URL: https://coinhive.com/
Submission: On December 07 via manual
This website contacted 4 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. Of those, 10 were HTTPS (100 %) and 0% were IPv6.
The main IP is 94.130.129.243, located in Ukraine and belongs to HETZNER-AS, DE. The main domain is coinhive.com. It took 0.111 seconds to load this page.
Potentially malicious content or behaviour on this page! — Show Details
IP Address AS Autonomous System
7 94.130.129.243 24940 (HETZNER-AS)
2 94.130.128.151 24940 (HETZNER-AS)
1 94.130.128.243 24940 (HETZNER-AS)
10 4
Domain
Subdomains
Transfer
9 coinhive.com
203 KB
1 authedmine.com
3 KB
10 2
Domain Requested by
9 coinhive.com coinhive.com
1 authedmine.com coinhive.com
10 2

This site contains links to these domains. Also see Links.

Domain
cnhv.co
Subject Issuer Validity
*.coinhive.com COMODO RSA Domain Validation Secure Server CA 2017-09-28 -
2018-09-28
*.authedmine.com COMODO RSA Domain Validation Secure Server CA 2017-10-13 -
2018-10-13

Screenshot (click to see full image)
Image


(Web Servers) Website
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i


Type # X-Fer Size IPs
Image 5 93 KB 93 KB 1.0x 2 1
Script 2 4 KB 11 KB 2.7x 2 1
Media 1 105 KB 105 KB 1.0x 1 1
Stylesheet 1 4 KB 14 KB 3.3x 1 1
Document 1 0 B 11 KB Infinityx 1 1
Total 10 206 KB 235 KB 1.1x 4 1
Domain # X-Fer Size
coinhive.com 9 203 KB 225 KB 1
authedmine.com 1 3 KB 8 KB 1
IP # X-Fer Size
94.130.129.243 7 79 KB 105 KB
94.130.128.151 2 22 KB 23 KB
94.130.128.243 1 105 KB 105 KB
Protocol # X-Fer Size IPs
http/1.1 10 206 KB 233 KB 3 1
State # X-Fer Size IPs
secure 10 206 KB 233 KB 3 1

Cipher breakdown

Protocol #
TLS 1.2 / ECDHE_RSA / AES_128_GCM 10
Protocol # X-Fer Size IPs
nginx 10 206 KB 233 KB 3 1

Server locations

Server locations

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Adblocked /
11 KB
0
Document
General
Full URL
https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.129.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.129.130.94.clients.your-server.de
Software
nginx /
Resource Hash
60a0f23da4c0cabee71c02459073407d34804bfacefefbd74d8467a0c3960fd2
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
coinhive.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
Content-Type
text/html;charset=UTF-8
Adblocked styles.css?v3
/media
14 KB
4 KB
Stylesheet
General
Full URL
https://coinhive.com/media/styles.css?v3
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.129.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.129.130.94.clients.your-server.de
Software
nginx /
Resource Hash
bfbe68a1acee1a71e928f9e192acc1c57c6ff602490ae5f2d1823cfc4d0cad12
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Nov 2017 10:57:39 GMT
Server
nginx
ETag
W/"5a0d6f23-38d3"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
Adblocked scripts.js
/media
2 KB
1 KB
Script
General
Full URL
https://coinhive.com/media/scripts.js
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.128.151 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.151.128.130.94.clients.your-server.de
Software
nginx /
Resource Hash
29e7205ed9d518a1f91758794b9ae83fdd2cfb517ce8b6c6b54fa929c0d48b6a
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Content-Encoding
gzip
Last-Modified
Mon, 02 Oct 2017 11:20:59 GMT
Server
nginx
ETag
W/"59d2211b-8e9"
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
Connection
keep-alive
Adblocked coinhive-icon.png
/media
8 KB
8 KB
Image
General
Full URL
https://coinhive.com/media/coinhive-icon.png
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.129.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.129.130.94.clients.your-server.de
Software
nginx /
Resource Hash
9ba77246c8ea90838d94d004a5b4330eb72002f515cc1e2a49ac085907a57429
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Last-Modified
Wed, 20 Sep 2017 10:16:55 GMT
Server
nginx
ETag
"59c24017-2135"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8501
Adblocked simple-ui.min.js
authedmine.com/lib
8 KB
3 KB
Script
General
Full URL
https://authedmine.com/lib/simple-ui.min.js
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.129.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.129.130.94.clients.your-server.de
Software
nginx /
Resource Hash
0400c503ddd9a5220898023bdb1c263c3272b6ad9ebfed4a98ce92290e17ad18
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
authedmine.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
*/*
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Nov 2017 15:47:32 GMT
Server
nginx
ETag
W/"5a159c14-21ed"
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=28800
Connection
keep-alive
Expires
Thu, 07 Dec 2017 19:46:16 GMT
Adblocked block.png
/media/icons
21 KB
21 KB
Image
General
Full URL
https://coinhive.com/media/icons/block.png
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.128.151 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.151.128.130.94.clients.your-server.de
Software
nginx /
Resource Hash
e6c476d767abc194eeaeca4b047f74e25cea05ef2cd5aa44802ef2a56aee1e24
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Last-Modified
Mon, 18 Sep 2017 15:26:56 GMT
Server
nginx
ETag
"59bfe5c0-5237"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21047
Adblocked link.png
/media/icons
21 KB
21 KB
Image
General
Full URL
https://coinhive.com/media/icons/link.png
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.129.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.129.130.94.clients.your-server.de
Software
nginx /
Resource Hash
3f94dffb107cb53821d737042039090228889096ea4b2c31cd59ea12043d2192
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Last-Modified
Wed, 20 Sep 2017 10:16:55 GMT
Server
nginx
ETag
"59c24017-5275"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21109
Adblocked diamond.png
/media/icons
22 KB
22 KB
Image
General
Full URL
https://coinhive.com/media/icons/diamond.png
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.129.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.129.130.94.clients.your-server.de
Software
nginx /
Resource Hash
b3be3130cccd9e6417904f414c752538716e2aca86b73bc35dd45b6f6c008212
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Last-Modified
Wed, 20 Sep 2017 10:16:55 GMT
Server
nginx
ETag
"59c24017-58ab"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22699
Adblocked no-comm.png
/media/icons
21 KB
21 KB
Image
General
Full URL
https://coinhive.com/media/icons/no-comm.png
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.129.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.129.130.94.clients.your-server.de
Software
nginx /
Resource Hash
eb506a569ea3e7b1d80a3a84bad9cb177aa8dd58f8cd81e21553d5993f7573b6
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://coinhive.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://coinhive.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Last-Modified
Wed, 20 Sep 2017 10:16:55 GMT
Server
nginx
ETag
"59c24017-5438"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21560
Adblocked captcha-animation.mp4
/media
105 KB
105 KB
Media
General
Full URL
https://coinhive.com/media/captcha-animation.mp4
Requested by
Host: coinhive.com
URL: https://coinhive.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.128.243 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.243.128.130.94.clients.your-server.de
Software
nginx /
Resource Hash
7036431cd4c878788dc0922838805415fbdb17953f6e2cc2caccfc377fc4b52c
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
identity;q=1, *;q=0
Host
coinhive.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
chrome-proxy
frfr
Accept
*/*
Cache-Control
no-cache
Referer
https://coinhive.com/
Connection
keep-alive
Range
bytes=0-
Referer
https://coinhive.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Range
bytes=0-
chrome-proxy
frfr

Response headers

Date
Thu, 07 Dec 2017 11:46:16 GMT
Last-Modified
Sun, 17 Sep 2017 19:12:44 GMT
Server
nginx
ETag
"59bec92c-1a421"
Content-Type
video/mp4
Content-Range
bytes 0-107552/107553
Connection
keep-alive
Content-Length
107553
data:truncated
data:truncated
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Malicious behaviour and content

CoinHive CryptoJacking Matches known CoinHive JavaScript variables

Type: javascript
Value: CoinHive (Known JavaScript global variable )

CoinHive CryptoJacking Matches known CoinHive domains, Information

Type: url
Value: https://coinhive.com/ (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/styles.css?v3 (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/scripts.js (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/coinhive-icon.png (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/icons/block.png (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/icons/link.png (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/icons/diamond.png (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/icons/no-comm.png (Known CoinHive domain)
Type: url
Value: https://coinhive.com/media/captcha-animation.mp4 (Known CoinHive domain)

Generic CryptoJacking Matches various CryptoJacking domains, Information

Type: url
Value: https://authedmine.com/lib/simple-ui.min.js (Known mining domain)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onafterprint object| onbeforeprint function| FormatLocalTime function| SH object| CoinHive

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

0 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source Level URL
Text

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

X-Frame-Options
SAMEORIGIN