Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Software Troubleshooting
Google Chrome Unusual Connection and Crypto Type Behavior
Message
<blockquote data-quote="Evjl&#039;s Rain" data-source="post: 717337" data-attributes="member: 51905"><p>hi, I found a problem on that page but I don't think it's related to cryptomining</p><p></p><p>1/ When I entered the page using the filters I posted, I saw the url: brightinfo.com was blocked repeatedly/endlessly. This means the page was trying to load ad images from brightinfo but it was blocked so the page kept trying again and again in a loop, >10k blocked items. CPU usage was constant around 15% (i7-3630QM)</p><p>[ATTACH]182068[/ATTACH]</p><p></p><p>2/ stevenblack hosts is the only one which can block brightinfo -> I temporarily disabled stevenblack -> the page loaded normal without any CPU peaking but in exchange of some floating ads originated from brightinfo</p><p>CPU usage without stevenblack hosts in idle was 0%</p><p>[ATTACH]182069[/ATTACH]</p><p></p><p>3/ I performed some URL scans and found these results</p><p>VT: 0/67</p><p><a href="https://www.virustotal.com/en/url/7347445b4f30a4f58544e6888da5476a0647413cb8430da35f7dcfb0fbdbb90d/analysis/1520678672/" target="_blank">Scan report for http://brightinfo.com/ at 2018-03-10 10:44:32 UTC - VirusTotal</a></p><p></p><p>quttera on brightinfo: safe</p><p><a href="https://quttera.com/detailed_report/brightinfo.com" target="_blank">FREE Online Website Malware Scanner | Website Security Monitoring & Malware Removal | Quttera</a></p><p></p><p>quttera on securityweek: <strong><span style="font-size: 18px"><span style="color: #ff0000">MALICIOUS</span></span></strong></p><p><a href="https://quttera.com/detailed_report/www.securityweek.com" target="_blank">FREE Online Website Malware Scanner | Website Security Monitoring & Malware Removal | Quttera</a></p><p>quttera detected a malicious PHP</p><p>[CODE][[<a href="/thousands-devices-hacked-rakos-botnet">Thousands of Devices Hacked by Rakos Botnet</a>]][/CODE]</p><p></p><p>However, I think it's a false positive because the page doesn't seem so malicious</p><p><a href="https://www.securityweek.com/thousands-devices-hacked-rakos-botnet" target="_blank">Thousands of Devices Hacked by Rakos Botnet | SecurityWeek.Com</a></p><p></p><p><a href="https://www.virustotal.com/en/url/cfd03859a7fcc5813533b3919b78e165b5a459a373a80e93d6143ecb718dbc2d/analysis/1520678891/" target="_blank">Scan report for https://www.securityweek.com/thousands-devices-hacked-rakos-botnet at 2018-03-10 10:48:11 UTC - VirusTotal</a></p></blockquote><p></p>
[QUOTE="Evjl's Rain, post: 717337, member: 51905"] hi, I found a problem on that page but I don't think it's related to cryptomining 1/ When I entered the page using the filters I posted, I saw the url: brightinfo.com was blocked repeatedly/endlessly. This means the page was trying to load ad images from brightinfo but it was blocked so the page kept trying again and again in a loop, >10k blocked items. CPU usage was constant around 15% (i7-3630QM) [ATTACH]182068[/ATTACH] 2/ stevenblack hosts is the only one which can block brightinfo -> I temporarily disabled stevenblack -> the page loaded normal without any CPU peaking but in exchange of some floating ads originated from brightinfo CPU usage without stevenblack hosts in idle was 0% [ATTACH]182069[/ATTACH] 3/ I performed some URL scans and found these results VT: 0/67 [URL='https://www.virustotal.com/en/url/7347445b4f30a4f58544e6888da5476a0647413cb8430da35f7dcfb0fbdbb90d/analysis/1520678672/']Scan report for http://brightinfo.com/ at 2018-03-10 10:44:32 UTC - VirusTotal[/URL] quttera on brightinfo: safe [URL='https://quttera.com/detailed_report/brightinfo.com']FREE Online Website Malware Scanner | Website Security Monitoring & Malware Removal | Quttera[/URL] quttera on securityweek: [B][SIZE=5][COLOR=#ff0000]MALICIOUS[/COLOR][/SIZE][/B] [URL='https://quttera.com/detailed_report/www.securityweek.com']FREE Online Website Malware Scanner | Website Security Monitoring & Malware Removal | Quttera[/URL] quttera detected a malicious PHP [CODE][[<a href="/thousands-devices-hacked-rakos-botnet">Thousands of Devices Hacked by Rakos Botnet</a>]][/CODE] However, I think it's a false positive because the page doesn't seem so malicious [URL='https://www.securityweek.com/thousands-devices-hacked-rakos-botnet']Thousands of Devices Hacked by Rakos Botnet | SecurityWeek.Com[/URL] [URL='https://www.virustotal.com/en/url/cfd03859a7fcc5813533b3919b78e165b5a459a373a80e93d6143ecb718dbc2d/analysis/1520678891/']Scan report for https://www.securityweek.com/thousands-devices-hacked-rakos-botnet at 2018-03-10 10:48:11 UTC - VirusTotal[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
