# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: predator

# Note: Team of Predator The Thief started to sell the new stealer "Taurus Project" -- https://twitter.com/3xp0rtblog/status/1254079067810336768

# Reference: https://securelist.com/a-predatory-tale/89779/

15charliescene15.myjino.ru
axixaxaxu1337.us
j946104.myjino.ru
kristihack46.myjino.ru
madoko.jhfree.net
predatortop.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1111232628429078528

saflot.com

# Reference: https://twitter.com/ViriBack/status/1127406253888688128

yaebalnah.tk

# Reference: http://tracker.viriback.com/

maugli8990.jhfree.net

# Reference: https://twitter.com/nullcookies/status/1142152106675249152

phonebookbase.com

# Reference: https://twitter.com/nullcookies/status/1143665142896312320

sslsecure.host

# Reference: https://twitter.com/P3pperP0tts/status/1144512219192930304

exobit.info

# Reference: https://twitter.com/x42x5a/status/1148705602136420352

j902757.myjino.ru

# Reference: https://twitter.com/nao_sec/status/1148921796697051137
# Reference: https://app.any.run/tasks/e5542610-5e5f-44c2-b3a9-6fcce651265a/

http://209.97.168.79

# Reference: https://twitter.com/P3pperP0tts/status/1150366481563160576

hostss.mcdir.ru
hostss2.mcdir.ru

# Reference: https://twitter.com/malware_traffic/status/1154153340143636481

http://92.63.192.142

# Reference: https://twitter.com/P3pperP0tts/status/1160527641839112192

bartsimpson.cash

# Reference: https://twitter.com/benkow_/status/1160903620189184001

http://109.94.110.157
http://139.180.223.36
http://165.22.186.154
http://178.157.82.106
http://178.62.188.204
http://178.62.189.114
http://178.62.191.13
http://18.22.227.101
http://18.222.210.14
http://18.225.10.183
http://185.146.156.38
http://185.206.144.170
http://185.206.147.170
http://185.254.11.126
http://185.254.121.141
http://185.4.186.39
http://185.60.133.242
http://192.81.220.183
http://193.124.117.116
http://193.37.212.107
http://2.56.214.102
http://213.159.209.1
http://31.184.197.158
http://37.139.2.42
http://37.19.193.213
http://45.10.219.17
http://46.101.160.184
http://46.249.62.207
http://5.196.214.131
http://51.15.228.96
http://77.83.173.97
http://79.124.8.105
http://81.177.180.205
http://82.196.1.19
http://82.196.9.220
http://82.202.163.189
http://83.220.174.244
http://92.63.192.144

# Reference: https://twitter.com/malware_traffic/status/1166838031556517888
# Reference: https://www.virustotal.com/gui/file/ab9d492b71cb61129034b94296ae0e1bec9d2d12477c236e51ba6be372c33c15/detection
# Reference: https://app.any.run/tasks/2141fadd-0379-404f-b8e1-917035910c4b/

http://176.121.14.128

# Reference: https://twitter.com/nao_sec/status/1171443035055390722

amasingrow.space

# Reference: https://twitter.com/david_jursa/status/1174357514223333380
# Reference: https://app.any.run/tasks/e7bbf211-2ec7-411c-8a75-85ba41be28bc/
# Reference: https://www.virustotal.com/gui/domain/digalitol.fun/relations
# Reference: https://www.virustotal.com/gui/file/45ae50074dd5098b3e0fa4f71dc5dd02818d66c8f160f0749ce14d831593a825/detection

digalitol.fun

# Reference: https://twitter.com/CyberSecIntel1/status/1174774514011578369
# Reference: https://app.any.run/tasks/a4205337-1835-4883-9fa8-c8697abb0271/

bigdatacorp5.info
pori89g5jqo3v8.com

# Reference: https://twitter.com/pancak3lullz/status/1175075421177688064

allpaysru.top
hgkhjguruytruyts2543.info
informdatagroup.info

# Reference: https://twitter.com/pancak3lullz/status/1175080757007663112

hgdhgfd253.space
rasavagulle.site

# Reference: https://twitter.com/P3pperP0tts/status/1177147328630861824

jokertor.com

# Reference: https://twitter.com/James_inthe_box/status/1180124151320698880
# Reference: https://app.any.run/tasks/3ab547c6-d615-46f4-8a96-94ba4458d48f/

forrf0410.info

# Reference: https://twitter.com/P3pperP0tts/status/1182624311431122946

1loveyous.com

# Reference: https://twitter.com/P3pperP0tts/status/1182624739778617346

http://178.157.91.128

# Reference: https://twitter.com/iocsvault/status/1176142679887044608

http://178.62.187.173
http://198.211.123.63
http://31.184.196.206
http://31.184.197.158
http://31.184.197.226
http://45.12.212.118
http://51.15.232.242
http://51.15.238.82
http://95.215.205.56
bkwriting.com
chsiqp1337.siteme.org
f0325989.xsph.ru
f0328788.xsph.ru
f0334493.xsph.ru
f0335294.xsph.ru
ihorluhor.site
jokertor.com
manillarout.com
mygamerun.info
newsjonhforyou.info
testingservice1337.ru
u4642627gu.ha003.t.justns.ru
u50801ck.beget.tech
w68426zc.bget.ru
gey.co.nu

# Reference: https://app.any.run/tasks/2c1d5942-b788-4316-952b-320f61494fd2/

dadvexmail19mn.world

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

fsdstat14tp.world

# Reference: https://twitter.com/Paladin3161/status/1184444960684179458

fmailserv19fd.world
fsdstat14tp.world

# Reference: https://twitter.com/tkanalyst/status/1184655705103634435
# Reference: https://app.any.run/tasks/20218f80-9838-41f4-b6d6-7dbbcd60107a/

134.0.119.53:8080

# Reference: https://app.any.run/tasks/498a43e4-05fe-4413-afc2-842aa4d6764d/

csdstat14tp.club

# Reference: https://app.any.run/tasks/80750e99-21d6-4fd4-b245-0312fa3908ab/

45.12.32.252:8080

# Reference: https://twitter.com/P3pperP0tts/status/1185948204183048193

http://51.254.175.185

# Reference: https://twitter.com/P3pperP0tts/status/1188573760309399552

http://213.252.246.227

# Reference: https://app.any.run/tasks/08b002ed-3098-483f-b1d3-5169bd84bae1/

donkixota.com
jokertor.com

# Reference: https://twitter.com/P3pperP0tts/status/1190723628452712451

http://45.147.229.129

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Predator)

http://104.140.100.17
http://139.99.165.3
http://151.106.56.197
http://162.213.250.245
http://176.123.10.225
http://178.157.91.128
http://178.62.184.138
http://178.62.184.38
http://178.62.186.104
http://178.62.186.72
http://178.62.187.173
http://178.62.188.192
http://18.222.227.101
http://185.101.94.211
http://185.101.94.85
http://185.14.186.129
http://185.14.186.39
http://185.238.0.33
http://185.251.38.114
http://185.251.38.186
http://185.254.121.141
http://185.254.121.243
http://185.254.121.46
http://185.254.121.55
http://188.93.211.116
http://190.97.167.122
http://192.227.133.39
http://192.81.220.183
http://193.124.177.7
http://195.123.209.80
http://2.56.213.96
http://31.184.197.115
http://34.90.58.168
http://35.245.208.94
http://37.139.0.169
http://37.19.192.128
http://37.19.192.233
http://37.19.192.234
http://37.19.192.56
http://37.19.193.213
http://45.139.236.10
http://45.139.236.63
http://45.139.236.8
http://45.147.229.129
http://45.66.10.177
http://45.66.9.135
http://46.105.35.22
http://46.166.176.231
http://5.196.214.131
http://5.8.88.211
http://5.8.88.64
http://63.250.34.112
http://81.177.180.205
http://81.177.181.154
http://81.177.26.48
http://82.118.21.26
http://91.121.244.95
http://91.134.17.203
http://92.63.192.148
http://92.63.197.172
http://92.63.197.173
http://93.95.97.162
http://94.103.86.174
http://94.103.9.155
http://94.156.189.21
http://94.250.250.206
http://95.81.0.90
http://95.81.1.50
a0308837.xsph.ru
a0312215.xsph.ru
a0313517.xsph.ru
a0313585.xsph.ru
a0313594.xsph.ru
android-power.space
azazaza.zzz.com.ua
bkwriting.com
btcinvest.company
dadafa.zzz.com.ua
dd00nnzkndd.net
dds.zzz.com.ua
delediqv.beget.tech
dewabitsoftware.com
ecommerceweb.info
f0261452.xsph.ru
f0298833.xsph.ru
f0301646.xsph.ru
f0303372.xsph.ru
f0303955.xsph.ru
f0305836.xsph.ru
f0307667.xsph.ru
f0308034.xsph.ru
f0309520.xsph.ru
f0310816.xsph.ru
f0311807.xsph.ru
f0312177.xsph.ru
f0312394.xsph.ru
f0312923.xsph.ru
f0313363.xsph.ru
f0313565.xsph.ru
f0313598.xsph.ru
f0313709.xsph.ru
f0314815.xsph.ru
f0315145.xsph.ru
f0316238.xsph.ru
f0325469.xsph.ru
f0325989.xsph.ru
f0328788.xsph.ru
f0330869.xsph.ru
f0332771.xsph.ru
f0334126.xsph.ru
f0334493.xsph.ru
f0335294.xsph.ru
f0335981.xsph.ru
f0336067.xsph.ru
f0336825.xsph.ru
f0336944.xsph.ru
f0337960.xsph.ru
f0337965.xsph.ru
f0339905.xsph.ru
f0341944.xsph.ru
f0342518.xsph.ru
f0343767.xsph.ru
f0344006.xsph.ru
f0344058.xsph.ru
f0345047.xsph.ru
f0345542.xsph.ru
f0346049.xsph.ru
f0346167.xsph.ru
f0346274.xsph.ru
f0346860.xsph.ru
f0346875.xsph.ru
f0347514.xsph.ru
f0347879.xsph.ru
f0347997.xsph.ru
f0348663.xsph.ru
f0349356.xsph.ru
f0349361.xsph.ru
f0349365.xsph.ru
f0350124.xsph.ru
f0351562.xsph.ru
fightwithcapitalism.com
gbuzr.info
gey.co.nu
ghost2go.icu
h141748.s26.test-hf.su
hypotherma.world
ilmirkooo.tk
jokertor.com
kkkk.zzz.com.ua
l.paquetesbestday.ecommerceweb.info
l04070c0.justinstalledpanel.com
l2e84637.justinstalledpanel.com
l93b3638.justinstalledpanel.com
lbc9d7ca.justinstalledpanel.com
lernsehen.rocks
lesfrection.zzz.com.ua
lf7e27d8.justinstalledpanel.com
log.dogepay.info
logs.dogepay.info
loxx.zzz.com.ua
mail03.rhbhv.com
maugli8990.jhfree.net
my.dogepay.info
noobyot.zzz.com.ua
noteboockfix993.info
osvaldoprotv.x10host.com
pluzhnikov.com
pskateboard.space
pubengine.com
pupkin.zzz.com.ua
pw.coinpool.fun
qe.zzz.com.ua
s0wo2a82mz217.zzz.com.ua
saflot.com
samp-cash.ru
samp03.zzz.com.ua
sdstat597tp.world
serawledindustries.com
silvatech-staff.net
simplestorikoste.com
smbc-cn.com
speedtransaction.com
ssdclearlogs.kl.com.ua
tinor.zzz.com.ua
toonightly.zzz.com.ua
tupafleks.zzz.com.ua
u4461223c9.ha003.t.justns.ru
u4642627gu.ha003.t.justns.ru
u92905m0.beget.tech
varietyawidefaster.pw
vladimir-str.kl.com.ua
volkovalenka738.myjino.ru
websitename.pw
xairooo.gq
z999723i.beget.tech
zoshclain.store

# Reference: https://twitter.com/P3pperP0tts/status/1178818361943302145

mondaylaptop24.info

# Reference: https://twitter.com/0xFrost/status/1193994103928901632

http://198.199.124.10

# Reference: https://app.any.run/tasks/8f2f5795-4a55-4215-9331-7bf72834ff27/

k95363qy.beget.tech

# Reference: https://twitter.com/tkanalyst/status/1195867354338455552

http://212.73.150.115

# Reference: https://twitter.com/P3pperP0tts/status/1196477956501200897

custsupport1000.com

# Reference: https://twitter.com/James_inthe_box/status/1196469024814587904

basketr.site

# Reference: https://twitter.com/James_inthe_box/status/1196471733961641984

cb32807.tmweb.ru

# Reference: https://app.any.run/tasks/2ad09cea-5616-4f88-b285-6620804b1efd/

basketr.site

# Reference: https://twitter.com/JayTHL/status/1196916402927611905

vochspak.su

# Reference: https://twitter.com/MBThreatIntel/status/1199852167730851840

jojwqr.xyz

# Reference: https://any.run/malware-trends/predator (Note: as seen on 2019-12-04)

constructioninc.zzz.com.ua
56c8.zzz.com.ua
kapkin2121.zzz.com.ua
influg.zzz.com.ua
steller2020.zzz.com.ua
fsdf.ga
awt.zzz.com.ua
coockie.cf
dedicate.ml
stean.zzz.com.ua
rotkit.tk
socengi.tk
nervozn.tk
imsorrytest.zzz.com.ua
c3ntral.kl.com.ua
oboldenniy.zzz.com.ua
snif-kz.kl.com.ua
base.zzz.com.ua

# Reference: https://twitter.com/James_inthe_box/status/1206615954198683648

checksme.info
greatsme.info

# Reference: https://twitter.com/James_inthe_box/status/1208057953158197250

grsme.info
yoursmb.info

# Reference: https://app.any.run/tasks/231af24e-0b76-4162-afcd-5c58b87c2772/

http://51.38.140.5

# Reference: https://twitter.com/Jouliok/status/1214451326551306240

andrescrove.com

# Reference: https://app.any.run/tasks/e4b9e806-d7ca-41d3-bf40-6e19b92a61c0/

http://155.94.210.97

# intitle:"Predator The Thief — Нативный стиллер с большим функционалом / Лучшая цена"

snowpower.xyz
getbitcoincampaign.com
w68426zc.bget.ru
childrnafrica.com
liddlaymai.xyz
vkonttakte.com
predatel.top
allahggdrop.xyz
6fy7tg8y96f87tr.xyz
resecpovak.com
brave-software.info

# Reference: https://twitter.com/James_inthe_box/status/1215342381232340992

wangg-bg.site

# Reference: https://app.any.run/tasks/af177398-af12-48ea-baa4-b1a4b611fb98/

hammm.mcdir.ru

# Reference: https://www.virustotal.com/gui/file/73e180287ba1f0a312fa5efc3595173912e32f2e9d606fb2ed78d161d4757ad2/detection

http://5.182.210.246

# Reference: https://twitter.com/_lockhum/status/1220565268017053696
# Reference: https://www.virustotal.com/gui/ip-address/92.63.197.238/relations

92.63.197.238:80
abantra.info
avatory.xyz
barnote-bg.site
barnote.site
basketr.site
bradgog.site
checksme.info
coinbase-promo.info
coinbase-us1.info
colfev12.site
color34.site
corp1.site
corp2.site
corp3.site
corp4.site
createsme.info
daqrey-bg.site
daqrey.site
greatsme.info
grsme.info
kiototan-bg.site
kiototan.site
kvene1z.info
lansome-bg.site
lansome.site
moiseww.info
nesderx.site
satrenb.site
stranskl.site
tar039tir.info
testing-bg.site
testing0.site
tretthing-bg.site
tretthing.site
ttrrbaz.site
wangg-bg.site
wangg.site
wasqana.site
xavnost55.site
yestroy-bg.site
yestroy.site
yoursmb.info
zerbof.site
zetthing-bg.site
zetthing.site

# Reference: https://www.virustotal.com/gui/file/5d652e35141d129a7504d164d7b4a4a3682f5196c760c315f089970da3aa81d6/detection

newgtldsx1000.net
yourprodx1000.net

# Reference: https://www.virustotal.com/gui/file/9a1aeb86be5537da5e64caa78fa06d9e0d264dbc895f128e260f8c4f9f8ce9fd/detection

topxsupportx.net

# Reference: https://twitter.com/_lockhum/status/1221136628627931138

104.168.99.170:80

# Reference: https://www.virustotal.com/gui/file/2d6a2c49521f3dbfc9a6b9e128443b9c053d6593aa856ead2e2b8a4ea97ad029/detection

2511463.top
3435gfdsgsh34525vfdsgrdsg45235.xyz
jertamsak.xyz

# Reference: https://twitter.com/_lockhum/status/1221416142666944512

111.90.157.12:80

# Reference: https://twitter.com/_lockhum/status/1222149017657921538

5.188.60.102:80

# Reference: https://twitter.com/P3pperP0tts/status/1222504945204781056

1win-pro.com
cpadeer.com

# Reference: https://twitter.com/turduckencat/status/1222938447817715714

bubble2-bg.site

# Reference: https://twitter.com/_antoniopirozzi/status/1223373301168340992

j1040794.myjino.ru
lucasik.tk

# Reference: https://www.virustotal.com/gui/domain/ssxxzzz443.myjino.ru/relations

ssxxzzz443.myjino.ru

# Reference: https://www.virustotal.com/gui/domain/panelsstea.myjino.ru/relations

panelsstea.myjino.ru

# Reference: https://twitter.com/_lockhum/status/1223573274635927554

chasiin.com

# Reference: https://www.virustotal.com/gui/domain/mailadvert2551sz44.club/relations

mailadvert2551sz44.club

# Reference: https://twitter.com/_lockhum/status/1224056591152046082

mrfixit.xyz

# Reference: https://twitter.com/0xCARNAGE/status/1224137428275007488
# Reference: https://app.any.run/tasks/21779415-089a-43cf-a99d-3a58bb88e184/

daqrey-bg.site

# Reference: https://app.any.run/tasks/63e6c3bc-15f2-4f35-b2db-50e67497d5d7/

http://185.48.183.14

# Reference: https://twitter.com/MBThreatIntel/status/1224783266688851968

http://45.145.0.14

# Reference: https://twitter.com/_lockhum/status/1226568758451372032

j97463d7.beget.tech

# Reference: https://www.virustotal.com/gui/domain/t917659s.beget.tech/relations

t917659s.beget.tech

# Reference: https://research.checkpoint.com/2020/predator-the-thief/

15charliescene15.myjino.ru
axixaxaxu1337.us
btcinvest.company
denbaliberdin.myjino.ru
haijiangfriut.com
j946104.myjino.ru
kent-adam.myjino.ru
kristihack46.myjino.ru
madoko.jhfree.net
sayhello.host
u96191l2.beget.tech

# Reference: https://www.virustotal.com/gui/ip-address/92.63.192.216/relations
# Reference: https://app.any.run/tasks/e15f1e77-1804-44c5-aa61-96bbb590c86d/
# Reference: https://twitter.com/killamjr/status/1228805026442665984

92.63.192.216:80
atest001.site
neoneo.site
neoneo-bg.site
transcot.site
transcot-bg.site

# Reference: https://twitter.com/_lockhum/status/1228027229382356993

iesque.com

# Reference: https://twitter.com/_lockhum/status/1228773015502098436

antonlapin81.myjino.ru

# Reference: https://twitter.com/_lockhum/status/1229474439852707840

mirovayatech.pk

# Reference: https://www.virustotal.com/gui/file/9ac1be1a3555d940f63bf7c59711dae4ba32e6304f9490c2534b56db9f27a892/detection

cp03107.tmweb.ru
j1019553.myjino.ru

# Reference: https://twitter.com/_lockhum/status/1229860590648254464

smineolo39wings.in

# Reference: http://tracker.viriback.com/dump.php (# snapshot 2020-02-23)

2511463.top
3435gfdsgsh34525vfdsgrdsg45235.xyz
6fy7tg8y96f87tr.xyz
6.zzz.com.ua
agannochka228.siteme.org
akres.rossokhin.siteme.org
android-power.space
antonlapin81.myjino.ru
avada-kedavra.pw
azazaza.zzz.com.ua
bkwriting.com
btcinvest.company
bubble2.site
by-matrakx.myjino.ru
candy-room.ru
chasiin.com
checksme.info
coinbase-promo.info
comrade8.hk
corp1.site
corp2.site
crown1.zzz.com.ua
dadafa.zzz.com.ua
darkloader.xyz
dd00nnzkndd.net
dds.zzz.com.ua
delediqv.beget.tech
deniska4091.offhst.ru
dewabitsoftware.com
djakwi0129121ksls1229.com
domainmanagerz.net
dqweewq.club
ecommerceweb.info
ef2e00ed.ngrok.io
fabianoernesto100.siteme.org
fightwithcapitalism.com
forestrunamp.pw
fort-nite-86.myjino.ru
galijdanova.myjino.ru
gamersxpro.net
gbuzr.info
geardox.site
gerko.zzz.com.ua
gey.co.nu
ghost2go.icu
glenios.club
grassi009.myjino.ru
grubyy1999.siteme.org
guilty.zzz.com.ua
h141748.s26.test-hf.su
hamenergy.top
hammm.mcdir.ru
homeporno228.com
hypotherma.world
iesque.com
ihorluhor.site
ildar-mael-ru.myjino.ru
ilmirkooo.tk
j1040794.myjino.ru
j1043204.myjino.ru
j97463d7.beget.tech
jertamsak.xyz
jokertor.com
justwer.site
kaimakov123.siteme.org
karraty.club
kartaviyargus.zzz.com.ua
kathbowling.ru
kayblayhost.zzz.com.ua
kingsman.zzz.com.ua
kiototan.site
kkkk.zzz.com.ua
kovaliownik.siteme.org
krestovskiy.nik.siteme.org
kvark1905.siteme.org
kvene1z.info
l.paquetesbestday.ecommerceweb.info
l04070c0.justinstalledpanel.com
l17cce3a.justinstalledpanel.com
l276eb20.justinstalledpanel.com
l2e84637.justinstalledpanel.com
l93b3638.justinstalledpanel.com
lansome.site
lbc9d7ca.justinstalledpanel.com
lernsehen.rocks
lesfrection.zzz.com.ua
lf7e27d8.justinstalledpanel.com
lkuszdhw.com
log.dogepay.info
logs-samp.xyz
logs.dogepay.info
loxx.zzz.com.ua
lucasik.tk
mail03.rhbhv.com
margaery.club
mastreb.site
maugli8990.jhfree.net
mine.kommanditgesel.icu
mirovayatech.pk
mrfixit.xyz
my.dogepay.info
mylovelyrose.info
neoneo.site
nesderx.site
nestealler.kl.com.ua
nikitakoteqka1.myjino.ru
noobyot.zzz.com.ua
noteboockfix993.info
oocats.ru
osvaldoprotv.x10host.com
partnercoin.ml
pluzhnikov.com
pnumbrero3.ru
pom4ekk.myjino.ru
porno322.com
pskateboard.space
pubengine.com
pupkin.zzz.com.ua
pw.coinpool.fun
qaqaqat.online
qe.zzz.com.ua
rfrnfrnj.hk
s0wo2a82mz217.zzz.com.ua
saflot.com
samp-cash.ru
samp03.zzz.com.ua
sdstat597tp.world
serawledindustries.com
serverupp.club
sevenapp.info
silvatech-staff.net
simplestorikoste.com
sisadmin.zzz.com.ua
smbc-cn.com
smineolo39wings.in
snowpower.xyz
speedtransaction.com
sqqwer.ru
ssdclearlogs.kl.com.ua
ssgcvb3435fsdgdfg5656sdfgsdfsdf.xyz
startmoney.beget.tech
steallog.tk
steam-calculator.ru
stillerayefarty.zzz.com.ua
testing0.site
tinor.zzz.com.ua
toonightly.zzz.com.ua
topsstore.site
transcot.site
trotdeiman.ga
tupafleks.zzz.com.ua
u4461223c9.ha003.t.justns.ru
u4642627gu.ha003.t.justns.ru
u555182sy8.ha003.t.justns.ru
u6020431xa.ha003.t.justns.ru
u92905m0.beget.tech
updat.kommanditgesel.icu
vaiscot.site
varietyawidefaster.pw
vlad-sosun.siteme.org
vladimir-str.kl.com.ua
vlojr.pw
volkovalenka738.myjino.ru
vps2365.webkevlar.net
websitename.pw
wergi.xyz
willspaks.su
wof78.site
wqdtf54y6eu7i87t.ga
xairooo.gq
yoursmb.info
z999723i.beget.tech
zanlma.com
zetthing.site
zoshclain.store

# Reference: https://app.any.run/tasks/b47f6b49-3817-4647-8f0a-506124526ee3/

f0405566.xsph.ru

# Reference: http://tracker.viriback.com/dump.php (2020-02-29, Predator)

http://104.140.100.17/login
http://104.149.216.48/login
http://104.168.99.170/login
http://104.238.173.124/login
http://109.234.35.128/login
http://109.234.39.207/login
http://139.99.165.3/login
http://149.28.121.130/login
http://151.106.56.197/login
http://155.94.210.84/login
http://155.94.210.97/login
http://161.129.65.180/login
http://161.129.65.210/login
http://161.129.65.92/login
http://162.213.250.245/login
http://172.105.58.163/login
http://176.123.10.225/login
http://176.53.162.98/login
http://178.157.91.128/login
http://178.62.184.138/login
http://178.62.184.38/login
http://178.62.186.104/login
http://178.62.186.72/login
http://178.62.187.173/login
http://178.62.188.192/login
http://178.62.188.204/login
http://18.222.227.101/login
http://185.101.94.211/login
http://185.101.94.85/login
http://185.132.53.138/login
http://185.136.169.150/login
http://185.14.186.129/login
http://185.14.186.39/login
http://185.219.81.127/login
http://185.222.202.35/login
http://185.231.71.17/login
http://185.238.0.33/login
http://185.248.102.242/login
http://185.251.38.114/login
http://185.251.38.186/login
http://185.254.121.141/login
http://185.254.121.243/login
http://185.254.121.254/login
http://185.254.121.46/login
http://185.254.121.47/login
http://185.254.121.55/login
http://185.254.121.75/login
http://185.254.188.76/login
http://185.48.183.14/login
http://188.225.85.87/login
http://188.93.211.116/login
http://190.14.38.100/login
http://190.14.38.2/login
http://190.97.167.122/login
http://192.227.133.39/login
http://192.81.220.183/login
http://193.124.177.7/login
http://193.19.118.145/login
http://194.15.36.14/login
http://195.123.209.80/login
http://2.56.213.96/login
http://2.59.42.194/login
http://217.8.117.49/login
http://31.184.196.237/login
http://31.184.197.115/login
http://31.184.197.219/login
http://34.90.58.168/login
http://35.245.208.94/login
http://37.139.0.169/login
http://37.19.192.128/login
http://37.19.192.132/login
http://37.19.192.147/login
http://37.19.192.232/login
http://37.19.192.233/login
http://37.19.192.234/login
http://37.19.192.56/login
http://37.19.193.213/login
http://45.139.236.10/login
http://45.139.236.63/login
http://45.139.236.64/login
http://45.139.236.8/login
http://45.141.86.44/login
http://45.145.0.12/login
http://45.147.229.129/login
http://45.147.230.39/login
http://45.66.10.177/login
http://45.66.9.135/login
http://46.105.35.22/login
http://46.166.176.231/login
http://46.17.96.3/login
http://5.188.60.23/login
http://5.188.60.62/login
http://5.196.214.131/login
http://5.8.88.211/login
http://5.8.88.64/login
http://51.15.194.141/login
http://51.15.232.120/login
http://63.250.34.112/login
http://64.188.13.21/login
http://66.11.124.208/login
http://81.177.180.205/login
http://81.177.181.154/login
http://81.177.26.48/login
http://82.118.21.26/login
http://82.118.23.46/login
http://89.105.202.94/login
http://91.121.244.95/login
http://91.134.17.203/login
http://91.228.152.159/login
http://92.53.107.201/login
http://92.63.192.148/login
http://92.63.192.234/login
http://92.63.197.172/login
http://92.63.197.173/login
http://92.63.98.119/login
http://93.95.97.162/login
http://94.103.86.174/login
http://94.103.9.155/login
http://94.156.189.21/login
http://94.250.250.206/login
http://95.181.179.100/login
http://95.215.205.56/login
http://95.216.150.82/login
http://95.81.0.90/login
http://95.81.1.50/login

# Reference: https://twitter.com/nullcookies/status/1115006946216747008

lolkek.club

# Reference: https://twitter.com/James_inthe_box/status/1114879968452829187

http://141.105.68.131

# Reference: https://twitter.com/MSteve25/status/1235240346516369409

corp5.site

# Reference: https://twitter.com/OttoScav/status/1235253153416835072

http://35.205.213.237
hrcorp1.site

# Reference: https://app.any.run/tasks/c85eaa46-07df-4afe-a525-914d50ae164b/

zixrk.site

# Reference: https://twitter.com/_lockhum/status/1236565680385908736

dreamkey.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.177.135.163/relations

action-ground-51.myjino.ru
could-chest-89.myjino.ru
j1041747.myjino.ru

# Reference: https://twitter.com/500mk500/status/1237402626532278275

paskelupins.online

# Reference: https://twitter.com/_lockhum/status/1239266255976247298

zixrk.site

# Reference: https://twitter.com/_lockhum/status/1239266945322684417

nikitakoteqka1.myjino.ru

# Reference: https://www.virustotal.com/gui/file/e3e6a99d5e9a85691e5338cb0401fc15fcbf50918d98e75e4cce587375fd79b1/detection

obstratorvv.pw
wid.badseek.com

# Reference: https://twitter.com/_lockhum/status/1244017882683629569

xenicolnc.space

# Reference: https://www.virustotal.com/gui/domain/predatorwar.org/relations

predatorwar.org

# Reference: https://twitter.com/_lockhum/status/1244675508790591489

satano.hostingem.ru

# Reference: https://www.virustotal.com/gui/domain/fitoldday.site/relations
# Reference: https://www.virustotal.com/gui/file/e60b0b0e57ca395709aeae6016e39f4114c84272e32cf040f5d972372f212f08/detection

fitoldday.site

# Reference: https://www.virustotal.com/gui/ip-address/145.239.23.7/relations

vidar321.ru

# Reference: https://app.any.run/tasks/582b81e4-57ad-4f74-becd-537f5f9c6c36/

f0426035.xsph.ru

# Reference: https://www.virustotal.com/gui/domain/swebgames.site/relations
# Reference: https://www.virustotal.com/gui/file/42237c48310d7ca1c4c1363b01f4cf096dc3338f6277d857462b110393ae7a58/detection

swebgames.site

# Reference: https://app.any.run/tasks/539a78ec-6088-4427-8ed6-b6d751ca6b19/

a0403782.xsph.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.35/relations

http://217.8.117.35
alanadating-a.pro
alanadating-a.xyz
alanadating-b.pro
comeondating.pro
forsometests.pro
gloriadating-a.com
gloriadating-a.pro
gloriadating-b.pro
gloriajeans-a.pro
greetingsfromjamaica.pro
heymisterwassup.pro
iknowyouarehere.pro
janinedating-a.com
jannadating-b.pro
jasminedate-b.pro
jasminedating-a.xyz
jeansdating-a.com
jeniadating-a.pro
jollydating-a.xyz
prettygirls-a.xyz
prettywomen-a.xyz

# Reference: https://app.any.run/tasks/da618cd9-76ba-4b6b-b22e-dd3012b82669/

a0400511.xsph.ru

# Reference: https://www.virustotal.com/gui/file/c773bb63460b30568bf6f20ab3cfe349f43f7ddd30846b797c5186deaf483739/behavior/VirusTotal%20Jujubox

a0416367.xsph.ru

# Reference: https://www.virustotal.com/gui/file/5059b32dd9ca626730e5b191faae335c5c858fe0b365f3842e6cf3e995ad2ca9/behavior/VMRay

a0418902.xsph.ru

# Reference: https://www.virustotal.com/gui/file/9c12bf28e69cda574a4e1712f7587e7f809cb87a511d988bbb073751be069ee9/detection

olive2020.space
rds2020.info

# Reference: https://www.virustotal.com/gui/file/7b23592af3e84b93d199fb34eac0de7ed4ffd279d5fa831d4dd191b326744aa1/detection

rds2020.space

# Generic

/api/check.get
/api/Clipper.get
/api/Clipper.post
/api/Download.get
/api/gate.get
/api/info.get
