Problem blocking my site because of HTML: Iframe-inf

[elkooora]

Problem blocking my site because of HTML: Iframe-inf
https://elkooora.com/
https://yallashoot-live.today/
http://dawsha-tv.com/

The problem only appears inside the articles
Please help me to solve this problem

[Pondus]

3 suspicious inline scripts found.  >>  https://unmask.sucuri.net/security-report/?page=elkooora.com

Sucuri site check  >>  https://sitecheck.sucuri.net/results/https/ar.elkooora.com


Sucuri  >>  https://sucuri.net/

[polonus]

I get a  301 Moved Permanently now -> https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=e2xrXV1dfXwuXl1tYA%3D%3D~enc
Then URLs that redirect found in: -https://ar.elkooora.com/

1: -http://view.vzaar.com/ -> -https://www.dacast.com/?from=vzaar
DOM-XSS scan results: Results from scanning URL: -http://view.vzaar.com/
Number of sources found: 40
Number of sinks found: 442
&
Results from scanning URL: -https://www.dacast.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
Number of sources found: 41
Number of sinks found: 17

Another domain on that same IP address is unavailable because of legal restrictions:
-https://studenti.win/tema/arte/ Access from your country is restricted, please try again later.

Shared query link: https://websniffer.cc/?url=https://ar.elkooora.com/
I do not see that particular site uri blocked by avast's.

Consider: https://sitereport.netcraft.com/?url=https://ar.elkooora.com

SRC scan: HTML
-ar.elkooora.com/
45,195 bytes, 743 nodes

Javascript 7   (external 3, inline 4)
INLINE: (function() { let alreadyInsertedMetaTag = false function __insertDappDete
1,238 bytes

INLINE: (function(s,u,z,p){s.src=u,s.setAttribute('data-zone',z),p.appendChild(s);})(doc
193 bytes

-iclickcdn.com/​tag.min.js
INLINE: /*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license
226,453 bytes

-ar.elkooora.com/​g4z4lagmnbj
INLINE: (function(d,z,x,s,e,o){s.src='//'+d+'/tag.min.js';x.open('GET','//'+d+'/apu.php?
427 bytes

-graizoah.com/​tag.min.js
CSS 6   (external 4, inline 2)
-ptoushoa.com/​styles.css?aHR0cHM6Ly92aWF0ZXBpZ2FuLmNvbS9hcHUucGhwP3pvbmVpZD0zMzM2Njc5
INJECTED

-ptoushoa.com/​bootstrap.css?aHR0cHM6Ly92aWF0ZXBpZ2FuLmNvbS9hcHUucGhwP3pvbmVpZD0zMzM2Njc5
INJECTED

INLINE: @media print {#ghostery-purple-box {display:none !important}}
61 bytes INJECTED

-ar.elkooora.com/wp-content/themes/Final/​style.css
INJECTED

-kit-pro.fontawesome.com/releases/v5.12.0/css/​pro.min.css
INJECTED

INLINE: :root #AdsDiv {display:none !important;}
40 bytes INJECTED -> compare: -https://pastebin.com/59SsDvva

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[polonus]

Nothing detected here: https://quttera.com/detailed_report/shoot-yallaa.live
Nor here: https://www.virustotal.com/gui/url/561b04bae606df6a565008b5a735c7dec6bf7dd5c4a6be8adecfcca552320fdf
Not flagged by Avast's either.

But this needs attention of website maintenance: Retire.js

moment.js   2.22.2   Found in -https://shoot-yallaa.live/wp-content/themes/AlbaYallaShoot/js/AlbaSport.js?ver=7.0 _____Vulnerability info:
high   This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. CVE-2022-24785 GHSA-8hfj-j24r-96c4   1
high   Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4 CVE-2022-31129 GHSA-wc69-rhjr-hc9g

A 403-error was met at https://sitecheck.sucuri.net/results/https/shoot-yallaa.live  (scan failed). Could be CloudFlare's doing.

Also this was found - Buy Sleeping Pills Online UK | Effective Insomnia &amp; Anxiety Medication
HTTP/1.1 200 OK
Date: Wed, 11 Sep 2024 16:59:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
link: <https://webpharmacy.co.in/wp-json/>; rel="https://api.w.org/"
link: <-https://webpharmacy.co.in/wp-json/wp/v2/pages/2>; rel="alternate"; title="JSON"; type="application/json"
link: <htxps://webpharmacy.co.in/>; rel=shortlink
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"-https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ZBQtFEWsMvDQI6Thj6e9KS389wdY%2BDKogw7fEzpsgg8MCS35ohz2UG6%2FfhjceBMTV1Qit5BLBeBSxpjGfKCOicdFNUU0PYF3U%2BZRI88N0%2B3dV0myW8sUfDAML9D3n31d2GY%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c19352b4920533d-LAX
alt-svc: h3=":443"; ma=86400

polonus

[DavidR]

<a href="hXXps://shoot-yallaa.live/" aria-current="page">Yalla Shoot Live</a>

@ elkooora

Please break active links for all links to suspect sites to avoid accidental exposure, only post the domain-name or change the https to hXXps to break the link (as I have in the above quote.

Failure to do so may result in the posts being removed.