Skip to content

Instantly share code, notes, and snippets.

@jedisct1 jedisct1/nuclear ek mar 12.txt
Last active Aug 29, 2015

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Nuclear Exploit Kit Mar 12
Raw
nuclear ek mar 12.txt
nserver: dns1.sledhike.com.
nserver: dns2.sledhike.com.
nserver: dns1.sneezetrunk.com.
nserver: dns2.sneezetrunk.com.
nserver: dns1.woolflight.com.
nserver: dns2.woolflight.com.
nserver: ns1.rutyplayme.ru.
nserver: ns2.rutyplayme.ru.
nserver: ns1.mulitdns.ru.
nserver: ns2.mulitdns.ru.
nserver: dns1.bitingairplane.com.
nserver: dns2.bitingairplane.com.
IPs observed:
198.27.114.69 (198.27.114.64/30 subnet, OVH)
198.50.231.207 (198.50.231.204/30 subnet, OVH)
198.50.186.234 (198.50.186.232/30 subnet, OVH)
198.50.186.238 (198.50.186.236/30 subnet, OVH)
198.27.114.18 (198.27.114.16/30 subnet, OVH)
198.50.186.252, 198.50.186.253 (198.50.186.252/30 subnet, OVH)
198.27.114.64/27, OVH
Sample rotator: hxxp://haptanboys.pw/css/look3.php on 188.226.155.102 from 162.210.193.233
Update: haptangirls.pw - haptanboys.pw - haptangirls.pw rotators now all suspended :)
lakegullys.ru
summitcliff.ru
daleseashore.ru
slipperyflew.ru
besprav.ru
stovejet.ru
overshoesexcursion.ru
butconeu.ru
brutalo.ru
achilia.ru
broadua.ru
edpicas.ru
chillleisure.ru
abrastem.ru
ambrone.ru
arjanfr.ru
anodigga.ru
astrak.ru
atesne.ru
assauce.ru
Sample referrers:
http://www.claroline.net/demo-2
3LD doesn't always use a dictionary any more.
For example:
384601:21 f239j38y5i7ev5pg7tz1-x2.brutalo.ru. 198.50.186.252
387588:22 3ff8l67f4u012tf1s2-2ak.brutalo.ru. 198.50.186.252
390314:23 fl9k9546z4l3x4-2.brutalo.ru. 198.50.186.252
390733:24 a99jx54g643m4ox-ex2t.brutalo.ru. 198.50.186.252
391028:25 w9t9wj5d46434w-2.brutalo.ru. 198.50.186.252
391165:26 99ku5464tx3n4-2rv.brutalo.ru. 198.50.186.252
391526:27 2i035ng4s42sz009n-2ek.butconeu.ru. 198.50.186.252
392588:28 2j03ag5i44sn20an0gk9c-rr2n.butconeu.ru. 198.50.186.252
392956:29 203gp5w4j4u2xt009-2.butconeu.ru. 198.50.186.252
393116:30 mj20by3mc54y42009tz-ef2j.butconeu.ru. 198.50.186.252
393986:33 i2d03544y2009a-bx2.butconeu.ru. 198.50.186.252
395825:10 them.achilia.ru. 198.27.114.18
396121:34 1ch423n9l3jo02pq52u-2hj.butconeu.ru. 198.50.186.252
396729:36 5au8234a9ez920f-2.butconeu.ru. 198.50.186.252
397583:37 be58e23wj4d992do0-l2a.butconeu.ru. 198.50.186.252
399052:38 nh43in9yd1f5g2i9u3nc8-2b.butconeu.ru. 198.50.186.252
399314:39 43os9j1529e38y-oa2.butconeu.ru. 198.50.186.252
400488:40 fc439d1il5ow2lm9qj38tt-2.butconeu.ru. 198.50.186.252
400797:41 4rl3n915j2k9ix3zk8-fo2.butconeu.ru. 198.50.186.252
577060:27 po228u1ec48ca10cv8o2yk-2n.daleseashore.ru. 198.50.186.253
577150:28 cc2019m0dk5b47i3ne8m-q2t.daleseashore.ru. 198.50.186.253
577412:29 u2l0t1di9054fc738-2.daleseashore.ru. 198.50.186.253
577551:30 20wr1e9vl05as473p8kv-kj2.daleseashore.ru. 198.50.186.253
579445:31 39na97re8084n8x5-by2.daleseashore.ru. 198.50.186.253
580010:33 v39978q08485-2.daleseashore.ru. 198.50.186.253
580519:34 x2nn2fv814p81qk08aq2-2fs.daleseashore.ru. 198.50.186.253
580588:35 oc2o2a8f1rg481i0m8c2kt-2.daleseashore.ru. 198.50.186.253
581212:36 mc164hz4mu2085sp54q-c2.daleseashore.ru. 198.50.186.253
581417:37 20665l43dd2mu3bm6rm-2.daleseashore.ru. 198.50.186.253
581558:38 e2066sk5432w3yf6y-2.daleseashore.ru. 198.50.186.253
582719:39 23vh9c20p46ns68lr5bv-ui2pe.daleseashore.ru. 198.50.186.253
But it still uses a dictionary at the same time. For example:
not.achilia.ru
scientist.achilia.ru
young.achilia.ru
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.