How to Find & Clean Malware

If your website is affected by this recent malware attack, all your website visitors may be redirected and infected with malware. Since not only the website reputation is at stake it is important to address the situation a soon as possible.

MAGEFIX SecurityMalware cleanup & protection

Try our Free site check.

Cleanup steps:

  • Temporary disable the public access to your website, it will prevent reputation damage.
  • Check FTP accounts, SSH access, and Cron jobs.
  • Perform a website backup.
  • Proceed with a thorough cleanup, making sure the are no malware or vulnerable site components left.
  • Check the Google search results for SEO spam by typing “”, where you can replace with your own domain name.
  • Perform a blacklist check using URLVoid or VirusTotal.
  • Restore the site and apply all the available updates.


  1. The scriptsplatform is linked with the clickandanalytics malware, and both attacks may infect all the index.php files across the hosting account. Since cross-site contamination risk is high, it is worth checking if the hosting account contains several other WordPress sites.
    We confirmed several cases of cross-site contamination already.
  2. It’s important to find and remove any backdoor scripts installed – hackers will often come back after a while to regain full website access.
  3. Any suspicious user with administrator rights, plugin, or theme must be carefully reviewed.

Malicious URLs:

Other malicious URLs: ( Cloudflare nameservers, )

Malicious IPs:,,,,,,,,,,,
Bad NS records: –, –,

Bad domains:,,,,,,,,,,,,,,,


Reported by @daniel_sloof

Need help?

Try our Free site check.