So, i thought i was done recording malicious activity for the night and go to unwind with FUNimation.com. Unbeknownst to me, my Norton 360 was blocking a malicious intrusion attempt the entire time i was on the site! Here is a screenshot:If the screenshot is not clear, it was a JSCoinminer attack stemming from upic.me. Full extension: upic.me/show/18257335. Also, a malicious IP was revealed: 198.27.80.136. I have taken the time to record the malicious IP with Safe Web (currently has a question mark for the rating of that IP) AND the malicious domain upic.me which Safe Web has in the "green" - - that might want to change after what i found tonight (laughs) ;-)
How are you? Hoping that all is well. You explain,
"deliberately embedded the JavaScript code in their website themselves..."
Interesting... Do i detect an ever so slight accusatory insinuation here? I think i'm getting scared... As a FUNimation fan, i guess it goes with the territory that i will have to defend them even if they are 100 percent in the wrong. Thank you for sharing the links, i believe i was recently looking at Protection Against the Coinminer Malware. As for FUNimation support... there are times when i perform my own troubleshooting and figure out solutions faster than waiting for a representative to get back to me.
Symantec has good backgrounder on cryptocurrency miners at Browser-Based Cryptocurrency Mining Makes Unexpected Return from the Dead. Many site owners with high traffic levels deliberately build this code into their website and hijack the CPU of users visiting their site to mine bitcoin and other types of cryptocurrency as a way of generating free revenue for themselves. It's possible that FUNimation didn't "fall victim" and have their site hijacked by one of these coinminers but deliberately embedded the JavaScript code in their website themselves. You might want to contact FUNimation at https://www.funimation.com/contact-us/ and ask why Norton's Intrusion Prevention throws a JSCoinminer Download 6 detection when you visit their site.
Symantec employee Sunil_GA also posted a FAQ about these coinminer PUA (potentially unwanted application) detections on 01-Feb-2018 titled Protection Against the Coinminer Malware in the Norton Product Update Announcement board.
What's interesting with respect to this, is that after this happened, i did some digging and found that many sites fell victim to coinminer recently according to a Gizmodo article. Wondering if FUN may have fallen victim.
If the screenshot is not clear, it was a JSCoinminer attack stemming from upic.me. Full extension: upic.me/show/18257335. Also, a malicious IP was revealed: 198.27.80.136. I have taken the time to record the malicious IP with Safe Web (currently has a question mark for the rating of that IP) AND the malicious domain upic.me which Safe Web has in the "green" - - that might want to change after what i found tonight (laughs) ;-)