add 45.89.52.80 and related cryptojacking domains to blocklists

[g0d33p3rsec]

Phishing Domain/URL/IP(s):

45.89.52.80

shopland.cloud
3to1market.top
everythingyouwant.top
ozon2mart.top
w1shmarket.top
wishtochoose.top

http://45.89.52.80.sslip.io/WinRing0x64.sys
http://ssh.shopland.cloud/WinRing0x64.sys
http://3to1market.top/WinRing0x64.sys
http://everythingyouwant.top/WindowsUpdate.exe
http://everythingyouwant.top/WinRing0x64.sys
http://ozon2mart.top/WindowsUpdate.exe
http://ozon2mart.top/WinRing0x64.sys
http://w1shmarket.top/WindowsUpdate.exe
http://w1shmarket.top/WinRing0x64.sys
http://www.wishtochoose.top/WindowsUpdate.exe
http://wishtochoose.top/WinRing0x64.sys 

Impersonated domain

Describe the issue

This IP address and the associated domains are being used to distribute xmrig.

Related external source

https://urlscan.io/result/7489781f-ef6e-460a-b679-57545b6f3d37/ https://www.virustotal.com/gui/file/9e203592924a862245d59281f54d0358cf0d08a99ff46a8cd5b4897be4af3b19 https://urlscan.io/result/d2d997c0-81c4-4035-b3e5-72eb91495e64/ https://urlscan.io/result/623e8633-7921-4894-9d79-437730c4bea1/ https://urlscan.io/result/26506d28-8a85-48ba-8982-f6265fd908dc/ https://urlscan.io/result/085e0c37-83fa-446d-a763-be4fa861f316/ https://www.virustotal.com/gui/file/11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 https://urlscan.io/result/b8af517b-f993-4a2b-a47a-c1afca8e851f/ https://urlscan.io/result/f72b7237-6fd2-4c34-b6ff-256b01059ac9/ https://urlscan.io/result/d1efbebd-5220-4e31-9ae6-d54fd0209449/ https://urlscan.io/result/896d3eb1-ca4b-46a6-9691-8c2b05307a9d/ https://urlscan.io/result/517f81b8-349e-4740-a36c-d22e5372f138/

Screenshot

Click to expand