« previous next »
Pages: [1]   Go Down

Author Topic: Another crypto jacking website detected.  (Read 2361 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Another crypto jacking website detected.
« on: July 13, 2018, 05:59:32 PM »
Has coinhive mining: https://www.htbridge.com/websec/?id=ArXV2gAW  (see also other insecurity there).

Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C OK

Web Server:
Apache
X-Powered-By:
PHP/5.5.9-1ubuntu4.20
IP Address:
-103.241.4.41
Hosting Provider:
Universitas Sriwijaya 
Shared Hosting:
34 sites found on -103.241.4.41

Externally Linked Host   Hosting Provider   Country   

-www.jikm.unsri.ac.id   Universitas Sriwijaya   Indonesia   

-iakmu.fkm.unsri.ac.id   Universitas Sriwijaya   Indonesia   

-fkm.unsri.ac.id   Universitas Sriwijaya   Indonesia   

-www.akademik.unsri.ac.id   Universitas Sriwijaya   Indonesia

-http://fkm.unsri.ac.id/id
GoogleSafe:
OK   Load:
497ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/
GoogleSafe:
OK   Load:
529ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-https://coinhive.com/lib/coinhive.min.js
GoogleSafe:
OK   Load:
62ms   Server: 104.20.209.59
cloudflare   ASN: 13335 United-States
Cloudflare Inc   Reverse DNS:
-http://fonts.googleapis.com/css?family=Open+Sans:400italic,400,300,600,700
GoogleSafe:
OK   Load:
37ms   Server: 172.217.15.74
ESF   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s63-in-f10.1e100.net
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/css/bootstrapTheme.css
GoogleSafe:
OK   Load:
254ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/css/custom.css
GoogleSafe:
OK   Load:
474ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/owl-carousel/owl.carousel.css
GoogleSafe:
OK   Load:
475ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/owl-carousel/owl.theme.css
GoogleSafe:
OK   Load:
475ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/google-code-prettify/prettify.css
GoogleSafe:
OK   Load:
480ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/modernizr-acd544d837.js
GoogleSafe:
OK   Load:
484ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/head-c1049261eb.js
GoogleSafe:
OK   Load:
500ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/css/base-698c76c818.css
GoogleSafe:
OK   Load:
950ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/css/home-47271d5623.css
GoogleSafe:
OK   Load:
713ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/base-e003bc6ce6.js
GoogleSafe:
OK   Load:
1191ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/home-c91a070daf.js
GoogleSafe:
OK   Load:
1218ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/jquery-1.9.1.min.js
GoogleSafe:
OK   Load:
1026ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/owl-carousel/owl.carousel.js
GoogleSafe:
OK   Load:
772ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/bootstrap-collapse.js
GoogleSafe:
OK   Load:
945ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/bootstrap-transition.js
GoogleSafe:
OK   Load:
1026ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/bootstrap-tab.js
GoogleSafe:
OK   Load:
1181ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/google-code-prettify/prettify.js
GoogleSafe:
OK   Load:
1184ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/application.js
GoogleSafe:
OK   Load:
1231ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-https://coinhive.com/lib/worker-asmjs.min.js?v7
GoogleSafe:
OK   Load:
631ms   Server: 104.20.209.59
cloudflare   ASN: 13335 United-States
Cloudflare Inc   Reverse DNS:
-https://coinhive.com/lib/worker-asmjs.min.js.mem
GoogleSafe:
OK   Load:
7ms   Server: 104.20.209.59
cloudflare   ASN: 13335 United-States
Cloudflare Inc   Reverse DNS:
-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
GoogleSafe:
OK   Load:
42ms   Server: 172.217.15.67
sffe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0d.woff
GoogleSafe:
OK   Load:
41ms   Server: 172.217.15.67
sffe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhv.woff
GoogleSafe:
OK   Load:
42ms   Server: 172.217.15.67
sffe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhv.woff
GoogleSafe:
OK   Load:
42ms   Server: 172.217.15.67
sffe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/font-awesome/fontawesome-webfont-fdf491ce5f3295.woff?v=4.5.0
GoogleSafe:
OK   Load:
496ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Bold-3810ff4443.woff
GoogleSafe:
OK   Load:
860ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-ExtraBold-c27d6ee97b.woff
GoogleSafe:
OK   Load:
626ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Heavy-f64e433277.woff
GoogleSafe:
OK   Load:
399ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-SemiBold-c264d90299.woff
GoogleSafe:
OK   Load:
432ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Medium-317e42f7a5.woff
GoogleSafe:
OK   Load:
677ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Book-f2c94b8988.woff
GoogleSafe:
OK   Load:
651ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Light-4d97d050a0.woff
GoogleSafe:
OK   Load:
676ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-ExtraLight-951a389b6b.woff
GoogleSafe:
OK   Load:
745ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Thin-46f2a91e97.woff
GoogleSafe:
OK   Load:
870ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://s10.histats.com/js15_as.js
GoogleSafe:
OK   Load:
294ms   Server: 46.105.201.240
ASN: 16276 France
OVH SAS   Reverse DNS:
-http://ad.a-ads.com/493055?size=120x60
GoogleSafe:
OK   Load:
365ms   Server: 85.10.201.130
nginx/1.10.3   ASN: 24940 Germany
Hetzner Online GmbH   Reverse DNS:
-static.85-10-201-130.clients.your-server.de
-http://fkm.unsri.ac.id/www.google-analytics.com/analytics.js
GoogleSafe:
OK   Load:
877ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/api/hub/articles/tray
GoogleSafe:
OK   Load:
629ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/api/hub/events/tray
GoogleSafe:
OK   Load:
631ms   Server: 103.241.4.41
Apache   ASN: 132676 Indonesia
Universitas Sriwijaya   Reverse DNS:
-sekip.unsri.ac.id
-http://s4.histats.com/stats/2740074.php?2740074&@f16&@g1&@h1&@i1&@j1531496534137&@k0&@l1&@mHome%20%7C%20Fakultas%20Kesehatan%20Masyarakat&@n0&@o1000&@q0&@r0&@s424&@ten-US&@u1024&@vhttp%3A%2F%2Ffkm.unsri.ac.id%2Fid%2F&@w
GoogleSafe:
OK   Load:
37ms   Server: 208.43.241.178
ASN: 36351 United-States
SoftLayer Technologies Inc.   Reverse DNS:
-b2.f1.2bd0.ip4.static.sl-reverse.com
-http://s10.histats.com/counters/cc_424.js
GoogleSafe:
OK   Load:
17ms   Server: -46.105.201.240
ASN: 16276 France
OVH SAS   Reverse DNS:

See negative overall rating and enc web rating here: https://privacyscore.org/site/111030/
Same scan as json: https://privacyscore.org/site/111030/json/

Block coinhive and third party request like:
third_party_requests": [
    "-https://coinhive.com/lib/coinhive.min.js",
    "-http://fonts.googleapis.com/css?family=Open+Sans:400italic,400,300,600,700",
    "-https://coinhive.com/lib/worker-asmjs.min.js?v7",
    "-http://s10.histats.com/js15_as.js",
    "-http://ad.a-ads.com/493055?size=120x60",
    "-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2",
    "-http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0b.woff2",
    "-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2",
    "-http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0b.woff2",
    "-http://s4.histats.com/stats/2740074.php?2740074&@f16&@g1&@h1&@i1&@j1531496842925&@k0&@l1&@mHome%20%7C%20Fakultas%20Kesehatan%20Masyarakat&@n0&@o1000&@q0&@r0&@s424&@ten-US&@u1366&@vhttp%3A%2F%2Ffkm.unsri.ac.id%2Fid%2F&@w",
    "-https://coinhive.com/lib/worker-asmjs.min.js.mem",
    "-https://coinhive.com/lib/worker-asmjs.min.js.mem",
    "-http://s10.histats.com/counters/cc_424.js",
    "-https://coinhive.com/lib/worker-asmjs.min.js.mem",
    "-https://coinhive.com/lib/worker-asmjs.min.js.mem",
    "-https://coinhive.com/lib/worker-asmjs.min.js.mem",
    "-https://ws005.coinhive.com/proxy",
    "-http://s4.histats.com/stats/e.php?2740074&@Ab&@R70339&@w"

polonus (volunteer website security analyst and website error hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5625
  • Spartan Warrior
Re: Another crypto jacking website detected.
« Reply #1 on: July 15, 2018, 06:38:25 AM »
Logged
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Another crypto jacking website detected.
« Reply #2 on: July 15, 2018, 03:13:56 PM »
See the 33 potential problems that Redleg's File Viewer presents for this website:
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.fkm.unsri.ac.id&ref_sel=none&ua_sel=ff&fs=1

Suspicious URLs found in: -http://www.fkm.unsri.ac.id

1: hxxp://coinhive·com/lib/coinhive·min·js **
2: hxxp://ad·a-ads·com/493055?size=120x60

** The sc​ript calls above appear to be cryptocurrency miners.
Cryptocurrency miners are usually VERY resource intensive and Google will stop Adwords on sites running miners.
If you are intentionally running a crypto miner you should reconsider!

Seems that PHP is really at the root of this insecurity: -Results from scanning URL: -https://www.afar.com/places/cornerstone-family-fitness-independence/ through http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffkm.unsri.ac.id%2Fid%2Fsystem%2Fapplication%2Fviews%2Fthemes%2Fjhu%2Findex.php+

and Results from scanning URL: -http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/{theme_url}/theme/js/head-c1049261eb.js
Number of sources found: 8
Number of sinks found: 3

and Results from scanning URL: -https://www.ytbe.me/cerca-diego-money  Do not visit redirects to adult smut site!!!
Number of sources found: 20
Number of sinks found: 411
via scanning URL: htxp://fkm.unsri.ac.id/id/system/application/views/themes/jhu/{theme_url}/assets/js/application.js

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

« Last Edit: July 15, 2018, 03:17:37 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Another crypto jacking website detected.
« Reply #3 on: July 16, 2018, 09:20:14 PM »
A nice collection of coinhiving IPs as a search query: https://www.zoomeye.org/searchResult?q=coinhive

Example
Quote
HTTP/1.1 200 OK
Date: Fri, 13 Jul 2018 20:23:41 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2k
Connection: close
Content-Type: text/html; charset=UTF-8

   <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','-https://www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-84680777-2', 'auto');
  ga('send', 'pageview');

</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "-http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="-http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
   <meta name="author" content="tuaris" />
   <link rel="stylesheet" href="themes\default\css/default.css" type="text/css" />
   <link href="-https://fonts.googleapis.com/css?family=Acme" rel="stylesheet">
   <title>Hope Assistência Técnica Faucet</title>
   <!-- COIN-HIVE -->
    <meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="index, follow" />
<meta name="revisit-after" content="1 days" />
<meta name="keywords" content="coinhive, coin, hive, bitcoin, monero, miner, javascript, embed, widget, website, money" />
<meta name="description" content="coinhive bitcoin / monero miner simple javascript graphical user interface to be embeded onto any website as a widget highly customizable fast easy clean and tidy help those who deal with adblockers anti viruses popups banners ads no longer need to rely on advertisers / advertisement companies for money." />

<link rel="image_src" href="-https://coinhive.com/media/coinhive-icon.png" />
<meta property="og:title" content="CoinHive - Demo - Monero miner friendly simple GUI by C0nw0nk" />
<meta property="og:url" content="-https://c0nw0nk.github.io/CoinHive/" />
<meta property="og:image" content="-https://coinhive.com/media/coinhive-icon.png" />
<meta property="og:image:height" content="512" />
<meta property="og:image:width" content="512" />
<meta property="og:site_name" content="CoinHive" />
<meta property="fb:app_id" content="" />
<meta property="og:description" content="coinhive bitcoin / monero miner simple javascript graphical user interface to be embeded onto any website as a widget highly customizable fast easy clean and tidy help those who deal with adblockers anti viruses popups banners ads no longer need to rely on advertisers / advertisement companies for money." />
<meta property="og:type" content="website" />
<!-- Doe Bitcoins -->
<script type="text
 -67.227.207.154

Probably the above is the legit coinhive treat, mining in stead of ads, and the mining is for the durance of visiting the website,
but there is also illegal unsollicieted crypto-jacking, where the mining can seriously cost you CPU and your video-card's lifespan.
If you do not want to run that risk, block all mining from websites you visit  ;) :P,

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Another crypto jacking website detected.
« Reply #4 on: October 20, 2018, 01:31:31 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Another crypto jacking website detected.
« Reply #5 on: October 21, 2018, 07:39:14 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Another crypto jacking website detected.
« Reply #6 on: October 28, 2018, 02:24:21 PM »
Another one with a crypto-miner-script: https://urlquery.net/report/b0ff8d5a-0c3a-4eac-a21c-c6f483795ded
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=fGZsfG0tdWsuYmxdZ3NwXXQuXl1t~enc
See recommendations on security: https://webhint.io/scanner/69f5ab40-4b9b-495e-8c95-8310c3c04e96#Security

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »