Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

45.89.52.80 #960

Closed
g0d33p3rsec opened this issue Sep 15, 2024 · 0 comments
Closed

45.89.52.80 #960

g0d33p3rsec opened this issue Sep 15, 2024 · 0 comments
Labels
Malicious Domains used for Malicious software

Comments

@g0d33p3rsec
Copy link
Collaborator

Comments

This IP address and its related domains are being used to distribute xmrig. See also: mitchellkrogza/phishing#482

Wildcard domain records

32.80.52.89.45|malicious

Sub-Domain records

No response

Hosts (RFC:953) specific records, not used by DNS RPZ firewalls

No response

SeafeSearch records

No response

Screenshots

Screenshot

367597336-51374c98-9d6b-428d-ad04-19b36f75e2f5
367597345-e0d6d885-b4a6-4487-bc3d-6eb8088d3eb4

Links to external sources

http://45.89.52.80.sslip.io/WinRing0x64.sys
http://ssh.shopland.cloud/WinRing0x64.sys
http://3to1market.top/WinRing0x64.sys
http://everythingyouwant.top/WindowsUpdate.exe
http://everythingyouwant.top/WinRing0x64.sys
http://ozon2mart.top/WindowsUpdate.exe
http://ozon2mart.top/WinRing0x64.sys
http://w1shmarket.top/WindowsUpdate.exe
http://w1shmarket.top/WinRing0x64.sys
http://www.wishtochoose.top/WindowsUpdate.exe
http://wishtochoose.top/WinRing0x64.sys 
https://urlscan.io/result/7489781f-ef6e-460a-b679-57545b6f3d37/
https://www.virustotal.com/gui/file/9e203592924a862245d59281f54d0358cf0d08a99ff46a8cd5b4897be4af3b19
https://urlscan.io/result/d2d997c0-81c4-4035-b3e5-72eb91495e64/
https://urlscan.io/result/623e8633-7921-4894-9d79-437730c4bea1/
https://urlscan.io/result/26506d28-8a85-48ba-8982-f6265fd908dc/
https://urlscan.io/result/085e0c37-83fa-446d-a763-be4fa861f316/
https://www.virustotal.com/gui/file/11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
https://urlscan.io/result/b8af517b-f993-4a2b-a47a-c1afca8e851f/
https://urlscan.io/result/f72b7237-6fd2-4c34-b6ff-256b01059ac9/
https://urlscan.io/result/d1efbebd-5220-4e31-9ae6-d54fd0209449/
https://urlscan.io/result/896d3eb1-ca4b-46a6-9691-8c2b05307a9d/
https://urlscan.io/result/517f81b8-349e-4740-a36c-d22e5372f138/

logs from uBlock Origin

N/A
@g0d33p3rsec g0d33p3rsec added the Malicious Domains used for Malicious software label Sep 15, 2024
This was referenced Sep 15, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Malicious Domains used for Malicious software
Milestone
No milestone
Development

No branches or pull requests
1 participant
@g0d33p3rsec