Website infected with URL:mal

Dear all,

HOpe you are doing well :slight_smile:

I have 2 websites in my company which are infected with an URL:MAL

No error shows up on the website but when I visit with the free version of avast, adblock pops up with this error:

“We cancel the connexion to tags.stickloader.info because this element was infected by URL:Mal”

Websites are:
serre-acd.ch
and
numeractive.ch

Do you have any idea from where this comes from ?
I am using wordpress with latest version

Thanks a lot,
Florian

We cancel the connexion to [b]tags.stickloader.info[/b] because this element was infected by URL:Mal"
https://sitecheck.sucuri.net/results/tags.stickloader.info

https://www.virustotal.com/gui/url/16a74b3d14a345a0c140b1f3cd6167f06c639665abe3e0b5689632874981b714/detection

16 instances to detect: https://www.virustotal.com/gui/url/44ce3e990b4d703da17cbbe34ec00a78063cbd030e8edbdbb9ffb9eae04f6bb6?nocache=1

Not detected as such here: https://urlscan.io/result/3b3f0863-f1a9-420a-83a8-ae16d4a10811/

Whitelisted websites could, however, contain malware. https://www.abuseipdb.com/check/188.114.96.3

As for in the "cloud’, these same entities sometimes also provide cloud servers and mail services
which are easily abused. Pay special attention when trusting or distrusting these IPs.

Moreover here this link has a blacklist status: https://quttera.com/detailed_report/tags.stickloader.info
because of Threat name: S.HttpRedir.gen

polonus

uBlock origin also blocking this website

Well you have issues with both sites. Botnet malware. Extremely dangerous. [EDIT: Avast Free blocked both sites]

DO NOT VISIT

See attached jpgs attached below.

Suggest getting service at a website that specializes in cleaning infected websites. https://sucuri.net/ Other such available online.

Referenced Blacklisted Domains
-horions.com 3 to flag: https://www.virustotal.com/gui/url/22def217dac3897530a28e5bc70ecf8f607c8171722aa730f724c8639ef053a6
Not being flagged here: https://urlscan.io/result/0561bc94-34c5-474b-867a-2eded6b3df1b/#transactions

Avast does no longer flag htxps://numeractive.ch/fr/ now. https://www.virustotal.com/gui/url/b8c1f331b0c9822109e57a8789e5fdda7734723b010b9f8d6b07aa2c3251a128?nocache=1

Anyway, this is now flagged by 10 vendors: https://www.virustotal.com/gui/domain/stickloader.info
Has this -https://www.cloudflare.com/5xx-error-landing (CloudFlare Brazil - reported allthough whitelisted)

Title: Cloudflare abuse. 188.114.97.3 was found in our database! (with port-scanning, hacking, Phishing Volksbank, etc.).

polonus

Read on this threat here: https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-031

Info credits go to: Cyber Security Agency of Singapore

polonus