Jump to content

blocking authedmine.com

jbaltagi

By jbaltagi
in Website Blocking

 Share

Recommended Posts

  • 1 month later...
shellscriptz

shellscriptz

Posted
Posted (edited)

Hi - having same issue. Problem is, coinhive programmed their applet to cycle through subdomains - for some reason. I built a little nonprofit mining site based on the coinhive implementation - and malwarebytes will not let you visit the page where the miner exists. 

 

https://www.compassionatecrypto.tech/

 

You may reproduce both of our issues by going here, and attempting to create an exclusion for this. You'll quickly notice that you'd have to create 999 exclusions to get all the subdomains they're cycling through. You'll also notice with a few pings that each subdomain has its own IP address. 

 

This issue could be solved by allowing wildcards in exclusions, or allowing a structured data import of exclusions, or perhaps just generating an optional definition that ignores coinhive and authedmine for those who would tread this careful path of allowing this software to execute. 

 

Here, a sample of the malwarebytes detection: 

 

E7925B7B20032315BA3302B0C7FDA6BBA37A3D9AA16CD7A3BBCBB31842BEB74A
{
   "applicationVersion" : "3.4.5.2467",
   "clientID" : "",
   "clientType" : "other",
   "componentsUpdatePackageVersion" : "1.0.342",
   "cpu" : "x64",
   "dbSDKUpdatePackageVersion" : "1.0.4882",
   "detectionDateTime" : "2018-04-26T15:57:15Z",
   "fileSystem" : "NTFS",
   "id" : "",
   "isUserAdmin" : true,
   "licenseState" : "licensed",
   "linkagePhaseComplete" : false,
   "loggedOnUserName" : "System",
   "machineID" : "",
   "os" : "Windows 10 (Build 15063.936)",
   "schemaVersion" : 8,
   "sourceDetails" : {
      "type" : "mwac"
   },
   "threats" : [
      {
         "linkedTraces" : [

         ],
         "mainTrace" : {
            "cleanAction" : "block",
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "",
            "generatedByPostCleanupAction" : false,
            "id" : "7db6d4d7-496a-11e8-8d89-c86000a458dc",
            "linkType" : "none",
            "objectMD5" : "",
            "objectPath" : "",
            "objectSha256" : "",
            "objectType" : "website",
            "websiteData" : {
               "blockType" : 12,
               "ip" : "37.187.165.210",
               "isInbound" : false,
               "port" : 51707,
               "processPath" : "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
               "url" : "ws009.authedmine.com"
            }
         },
         "ruleID" : -1,
         "rulesVersion" : "0.0.0",
         "threatID" : -1,
         "threatName" : ""
      }
   ],
   "threatsDetected" : 1
}

 

 

Here: a similar point in the logs: 

 

04/26/18    " 08:51:40.009"    425427687    51d00    51824    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "MWACController.cpp"    1094    "Malicious Website Protection, ipBlockList, 37.187.165.207, ws008.authedmine.com, 51609, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

 

 

Here: my exclusion (what looks like hex)

00A7CF3BAAE095DBFBE458264E5AA649
02B0C359F6F66575B8EC10A7002A7EF1
034CCADC1C073E4216E9466B720F9849
03E0A0812CDD2AD7261EAF533F7761F6
03FCFBE2C8E71C60F1BC34EB91D07F99
046A78D20889A0B96B84646B2E59729F
04E69D16137C2EB4AC353BE3F9EAA1A6
0575F6FEEE5E04017D6D38440E144CBF
0A903F975BF30F70C36315A3D92A051B
0BF90B3A9F703F23A6AD342B5BC01B26
0CD4882A36D15DAD767E9D77297289CC
0D97759E5A6ABBA62E536D9D3585F04B
0FCF9F3D9518B90FB58CC950FA33998C
12F83B690D2D67F948186A655DC22528
14953FB0442FD7179C36DC126D1E6872
158DD7391F408FA1F38685F4EA237455
1628E2212724449B8ED5E4773919B139
1C5B6815372D0D0EBA9CE18EC2FA9D73
1CDF331C2ED30014F81A6B29ECE49A7D
1D3774C99A21F023E50F78A11AEC855D
20B61524A5A8837DEEC364D03654EA75
2162D735507A707E512F5725FFB67C3B
2252290BC44BEAD16AA1BF89948472E8
23683D629CEA2FC630C790BB18FB99C0
23B28530283FC40E2DC554A5271BD188
249C1C8BD8AC9568E5C5A0EC2FB39018
26A414A2B7FC8AA5475CADB1189F1D02
289A45C59B6481D0ADAEBEE52C7C08E8
29D9E417ABC7FF2ACADF7111928F02E4
2EBF305C037A028D23B54E901A77FC76
2FAFB224F30F7F9C718767EDD6018240
319B1108E328EDFD5002AB4544E59F43
324255A4DEAD441DA3876C055FED22B1
3613076AC79608EF1EA26C9193597DAC
37651F52CCD3E7DFCAC9747F1F5506BA
37666EB6150CF070FA5211D523EDB2DF
37945433C7B7D743B863C54A8CB18DEE
3BC2A3CCDE0CD62B8C8E05683283A25C
3EB1530ECB70951FBF12DBFCF5B6CE3B
3F39234D73C420642275B7DC0B1E981C
4246B1662DDEE1DF479B99161C46F4FC
43DFEB90B3537EA613A1EA823091AA24
4896A40C1EB3BF77D726854E4851A086
4A9770F61FF364C25E9129DE6A185C4B
4AA31094E87BDF320E9DDFE0AA6ECC76
4BD792D4A6B757C133502938C06CAF49
4E4682F1E7A6B6846E0F99612FC41D06
4EE24C7FD67B098431C951DB7686BD19
4F5BD8D491AAE778B358ECE2A1D28F09
4F9C97AD03B3CF13EB4C519CED9A12BB
50754352847B5E71E11ABF4D30407148
53560C9205CD9A362F10CDDAD91BF7BD
535C0EA5CF6FF5105F6D297FADF160E1
5396A1EF484F7102A1B708B4AC529913
55293D6D1DB05E4800F2B62407D61DD7
55ED4864C1D3F6357D9FAFCB4CA09FA8
5782294B0D5B4436EB1E2435C587FC1C
57BF209A6EE8A9512D4E1A36DFA367EB
5E1085CBCF2C80C31CC4EC059C1AC8B3
5F17AFF764132A9B74C07704E4C177A7
6013B3F1FEA8ED5FEF3194B63A486FB4
61DD816FA1B04FA5AAA5A78A287DFA8E
62700FECE4F259431CBA8250B6500C24
65133DA829359A4E4079D965D05BA5BF
65ADDEAC93565EE7C20309E591463006
681343E00D266C5F811320FCA9054370
68FCEB727572063A0336ACFB449AFBD4
695E786411F533045D9FE5A31E3EED75
6A5C2E41065737C5842F4D84FB89FC5A
6B912966E17C324FF6B37F647FFF4CF5
6FF1259AB056E29564406A4C07A47403
7316EAA172DE588080F19387813829E7
75A3E359FBBCC3F88A8775D95ACB9E26
7685248592B310F0EB9874170FC6E993
76AA78F96108AAA7BFDA1542C5550984
76CDC6433506FAA8D0D7A95A3798C6BD
77D4C7979D0D5D82FA58E669808476C4
7B298EFA16AC68E6E9BB02C8D34B9114
826E5391047A722101D48870DE03374B
839C447BAC2FD43C2DCC2E32B7904D13
8643B277423F05B8A34775E93B8B7ABC
866141918B06220D456284430B9A6B5C
87388AD2BDA1A2B37CC7396125E4965B
8839166DCDD9F264639A0946B3D4378B
884C8A04A6B075B5E794710644A703C6
8A14C7DDFC299934ACAB1F4F8BFB8E9E
938AD48B215D52565829B7A163045D5E
9496AC83CA3496984B562932A814A237
95C8BFE19202785B2AA1A73BA014911B
97776CFD9C89D06B57BD624FFF690002
97F9399DD616DF9A2B54A05B2859DBE6
9B9A3CC9D0DBC66C129960A55256DD27
9D8274B19C6F4B3E21E12DE6E378F462
9EA1947855C8A6F1AE1CF3D2E07AF238
9F4BC88598BC55A5603137E2A9602B11
9F7A1813A801D286EC3191FD53B428B8
9FEF04A50F79295C036CF000B0366EF8
A062AB670FFBE6E69C9F6F0E574CA4A5
A53761C54221EECEA9421AECD225F9D5
A7C34601340F9ED6CB2CECA7A34B4BF2
AAA404400F755D066E74A792D221500C
ADB48BF471D66FC349D2893813FD998A
AE0C754DDE736308D29E791760B0CB6E
AFFD149999E57E41A876C47F1AC9AC87
B44C0B2AEEB3334C780A9725DC945EA6
B4688EDAB86010BD1996F0B25DFD97A9
B8C997E772BE343E1664FEE14C1FB9B7
BA87291DEA637E2F1830AFD92530DE32
BCCA302522B7E247DD128A78D9B20F94
BE8981EEB84FD419661C6A441568750C
BE9F5E3DC4539B71B1858AC66C81F789
BF3F290275C21BDD3951955C9C3CF32C
BFDE31D521AC2796BA2D75D1F7086F08
C0CFA6F0289AF556EF6C34E37FE61569
C2D2C87649E0315B4356B51498882B37
C5C785497A57FC48AB3D11245B90ED09
C6D7D3A24AFF72FE4621BA026B098FAB
C6EB5353BCA864D949FEEB50810860DF
C8E8F12B364C3A7BA45888FBBC474AAA
CB3638541DCAC86EE17FA8258202E20E
CE21EA5624B75F707D5AD714F39D8196
D022DF5629EBA1FDA393E19DC9125D39
D0610098E4BD2BB8BB75BCC02B9FDC6F
D3AD181D94CDEBF7FD85BF8399B22E21
D4E1305A4BD1FAD809C450DEBBD4F515
D736D938B0059F61CDABE02E7676CAA2
D79108C6128A2C93E42A77F88C2F6D16
D9591620780EA176327838FD7BF3BB15
D9BF61FE2AADDE81475F13E9819124C1
DB6754154DF5E60E19BEA04DBB6774BC
DBF5468C0630C890D344BBBC89DAC9D4
DC4417AF85AAA8008E2A07741F4CAA61
DCBB15DFBC08046AF8D10A1135FFA423
DD7B83919ED3F5C6CF4C343A79D6E7BC
E2DAF5C1532187F67F067F0342B74B9B
E511F8508F13FA0C9F99B0C527DDF89B
E643900BB6FC3D452CAB0B9ADB28418C
E9A9367D47B9065701E7C99E4CFCB36A
EB9D5656688B51ABC5CBA1E6CA8E0CFC
EE60596A12B7FB9E69FD0D55C28BC875
F07B83D22A9F2784272C27AE4F1F50BA
F195807A46C284971D8395C61328AB7D
F4A75777861DF84C3068513358D464A1
F5DC2AE9B6EFF70C6D1A7377ED658049
F65BC9B3BE62DACD657C8BDB1CA14224
F675F4ED4364D11C4CB967F1B4C238EB
F7515F67CB096DC981AE91221A7C67E6
F78940628EB76AB6E654C19EE33F2F89
F7CB4D481C03004496EFEA76120EC85E
F9388BFB46D2A30A965EED6B5A62A7A6
FAEB00C5A6CCF790652CB591303DABDE
FFE48CD06F760596EC6C98460819EE34
7E3F50AFA690166BEE17904BAB1E01C0
2E02156CFEAAF70141F91B894C770AC8
CACC3702B61A1E75ECF7020343D41DBE
E4A2856522E6A817E3F0EDD2677FA647
CA0C67BA7AEBA6AED5DDB852E6EEA811
088ed8bbd1a2b05eb466459aa68c3ec6
9E735F008AE8D32184AF78D39ABB67B3
c8b03a37c2320287962f81df3eb215aa
050E6DDC48FDCD458ABCAC2A60D96757
74a57b2ec648a4f655c72e93ffa58c92

Edited by shellscriptz
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.