urlscan.io logo urlscan.io
SecurityTrails logo

www.troyhunt.com Open in urlscan Pro
2606:4700:3030::ac43:ddf5  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://malware.wicar.org/data/js_crypto_miner.html
Effective URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-con...
Submission: On May 26 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 1 countries across 13 domains to perform 26 HTTP transactions. The main IP is 2606:4700:3030::ac43:ddf5, located in and belongs to . The main domain is www.troyhunt.com.
TLS certificate: Issued by E1 on May 6th 2023. Valid for: 3 months.
This is the only time www.troyhunt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2607:ff18:80::615 (United States)

ASN40630 (GRIDFURY-AS, US)
malware.wicar.org
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
coinhive.com
6    2606:4700:3030::ac43:ddf5 (None, )

ASN- ()
www.troyhunt.com
1    2a00:1450:4001:827::200a (None, )

ASN- ()
fonts.googleapis.com
1    2606:4700::6811:190e (None, )

ASN- ()
cdnjs.cloudflare.com
1    2606:2800:234:59:254c:406:2366:268c (None, )

ASN- ()
platform.twitter.com
1    2606:4700::6811:b658 (None, )

ASN- ()
troyhunt.report-uri.com
Domain Requested by
6 www.troyhunt.com 1 redirects coinhive.com
www.troyhunt.com
1 troyhunt.report-uri.com malware.wicar.org
1 platform.twitter.com www.troyhunt.com
1 cdnjs.cloudflare.com www.troyhunt.com
cdnjs.cloudflare.com
1 fonts.googleapis.com www.troyhunt.com
1 coinhive.com malware.wicar.org
1 malware.wicar.org
0 www.gravatar.com Failed www.troyhunt.com
0 troyhunt.disqus.com Failed www.troyhunt.com
0 bloghelpers.troyhunt.com Failed www.troyhunt.com
0 www.youtube.com Failed www.troyhunt.com
0 fonts.gstatic.com Failed fonts.googleapis.com
0 www.googletagmanager.com Failed www.troyhunt.com
0 cdn.jsdelivr.net Failed www.troyhunt.com
26 14

This site contains no links.

Subject Issuer Validity Valid
coinhive.com
GTS CA 2P2		 2023-05-18 -
2023-08-16		 3 months crt.sh
troyhunt.com
E1		 2023-05-06 -
2023-08-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-06 -
2023-11-06		 a year crt.sh
*.report-uri.com
E1		 2023-04-05 -
2023-07-04		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Frame ID: 88C459D11F80116080C00370F32176A6
Requests: 25 HTTP requests in this frame

Frame: https://www.youtube.com/embed/EhmekYj1pIY
Frame ID: BFFDD643BA0F64A88ACB5BF5BB105E98
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://malware.wicar.org/data/js_crypto_miner.html Page URL
  2. https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-... HTTP 301
    https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • coinhive\.com/lib
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Page Statistics

26
Requests

38 %
HTTPS

100 %
IPv6

13
Domains

14
Subdomains

8
IPs

1
Countries

75 kB
Transfer

251 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://malware.wicar.org/data/js_crypto_miner.html Page URL
  2. https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies HTTP 301
    https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
js_crypto_miner.html
malware.wicar.org/data/ 		366 B
627 B 		Document
General
Check archive.org
Download Go to
Full URL
http://malware.wicar.org/data/js_crypto_miner.html
Protocol
HTTP/1.1
Server
2607:ff18:80::615 , United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
Software
Apache /
Resource Hash
fa9b55c8cf28b2df3218df833a4ff4865426645982bcabe89893c98bebbc4fb3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
287
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 May 2023 10:28:01 GMT
ETag
"16e-570a1fba16c47"
Keep-Alive
timeout=5, max=100
Last-Modified
Tue, 10 Jul 2018 09:44:57 GMT
Server
Apache
Vary
Accept-Encoding
Via
e1
coinhive.min.js
coinhive.com/lib/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://coinhive.com/lib/coinhive.min.js
Requested by
Host: malware.wicar.org
URL: http://malware.wicar.org/data/js_crypto_miner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
39f7a131d7976b1cbbf08c89727ba5c1b5c384152ed65bc83198bca315be5a88

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://malware.wicar.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:28:02 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Tue, 02 Nov 2021 00:44:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"806233d282cfd71:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hP0SqJSgruyD3lVqi6%2Fla%2BEgbeepWcoDTH97Jkgvc85JeVvjewzrczIg%2FiNZME1SAr1vI%2BYxoraV5JopWorWMhXaqaaXB53wkPRj21eWQNE6RMNlhGTgOV5kV9pT2KD2QFcQu74feGUzgtY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
access-control-allow-origin
*
cf-ray
7cd55434995dbaed-MXP
alt-svc
h3=":443"; ma=86400
Primary Request /
www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Redirect Chain
  • https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies
  • https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
61 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Requested by
Host: coinhive.com
URL: https://coinhive.com/lib/coinhive.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:ddf5 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
43e66abb2e19ca7ea907b7669f0fb5fc2e2d5d81135f3de328b3ed13c6aa1a99
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce

Request headers

Referer
http://malware.wicar.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=14400
cf-cache-status
REVALIDATED
cf-ray
7cd55459880fbaa9-MXP
content-encoding
br
content-security-policy
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
content-type
text/html; charset=utf-8
date
Fri, 26 May 2023 10:28:07 GMT
expect-ct
max-age=0, report-uri=https://troyhunt.report-uri.com/r/d/ct/reportOnly
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
ghost-age
0
ghost-cache
MISS
ghost-fastly
true
nel
{"report_to":"default","max_age":10886400}
referrer-policy
no-referrer-when-downgrade
report-to
{"group":"default","max_age":10886400,"endpoints":[{"url":"https://troyhunt.report-uri.com/a/d/g"}],"include_subdomains":true}
server
cloudflare
status
200 OK
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Cookie, Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
5, 1
x-content-type-options
nosniff
x-request-id
18f23b02-cac3-4452-8c23-f694d5c9aaf9 18f23b02-cac3-4452-8c23-f694d5c9aaf9
x-served-by
cache-ams12757-AMS, cache-mxp6961-MXP
x-timer
S1684829338.317609,VS0,VE1
x-xss-protection
1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce

Redirect headers

age
4836940
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=31536000
cf-cache-status
HIT
cf-ray
7cd554593f9cbaa9-MXP
content-length
0
content-security-policy
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
date
Fri, 26 May 2023 10:28:07 GMT
expect-ct
max-age=0, report-uri=https://troyhunt.report-uri.com/r/d/ct/reportOnly
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
ghost-age
0
ghost-cache
MISS
ghost-fastly
true
location
/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
nel
{"report_to":"default","max_age":10886400}
referrer-policy
no-referrer-when-downgrade
report-to
{"group":"default","max_age":10886400,"endpoints":[{"url":"https://troyhunt.report-uri.com/a/d/g"}],"include_subdomains":true}
server
cloudflare
status
301 Moved Permanently
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Cookie, Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
34, 1
x-content-type-options
nosniff
x-request-id
fa73ea6525b2a1ec435bd37cb1f16e52 fa73ea6525b2a1ec435bd37cb1f16e52
x-served-by
cache-ams12736-AMS, cache-mxp6931-MXP
x-timer
S1680259948.918821,VS0,VE1
x-xss-protection
1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce
main.min.css
www.troyhunt.com/assets/css/ 		26 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.troyhunt.com/assets/css/main.min.css?v=36bd10e306
Requested by
Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:ddf5 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
0cb5c6e45e7598de4a59628e62a87656f8fd23005f905d54d0cb2bd4133228eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

ghost-age
0
date
Fri, 26 May 2023 10:28:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
age
267549
content-encoding
br
x-cache
HIT, HIT
status
200 OK
alt-svc
h3=":443"; ma=86400
ghost-fastly
true
x-request-id
0051593d-ae68-4505-a304-60fd8635177c, 0051593d-ae68-4505-a304-60fd8635177c
x-served-by
cache-ams21080-AMS, cache-mxp6973-MXP
last-modified
Tue, 15 Nov 2022 16:31:26 GMT
server
cloudflare
x-timer
S1684829339.525619,VS0,VE1
etag
W/"6865-1847c219426"
vary
Cookie, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fm9SmLZo7izbPCeD5NYc7Payi6e6S%2BFmRdvSeTgd7jhCqzbUrfgum%2BIkywWuiG48I6SIyY9uycqepS%2BvxYUZZzMkEZ9VFcKKd38P%2B2DsaFRzURSkzwBfLkZmtcSyIifdTYTcmGtjsiYtno%2FxdKi8"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
ghost-cache
MISS
cf-ray
7cd55459eacabab5-MXP
x-cache-hits
5, 1
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Vollkorn:400,400italic,700,700italic
Requested by
Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 26 May 2023 10:28:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 26 May 2023 10:28:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 26 May 2023 10:28:07 GMT
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Origin
https://www.troyhunt.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 10:28:07 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
286050
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vd3BXWWv44YAe9MIY%2FeeKz4vowo12CbkBqxB0zCP9ulcW%2Blj9eh84X7zENOKBp1uNWXxIFaGp7H8hTsZlpa64aHI7uVQqXrBkdZpTJPxyX9pqL3tELb1Ghl8AXypTyqnlh04VDjsdXncNX%2FkJmA1LIo5"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cd5545a2ae3bb2f-MXP
expires
Wed, 15 May 2024 10:28:07 GMT
portal.min.js
cdn.jsdelivr.net/ghost/portal@~2.32/umd/ 		0
0
sodo-search.min.js
cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/ 		0
0
cards.min.js
www.troyhunt.com/public/ 		0
0
cards.min.css
www.troyhunt.com/public/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.troyhunt.com/public/cards.min.css?v=36bd10e306
Requested by
Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:ddf5 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
290f1248a1c600a4651c1843010368ae84b82e34a92d9bbee2bf5eecaa519e07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

ghost-age
0
date
Fri, 26 May 2023 10:28:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
age
267549
content-encoding
br
x-cache
HIT, HIT
status
200 OK
alt-svc
h3=":443"; ma=86400
ghost-fastly
true
x-request-id
273889cb-57a0-4c51-b980-9fb80e9f4860, 273889cb-57a0-4c51-b980-9fb80e9f4860
x-served-by
cache-ams12738-AMS, cache-mxp6931-MXP
server
cloudflare
x-timer
S1684829339.536366,VS0,VE1
etag
W/"a9a023a05538774958839ef507041c61"
vary
Cookie, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTC3zfaZ8Q4I3Z29IRBaW%2BsqWLa6tWmVuZ%2BMHuxlrycQAPGp%2FrU4%2BZoWVfZYWdt2Tbr76VPPT%2Bxz1cGjnHXT8BHDV9pHWfJ5V%2BnFiguGPeg%2Fh0rL2DML8T3wPMesJnuUW%2BRgFIg2eUIu8J4YLJid"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
ghost-cache
MISS
cf-ray
7cd55459eaccbab5-MXP
x-cache-hits
5, 1
member-attribution.min.js
www.troyhunt.com/public/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.troyhunt.com/public/member-attribution.min.js?v=36bd10e306
Requested by
Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:ddf5 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
0b144beb896e0d7612e0eeab489e4e682adac07cbc139924ce892bde3ccd3605
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

ghost-age
0
date
Fri, 26 May 2023 10:28:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
age
267549
content-encoding
br
x-cache
HIT, HIT
status
200 OK
alt-svc
h3=":443"; ma=86400
ghost-fastly
true
x-request-id
2fbc05ad-72a5-416d-a269-b299706ce79d, 2fbc05ad-72a5-416d-a269-b299706ce79d
x-served-by
cache-ams12731-AMS, cache-mxp6967-MXP
server
cloudflare
x-timer
S1684829339.535702,VS0,VE1
etag
W/"909b42c515ee6c2aece5a3f270049f98"
vary
Cookie, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ux5X1k%2FHjklyZeT%2BgIFE7gq6pecdkgBJ298xarx7v5RgVt8wadyW3gvRtQxkoKis7ia8G%2BI0iZKzXI6nYhRnww4PU5ZHqgZCpan6CbRKDtjyWbVUhR3u2bNrFDQEt56FcY%2BwcfvJptclPWlmnjrO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
ghost-cache
MISS
cf-ray
7cd55459fb0bbab5-MXP
x-cache-hits
5, 1
js
www.googletagmanager.com/gtag/ 		0
0
widgets.js
platform.twitter.com/ 		91 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c -, , ASN (),
Reverse DNS
Software
ECS (mil/6CE8) /
Resource Hash
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Fri, 26 May 2023 10:28:07 GMT
Content-Encoding
gzip
Age
560
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
27630
Last-Modified
Tue, 24 Jan 2023 21:41:51 GMT
Server
ECS (mil/6CE8)
Etag
"9e99725b7a4cd730a934afba2a438bb5+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
Vary
Accept-Encoding
Logo-2.svg
www.troyhunt.com/content/images/2017/11/ 		4 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.troyhunt.com/content/images/2017/11/Logo-2.svg
Requested by
Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:ddf5 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

ghost-age
0
date
Fri, 26 May 2023 10:28:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
age
4836939
content-encoding
br
x-cache
HIT, HIT
status
200 OK
alt-svc
h3=":443"; ma=86400
ghost-fastly
true
x-request-id
5d08e535-53eb-480e-90e1-c7a275ab4807, 5d08e535-53eb-480e-90e1-c7a275ab4807
x-served-by
cache-ams21028-AMS, cache-mxp6976-MXP
last-modified
Wed, 01 Nov 2017 08:13:50 GMT
server
cloudflare
x-timer
S1680259948.280181,VS0,VE1
etag
W/"ff3-15f76a4c508"
vary
Cookie, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CYOQT5ZfC7uH4xf%2FVueAg8p%2FqORx09AvVwGv%2Bl4PutXl3MNTnJ%2Ft4qs%2BEtJVzyI%2Fkm5FWqG00JbCswXO8a1TcxI6KCCK09wbfLbP0xmniMjL19hX3sbP01pfxGsFfRQj3fDJ%2FL9jThO1H9nhR2yF"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=31536000
ghost-cache
MISS
cf-ray
7cd55459fb0ebab5-MXP
x-cache-hits
33, 1
enforce
troyhunt.report-uri.com/r/d/csp/ 		0
595 B 		Other
General
Check archive.org
Download Go to
Full URL
https://troyhunt.report-uri.com/r/d/csp/enforce
Requested by
Host: malware.wicar.org
URL: http://malware.wicar.org/data/js_crypto_miner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b658 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

Referer
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 26 May 2023 10:28:07 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
7cd5545a4cc8d61c-MXP
alt-svc
h3=":443"; ma=86400
content-length
0
0yb9GDoxxrvAnPhYGxkpaE0.woff2
fonts.gstatic.com/s/vollkorn/v22/ 		0
0
EhmekYj1pIY
www.youtube.com/embed/ Frame BFFD 		0
0
BlogData
bloghelpers.troyhunt.com/api/ 		0
0
embed.js
troyhunt.disqus.com/ 		0
0
2021-03-29_17-11-30.png
www.troyhunt.com/content/images/2021/03/ 		0
0
c5531bfb7d76cdaa370c7baf6053288d
www.gravatar.com/avatar/ 		0
0
0yb7GDoxxrvAnPhYGxksWE8eqQ.woff2
fonts.gstatic.com/s/vollkorn/v22/ 		0
0
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 		0
0
image-60.png
www.troyhunt.com/content/images/2021/03/ 		0
0
image-61.png
www.troyhunt.com/content/images/2021/03/ 		0
0
image-62.png
www.troyhunt.com/content/images/size/w1000/2021/03/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.jsdelivr.net
URL
https://cdn.jsdelivr.net/ghost/portal@~2.32/umd/portal.min.js
Domain
cdn.jsdelivr.net
URL
https://cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/sodo-search.min.js
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/public/cards.min.js?v=36bd10e306
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-B895JNTH7Z
Domain
fonts.gstatic.com
URL
https://fonts.gstatic.com/s/vollkorn/v22/0yb9GDoxxrvAnPhYGxkpaE0.woff2
Domain
www.youtube.com
URL
https://www.youtube.com/embed/EhmekYj1pIY
Domain
bloghelpers.troyhunt.com
URL
https://bloghelpers.troyhunt.com/api/BlogData
Domain
troyhunt.disqus.com
URL
https://troyhunt.disqus.com/embed.js
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/content/images/2021/03/2021-03-29_17-11-30.png
Domain
www.gravatar.com
URL
https://www.gravatar.com/avatar/c5531bfb7d76cdaa370c7baf6053288d?s=250&d=mm&r=x
Domain
fonts.gstatic.com
URL
https://fonts.gstatic.com/s/vollkorn/v22/0yb7GDoxxrvAnPhYGxksWE8eqQ.woff2
Domain
cdnjs.cloudflare.com
URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/content/images/2021/03/image-60.png
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/content/images/2021/03/image-61.png
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/content/images/size/w1000/2021/03/image-62.png

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Domain/Path Name / Value
.coinhive.com/ Name: ARRAffinitySameSite
Value: 40fc15413fa8d173064167bbda383f5287d379b2d61b3ef3bd108f33e8f6768b

2 Console Messages

Source Level URL
Text
security error URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: about:blank
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.