Jump to content

shellscriptz

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by shellscriptz

    blocking authedmine.com

    in Website Blocking

    Posted · Edited by shellscriptz

    Hi - having same issue. Problem is, coinhive programmed their applet to cycle through subdomains - for some reason. I built a little nonprofit mining site based on the coinhive implementation - and malwarebytes will not let you visit the page where the miner exists. 

     

    https://www.compassionatecrypto.tech/

     

    You may reproduce both of our issues by going here, and attempting to create an exclusion for this. You'll quickly notice that you'd have to create 999 exclusions to get all the subdomains they're cycling through. You'll also notice with a few pings that each subdomain has its own IP address. 

     

    This issue could be solved by allowing wildcards in exclusions, or allowing a structured data import of exclusions, or perhaps just generating an optional definition that ignores coinhive and authedmine for those who would tread this careful path of allowing this software to execute. 

     

    Here, a sample of the malwarebytes detection: 

     

    E7925B7B20032315BA3302B0C7FDA6BBA37A3D9AA16CD7A3BBCBB31842BEB74A
    {
       "applicationVersion" : "3.4.5.2467",
       "clientID" : "",
       "clientType" : "other",
       "componentsUpdatePackageVersion" : "1.0.342",
       "cpu" : "x64",
       "dbSDKUpdatePackageVersion" : "1.0.4882",
       "detectionDateTime" : "2018-04-26T15:57:15Z",
       "fileSystem" : "NTFS",
       "id" : "",
       "isUserAdmin" : true,
       "licenseState" : "licensed",
       "linkagePhaseComplete" : false,
       "loggedOnUserName" : "System",
       "machineID" : "",
       "os" : "Windows 10 (Build 15063.936)",
       "schemaVersion" : 8,
       "sourceDetails" : {
          "type" : "mwac"
       },
       "threats" : [
          {
             "linkedTraces" : [

             ],
             "mainTrace" : {
                "cleanAction" : "block",
                "cleanResult" : "successful",
                "cleanResultErrorCode" : 0,
                "cleanTime" : "",
                "generatedByPostCleanupAction" : false,
                "id" : "7db6d4d7-496a-11e8-8d89-c86000a458dc",
                "linkType" : "none",
                "objectMD5" : "",
                "objectPath" : "",
                "objectSha256" : "",
                "objectType" : "website",
                "websiteData" : {
                   "blockType" : 12,
                   "ip" : "37.187.165.210",
                   "isInbound" : false,
                   "port" : 51707,
                   "processPath" : "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                   "url" : "ws009.authedmine.com"
                }
             },
             "ruleID" : -1,
             "rulesVersion" : "0.0.0",
             "threatID" : -1,
             "threatName" : ""
          }
       ],
       "threatsDetected" : 1
    }

     

     

    Here: a similar point in the logs: 

     

    04/26/18    " 08:51:40.009"    425427687    51d00    51824    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "MWACController.cpp"    1094    "Malicious Website Protection, ipBlockList, 37.187.165.207, ws008.authedmine.com, 51609, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

     

     

    Here: my exclusion (what looks like hex)

    00A7CF3BAAE095DBFBE458264E5AA649
    02B0C359F6F66575B8EC10A7002A7EF1
    034CCADC1C073E4216E9466B720F9849
    03E0A0812CDD2AD7261EAF533F7761F6
    03FCFBE2C8E71C60F1BC34EB91D07F99
    046A78D20889A0B96B84646B2E59729F
    04E69D16137C2EB4AC353BE3F9EAA1A6
    0575F6FEEE5E04017D6D38440E144CBF
    0A903F975BF30F70C36315A3D92A051B
    0BF90B3A9F703F23A6AD342B5BC01B26
    0CD4882A36D15DAD767E9D77297289CC
    0D97759E5A6ABBA62E536D9D3585F04B
    0FCF9F3D9518B90FB58CC950FA33998C
    12F83B690D2D67F948186A655DC22528
    14953FB0442FD7179C36DC126D1E6872
    158DD7391F408FA1F38685F4EA237455
    1628E2212724449B8ED5E4773919B139
    1C5B6815372D0D0EBA9CE18EC2FA9D73
    1CDF331C2ED30014F81A6B29ECE49A7D
    1D3774C99A21F023E50F78A11AEC855D
    20B61524A5A8837DEEC364D03654EA75
    2162D735507A707E512F5725FFB67C3B
    2252290BC44BEAD16AA1BF89948472E8
    23683D629CEA2FC630C790BB18FB99C0
    23B28530283FC40E2DC554A5271BD188
    249C1C8BD8AC9568E5C5A0EC2FB39018
    26A414A2B7FC8AA5475CADB1189F1D02
    289A45C59B6481D0ADAEBEE52C7C08E8
    29D9E417ABC7FF2ACADF7111928F02E4
    2EBF305C037A028D23B54E901A77FC76
    2FAFB224F30F7F9C718767EDD6018240
    319B1108E328EDFD5002AB4544E59F43
    324255A4DEAD441DA3876C055FED22B1
    3613076AC79608EF1EA26C9193597DAC
    37651F52CCD3E7DFCAC9747F1F5506BA
    37666EB6150CF070FA5211D523EDB2DF
    37945433C7B7D743B863C54A8CB18DEE
    3BC2A3CCDE0CD62B8C8E05683283A25C
    3EB1530ECB70951FBF12DBFCF5B6CE3B
    3F39234D73C420642275B7DC0B1E981C
    4246B1662DDEE1DF479B99161C46F4FC
    43DFEB90B3537EA613A1EA823091AA24
    4896A40C1EB3BF77D726854E4851A086
    4A9770F61FF364C25E9129DE6A185C4B
    4AA31094E87BDF320E9DDFE0AA6ECC76
    4BD792D4A6B757C133502938C06CAF49
    4E4682F1E7A6B6846E0F99612FC41D06
    4EE24C7FD67B098431C951DB7686BD19
    4F5BD8D491AAE778B358ECE2A1D28F09
    4F9C97AD03B3CF13EB4C519CED9A12BB
    50754352847B5E71E11ABF4D30407148
    53560C9205CD9A362F10CDDAD91BF7BD
    535C0EA5CF6FF5105F6D297FADF160E1
    5396A1EF484F7102A1B708B4AC529913
    55293D6D1DB05E4800F2B62407D61DD7
    55ED4864C1D3F6357D9FAFCB4CA09FA8
    5782294B0D5B4436EB1E2435C587FC1C
    57BF209A6EE8A9512D4E1A36DFA367EB
    5E1085CBCF2C80C31CC4EC059C1AC8B3
    5F17AFF764132A9B74C07704E4C177A7
    6013B3F1FEA8ED5FEF3194B63A486FB4
    61DD816FA1B04FA5AAA5A78A287DFA8E
    62700FECE4F259431CBA8250B6500C24
    65133DA829359A4E4079D965D05BA5BF
    65ADDEAC93565EE7C20309E591463006
    681343E00D266C5F811320FCA9054370
    68FCEB727572063A0336ACFB449AFBD4
    695E786411F533045D9FE5A31E3EED75
    6A5C2E41065737C5842F4D84FB89FC5A
    6B912966E17C324FF6B37F647FFF4CF5
    6FF1259AB056E29564406A4C07A47403
    7316EAA172DE588080F19387813829E7
    75A3E359FBBCC3F88A8775D95ACB9E26
    7685248592B310F0EB9874170FC6E993
    76AA78F96108AAA7BFDA1542C5550984
    76CDC6433506FAA8D0D7A95A3798C6BD
    77D4C7979D0D5D82FA58E669808476C4
    7B298EFA16AC68E6E9BB02C8D34B9114
    826E5391047A722101D48870DE03374B
    839C447BAC2FD43C2DCC2E32B7904D13
    8643B277423F05B8A34775E93B8B7ABC
    866141918B06220D456284430B9A6B5C
    87388AD2BDA1A2B37CC7396125E4965B
    8839166DCDD9F264639A0946B3D4378B
    884C8A04A6B075B5E794710644A703C6
    8A14C7DDFC299934ACAB1F4F8BFB8E9E
    938AD48B215D52565829B7A163045D5E
    9496AC83CA3496984B562932A814A237
    95C8BFE19202785B2AA1A73BA014911B
    97776CFD9C89D06B57BD624FFF690002
    97F9399DD616DF9A2B54A05B2859DBE6
    9B9A3CC9D0DBC66C129960A55256DD27
    9D8274B19C6F4B3E21E12DE6E378F462
    9EA1947855C8A6F1AE1CF3D2E07AF238
    9F4BC88598BC55A5603137E2A9602B11
    9F7A1813A801D286EC3191FD53B428B8
    9FEF04A50F79295C036CF000B0366EF8
    A062AB670FFBE6E69C9F6F0E574CA4A5
    A53761C54221EECEA9421AECD225F9D5
    A7C34601340F9ED6CB2CECA7A34B4BF2
    AAA404400F755D066E74A792D221500C
    ADB48BF471D66FC349D2893813FD998A
    AE0C754DDE736308D29E791760B0CB6E
    AFFD149999E57E41A876C47F1AC9AC87
    B44C0B2AEEB3334C780A9725DC945EA6
    B4688EDAB86010BD1996F0B25DFD97A9
    B8C997E772BE343E1664FEE14C1FB9B7
    BA87291DEA637E2F1830AFD92530DE32
    BCCA302522B7E247DD128A78D9B20F94
    BE8981EEB84FD419661C6A441568750C
    BE9F5E3DC4539B71B1858AC66C81F789
    BF3F290275C21BDD3951955C9C3CF32C
    BFDE31D521AC2796BA2D75D1F7086F08
    C0CFA6F0289AF556EF6C34E37FE61569
    C2D2C87649E0315B4356B51498882B37
    C5C785497A57FC48AB3D11245B90ED09
    C6D7D3A24AFF72FE4621BA026B098FAB
    C6EB5353BCA864D949FEEB50810860DF
    C8E8F12B364C3A7BA45888FBBC474AAA
    CB3638541DCAC86EE17FA8258202E20E
    CE21EA5624B75F707D5AD714F39D8196
    D022DF5629EBA1FDA393E19DC9125D39
    D0610098E4BD2BB8BB75BCC02B9FDC6F
    D3AD181D94CDEBF7FD85BF8399B22E21
    D4E1305A4BD1FAD809C450DEBBD4F515
    D736D938B0059F61CDABE02E7676CAA2
    D79108C6128A2C93E42A77F88C2F6D16
    D9591620780EA176327838FD7BF3BB15
    D9BF61FE2AADDE81475F13E9819124C1
    DB6754154DF5E60E19BEA04DBB6774BC
    DBF5468C0630C890D344BBBC89DAC9D4
    DC4417AF85AAA8008E2A07741F4CAA61
    DCBB15DFBC08046AF8D10A1135FFA423
    DD7B83919ED3F5C6CF4C343A79D6E7BC
    E2DAF5C1532187F67F067F0342B74B9B
    E511F8508F13FA0C9F99B0C527DDF89B
    E643900BB6FC3D452CAB0B9ADB28418C
    E9A9367D47B9065701E7C99E4CFCB36A
    EB9D5656688B51ABC5CBA1E6CA8E0CFC
    EE60596A12B7FB9E69FD0D55C28BC875
    F07B83D22A9F2784272C27AE4F1F50BA
    F195807A46C284971D8395C61328AB7D
    F4A75777861DF84C3068513358D464A1
    F5DC2AE9B6EFF70C6D1A7377ED658049
    F65BC9B3BE62DACD657C8BDB1CA14224
    F675F4ED4364D11C4CB967F1B4C238EB
    F7515F67CB096DC981AE91221A7C67E6
    F78940628EB76AB6E654C19EE33F2F89
    F7CB4D481C03004496EFEA76120EC85E
    F9388BFB46D2A30A965EED6B5A62A7A6
    FAEB00C5A6CCF790652CB591303DABDE
    FFE48CD06F760596EC6C98460819EE34
    7E3F50AFA690166BEE17904BAB1E01C0
    2E02156CFEAAF70141F91B894C770AC8
    CACC3702B61A1E75ECF7020343D41DBE
    E4A2856522E6A817E3F0EDD2677FA647
    CA0C67BA7AEBA6AED5DDB852E6EEA811
    088ed8bbd1a2b05eb466459aa68c3ec6
    9E735F008AE8D32184AF78D39ABB67B3
    c8b03a37c2320287962f81df3eb215aa
    050E6DDC48FDCD458ABCAC2A60D96757
    74a57b2ec648a4f655c72e93ffa58c92

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.