# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: parasite, parasitehttp, nexus

# Reference: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

xetrodep.top
jekoslo.space
befrodet.top

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, ParasiteHTTP)

http://80.233.134.242

# Reference: https://twitter.com/James_inthe_box/status/1224398473065189376

billicash.webhop.me

# Reference: http://tracker.viriback.com/dump.php (2020-02-29, ParasiteHTTP)

http://107.189.10.40
http://213.166.68.141
http://51.83.210.201
bluecheats.com
cybersarkar.in
jojomoney.hopto.org
mr100.sytes.net

# Reference: https://app.any.run/tasks/bbabdcf2-0dfd-45e4-87a5-30a19c90b37b/

http://185.117.119.175

# Reference: https://github.com/silence-is-best/c2db#parasite-stealer-aka-nexus
# Reference: https://www.virustotal.com/gui/ip-address/193.168.3.101/relations

http://193.168.3.101

# Reference: https://pastebin.com/EscWd1Cx

http://176.119.157.175
http://185.117.119.175
http://185.181.165.96
http://193.37.212.43
http://23.254.228.163
http://45.89.67.133
http://45.89.67.205
http://5.180.136.44
http://5.180.137.65
http://51.38.140.9
http://81.177.165.158
http://91.210.170.143
http://95.214.8.196
293756-co10171.tmweb.ru
fi.a.tp9y.skylinecloud.xyz
fl.he.02.node.poi.best
hashmonero.com
hwsrv-691122.hostwindsdns.com
l3e03baf.justinstalledpanel.com
l94d6f63.justinstalledpanel.com
le999c90.justinstalledpanel.com
node.hashmonero.com
vpn.rin.host

# Reference: https://app.any.run/tasks/76e646c0-ce2d-4a0a-a913-7b6a90b6281b/

vputin.pk

# Reference: https://app.any.run/tasks/e7861eb5-62e6-4d51-b5b2-76f4a672dbad/

http://185.209.22.86

# Reference: https://twitter.com/shad0wintel/status/1275439719447506944
# Reference: https://www.virustotal.com/gui/file/c3493e1c0ac8e8432952dc17be991ac9de19b17d06b5fdf65fab6f102e5b0f67/detection

http://45.8.230.73
