FM Security Scanner — Forward Multimedia

Malware patterns ClearFake / EtherHiding IOCs Injected scripts Hidden iframes Blacklist status WordPress security Security headers SSL & connectivity

Initialising scan...

— score

Scanning...

Database scanning requires server access

This external scanner checks rendered HTML, scripts, headers, and blacklists. To scan your WordPress database for injected posts, spam options, and malicious content — use the DB Query Pack below.

Database Query Pack — run these in phpMyAdmin

Check IOC strings (ClearFake)

SELECT option_name, option_value FROM wp_options
WHERE option_value LIKE '%quiknode%'
OR option_value LIKE '%lskannsserv%'
OR option_value LIKE '%etherhiding%'
OR option_value LIKE '%ClickFix%';

Check spam posts (casino/gambling)

SELECT ID, post_title, post_status FROM wp_posts
WHERE post_content LIKE '%casino%'
OR post_content LIKE '%slot%'
OR post_content LIKE '%roulette%'
OR post_content LIKE '%crypto%'
OR post_title LIKE '%casino%'
OR post_title LIKE '%slot%';

Check injected scripts in options

SELECT option_name, option_value FROM wp_options
WHERE option_value LIKE '%<script%'
OR option_value LIKE '%eval(%'
OR option_value LIKE '%base64_decode%'
OR option_value LIKE '%document.write%';

Check suspicious users (newest first)

SELECT u.ID, u.user_login, u.user_email,
u.user_registered, um.meta_value as role
FROM wp_users u
JOIN wp_usermeta um ON u.ID = um.user_id
WHERE um.meta_key = 'wp_capabilities'
ORDER BY u.user_registered DESC;

Check spam options (home_links)

SELECT option_name, LEFT(option_value, 200) FROM wp_options
WHERE option_name LIKE 'home_links_custom_%'
OR option_name LIKE '%spam%'
OR option_name LIKE '%inject%';

Broad blockchain/crypto check

SELECT option_name, LEFT(option_value, 300) FROM wp_options
WHERE option_value LIKE '%quiknode%'
OR option_value LIKE '%.beer%'
OR option_value LIKE '%web3%'
OR option_value LIKE '%ethers.js%'
OR option_value LIKE '%blockchain%';