I am trying to help my mom with her website, however I am not familiar with WordPress and the ecosystem around it.

What I noticed is that Facebook is not scraping a page correctly which lead me to inspect the page and notice a strange <div> elemen before the <!DOCTYPE html> declaration.
The div contains a bunch of random links.

So my question is – what might be the reason that those links get prepended to the html response? What in the WordPress ecosystem is able to add in those? I am also assuming that there could be a malicious intent on the hosting side of things – from whoever owns the hosting.

I inspected the wordpress code and the theme code, but wasn’t able to find anything that would add code even before the <!DOCTYPE html> declaration.
I have access to the admin user on wordpress and to a cpanel, which aside from File Browser and DB I haven’t used much before.

Any help is appreciated.

Sample article (it’s in Bulgarian but that should be irrelevant):

This is the div I see at the top of the page:

<div style="display:none">
    <a href="https://blog.routelink.net.id/wp-includes/js/uploads/">situs zeus379</a>
    <a href="https://gugustugas.riau.go.id/depan/images/thailand/"slot thailand</a>
    <a href="https://ketapang.serdangbedagaikab.go.id/wp-includes/js/thai/">slot server thailand</a>
    <a href="https://www.ust.ac.id/wp-includes/js/qris/">slot qris</a>
    <a href="https://dekranasda.solokkab.go.id/assetsBeranda/scss/uploads/?level=zeus379">https://dekranasda.solokkab.go.id/assetsBeranda/scss/uploads/?level=zeus379</a>
    <a href="https://puskesmas-jati.kuduskab.go.id/wp-includes/js/uploads/">slot gacor maxwin</a>
    <a href="https://simbok.anambaskab.go.id/storage/post/uploads/">zeus379</a>
    <a href="https://gugustugas.riau.go.id/uploads/jepang/">slot jepang</a>
    <a href="https://bappeda.sintang.go.id/wp-content/upgrade/">slot server jepang</a>
    <a href="https://ketapang.serdangbedagaikab.go.id/wp-content/upgrade/demo/">slot demo</a>
    <a href="https://gugustugas.riau.go.id/js/dana/">slot dana</a>
    <a href="https://gugustugas.riau.go.id/depan/js/sgacor/">slot gacor</a>
    <a href="https://bappeda.sintang.go.id/wp-content/plugins/demo/">demo slot</a>
    <a href="https://jurnal.unisa.ac.id/files/uploads/">slot maxwin</a>
    <a href="https://gugustugas.riau.go.id/depan/uploads/">slot gacor 4d</a>
</div>