This IP is hosting files and Command and Control (C2) infrastructure for the Godzilla Loader. An open directory listing is visible at http://91.215.85.223/. The Godzilla login can be seen at http://91.215.85.223/kanorindex.php. The site is hosting the following malicious files, most of which are associated with Azorult 3.3, Rhadamanthys, PureCrypter, Pure Miner, zgRAT and obfuscated using .NET Reactor:
@spirillen I'll populate the additional domains later today. I wanted to try to avoid a repeat of my mistake from #640 yesterday by listing everything in a single issue.
Comments
This IP is hosting files and Command and Control (C2) infrastructure for the Godzilla Loader. An open directory listing is visible at
http://91.215.85.223/
. The Godzilla login can be seen athttp://91.215.85.223/kanorindex.php
. The site is hosting the following malicious files, most of which are associated with Azorult 3.3, Rhadamanthys, PureCrypter, Pure Miner, zgRAT and obfuscated using .NET Reactor:See also: https://github.com/mitchellkrogza/phishing/pull/446
Wildcard domain records
Sub-Domain records
No response
Hosts (RFC:953) specific records, not used by DNS RPZ firewalls
No response
SeafeSearch records
No response
Screenshots
Screenshot
![346653974-f767bfae-b5f2-4973-888c-b774af1d58f2](https://github.com/mypdns/matrix/assets/108126637/ad05598f-3de6-4ebb-8e2e-c0df4c7ea3b3) ![346654029-e47b5241-c752-4dd0-a05d-b0f3005e4e0e](https://github.com/mypdns/matrix/assets/108126637/60d4ba2c-8d79-456b-8fba-b4548d3f2a05) ![346654172-b7fa705d-672c-4863-8b99-b4439091e465](https://github.com/mypdns/matrix/assets/108126637/01d276cc-5012-4a8e-a79d-77dbedf03601)Links to external sources
logs from uBlock Origin
N/A