# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: parasite, parasitehttp, nexus, frostclipper

# Reference: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

xetrodep.top
jekoslo.space
befrodet.top

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, ParasiteHTTP)

http://80.233.134.242

# Reference: https://twitter.com/James_inthe_box/status/1224398473065189376

billicash.webhop.me

# Reference: http://tracker.viriback.com/dump.php (2020-02-29, ParasiteHTTP)

http://107.189.10.40
http://213.166.68.141
http://51.83.210.201
bluecheats.com
jojomoney.hopto.org
mr100.sytes.net

# Reference: https://app.any.run/tasks/bbabdcf2-0dfd-45e4-87a5-30a19c90b37b/

http://185.117.119.175

# Reference: https://github.com/silence-is-best/c2db#parasite-stealer-aka-nexus
# Reference: https://www.virustotal.com/gui/ip-address/193.168.3.101/relations

http://193.168.3.101

# Reference: https://pastebin.com/EscWd1Cx

http://176.119.157.175
http://185.117.119.175
http://185.181.165.96
http://193.37.212.43
http://23.254.228.163
http://45.89.67.133
http://45.89.67.205
http://5.180.136.44
http://5.180.137.65
http://51.38.140.9
http://81.177.165.158
http://91.210.170.143
http://95.214.8.196
293756-co10171.tmweb.ru
fi.a.tp9y.skylinecloud.xyz
fl.he.02.node.poi.best
hashmonero.com
hwsrv-691122.hostwindsdns.com
l3e03baf.justinstalledpanel.com
l94d6f63.justinstalledpanel.com
le999c90.justinstalledpanel.com
node.hashmonero.com
vpn.rin.host

# Reference: https://app.any.run/tasks/76e646c0-ce2d-4a0a-a913-7b6a90b6281b/

vputin.pk

# Reference: https://app.any.run/tasks/e7861eb5-62e6-4d51-b5b2-76f4a672dbad/

http://185.209.22.86

# Reference: https://twitter.com/shad0wintel/status/1275439719447506944
# Reference: https://www.virustotal.com/gui/file/c3493e1c0ac8e8432952dc17be991ac9de19b17d06b5fdf65fab6f102e5b0f67/detection

http://45.8.230.73

# Reference: https://pastebin.com/SgZamRit

http://176.119.158.178
http://45.67.57.135
pyou.cf
veve.fun

# Reference: https://twitter.com/ganeshnathan28/status/1296643644670251014
# Reference: https://app.any.run/tasks/7e20c480-257f-4905-a796-8dadfd69b72a/

mordoxyz.ru

# Reference: https://twitter.com/ganeshnathan28/status/1296340157289947136

http://193.178.169.191
http://45.8.230.206

# Reference: https://twitter.com/ganeshnathan28/status/1299024973026275329

http://195.2.78.48

# Reference: https://twitter.com/ganeshnathan28/status/1299369550690086915
# Reference: https://app.any.run/tasks/454c308b-ad92-476b-97e4-d30f9f9aa5da/

http://94.102.63.83
http://194.87.102.22

# Reference: https://twitter.com/ganeshnathan28/status/1300728778700791809

http://77.246.158.87

# Reference: https://twitter.com/wwp96/status/1329954416653438976
# Reference: https://app.any.run/tasks/8177ac06-9e7f-46d6-812d-7164ab0d5d97/

http://185.139.69.193

# Reference: https://app.any.run/tasks/a3559c83-0236-498b-8a0c-ab4dad490013/

http://195.128.124.240
95.165.5.79:8090
95.165.5.79:5000

# Reference: https://app.any.run/tasks/07b8c119-fefc-43ab-a3e9-84b4abb9bede/

timecforgoodnes.ml

# Reference: https://app.any.run/tasks/e7861eb5-62e6-4d51-b5b2-76f4a672dbad/

rusqbxgs.000webhostapp.com

# Reference: https://twitter.com/James_inthe_box/status/1529870891651190792
# Reference: https://www.virustotal.com/gui/file/200dfe23106a76126e9d9deff2d82523c0efa63b2e340f06ab12b3686905b8cb/detection
# Reference: https://www.virustotal.com/gui/file/e823b22abe836a9bf6d1e3764cca75aa0bd25766be25d33e4db8c22d14c64f86/detection

147.189.161.226:4444
gfwedfforum.ru
k62f0rumxc14.club
k62f0rumxc14.ru
tuxedopenguinhub.com
nfttoolstwopointoh.ddns.net
