@liaizon in the case of climatejustice dot social, Virus Total lists quite a few detections (source: virustotal.com/gui/url/626d995 ). From the comments, I see someone claim the admin runs an old version of nginx. It might be the case that the server was hacked at some point and used to run phishing campaigns / spread malware. Something that can definitely be fixed!