l33tsite.info and doubleclick%x%.xyz

keraf / NoCoin

No Coin is a tiny browser extension aiming to block coin miners such as Coinhive.

MIT License

1.58k stars 144 forks source link

l33tsite.info and doubleclick%x%.xyz #149

Closed Firminator closed 6 years ago

Firminator commented 6 years ago

.l33tsite.info .doubleclick1.xyz .doubleclick2.xyz .doubleclick3.xyz .doubleclick4.xyz .doubleclick5.xyz .doubleclick6.xyz source: https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners

The doubleclick domains are not official Google domains, but russian.

Firminator commented 6 years ago

*.amazonaws.com/doubleclick13/

Firminator commented 6 years ago

https://github.com/keraf/NoCoin/pull/158

Didn't add .doubleclick1.xyz .doubleclick2.xyz .doubleclick3.xyz .doubleclick4.xyz .doubleclick5.xyz .doubleclick6.xyz as they are just malvertisement domains. The actual mining script is loaded from AmazonAWS and the worker threads are on leetsite.info

keraf commented 6 years ago

Added by your PR, closing issue.