# Newegg crypto-mining?



## lexluthermiester (Jun 26, 2018)

Was going to look for something on Newegg and was greeted with this crap;




What the actual eff? Newegg is a retail site that makes money from sales. Why do they suddenly feel the need to cryptomine in the sly? Shady Newegg, very shady.

PS to mods; Couldn't decide were to put this thread, this seemed like the best place. If there's a better location please let me know.


----------



## Old-Greg (Jun 26, 2018)

Sneaky SOB's. It's like a neighbor stealing your Electricity.


----------



## lexluthermiester (Jun 26, 2018)

Old-Greg said:


> Sneaky SOB's. It's like a neighbor stealing your Electricity.


Or your internet over wifi.


----------



## Robert Bourgoin (Jun 26, 2018)

Another reason not to use them.


----------



## lexluthermiester (Jun 26, 2018)

Robert Bourgoin said:


> Another reason not to use them.


I would say it's a reason to give them the virtual smack down..


----------



## DeathtoGnomes (Jun 26, 2018)

Cant say I am surprised, they are owned by China.


----------



## remixedcat (Jun 26, 2018)

Ever since the fake GPU and CPU thing I've been weary of them. I only have bought a couple cheap wifi adapters lately and a 100 dollar dell latitude, but that dell is going to be the last thing I ever get if they keep up this shit.


----------



## DRDNA (Jun 26, 2018)

lexluthermiester said:


> Was going to look for something on Newegg and was greeted with this crap;
> 
> What the actual eff? Newegg is a retail site that makes money from sales. Why do they suddenly feel the need to cryptomine in the sly? Shady Newegg, very shady.
> 
> PS to mods; Could decide were to put this thread, this seemed like the best place. If there's a better location please let me know.



what app are you using for that detection? NoCoin app doesnt show newegg as having a miner...confused...


----------



## dj-electric (Jun 26, 2018)

Yeah. What addon is this?


----------



## Vario (Jun 26, 2018)

Would like to know as well please share.


----------



## R-T-B (Jun 26, 2018)

lexluthermiester said:


> I would say it's a reason to give them the virtual smack down..



I mean, they’ve been hosting third party ads on their site for literally months.  They had fake “flash update” ads slip through a partner ad recently that they removed.

This is likely the same, advertising abuse.  That said, why they feel the need to advertise on a site that is already selling you shit is beyond me...


----------



## Static~Charge (Jun 26, 2018)

DRDNA said:


> what app are you using for that detection? NoCoin app doesnt show newegg as having a miner...confused...





dj-electric said:


> Yeah. What addon is this?


I'm using Mining Blocker 0.53, and it doesn't like the b-s that Newegg is up to.


----------



## lexluthermiester (Jun 26, 2018)

DRDNA said:


> what app are you using for that detection? NoCoin app doesnt show newegg as having a miner...confused...





dj-electric said:


> Yeah. What addon is this?





Vario said:


> Would like to know as well please share.


Literally called "Mining Blocker" for Firefox.


Static~Charge said:


> I'm using Mining Blocker 0.53, and it doesn't like the b-s that Newegg is up to.


And that is the current version.


----------



## Kissamies (Jun 27, 2018)

This made me finally also install a mining blocker.


----------



## lexluthermiester (Jun 27, 2018)

remixedcat said:


> Ever since the fake GPU and CPU thing I've been weary of them. I only have bought a couple cheap wifi adapters lately and a 100 dollar dell latitude, but that dell is going to be the last thing I ever get if they keep up this shit.


To be fair, it's still a good place to get stuff, you just have to be careful what you click on.


----------



## remixedcat (Jun 27, 2018)

lexluthermiester said:


> To be fair, it's still a good place to get stuff, you just have to be careful what you click on.



Yeah I gotta pay a lot of attention to the "sold by whatever" thing. Still out of principal it's greasy tho...


----------



## Ryandh (Jun 27, 2018)

this is false positive.  I can see the same miner running on my machine. the miner called "moneta"

the plugin "miner blocker" is very simple, it search all script by the naming. 
Newegg used https://www.monetate.com/ to do tagging mgmt. which contains moneta, then it triggered the mining alarm. 

var searchListContent = ['miner',

    'c-hive',
    '*moneta*',
    'hasCrypto',
    'hashunited'];

  searchListURLS.forEach(function (searchFor){
                    if (no.matches('script') && no.src.toUpperCase().includes(searchFor.toUpperCase())) {
                        no.src = "";
                        scriptsRemove++;
                        console.log("Found mining: "+ searchFor);


----------



## lexluthermiester (Jun 27, 2018)

Ryandh said:


> this is false positive.


*Not false positive.* To test I disabled the plugin and reloaded the page, and magically Firefox was suddenly using 80% of my CPU time. Newegg was the only page open. Closing the browser stopped the CPU usage. Opening it back up and going to Google.com and nothing happens. Going back to Newegg, BAM! 80% CPU usage again. Explain that if it's not mining? Anyone can try this, though, you know, at your own risk.


----------



## jboydgolfer (Jun 27, 2018)

I want to run a performance monitor during a visit to the website and see exactly what % of my pc's hp they're using without my knowledge

i dont see any performance being used......im not doubting the claim, but im having trouble recreating it...

ill tell you , as a person who used to make thousands of $'s worth of purchases each year from NE, they are easily one of the top 3 "must avoid" etailers online today , atleast for tech gear. they have time and time again, let me down for a variety of reasons, most recently, it took nearly 2 &1/2 mopnths to get a refund , from approval, to me getting the funds back!!! this was not just me making the claim, and waiting either, i spent around 5 hours on the phone, and around 3 or so in live chat, trying over & over again to explain the situation to a new support person.....they dont care about you as a consumer, they just want your $$. only for them to ignore their own terms, and refudn me in ways i didnt pay for the item ( i used my debit card, they sent me a f@ckin check!) i dont know if its due to them being bought out, or what, but it DID dstart right around the time that their sale was announced.


----------



## Ryandh (Jun 27, 2018)

lexluthermiester said:


> *Not false positive.* To test I disabled the plugin and reloaded the page, and magically Firefox was suddenly using 80% of my CPU time. Newegg was the only page open. Closing the browser stopped the CPU usage. Opening it back up and going to Google.com and nothing happens. Going back to Newegg, BAM! 80% CPU usage again. Explain that if it's not mining? Anyone can try this, though, you know, at your own risk.



It is *false positive* in this case.  Customers using monatete will get the same warnning ,  *Jcrew/Northface* all got this false positive warring


----------



## R-T-B (Jun 27, 2018)

lexluthermiester said:


> *Not false positive.* To test I disabled the plugin and reloaded the page, and magically Firefox was suddenly using 80% of my CPU time. Newegg was the only page open. Closing the browser stopped the CPU usage. Opening it back up and going to Google.com and nothing happens. Going back to Newegg, BAM! 80% CPU usage again. Explain that if it's not mining? Anyone can try this, though, you know, at your own risk.



Can't really say I am seeing the same here on an unprotected browser.  What's the machine?


----------



## 95Viper (Jun 27, 2018)

For anyone's curiosity...
If you wish to test your browser you can go to:

Opera Cryptojacking Test works to test any browser. Looks like they use a coinhive miner to test.
Quote from urlscan.io about above site:


> This website contacted *7 IPs*    in *3 countries*    across *8 domains* to perform *35 HTTP transactions*.    Of those, *28* were HTTPS (80 %) and    67% were IPv6.
> The main IP is *54.230.93.176*, located in    *Seattle, United States* and    belongs to AMAZON-02 - Amazon.com, Inc., US.    The main domain is cryptojackingtest.com.        It took *0.628 seconds* to load this page.



Mineblock, also, has a test on their site... it is an add-on.  You can try that one if you wish... I did and it said my browser (Edge) block the miner. Looks like they, also, use a coinhive miner to test.
Quote from Mineblock:


> MINEBLOCK is the only way to block the crypto mining scripts and web miners that are currently taking over the internet. The miners run cryptocurrency algorithm using your CPU, your electricity and thus your money so they can hash coins and earn crypto cash without your knowledge!


Quote from urlscan.io about Mineblock:


> This website contacted *2 IPs*    in *1 countries*    across *2 domains* to perform *10 HTTP transactions*.    Of those, *9* were HTTPS (90 %) and    100% were IPv6.
> The main IP is *2400:cb00:2048:1::6818:7208*, located in    *United States* and    belongs to CLOUDFLARENET - Cloudflare, Inc., US.    The main domain is mineblock.org.        It took *0.955 seconds* to load this page.



If you wish to test a website you can go here, Who is Mining?, and enter the site address and see the result.
Quote from urlscan.io on the site who is Mining?:


> This website contacted *4 IPs*    in *2 countries*    across *4 domains* to perform *5 HTTP transactions*.    Of those, *4* were HTTPS (80 %) and    75% were IPv6.
> The main IP is *34.215.3.167*, located in    *Boardman, United States* and    belongs to AMAZON-02 - Amazon.com, Inc., US.    The main domain is whoismining.com.        It took *0.507 seconds* to load this page.



It seems the Opera Crytojacking Test and Who is mining are owned by, maybe, Amazon.com, Inc., US

I tried Newegg and NeweggBusiness, both, and they came up clean... TPU came up clean, too.


----------



## lexluthermiester (Jun 27, 2018)

Ryandh said:


> It is *false positive* in this case. Customers using monatete will get the same warnning , *Jcrew/Northface* all got this false positive warring


FYI, I'm not a moron and know what I was witnessing.  Just tried both of those sites and nothing. The plugin literally shows, "Nothing Found", but Newegg is also now showing the same and no unusual CPU usage.


R-T-B said:


> Can't really say I am seeing the same here on an unprotected browser. What's the machine?


I'll bet any amount of money they got caught by more than one watchful person and yanked it down. Wouldn't be surprising at all.


----------



## Ryandh (Jun 27, 2018)

lexluthermiester said:


> FYI, I'm not a moron and know what I was witnessing.  Just tried both of those sites and nothing. The plugin literally shows, "Nothing Found", but Newegg is also now showing the same and no unusual CPU usage.
> 
> I'll bet any amount of money they got caught by more than one watchful person and yanked it down. Wouldn't be surprising at all.



there is no magic for the plugin, it';s just keyword matching. could you send me the plugin [ link and version] that you are using? I am a programmer, I can explain the why.


----------



## lexluthermiester (Jun 27, 2018)

Ryandh said:


> there is no magic for the plugin, it';s just keyword matching. could you send me the plugin [ link and version] that you are using? I am a programmer, I can explain the why.


Ok, Install Firefox, look up "Mining Blocker" in the "Add-ons" section, install. You should be able to find the plugin itself in the Mozilla folder inside the "Roaming" folder under the user profile directory.

Given the somewhat iffy activities Newegg has been involved in, it would not be surprising at all to find out they were testing something new to see if anyone would notice.


----------



## Ryandh (Jun 27, 2018)

Who is the author of the plugin you installed , I want to make sure we picked the same


----------



## 95Viper (Jun 27, 2018)

lexluthermiester said:


> FYI, I'm not a moron and know what I was witnessing.  Just tried both of those sites and nothing. The plugin literally shows, "Nothing Found", but Newegg is also now showing the same and no unusual CPU usage.
> 
> I'll bet any amount of money they got caught by more than one watchful person and yanked it down. Wouldn't be surprising at all.



Possible, or, maybe, Newegg found something injected in an ad from one of their advertisers and removed it... could be a hundred different things.
I have even hit on crap at some legit sites and go back and it is gone/removed/etc.  So, it is what it is at that moment. I don't doubt you and what was.

So, no one is offended/upset... I was grinning  'cause I tested TPU.


----------



## lexluthermiester (Jun 27, 2018)

Ryandh said:


> Who is the author of the plugin you installed , I want to make sure we picked the same


cap1000



95Viper said:


> Possible, or, maybe, Newegg found something injected in an ad from one of their advertisers and removed it...


That is very possible. Thing is, I have uBlock Origin installed.. Who knows though.


----------



## HTC (Jun 27, 2018)

A youtube link on a reply is enough to trigger the addon, such as in this case:

https://www.techpowerup.com/forums/...-crypto-miner-cpu-mining.241992/#post-3809678


----------



## lexluthermiester (Jun 27, 2018)

95Viper said:


> So, no one is offended/upset... I was grinning  'cause I tested TPU.


If W1zzard was going to do something like this, he'd make it public so that everyone would be aware.



HTC said:


> A youtube link on a reply is enough to trigger the addon, such as in this case:
> 
> https://www.techpowerup.com/forums/...-crypto-miner-cpu-mining.241992/#post-3809678


OOOooo, that's interesting! It did. This just got real. Maybe the new guy is on to something after all. Plot thickens..

EDIT; although it still wouldn't explain the CPU usage witnessed.. I think 95Viper may have been on to something.


----------



## HTC (Jun 27, 2018)

lexluthermiester said:


> If W1zzard was going to do something like this, he'd make it public so that everyone would be aware.
> 
> 
> OOOooo, that's interesting! It did. This just got real. Maybe the new guy is on to something after all. Plot thickens..
> ...



LOL: now this topic also triggers the addon.

EDIT

Disregard: false alarm.

Closed FF and re-opened and it's gone.


----------



## Ryandh (Jun 27, 2018)

lexluthermiester said:


> cap1000
> 
> 
> That is very possible. Thing is, I have uBlock Origin installed.. Who knows though.


I used the same one

Ligicwise,  you will see the false positive all time. Since it used keyword filtering for the url, moneta matched monetate.com , unless you block monetate or newegg discard it


----------



## R-T-B (Jun 27, 2018)

lexluthermiester said:


> I'll bet any amount of money they got caught by more than one watchful person and yanked it down. Wouldn't be surprising at all.



I mean newegg does do third party ads as mentioned.  I really bet you are correct and it got pulled if what you saw was on anything other than an atom netbook or similar.



lexluthermiester said:


> Given the somewhat iffy activities Newegg has been involved in, it would not be surprising at all to find out they were testing something new to see if anyone would notice.



I mean, it's already iffy as can be IMO to be running poorly vetted third party ads on a commercial site that is supposed to be protecting your private data.

Personally the whole "flash update" debacle earlier this year clued me into how bad they manage this.  Whether or not they are intentionally mining (and I don't care honestly) they are already on my short "naughty list."


----------



## 95Viper (Jun 27, 2018)

Just some info... a PublicWWW search turns up this:





Edit:  However, I don't believe that is what he picked up on, as, Monetate.net seems to be legit.
Monetate At CrunchBase info
They are  AKAMAI-AS - Akamai Technologies, Inc., US 
And, their domains are:


> Domains
> www.buydomains.com
> www.marriott.com
> www.roamans.com
> ...



My opinion...  I think it was something embedded in a third party ad/link.


----------



## DeathtoGnomes (Jun 27, 2018)

the question is: has anyone told newegg or contacted them about this, if this is thru 3rd party, they would want to know.


----------



## Devon68 (Jun 27, 2018)

I installed the mining blocker extension in Chrome and it did say "Mining scheme found" when I opened the newegg page. But task manager showed spu usage 1-3%. Then I saw that the blocker said Mining scheme found*/Stopped* so I disabled the mining blocker extension and my cpu usage spiked for a second and went back to 1-3% so it seems to be a false positive. I also have ublock orgin installed, so it's possible if it's a mining ad it got disabled by ublock.


----------



## lexluthermiester (Jun 27, 2018)

R-T-B said:


> I really bet you are correct and it got pulled if what you saw was on anything other than an atom netbook or similar.


6 core Xeon


----------



## TheMailMan78 (Jun 27, 2018)

I stopped using Newegg when I found out they were treating their customers like Pokemon and giving all their info to the IRS. GOTTA CATCH EM ALL!


----------



## ShiBDiB (Jun 27, 2018)

I also get a mining warning on chrome at newegg.. was going to tell the customer support but I was 75th in line for the chat and they provided no email.

Shame, I used to buy all my computer stuff there. Amazon it is.


----------



## TheMailMan78 (Jun 27, 2018)

ShiBDiB said:


> I also get a mining warning on chrome at newegg.. was going to tell the customer support but I was 75th in line for the chat and they provided no email.
> 
> Shame, I used to buy all my computer stuff there. Amazon it is.


I fully agree man. I started going to Amazon a few months back. They charge taxes but at least they were up front about it. If I know going in thats the case I dont mind. It was the retro tax BS Newegg pulled. Sadly its an end of an era for me. No more Newegg and I took my kids to the closing of the Toys R Us in my area. Sad days.


----------



## Ryandh (Jun 27, 2018)

95Viper said:


> Just some info... a PublicWWW search turns up this:
> View attachment 103168
> 
> Edit:  However, I don't believe that is what he picked up on, as, Monetate.net seems to be legit.
> ...



My point is that i checked all those plugins in both Chrome/Firefox.  all of them did a simple URL filter  to check whehter it contains Miner or not. 

if it contains, and you click to stop, they just remove the url, or redirect to somewhere else.  For Newegg's case, monetate.com is the reason why plugin picked it up. 

I posted a topic about the blocker here, (those two popular one on chrome and firefox )

https://www.techpowerup.com/forums/threads/miner-blocker.245524/

this is the logic for the Miner blocker developed by Cap1000

 searchListURLS.forEach(function (searchFor){
                    if (no.matches('script') && no.src.toUpperCase().includes(searchFor.toUpperCase())) {
                        no.src = "";  //LOGIC to stop the minner. 
                        scriptsRemove++;
                        console.log("Found mining: "+ searchFor);


----------



## R-T-B (Jun 27, 2018)

TheMailMan78 said:


> I fully agree man. I started going to Amazon a few months back. They charge taxes but at least they were up front about it. If I know going in thats the case I dont mind. It was the retro tax BS Newegg pulled. Sadly its an end of an era for me. No more Newegg and I took my kids to the closing of the Toys R Us in my area. Sad days.



I'm in agreement, times be changing.

I'll still use newegg, but I use crypto when I do (no fraud chance after the fact) and only if there is some kind of a hell of a deal (90% of the time, this isn't the case).

I don't trust them at all, honestly.


----------



## rtwjunkie (Jun 27, 2018)

I think this possibility is just another reason to stop using them.  I abhor Amazon’s organization of computer parts compared to Newegg, but in the last month I have literally paid 10 to 20 dollars less on items at Amazon than Newegg (when I can actually locate the actual item in their jumbled website).


----------



## ShiBDiB (Jun 28, 2018)

Just sent them a message on facebook as it seems to be the only way to get ahold of anyone. Will see what they say.

Depending on the response, this needs to be a bigger deal.


----------



## nomdeplume (Jun 28, 2018)

Anyone getting a positive on TweakTown?


----------



## Jetster (Jun 28, 2018)

I think your a little quick to judge. You know there is a rep here
I also sent them an email.
Did you check the reviews on the add on you're using?
*Newegg_Service*

Last time I emailed them about a problem on there site they sent me free stuff


----------



## lexluthermiester (Jun 28, 2018)

nomdeplume said:


> Anyone getting a positive on TweakTown?


Nope.


----------



## ShiBDiB (Jun 28, 2018)

Jetster said:


> I think your a little quick to judge. You know there is a rep here
> I also sent them an email.
> Did you check the reviews on the add on you're using?
> *Newegg_Service*
> ...



That rep hasn't been active in nearly a year, I've tried contacting them regarding it on multiple platforms and yet to receive a response.

Update

Got a response, they requested a link to this thread

"Thank you so much for providing that for me, Bob! I have forwarded this information to Management and will get it reviewed immediately. "

Spoiler - my name is bob


----------



## nomdeplume (Jun 28, 2018)

lexluthermiester said:


> Nope.



The reason I asked was Newegg intermittently shows a mining program.  Almost as if it triggers a piece of code that tries to run X more times at Y hours distant before no more attempts are made.  Tweaktown was showing very similar behavior.  

I have no idea how accurate the parameters this extension uses are at detecting only cpu mining.  Not casting aspersions in any direction.  Just making observations and asking if they align with others.


----------



## Old-Greg (Jun 28, 2018)

lexluthermiester said:


> Or your internet over wifi.



Ethernet here, unlimited so we are told, but the Electricity cost has risen this month.

Anyway It's prolly a poor underpaid kid in Newegg's EYE-TEE dept running a script. 
That's the last time they get my custom.


----------



## jboydgolfer (Jun 28, 2018)

nomdeplume said:


> Anyone getting a positive on TweakTown?



  That would be more like a malicious miner infected with tweaktown


----------



## nomdeplume (Jun 28, 2018)

It is a tool.  Went out of my way to find places on the web that would trigger it.  I was surprised that spammy sites prone to opening new windows when you click on buttons did not.  Tweaktown happened to be the Scythe Grand Khama 2 review I clicked through to.  

Basically I'm wondering if the site data is used by the developer or the extension shutting mining off is being used by the site.  Something changes with unique page views multiple hours apart.


----------



## dorsetknob (Jun 28, 2018)

could Be your ISP 
Man in the middle Attack (  Such a hard word ) with your ISP Injecting javascript miners  into Ads

Hang on just noticed i'm due for my Meds


----------



## Ryandh (Jun 30, 2018)

dorsetknob said:


> could Be your ISP
> Man in the middle Attack (  Such a hard word ) with your ISP Injecting javascript miners  into Ads
> 
> Hang on just noticed i'm due for my Meds


most websites including Newegg are secured with full site https. hard for ISP to inject now


----------



## Crusti (Aug 30, 2018)

I also don't understand for what reason more and more apps and websites add mining to their functions. Is it safe or it may use my computer in order to mine something I don't even know?


----------



## dorsetknob (Aug 30, 2018)

You Can Download /install Browser Add on's for both chrome and FireFox to Block these JS miners


----------



## R-T-B (Sep 1, 2018)

Crusti said:


> I also don't understand for what reason more and more apps and websites add mining to their functions. Is it safe or it may use my computer in order to mine something I don't even know?



It's plenty "safe", but it WILL use your computer to mine something without your permission, thus bogging it down until you leave the webpage.

That is the whole issue here.


----------



## Upgrayedd (Sep 1, 2018)

Screw newegg even if it is a false pos. I quit visiting them a few years ago. What I cant get at Microcenter I order from B&H usually cheaper.


----------



## 95Viper (Sep 2, 2018)

Upgrayedd said:


> What I cant get at Microcenter I order from B&H usually cheaper.



Personally, I have not had a problem with Newegg, yet.  However, I have found, and agree with Upgrayedd, that B&H has been very competitive lately... have not had to deal with their customer service, so cannot speak to that part of the operation.


----------



## lexluthermiester (Sep 2, 2018)

Upgrayedd said:


> B&H


What site is that?

EDIT; You mean here?; https://www.bhphotovideo.com


----------



## R-T-B (Sep 2, 2018)

lexluthermiester said:


> What site is that?
> 
> EDIT; You mean here?; https://www.bhphotovideo.com



Pretty sure that's the one.


----------



## rtwjunkie (Sep 2, 2018)

lexluthermiester said:


> What site is that?
> 
> EDIT; You mean here?; https://www.bhphotovideo.com


Yes, that’s the one.  I discovered about 5 or 6 years ago that they had a good selection and prices were reasonable.  

The only downside is that in various categories they may carry the top 6 brands/models of something instead of say, 20. Additionally, the site is really easy to navigate and searches bring up the category you want instead of 115 other products that might have a nexus through the relative of someone who designed a component, like Amazon does.


----------



## Crusti (Sep 5, 2018)

R-T-B said:


> It's plenty "safe", but it WILL use your computer to mine something without your permission, thus bogging it down until you leave the webpage.
> 
> That is the whole issue here.


I can't understand why do we lose our rights for everything more and more. It seems that when I connect to the Internet my computer lives his own life not asking me if I want something or not.


----------



## R-T-B (Sep 5, 2018)

Crusti said:


> I can't understand why do we lose our rights for everything more and more. It seems that when I connect to the Internet my computer lives his own life not asking me if I want something or not.



There are plugins to help you manage that.  Beyond that, it's just a question of convenience vs security.  Too often people choose convenience.


----------



## lexluthermiester (Sep 6, 2018)

R-T-B said:


> Too often people choose convenience.


And a lot of people are lazy, technologically illiterate, moronic or some combination thereof.


----------



## R-T-B (Sep 6, 2018)

lexluthermiester said:


> And a lot of people are lazy, technologically illiterate, moronic or some combination thereof.



Well learning is never convenient, now is it?


----------



## Crusti (Sep 10, 2018)

R-T-B said:


> There are plugins to help you manage that.  Beyond that, it's just a question of convenience vs security.  Too often people choose convenience.


They probably choose it because they don't really know how to provide self security on the Internet.


----------

