Security News > 2021 > April > Coinhive domain repurposed to warn visitors of hacked sites, routers
After taking over the domains for the notorious Coinhive in-browsing Monero mining service, a researcher is now displaying alerts on hacked websites that are still injecting the mining service's JavaScript.
Two years later, CoinHive is still injected on sites.
As these domains are hosted behind Cloudflare, Hunt has utilized their built-in analytics to see that a tremendous amount of visitors still attempt to load JavaScript from the CoinHive domains.
From the analysis of the sites referring traffic to the Coinhive domains, Hunt stated that CoinHive scripts are still injected mostly from China and Russia websites.
Today, Hunt revealed that he is now redirecting the coinhive.com domain to his new blog post about Coinhive at TroyHunt.com.
While Hunt uses the Coinhive domains for good purposes, such as warning a site's visitors of the injected scripts, his use of the Coinhive domains illustrates how bad actors could use abandoned domains to inject scripts into unsuspecting visitor's browsers.