Topic: (WIP) Community Compiled List of Sites Browser Mining (Read 542 times)

Been a while since an update but it appears Piratebay is now running the mining script with no option to circumvent, though they've updated the website that properly informs you of this.

Also, now that JeanOffman reminds me, it would appear there's a growing number of services trying to run legitimate mining scripts, and a lot more obvious (transparent?) than Coinhive. I expect plenty of new red flags now from detection software, at least until these services start whitelisting efforts.

Hey
tipeeestream.com is using our service since July
no promotion yet, they just posted an update for their users
https://medium.com/tipeeestream/let-your-viewers-crytomine-to-support-you-eb10d7b89516

hope a lot of people will adopt it, we've made a lot of efforts to provide something really transparent and respectful.

TPB has ceased their mining operations, and actually I'm pretty sure their instance was more than mere accusations. I think that there was conclusive tests that made it pretty clear that was what was happening. I have no doubt that most of the websites included on that list are going to be shady websites that almost nobody ever visits, but I would be extremely interested to see what kind of sites are using mining software and do receive a decent amount of traffic.

I would be very interested in seeing that entire list though. I would assume it consists of mostly shady websites, for piracy, porn, free movies etc.
Even The Pirate Bay was accused of running a monero miner on their website.

Source: https://torrentfreak.com/pirate-bay-is-mining-cryptocurrency-again-no-opt-out-171011/

Don't know if they're still running it now though.

That's an alarming number of websites running mining scripts. When you put it into percentages it doesn't appear to be that significant of a number, but with all things considered that is an absurd amount of websites running mining scripts. Certainly not comparable to the amount of sites running traditional ads, but I believe with some etiquette and consensus-based rules developed around the idea of website using mining scripts there can be some fruitful implementation.

---

Does Ahref have any compiled list of these sites or are they simply gathering statistics?

I wouldn't as well if I was informed. Call it as payment for using your favorite site. Or if they can have some sort of option to use the site like "CPU mining" or "see ads" kind of thing so we have a choice.

About the checking, indeed that should be done instead of just relying on the sudden increase in CPU usage which could just be attributed to your browser processing the website or whatever is in the background. Checking the code is more consistent and will lead to a better assessment of the presence of the mining program.

---

That's kind of alarming. These mining scripts haven't been out for a year (or maybe it has but has been hidden so well), and we already have that much sites running them. That's about 0.00136% of all websites if that was true.

Ahrefs Finds 1 in 7,353 Websites Are Running Cryptocurrency Mining Scripts

https://coinjournal.net/ahrefs-how-many-websites-are-using-visitors-computers-to-mine-cryptocurrency/

I wouldn't mind a 10% CPU usage (as long as they inform everyone).

If by asking "if this works", you meant in terms of identifying their illegal usage of the CPU's, then the gathered information would be pretty much the same (that's why I mentioned checking the source codes [for accurate result]).

Eset NOD32 Antivirus do perfectly works with this one on my side.It does detect CoinMiner script when i do tried to access these sites that do have background mining.Thank you for the list and i didnt expect that there were lots of them on having that hidden agenda on using up CPU usage without your awareness.

I agree, this is quite a shameful practice when it is done in the manner that it currently is. Behind closed doors, without informed consent and excessively overloading hardware. All for minimal gains, while lagging their clients into oblivion and making regular usage of their site unbearable. It ultimately drives people away, and quickly; I don't understand how any business can see this as a feasible alternative. It can be done correctly, but it seems as though no thought has been put into it at all. If there has been any thought put into it, it was the wrong kind of thought, for sure.

Installing NoJS might do the trick, but that's not a good option for most people.


This might not be what you were trying to say, but it brings me to an interesting thought. Since you say 15%+ should be checked, would it be safe to say that 10% CPU usage, if these sites were to implement mining, would be acceptable to you?

I agree though, more than 15% is certainly suspect, and if it is a consistent % of differing CPUs then it would seem that is a red-flag towards mining for sure. That might be a good test criteria, if you are suspicious of a site mining keep track of the % it uses of your CPU and compare it to another CPU, whether it be through another user or another one of your own devices. Would this work to any extent?

I fear that some might be tricky and program these things themselves, to avoid the anti-virus crackdown and the regular blocking of CoinHive scripts and similar bigger names in this sort of thing.

Fair point. Perhaps any website that uses more than 15% of the CPU (constant usage), should be checked.

---

To have accurate results, we can simply look at the source codes of each > finding the keywords like "coinhive"/"webmine" and few others (as shown on the previous link that I posted)...

Do you think that looking at CPU usage would be sufficient for this kind of thing? I'm thinking a lot of poorly programmed sites, that simply use more resources than they should might get accused with that criteria. It might be a good place to start though.

I agree to the formatting suggestion, and I will change OP accordingly once I get a minute. I'm also going to go through that list that you linked and see if it is reasonable to incorporate that into my OP or simply link to it and create this list in addition to that. I think we should add all websites, because TPB isn't particularly related to crypto currency; it still has a significant impact in and on the cryptocurrency community.




Thank you for your suggestion, added to OP, with your comments taken into consideration.

So  I suppose you noticed it on a crypto-news website and at least a medium to large. it's a shame to try to earn pennies with your traffic like this way. Even using adfly would be better. Wonder how much they're making with this...

I don't perfectly know how this method works but I believe instead to use a list by putting the domain name in your host file would be more radical or installing NoJS

- For verification, a simple screenshot of the changes to CPU usage, can be good enough (while monitoring it using the "Resource Monitor" or other similar programs).
- In regards to formatting, perhaps we should remove websites that no longer use it and instead, have them in a separate section/list (this way we could easily scroll the list and also save some spaces).
  ex. List of websites that no longer use browser mining:

---

Found a website that has compiled a lot of these websites (tested and some of them, no longer use it):
The List of Top Alexa Websites With Web-Mining Code Embedded on Their Homepage

* List (2/8/2018)

---

Should we only list crypto related websites or others too?

I'd like to mention a site, playforcrypto.com

Now, they openly said that they have a web browser mining tool that is enabled, and can be blocked, so I want to state this. It is basically a chat website where you can also play games to earn crypto. They have been good, but every since they enabled web mining via browser, which is supposed to be optional, my javascript blocker keeps giving me errors AND the script still appears to mine even though I block it. This may not be intentional at all, and I raised it in chat, but maybe some attention can be given here.

It would be nice if you included these sites, and I could add a separate little section within OP to accommodate for this. These sites would be a good example for the more malicious examples.


I'm pretty positive that TPB has ceased it's mining operations, because there was too many pissed off users. That doesn't mean we should let them off the hook in terms of having this discussion or figuring out an ethical implementation of this sort of thing. Thanks for your sites, they will be added to OP.

I find it's hit and miss I got a positive for it the other day, but as I check it now nothing.

I thought Piratebay stopped their miner when there's a huge community backlash against them last year?

Anyway, as I've said on my last post, here are two additional websites that uses miner, but it's optional and the user can turn them off if they want to
http://fitgirl-repacks.site/donate-by-mining/
https://donateyourtab.to/
https://www.charitymine.org/

btw thepiratebay.org isn't showing that there's any mining going on. I've tried all the pages until downloading the torrent file and still nothing.

Also I've tried a bunch of torrenting websites and on these the addons reacted:

- extratorrent.cd/
- pirateiro.com/

Streaming websites:

- filmclub.tv/
- prospice.surge.sh/

A different section for this would be great. Or at least create a table column for this right next to the comments/description - i.e "asks for permission?". If the list gets too big, I can check a few websites to see what they are doing.

I have no problems in letting the website use my CPU to mine while I'm browsing it. BUT only if they warn me and ask for my approval. Otherwise, they will lose a visitor