Spaceman Spiff

Maybe it's just my computer (old i7-3xxx quad core workstation laptop) but closed out some heavier duty programs (SolidWorks/Mastercam and LabView if it matters) and noticed my laptop attempting to interview for a job as a wind tunnel along with really high CPU usage... If purposeful I think this is incredibly dishonest and sleazy.

miner active on homepage


after I end task corresponding to the MR.net tab

phocup

You're not crazy. My CPU usage jumped from 18% with 20+ tabs open to 78% usage with just that site.

Spaceman Spiff

concealer404

iTrader: (3)

Same here.

Also interesting to me: That site still exists.

Spaceman Spiff

¯\_(ツ)_/¯

the search for good used parts deals knows no end

Joe Perez

iTrader: (8)

Spent a little time analyzing the page. I don't think they're doing anything malicious in the background, looks like it's just really poor-quality scripting and way too many external calls.

whitrzac

iTrader: (1)

Took my overclocked 8core 5960x to 70% too. That's a lot of power and heat....

Erat

iTrader: (5)

Even my 1800x was feeling it.

HarryB

I noticed that too; however this has happened here as well last year if I recall correctly. Has anyone contacted the administrators over there?

Reverant

iTrader: (10)

I blame this script: https://play.pocketgolf.host/start.php

Bryan

For the record, it's working fine now. Seems to have been an issue with server disk space. Forum needs to move to a new host.

mgeoffriau

iTrader: (7)

For the record, no, it isn't. It still makes my CPU jump from 5-15% utilization to 75%+ utilization.

Bryan

I refreshed the page once I went and all was well. Didn't have to close my browser.

Of course, now that I check again, it's back up. Guessing until the forum moves servers it'll be an issue.

mgeoffriau

iTrader: (7)

Why would low disk space on the web server cause the CPU on my local machine to spike?

tehsuck

Glad it's not just me. When you have dual 8-core Xeons and you suddenly hear your fans kick on under normal usage, something's not right.

Edit: Also just realized it's my first post here after lurking for some time. I'm getting ready to build a turbo Miata, I swear! MSPNP2 arrives tomorrow!

gooflophaze

You're not wrong. Chrome -> ctrl+shift+i -> select and pause, cpu usage drops. js is pretty damn obsfucated (php my ***) dns whois is blocked, main page is blank. Only thing discernable is a callout to feesocrald.com which links to a google doc. Popped play.pockegolf.host into my hosts file, no problem. Also - chrome has it's own taskmanager (shift esc) that'll show which thread is beating up the cpu.

Storage my ***.

sixshooter

iTrader: (12)

Pocketgolf is playing pocketpool inside your computer?

gooflophaze

Pretty much, yeah.

More damning - started replacing the obsfucated hex strings with barnyard animal names to see if I could actually follow the code. While I was doing that pasted a few of the variable names into google to see if they were simply ascii bytes - and ran across https://www.hybrid-analysis.com/samp...ironmentId=100 - I'd not seen this analyzer before, so I threw pocketgolf into it - and yeap, it's tainted as ****. https://www.hybrid-analysis.com/samp...a3e105000e46e3

tehsuck

I'm not THAT much of a computer whiz, but I'd say something's doing some mining, for sure.

Also, that's from pinning 16 logical processors on a dual Xeon E5-2687W setup to 100%.

Joe Perez

iTrader: (8)

That's some good investigating there.