Hello,

I found two <script> elements that produced the ads in the html for
www.counterculturelabs.com.
One is:

<script async src="https://js.onclckmn.com/static/onclicka.js"
data-admpid="171393"><script type="text/javascript">

and the other is

<script type='text/javascript'
src='//abashfireworks.com/35/f1/c2/35f1c209595f2fcdf8f067a0f5e11d09.js'></script>

There are other suspicious lines, like:
<link id="wsite-base-style" rel="stylesheet" type="text/css"
href="//cdn2.editmysite.com/css/sites.css?buildTime=1714421746" />
and I'm sure there's more.

Looks like your site is managed by Weebly. Either your credentials
have been compromised and someone has access to your site, or Weebly
has been compromised in some way.

Log into Weebly and check the edit history.

Alex


On Wed, May 1, 2024 at 1:28 PM Edwinsaurus via sudo-discuss
<sudo-discuss@sudoroom.org> wrote:
>
> Can someone who knows malware please check out the CCL website:
> https://www.counterculturelabs.org/
> There appears to be malware generating pop ups infecting the site.
> I'm sure that someone at Sudo will know exactly what bugspray to use, thanks.
> _______________________________________________
> sudo-discuss mailing list -- sudo-discuss@sudoroom.org
> To unsubscribe send an email to sudo-discuss-leave@sudoroom.org
> More options at https://sudoroom.org/lists/postorius/lists/sudo-discuss.sudoroom.org/
_______________________________________________
sudo-discuss mailing list -- sudo-discuss@sudoroom.org
To unsubscribe send an email to sudo-discuss-leave@sudoroom.org
More options at https://sudoroom.org/lists/postorius/lists/sudo-discuss.sudoroom.org/