The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Smoke Loader botnet controller located at 212.193.50.94 on port 80 (using HTTP POST):
hXXp://xacokuo80.top/
xacokuo80.top. 600 IN A 95.213.165.229
The host at this IP address is currently being used to distribute malware.
Malware distribution located here:
hXXp://host-coin-data-1.com/files/9536_1637698109_9914.exe
hXXp://privacytoolzforyou-7000.com/downloads/toolspab2.exe
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 95.213.165.229 on port 443:
$ telnet 95.213.165.229 443
Trying 95.213.165.229…
Connected to 95.213.165.229.
Escape character is ‘^]’
Malicious domains observed at this IP address:
coin-coin-coin-2.com. 600 IN A 95.213.165.229
file-file-host4.com. 600 IN A 95.213.165.229
host-coin-data-1.com. 600 IN A 95.213.165.229
host-file-host9.com. 600 IN A 95.213.165.229
privacytoolzforyou-7000.com. 600 IN A 95.213.165.229
stats404.info. 600 IN A 95.213.165.229
xacokuo80.top. 600 IN A 95.213.165.229