Phishing malware

System info

IP addresses,, 2606:4700:3032::6815:4153, 2606:4700:3033::ac43:bd6a



TLS Certificate

Issued by Cloudflare, Inc.


Redirects to

apparently its a phishing malware that is affecting

how do i remove it ?
pls click menu and let me know if you see any redirects?

  1. Scan your site for any malicious code or files.
  2. Remove the infected files: Once you’ve identified the infected files, remove or clean them. Make sure to create a backup of your clean website files.
  3. Update your software: Ensure that all your website software, including the CMS, plugins, and themes, are updated to the latest version.
  4. Change your passwords: Change all passwords related to your website, including the admin panel login, FTP, and database access, and rotate any API keys.
  5. Review user accounts: Check for any unauthorized user accounts on your website and remove them. Check for page rules redirecting your site to that file download,
  6. Harden your website security: Implement additional security measures, like enabling two-factor authentication, using a Web Application Firewall (WAF), and restricting access to your website’s admin pane

Let us know if this helps & what you find out,

1 Like

This has the hallmarks of a redirect rule created using a compromised Cloudflare account.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.