Another crypto jacking website detected.

Has coinhive mining: https://www.htbridge.com/websec/?id=ArXV2gAW (see also other insecurity there).

Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C OK

Web Server:
Apache
X-Powered-By:
PHP/5.5.9-1ubuntu4.20
IP Address:
-103.241.4.41
Hosting Provider:
Universitas Sriwijaya
Shared Hosting:
34 sites found on -103.241.4.41

Externally Linked Host Hosting Provider Country

-www.jikm.unsri.ac.id Universitas Sriwijaya Indonesia

-iakmu.fkm.unsri.ac.id Universitas Sriwijaya Indonesia

-fkm.unsri.ac.id Universitas Sriwijaya Indonesia

-www.akademik.unsri.ac.id Universitas Sriwijaya Indonesia

-http://fkm.unsri.ac.id/id
GoogleSafe:
OK Load:
497ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/
GoogleSafe:
OK Load:
529ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-https://coinhive.com/lib/coinhive.min.js
GoogleSafe:
OK Load:
62ms Server: 104.20.209.59
cloudflare ASN: 13335 United-States
Cloudflare Inc Reverse DNS:
-http://fonts.googleapis.com/css?family=Open+Sans:400italic,400,300,600,700
GoogleSafe:
OK Load:
37ms Server: 172.217.15.74
ESF ASN: 15169 United-States
Google LLC Reverse DNS:
-iad23s63-in-f10.1e100.net
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/css/bootstrapTheme.css
GoogleSafe:
OK Load:
254ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/css/custom.css
GoogleSafe:
OK Load:
474ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/owl-carousel/owl.carousel.css
GoogleSafe:
OK Load:
475ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/owl-carousel/owl.theme.css
GoogleSafe:
OK Load:
475ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/google-code-prettify/prettify.css
GoogleSafe:
OK Load:
480ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/modernizr-acd544d837.js
GoogleSafe:
OK Load:
484ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/head-c1049261eb.js
GoogleSafe:
OK Load:
500ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/css/base-698c76c818.css
GoogleSafe:
OK Load:
950ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/css/home-47271d5623.css
GoogleSafe:
OK Load:
713ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/base-e003bc6ce6.js
GoogleSafe:
OK Load:
1191ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/js/home-c91a070daf.js
GoogleSafe:
OK Load:
1218ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/jquery-1.9.1.min.js
GoogleSafe:
OK Load:
1026ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/owl-carousel/owl.carousel.js
GoogleSafe:
OK Load:
772ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/bootstrap-collapse.js
GoogleSafe:
OK Load:
945ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/bootstrap-transition.js
GoogleSafe:
OK Load:
1026ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/bootstrap-tab.js
GoogleSafe:
OK Load:
1181ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/google-code-prettify/prettify.js
GoogleSafe:
OK Load:
1184ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/assets/js/application.js
GoogleSafe:
OK Load:
1231ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-https://coinhive.com/lib/worker-asmjs.min.js?v7
GoogleSafe:
OK Load:
631ms Server: 104.20.209.59
cloudflare ASN: 13335 United-States
Cloudflare Inc Reverse DNS:
-https://coinhive.com/lib/worker-asmjs.min.js.mem
GoogleSafe:
OK Load:
7ms Server: 104.20.209.59
cloudflare ASN: 13335 United-States
Cloudflare Inc Reverse DNS:
-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
GoogleSafe:
OK Load:
42ms Server: 172.217.15.67
sffe ASN: 15169 United-States
Google LLC Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0d.woff
GoogleSafe:
OK Load:
41ms Server: 172.217.15.67
sffe ASN: 15169 United-States
Google LLC Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhv.woff
GoogleSafe:
OK Load:
42ms Server: 172.217.15.67
sffe ASN: 15169 United-States
Google LLC Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhv.woff
GoogleSafe:
OK Load:
42ms Server: 172.217.15.67
sffe ASN: 15169 United-States
Google LLC Reverse DNS:
-iad23s63-in-f3.1e100.net
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/font-awesome/fontawesome-webfont-fdf491ce5f3295.woff?v=4.5.0
GoogleSafe:
OK Load:
496ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Bold-3810ff4443.woff
GoogleSafe:
OK Load:
860ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-ExtraBold-c27d6ee97b.woff
GoogleSafe:
OK Load:
626ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Heavy-f64e433277.woff
GoogleSafe:
OK Load:
399ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-SemiBold-c264d90299.woff
GoogleSafe:
OK Load:
432ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Medium-317e42f7a5.woff
GoogleSafe:
OK Load:
677ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Book-f2c94b8988.woff
GoogleSafe:
OK Load:
651ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Light-4d97d050a0.woff
GoogleSafe:
OK Load:
676ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-ExtraLight-951a389b6b.woff
GoogleSafe:
OK Load:
745ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/theme/fonts/lib/shared-fonts/gentona/Gentona-Thin-46f2a91e97.woff
GoogleSafe:
OK Load:
870ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://s10.histats.com/js15_as.js
GoogleSafe:
OK Load:
294ms Server: 46.105.201.240
ASN: 16276 France
OVH SAS Reverse DNS:
-http://ad.a-ads.com/493055?size=120x60
GoogleSafe:
OK Load:
365ms Server: 85.10.201.130
nginx/1.10.3 ASN: 24940 Germany
Hetzner Online GmbH Reverse DNS:
-static.85-10-201-130.clients.your-server.de
-http://fkm.unsri.ac.id/www.google-analytics.com/analytics.js
GoogleSafe:
OK Load:
877ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/api/hub/articles/tray
GoogleSafe:
OK Load:
629ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://fkm.unsri.ac.id/api/hub/events/tray
GoogleSafe:
OK Load:
631ms Server: 103.241.4.41
Apache ASN: 132676 Indonesia
Universitas Sriwijaya Reverse DNS:
-sekip.unsri.ac.id
-http://s4.histats.com/stats/2740074.php?2740074&@f16&@g1&@h1&@i1&@j1531496534137&@k0&@l1&@mHome%20|%20Fakultas%20Kesehatan%20Masyarakat&@n0&@o1000&@q0&@r0&@s424&@ten-US&@u1024&@vhttp%3A%2F%2Ffkm.unsri.ac.id%2Fid%2F&@w
GoogleSafe:
OK Load:
37ms Server: 208.43.241.178
ASN: 36351 United-States
SoftLayer Technologies Inc. Reverse DNS:
-b2.f1.2bd0.ip4.static.sl-reverse.com
-http://s10.histats.com/counters/cc_424.js
GoogleSafe:
OK Load:
17ms Server: -46.105.201.240
ASN: 16276 France
OVH SAS Reverse DNS:

See negative overall rating and enc web rating here: https://privacyscore.org/site/111030/
Same scan as json: https://privacyscore.org/site/111030/json/

Block coinhive and third party request like:
third_party_requests": [
“-https://coinhive.com/lib/coinhive.min.js”,
“-http://fonts.googleapis.com/css?family=Open+Sans:400italic,400,300,600,700”,
“-https://coinhive.com/lib/worker-asmjs.min.js?v7”,
“-http://s10.histats.com/js15_as.js”,
“-http://ad.a-ads.com/493055?size=120x60”,
“-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2”,
“-http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0b.woff2”,
“-http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2”,
“-http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0b.woff2”,
“-http://s4.histats.com/stats/2740074.php?2740074&@f16&@g1&@h1&@i1&@j1531496842925&@k0&@l1&@mHome%20|%20Fakultas%20Kesehatan%20Masyarakat&@n0&@o1000&@q0&@r0&@s424&@ten-US&@u1366&@vhttp%3A%2F%2Ffkm.unsri.ac.id%2Fid%2F&@w”,
“-https://coinhive.com/lib/worker-asmjs.min.js.mem”,
“-https://coinhive.com/lib/worker-asmjs.min.js.mem”,
“-http://s10.histats.com/counters/cc_424.js”,
“-https://coinhive.com/lib/worker-asmjs.min.js.mem”,
“-https://coinhive.com/lib/worker-asmjs.min.js.mem”,
“-https://coinhive.com/lib/worker-asmjs.min.js.mem”,
“-https://ws005.coinhive.com/proxy”,
“-http://s4.histats.com/stats/e.php?2740074&@Ab&@R70339&@w

polonus (volunteer website security analyst and website error hunter)

Same website as above:
http://urlquery.net/report/de71d07a-7e06-4d7e-a6fb-bbad83e39a45

See the 33 potential problems that Redleg’s File Viewer presents for this website:
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.fkm.unsri.ac.id&ref_sel=none&ua_sel=ff&fs=1

Suspicious URLs found in: -http://www.fkm.unsri.ac.id

1: hxxp://coinhive·com/lib/coinhive·min·js **
2: hxxp://ad·a-ads·com/493055?size=120x60

** The sc​ript calls above appear to be cryptocurrency miners.
Cryptocurrency miners are usually VERY resource intensive and Google will stop Adwords on sites running miners.
If you are intentionally running a crypto miner you should reconsider!

Seems that PHP is really at the root of this insecurity: -Results from scanning URL: -https://www.afar.com/places/cornerstone-family-fitness-independence/ through http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffkm.unsri.ac.id%2Fid%2Fsystem%2Fapplication%2Fviews%2Fthemes%2Fjhu%2Findex.php+

and Results from scanning URL: -http://fkm.unsri.ac.id/id/system/application/views/themes/jhu/{theme_url}/theme/js/head-c1049261eb.js
Number of sources found: 8
Number of sinks found: 3

and Results from scanning URL: -https://www.ytbe.me/cerca-diego-money Do not visit redirects to adult smut site!!!
Number of sources found: 20
Number of sinks found: 411
via scanning URL: htxp://fkm.unsri.ac.id/id/system/application/views/themes/jhu/{theme_url}/assets/js/application.js

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

A nice collection of coinhiving IPs as a search query: https://www.zoomeye.org/searchResult?q=coinhive

Example

HTTP/1.1 200 OK
Date: Fri, 13 Jul 2018 20:23:41 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2k
Connection: close
Content-Type: text/html; charset=UTF-8

<script>

(function(i,s,o,g,r,a,m){i[‘GoogleAnalyticsObject’]=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,‘script’,‘-https://www.google-analytics.com/analytics.js’,'ga’);

ga(‘create’, ‘UA-84680777-2’, ‘auto’);
ga(‘send’, ‘pageview’);

Hope Assistência Técnica Faucet :P,

polonus (volunteer website security analyst and website error-hunter)

Another one: https://urlquery.net/report/cbd3221c-b887-4f04-a994-a091f143d939
Listed IP: https://www.threatminer.org/host.php?q=104.20.209.59
and https://forums.malwarebytes.com/topic/232869-riskware-coinhivecom/
and https://otx.alienvault.com/indicator/ip/104.20.209.59
and https://cymon.io/104.20.209.59 and https://www.threatcrowd.org/ip.php?ip=104.20.209.59
and https://securitytrails.com/domain/coinhive.com/dns

polonus

Another coinhive mining one: https://urlquery.net/report/618cf50f-0353-4787-847f-b9d642207a42
found in code line 1023 - 1032.
The potential problems detected: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bXktfXt0fV0uXl1tYHR9XWd8dHtsbnl7LWZddF1nfXxmW1sta110XX15ey1uWy1rXWddLW57LV1zdHx2eXx0LX18dm5dI3VzaG55bVs%3D~enc
hints for 9 security categories: https://webhint.io/scanner/d7b37776-1172-49d8-9a01-4220f8695f2b
F-Grade security results and recommendations: http://my-retro.com/trogatelnye-fotografii-kotorye-ni-kogo-ne-ostavyat-ravnodushnymi
1 vuln. library flagged: https://retire.insecurity.today/#!/scan/326302cc8f3c0497be95cd9dc68a2bebf82152faed676aecb9b10acc26601ef9

polonus (volunteer website security analyst and website error-hunter)

Another one with a crypto-miner-script: https://urlquery.net/report/b0ff8d5a-0c3a-4eac-a21c-c6f483795ded
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=fGZsfG0tdWsuYmxdZ3NwXXQuXl1t~enc
See recommendations on security: https://webhint.io/scanner/69f5ab40-4b9b-495e-8c95-8310c3c04e96#Security

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)