxps://event.classicpartnerships[.]com/c.php?id=325-34675473-24-6758
hxxps://event.classicpartnerships[.]com/s.php?id=463-24-745783-2
hxxps://event.classicpartnerships[.]com/go.php?id=5325-1285453-12-334
hxxps://rosevertical[.]online/go/mvrtkmbvmi5denbs
hxxps://greatvernando[.]space/?p=gfsdczjwgy5gi3bpgy4tanq
hxxps://di3[.]biz/sw/w1s.js

Malicious IP: 45.9.150.78, Nice IT Services Group Inc.

Domains: dreamtennager.online, clarifyspotify.online, famousletterss.online, bluetopperer.online, cqwajn.com, greentopperer.online, gregoryfavorite.top, gregoryfavorite.fun, bollingerjack.top, bollingerjack.fun, bollingerjack.space, bluewallet.space, cripledream.space, 0.greatvernando.space, 0.rosevertical.space, 0.velvetking.space, fastred.biz, bigsoul.biz, serch07.biz, di3.biz, lowrance.top.