jedisct1/nuclear ek mar 12.txt

## nuclear ek mar 12.txt
nserver:       dns1.sledhike.com.
nserver:       dns2.sledhike.com.

nserver:       dns1.sneezetrunk.com.
nserver:       dns2.sneezetrunk.com.

nserver:       dns1.woolflight.com.
nserver:       dns2.woolflight.com.

nserver:       ns1.rutyplayme.ru.
nserver:       ns2.rutyplayme.ru.

nserver:       ns1.mulitdns.ru.
nserver:       ns2.mulitdns.ru.

nserver:       dns1.bitingairplane.com.
nserver:       dns2.bitingairplane.com.

IPs observed:
198.27.114.69 (198.27.114.64/30 subnet, OVH)
198.50.231.207 (198.50.231.204/30 subnet, OVH)
198.50.186.234 (198.50.186.232/30 subnet, OVH)
198.50.186.238 (198.50.186.236/30 subnet, OVH)
198.27.114.18 (198.27.114.16/30 subnet, OVH)
198.50.186.252, 198.50.186.253 (198.50.186.252/30 subnet, OVH)
198.27.114.64/27, OVH

Sample rotator: hxxp://haptanboys.pw/css/look3.php on 188.226.155.102 from 162.210.193.233

Update: haptangirls.pw - haptanboys.pw - haptangirls.pw rotators now all suspended :)

lakegullys.ru
summitcliff.ru
daleseashore.ru
slipperyflew.ru
besprav.ru
stovejet.ru
overshoesexcursion.ru
butconeu.ru
brutalo.ru
achilia.ru
broadua.ru
edpicas.ru
chillleisure.ru
abrastem.ru
ambrone.ru
arjanfr.ru
anodigga.ru
astrak.ru
atesne.ru
assauce.ru

Sample referrers:
http://www.claroline.net/demo-2


3LD doesn't always use a dictionary any more.
For example:

384601:21	f239j38y5i7ev5pg7tz1-x2.brutalo.ru.	198.50.186.252
387588:22	3ff8l67f4u012tf1s2-2ak.brutalo.ru.	198.50.186.252
390314:23	fl9k9546z4l3x4-2.brutalo.ru.	198.50.186.252
390733:24	a99jx54g643m4ox-ex2t.brutalo.ru.	198.50.186.252
391028:25	w9t9wj5d46434w-2.brutalo.ru.	198.50.186.252
391165:26	99ku5464tx3n4-2rv.brutalo.ru.	198.50.186.252
391526:27	2i035ng4s42sz009n-2ek.butconeu.ru.	198.50.186.252
392588:28	2j03ag5i44sn20an0gk9c-rr2n.butconeu.ru.	198.50.186.252
392956:29	203gp5w4j4u2xt009-2.butconeu.ru.	198.50.186.252
393116:30	mj20by3mc54y42009tz-ef2j.butconeu.ru.	198.50.186.252
393986:33	i2d03544y2009a-bx2.butconeu.ru.	198.50.186.252
395825:10	them.achilia.ru.	198.27.114.18
396121:34	1ch423n9l3jo02pq52u-2hj.butconeu.ru.	198.50.186.252
396729:36	5au8234a9ez920f-2.butconeu.ru.	198.50.186.252
397583:37	be58e23wj4d992do0-l2a.butconeu.ru.	198.50.186.252
399052:38	nh43in9yd1f5g2i9u3nc8-2b.butconeu.ru.	198.50.186.252
399314:39	43os9j1529e38y-oa2.butconeu.ru.	198.50.186.252
400488:40	fc439d1il5ow2lm9qj38tt-2.butconeu.ru.	198.50.186.252
400797:41	4rl3n915j2k9ix3zk8-fo2.butconeu.ru.	198.50.186.252
577060:27	po228u1ec48ca10cv8o2yk-2n.daleseashore.ru.	198.50.186.253
577150:28	cc2019m0dk5b47i3ne8m-q2t.daleseashore.ru.	198.50.186.253
577412:29	u2l0t1di9054fc738-2.daleseashore.ru.	198.50.186.253
577551:30	20wr1e9vl05as473p8kv-kj2.daleseashore.ru.	198.50.186.253
579445:31	39na97re8084n8x5-by2.daleseashore.ru.	198.50.186.253
580010:33	v39978q08485-2.daleseashore.ru.	198.50.186.253
580519:34	x2nn2fv814p81qk08aq2-2fs.daleseashore.ru.	198.50.186.253
580588:35	oc2o2a8f1rg481i0m8c2kt-2.daleseashore.ru.	198.50.186.253
581212:36	mc164hz4mu2085sp54q-c2.daleseashore.ru.	198.50.186.253
581417:37	20665l43dd2mu3bm6rm-2.daleseashore.ru.	198.50.186.253
581558:38	e2066sk5432w3yf6y-2.daleseashore.ru.	198.50.186.253
582719:39	23vh9c20p46ns68lr5bv-ui2pe.daleseashore.ru.	198.50.186.253

But it still uses a dictionary at the same time. For example:
not.achilia.ru
scientist.achilia.ru
young.achilia.ru

...
	nserver: dns1.sledhike.com.
	nserver: dns2.sledhike.com.

	nserver: dns1.sneezetrunk.com.
	nserver: dns2.sneezetrunk.com.

	nserver: dns1.woolflight.com.
	nserver: dns2.woolflight.com.

	nserver: ns1.rutyplayme.ru.
	nserver: ns2.rutyplayme.ru.

	nserver: ns1.mulitdns.ru.
	nserver: ns2.mulitdns.ru.

	nserver: dns1.bitingairplane.com.
	nserver: dns2.bitingairplane.com.

	IPs observed:
	198.27.114.69 (198.27.114.64/30 subnet, OVH)
	198.50.231.207 (198.50.231.204/30 subnet, OVH)
	198.50.186.234 (198.50.186.232/30 subnet, OVH)
	198.50.186.238 (198.50.186.236/30 subnet, OVH)
	198.27.114.18 (198.27.114.16/30 subnet, OVH)
	198.50.186.252, 198.50.186.253 (198.50.186.252/30 subnet, OVH)
	198.27.114.64/27, OVH

	Sample rotator: hxxp://haptanboys.pw/css/look3.php on 188.226.155.102 from 162.210.193.233

	Update: haptangirls.pw - haptanboys.pw - haptangirls.pw rotators now all suspended :)

	lakegullys.ru
	summitcliff.ru
	daleseashore.ru
	slipperyflew.ru
	besprav.ru
	stovejet.ru
	overshoesexcursion.ru
	butconeu.ru
	brutalo.ru
	achilia.ru
	broadua.ru
	edpicas.ru
	chillleisure.ru
	abrastem.ru
	ambrone.ru
	arjanfr.ru
	anodigga.ru
	astrak.ru
	atesne.ru
	assauce.ru

	Sample referrers:
	http://www.claroline.net/demo-2


	3LD doesn't always use a dictionary any more.
	For example:

	384601:21 f239j38y5i7ev5pg7tz1-x2.brutalo.ru. 198.50.186.252
	387588:22 3ff8l67f4u012tf1s2-2ak.brutalo.ru. 198.50.186.252
	390314:23 fl9k9546z4l3x4-2.brutalo.ru. 198.50.186.252
	390733:24 a99jx54g643m4ox-ex2t.brutalo.ru. 198.50.186.252
	391028:25 w9t9wj5d46434w-2.brutalo.ru. 198.50.186.252
	391165:26 99ku5464tx3n4-2rv.brutalo.ru. 198.50.186.252
	391526:27 2i035ng4s42sz009n-2ek.butconeu.ru. 198.50.186.252
	392588:28 2j03ag5i44sn20an0gk9c-rr2n.butconeu.ru. 198.50.186.252
	392956:29 203gp5w4j4u2xt009-2.butconeu.ru. 198.50.186.252
	393116:30 mj20by3mc54y42009tz-ef2j.butconeu.ru. 198.50.186.252
	393986:33 i2d03544y2009a-bx2.butconeu.ru. 198.50.186.252
	395825:10 them.achilia.ru. 198.27.114.18
	396121:34 1ch423n9l3jo02pq52u-2hj.butconeu.ru. 198.50.186.252
	396729:36 5au8234a9ez920f-2.butconeu.ru. 198.50.186.252
	397583:37 be58e23wj4d992do0-l2a.butconeu.ru. 198.50.186.252
	399052:38 nh43in9yd1f5g2i9u3nc8-2b.butconeu.ru. 198.50.186.252
	399314:39 43os9j1529e38y-oa2.butconeu.ru. 198.50.186.252
	400488:40 fc439d1il5ow2lm9qj38tt-2.butconeu.ru. 198.50.186.252
	400797:41 4rl3n915j2k9ix3zk8-fo2.butconeu.ru. 198.50.186.252
	577060:27 po228u1ec48ca10cv8o2yk-2n.daleseashore.ru. 198.50.186.253
	577150:28 cc2019m0dk5b47i3ne8m-q2t.daleseashore.ru. 198.50.186.253
	577412:29 u2l0t1di9054fc738-2.daleseashore.ru. 198.50.186.253
	577551:30 20wr1e9vl05as473p8kv-kj2.daleseashore.ru. 198.50.186.253
	579445:31 39na97re8084n8x5-by2.daleseashore.ru. 198.50.186.253
	580010:33 v39978q08485-2.daleseashore.ru. 198.50.186.253
	580519:34 x2nn2fv814p81qk08aq2-2fs.daleseashore.ru. 198.50.186.253
	580588:35 oc2o2a8f1rg481i0m8c2kt-2.daleseashore.ru. 198.50.186.253
	581212:36 mc164hz4mu2085sp54q-c2.daleseashore.ru. 198.50.186.253
	581417:37 20665l43dd2mu3bm6rm-2.daleseashore.ru. 198.50.186.253
	581558:38 e2066sk5432w3yf6y-2.daleseashore.ru. 198.50.186.253
	582719:39 23vh9c20p46ns68lr5bv-ui2pe.daleseashore.ru. 198.50.186.253

	But it still uses a dictionary at the same time. For example:
	not.achilia.ru
	scientist.achilia.ru
	young.achilia.ru

	...