I have a javascript injection on my website that prompt a risk message in Chrome and Firefox and when you accept the risk redirect to some other websites.
GOTMLS does not detect it. So I scanned the website with Sucuri who detected the malware.
Here is the link to the malware definition from secury: entry/MW:BLK:2
That is not a link to a malware definition, that is just a generic label that sucuri assigns to that type of infection.
Can you please give me some information that will enable me to help you with this issue (infected URL, link to sucuri scan results, or you installation key for this domain)? Feel free to contact me directly if you do not want to post this on my public forum.
When I go to the homepage, I get redirected to mysite.com/si.php and then redirect to some other set of links (such as wasbewitchedby.tk/index/?1641501770611)
The installation key is: 2a21090ca3d9ddb0fe704edc32c6517e
How do I contact you privately?
Sorry but I did not get your email.
The MW:BLK:2 label that you first asked me about refers to a blacklisted domain which is used in your Newspaper theme’s header and footer to load remote scripts from fastestwaytocome.com.
These external scripts were probably hacked to redirect traffic to those other sites.
First check the origin install files for that theme that you downloaded from their site to see if those script references were injected into your copy or if there were an intentional part or the theme’s design. Then remove those scripts from the header and footer to see if that stop the redirects.
Also, please send me a copy of those infected header and footer files. You can email me directly:
eli AT gotmls DOT net
