The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers.
The following information should be sufficient for the identification and suspension of the abusive users:
{«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»47kLyhPj2TqLvjAKrBPA5D3TmxVW3kHLA8rFip2Udh86fCBstekGtDTbGtyLjk93THCycDcvPwJAPaG5JLMgzyJpMnigLPe»,»pass»:»testg»,»agent»:»XMRig/6.16.2 (Windows NT 10.0; Win64; x64) libuv/1.42.0 gcc/10.1.0″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/upx2″,»rx/0″,»rx/wow»,»rx/arq»,»rx/graft»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»,»ghostrider»]}}