Has the domain digitalclimatestrike.net been taken over? Now serving ads

Question

Has the domain digitalclimatestrike.net been taken over? Now serving ads

akirk opened this issue 4 years ago · 8 comments

The code for the widget is <script src="https://assets.digitalclimatestrike.net/widget.js" async></script> and it looks like https://assets.digitalclimatestrike.net/widget.js tries to serve ads from https://gladdiator.io/.

The Domain data has been updated on January 13, 2021:

$ whois digitalclimatestrike.net
   Domain Name: DIGITALCLIMATESTRIKE.NET
   Registry Domain ID: 2422473382_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.namesilo.com
   Registrar URL: http://www.namesilo.com
   Updated Date: 2021-01-13T22:33:34Z

Did you lose control over the domain?

ursulac commented 4 years ago

Us too

Answer 1 · 2021-01-19T12:17:15.000Z

yes, yes. it not only tries. it actually does.
urgent action required.

Answer 2 · 2021-01-19T15:42:20.000Z

Hi,

We still had the widget embedded on our website, and we started seeing strange ad pop-ups today. We've removed the link to the widget's JS from our website in order to resolve the issue. But this was a rather ugly surprise. Have you all let the digitalclimatestrike.net domain lapse? Or has someone hijacked the domain's DNS?

I guess if the domain now belongs to someone else, there's not much that can be done. But if you all could get the domain configuration back under your control, that would be really good. We're obviously not the only ones to have added the widget to our website and then forget that it was there.

Best wishes,
-Ian Macdonald

Answer 3 · 2021-01-19T16:25:29.000Z

Hey,

also happened to us.

All the best,
Sebastian

Answer 4 · 2021-01-19T18:16:02.000Z

I can confirm this, too. Happend today on my homepage and removed the widget immediately.

Answer 5 · 2021-01-19T19:13:50.000Z

Can also confirm this, shame this happened.

Answer 6 · 2021-01-24T13:54:45.000Z

Same here, please check if the footer.php / header.php of Wordpress Themes or similiar places still contains the script. In some websites the script was inserted directly. The redirect is not persistent, often the next page load is normal and the existing infection is not further detected.

Answer 7 · 2021-01-26T13:38:19.000Z

It looks like the domain got resold - real shame and even though the date has now passed, it's probably worth the organisers spreading the word on their website (which still advertises the code).