ET CURRENT_EVENTS CoinHive In-Browser Miner Detected - now taken down?

Viruses and worms
1
-win.ningoffer.club/proc.php?6bc05cd68d0073f4841ae0fd48934feaf0a04e81 -- info: [decodingLevel=0] found JavaScript error: undefined function t.location.replace error: undefined variable t error: undefined variable t.location error: line:1: SyntaxError: missing ; before statement: error: line:1: var t.location = 1; error: line:1: ....^ error: line:3: SyntaxError: missing = in XML attribute: error: line:3: error: line:3: ..............^ file: 2ae13ec10dabcac22791e861e55cd93a930a0c75: 2091 bytes
Location scale quantifying information error (pol) Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwin.ningoffer.club%2Fproc.php%3F6bc05cd68d0073f4841ae0fd48934feaf0a04e81+

HEX decoded going to -http://win.ningoffer.club/?utm_term=6483038754364723380&clickverify=1&utm_content=
resolving to code as: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=win.ningoffer.club%2F%3Futm_term%3D6483038754364723380%26clickverify%3D1%26utm_content%3D&ref_sel=GSP2&ua_sel=ff&fs=1

Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwin.ningoffer.club%2Fproc.php%3F6bc05cd68d0073f4841ae0fd48934feaf0a04e81+

Going under the detection radar here: https://www.virustotal.com/nl/url/593f508473ab81a2ecc3c8ab23f1cbceaeef3de413c87b6e4503eb54b34b9dde/analysis/1509450168/

Unable to scan: https://sitecheck.sucuri.net/results/win.ningoffer.club Fail - http://retire.insecurity.today/#!/scan/5222958104b10c28234aecfbb83716470511ed086a1e7a01c735fceba9d15fe3

polonus (volunteer website secrurity analyst and website error-hunter)

2

Seems taken down as I get on that IP:

443/tcp open ssl/http nginx |_http-server-header: nginx |_http-title: Did not follow redirect to -https://www.monetizer.com/ | ssl-cert: Subject: commonName=-*.monetizer.co | Subject Alternative Name: DNS:-*.monetizer.co, DNS:-monetizer.co
Heartbleed & Poodle vulnerable AlphaSSL - SHA256 - G2 domain validated certificate, on -http://any-in-2215.1e100.net/ Google abuse -> http://toolbar.netcraft.com/site_report?url=http://any-in-2215.1e100.net

polonus

3

Update - coinhive mining an ongoing threat: http://www.systemtek.co.uk/2017/10/what-is-trojan-bitcoinminer-and-coin-hive-com/
Re: http://www.malware-traffic-analysis.net/2017/10/24/index2.html
and https://cymon.io/94.130.90.154
and https://urlquery.net/report/72f424b5-352d-410e-be0b-bc0542268654

bitcoin mining malcode and fake av attacks…

polonus