Solved

i think this site have miner code

  • 17 February 2019
  • 12 replies
  • 63 views

Userlevel 7
Badge +37
website " www.root.ir " have not miner code , but when open it . cpu usage is very high.

after close website"tab" , cpu usage back to normaly " low "

any AV can not detected it .

Regards ,

Amir
icon

Best answer by durantash 17 February 2019, 22:59

View original

12 replies

Userlevel 7
Hi durantash

From what I can see from a reputation lookup that looks unlike given the following result returned:

URL lookup information

URL:www.root.irCategory & ConfidencePersonal Sites and Blogs: 93%

Reputation:88

This is a well known site with strong security practices, and rarely exhibits characteristics that expose the user to security risks. There is a very low probability that the user will be exposed to malicious links or payloads.

You may want to do a check by another means but as I said given the above...unlikely...regardless of CPU usage spikes, etc.

Regards, Baldrick
Userlevel 7
Just because an advert is pushed out by a site does not mean that it will be also nefariously pushing mining-related code...that smacks of paranoia in the extreme.

I have also gone to the site and turned off my ad blockers...and absolutely no spike as far as I can see.

Suspect a 'storm in a tea cup'.
Userlevel 7
Badge +63
Both BrightCloud and VirusTotal say the site is safe! https://www.virustotal.com/en/url/8c43449368af83309575818baa7313f992c5c1f8947a3b4e582e7369a9303602/analysis/

Userlevel 7
Badge +37
Hello,

We can confirm this site is using a javascript based miner to utilize 100% of CPU. We have reported it to our web threat team and the site will be blocked.

Regards,
Webroot Business Support
Userlevel 7
Thank you @durantash for finding and reporting that website. Kudo's. 😉
Userlevel 7
Badge +63
Hello,

We can confirm this site is using a javascript based miner to utilize 100% of CPU. We have reported it to our web threat team and the site will be blocked.

Regards,
Webroot Business Support

Thanks! Very odd though but good to know and see this: https://sitecheck.sucuri.net/results/www.root.ir

Click on Picture to see full size!

Userlevel 7
Badge +37
Thank you

i ask about can brightCloud automatically Blocked websites are this Method for coin mine ?

maybe we need making new Method for detect threats ? with more speedy .

Regards ,

Amir
Userlevel 7
Badge +37
interesting .

i view website source and can not find any coin miner code .
FWIW ~
with my content blocker on


with my content blocker off



YMMV
maybe, it's site content re: https://webchain.network/
IDK
Um, do you run uBlock Origin medium mode


Reply