Phishing malware

Website, Application, Performance Security
1

System info

IP addresses

104.21.65.83, 172.67.189.106, 2606:4700:3032::6815:4153, 2606:4700:3033::ac43:bd6a

CDN

Cloudflare

TLS Certificate

Issued by Cloudflare, Inc.

Redirects

Redirects to
https://cdn.discordapp.com/attachments/1086754890530947094/1089146480851439736/NewBrowsers.rar

apparently its a phishing malware that is affecting

how do i remove it ?
pls click menu and let me know if you see any redirects?
https://supercars.agent4stars.com/search-results-2/

4
  1. Scan your site for any malicious code or files.
  2. Remove the infected files: Once you’ve identified the infected files, remove or clean them. Make sure to create a backup of your clean website files.
  3. Update your software: Ensure that all your website software, including the CMS, plugins, and themes, are updated to the latest version.
  4. Change your passwords: Change all passwords related to your website, including the admin panel login, FTP, and database access, and rotate any API keys.
  5. Review user accounts: Check for any unauthorized user accounts on your website and remove them. Check for page rules redirecting your site to that file download,
  6. Harden your website security: Implement additional security measures, like enabling two-factor authentication, using a Web Application Firewall (WAF), and restricting access to your website’s admin pane

Let us know if this helps & what you find out,

1 Like
5

This has the hallmarks of a redirect rule created using a compromised Cloudflare account.

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.