Updating cached headers
While this one is clearly a well-thought-out spoof, cryptojacking is no laughing matter.A Public WWW search shows 4,260 Word Press sites are running Coinhive.A “weather widget” plugin was recently banned from the Word Press plugin repository, however other cryptojacking plugins are still available for site operators to utilize.Various techniques have been used to spread the Coinhive infestation further, from Android apps to an open Amazon S3 bucket of Coinhive is not the only Java Script miner available for cryptojacking use. Using Public WWW, I found JSECoin was in a distant second place behind Coinhive on 905 websites.Non-Coinhive Java Script cryptocurrency miners found on Public WWW: JSEcoin: 905 Crypto-Loot: 123 AFMiner: 77 Project Poi (PPoi): 50 Coinhave: 43 Coinerra: 11 Mine My Traffic: 3 Papoto: 1 It’s clear the cryptojacking frenzy will continue into the near future.The following amount of Coinhive sites were found on 2017-11-04 Censys: 1,640 Public WWW: 30,611 Shodan: 941 Zoom Eye: 474 Since Public WWW presented the most results, I chose their dataset to analyze.
The amount of websites tied to one Coinhive Site Key was somewhat astounding.Coinhive Site Keys found on 100 domains organized by total domains associated." data-medium-file="https://i1com/badpackets.net/wp-content/uploads/2017/11/top-CH-sites.png? fit=300,274&ssl=1" data-large-file="https://i1com/badpackets.net/wp-content/uploads/2017/11/top-CH-sites.png? fit=525,480&ssl=1" class="alignnone wp-image-869 size-full" src="https://i1com/badpackets.net/wp-content/uploads/2017/11/top-CH-sites.png? resize=525,480&ssl=1" alt="Coinhive Site Keys found on 100 domains organized by total domains associated." width="525" height="480" srcset="https://i1com/badpackets.net/wp-content/uploads/2017/11/top-CH-sites.png?The range of compromised sites varied greatly due to the sheer volume.Some notable and humorous sites that I encountered included: In addition to Coinhive, a fake online pharmacy was found on their website.