# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ps66uk/status/1032177208335450112
# Note: C2 direct link is added due to remark from #239

occe.com/image1/image/Panel/five/fre.php

# Reference: https://twitter.com/malwrhunterteam/status/1032537769787183104

americaircairmakan.com
botnet.americaircairmakan.com

# Reference: https://twitter.com/FewAtoms/status/1033040103155871744

agodatex.ga
http://185.185.40.152/jeff/five/fre.php

# Reference: https://twitter.com/olihough86/status/1033055339359420417

polixservices.com

# Reference: https://twitter.com/0xffff08000/status/1033054440306036737
 
embramedica.com.br/site/wp-content/plugnis/ipconfig/five/PvqDq929BSx_A_D_M1n_a.php
 
# Reference: https://twitter.com/malware_traffic/status/1033003634001367042
 
yardng.com
 
# Reference: https://twitter.com/pollo290987/status/1032998085503447041
 
rmsalf.com

# Reference: https://twitter.com/olihough86/status/1031644479109963776

http://191.101.42.43/fdgd/five/PvqDq929BSx_A_D_M1n_a.php
studemplo.com/admin/studemplo/Panel/five/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com
typrat.club
www.cem-hk.co

# Reference: https://twitter.com/asset_island_/status/1031608741504933889

pldtdsll.net

# Reference: https://twitter.com/0xffff08000/status/1031613343797207040

claudfx.win

# Reference: https://twitter.com/pollo290987/status/1031544753505165312

http://191.101.42.43/fdgd/five/fre.php

# Reference: https://twitter.com/James_inthe_box/status/1030579493910413312

acadaman.com
dandoesinternet.com

# Reference: https://twitter.com/James_inthe_box/status/1030487639688794115

kelvinarinze.ml
scoverykingdom.gq

# Reference: https://pastebin.com/UGm39pdU
# Reference: https://pastebin.com/mgVvSRHi

002vt.tk/james/fre.php
http://141.105.71.166/me/fre.php
http://141.105.71.76/blz/fre.php
http://151.80.162.219/marle/fre.php
http://185.111.75.169/cart/disk/fre.php
http://185.148.146.193/~agroinovate/zizisisi/Panel/five/fre.php
http://185.206.144.81/lawi/fre.php
http://185.24.233.254/donep/fre.php
http://185.24.233.32/open/libs/fre.php
http://185.24.233.46/dusx/busz/fre.php
http://185.24.233.74/dusk/hond/fre.php
http://185.24.233.79/baca/opio/fre.php
http://185.24.233.80/pend/chan/fre.php
http://188.215.229.41//GIS/fre.php
http://191.101.42.43/fdgd/five/fre.php
http://31.220.2.200/~hancockw/nok/five/fre.php
http://31.220.2.200/~justicet/ag/five/fre.php
http://5.206.226.99/juicy/fre.php
http://80.211.102.126/deve/tide/fre.php
http://84.38.132.105/oki/Panel/fre.php
http://84.38.133.160/new/Panel/fre.php
http://85.254.72.30/donbig/c1/fre.php
http://89.187.86.7/~blackdia/new/mhoney/fre.php
http://89.187.86.7/~blackdia/vic/bless/fre.php
http://89.45.67.131/smg/fre.php
http://89.45.67.145/emy/fre.php
ace.alasrglobal.com/ace/Panel/five/fre.php
ace.alasrglobal.com/skinny/Panel/five/fre.php
ace.alasrglobal.com/wise/Panel/five/fre.php
ackh.ir/gabi/five/fre.php
ackh.ir/hamid/five/fre.php
ackh.ir/papa/five/fre.php
ackh.ir/sp/five/fre.php
adrack.us/wp-content/uploads/five/fre.php
ahmad52sell.cf/admin/five/fre.php
alexamondwonderltd.com/freeBrow/fre.php
alpacham.com/ndretr5478/fre.php
anitoid.alasrglobal.com/austine/five/fre.php
araslanow.net/js/Panel/five/fre.php
araslanow.net/wipadmin/Panel/five/fre.php
awele.duckdns.org:1717/zip/fre.php
babasoft.ooo/fre.php
bapican.com/image/admin/Panel/five/fre.php
blackdiamondsco.ae/bossftown/fre.php
blackdiamondsco.ae/rooney/fre.php
blackdiamondsco.ae/wogor/fre.php
blogsports.com.ng/cli/Panel/five/fre.php
brighten2.alasrglobal.com/file/bell/five/fre.php
brighten2.alasrglobal.com/file/tin/five/fre.php
brighten2.alasrglobal.com/file/vas/five/fre.php
brighten.alasrglobal.com/file/do/five/fre.php
britlite.ga/fade/type/fre.php
bsales.cf/bs/Panel/five/fre.php
bsales.cf/ft/Panel/five/fre.php
cityhotel.ge/believe/five/fre.php
cityhotel.ge/focus/five/fre.php
cityhotel.ge/rozay/five/fre.php
colnoygums.com/freg/fre.php
cytanets-com.cf/philip/panel/fre.php
cytanets-com.cf/qwertyu/panel/fre.php
dandoesinternet.com/cis1406/tutorial10/fre.php
dandoesinternet.com/cis1407/fre.php
dandoesinternet.com/mobile/ch1/fre.php
devhaevents.us/2415452354/242424/fre.php
dutch-tour-guide-marrakech.com/app/Panel/five/fre.php
eastlandproduce.us/.well-known/acme-challenge/over/raw/fre.php
eholes.viewyoursite.co.uk/LucianoLokiPanel/fre.php
emakqroup.tk/obi/panel/fre.php
emakqroup.tk/sim/panel/fre.php
embramedica.com.br/site/wp-content/plugnis/fre.php
emoticon.tk/hcode/kmaster/fre.php
e-ne1.com/Hab-Lok/fre.php
eurobike1.cf/obinna/fre.php
familyhealths.ga/cdi-directory/five/fre.php
fascine-cemdene.com/wp/wp-includes/js/js/five/fre.php
fasterre.gq/hcode/bazon/fre.php
fojidedar.com/bazz/fojide2/fre.php
fojidedar.com/fojide/fre.php
fojidedar.com/soft/amadin/fre.php
fox-lighting.ga/poop/club/fre.php
freecaps.ml/over/jump/fre.php
fruitfulmonth.tk/raphael/fre.php
geranntibankasi.com/getyoui980/jertyui989/fre.php
haksenlimited.com/slim/fre.php
hamon.ir/mate/five/fre.php
highstarsino.cf/anyi/fre.php
hkenngr.com/herty987/letry78/fre.php
homeduderezort.com/includes/1010/fre.php
homeduderezort.com/includes/gator/fre.php
homeduderezort.com/includes/nas/fre.php
homefieldtech.com/anu/five/fre.php
homefieldtech.com/box/five/fre.php
homefieldtech.com/juke/five/fre.php
homefieldtech.com/mzx/five/fre.php
homefieldtech.com/Obo/five/fre.php
homefieldtech.com/uok/five/fre.php
housded.cf/hcode/azuka/fre.php
icannsorg.com/icann2/five/fre.php
icannsorg.com/icann/five/fre.php
incitecpivot-au.com/mertyui567/kertli879/fre.php
inout-me.ml/fixx/sure/fre.php
inquire.website/images/five/fre.php
isnmainpasedal.com/amb/fre.php
jamespanel.tk/cole/fre.php
jamespanel.tk/low/five2/fre.php
jamespanel.tk/odee/fre.php
joxax.privatedocuments.site/jox/loki/fre.php
jvl-jp.co/ser567/gotert/fre.php
katherinajetter.com/vxzc/Panel/fre.php
katherinajetter.com/xzcsadwqe23/fre.php
khanapenaband.com/jon/fre.php
lablocks.site/Panel/five/fre.php
laloderkozam.com/laloder2/five/fre.php
laloderkozam.com/laloder3/five/fre.php
laloderkozam.com/laloder4/five/fre.php
launchgrowthtoday.download/bobo22/Panel/five/fre.php
launchgrowthtoday.download/choo/Panel/five/fre.php
launchgrowthtoday.download/jamike/Panel/five/fre.php
logsession.space/citycenter/fashion/trending/fre.php
lovaniacreative.com/wp-admin/js/inc/Panel/five/fre.php
madlovert.ml/swanky/wp-content/uploads/Panel/five/fre.php
magic1.cf/gat/fre.php
magic3.ml/gozie/fre.php
marksky.org/medosky/fre.php
msa-fit.gq/sql/Panel/five/fre.php
mxchlp.com/team/wide/fre.php
namesnetworks.com/blog/educational/fre.php
nextlevelshop.info/woldpress/logistics/Panel/five/fre.php
nextwaveconsulting.com.au/Cpanel/Panel/five/fre.php
novachim.ro/plugins/editors/five/fre.php
nutgetsloversplay.usa.cc/wp-content/themes/twentyfifteen/Panel/five/fre.php
oajandassociates.com/images/oajand/Panel/five/fre.php
officebase.website/js/five/fre.php
ojoboplaza.club/Angel/Panel/five/fre.php
ojoboplaza.club/Drama/Panel/five/fre.php
ojoboplaza.club/Man/Panel/five/fre.php
onlyadoonbit.com/asji/fre.php
opercomex.co/billionaire/kendra/fre.php
orkaden.com/wp-includes/Text/me/fre.php
panelhq.cf/jr/five/fre.php
panelhq.gq/airforce/five/fre.php
panelhq.gq/chelsea/five/fre.php
panelhq.gq/gold/five/fre.php
panelhq.gq/stars/five/fre.php
profirst.com.vn/aug777/five/fre.php
profirst.com.vn/aug/five/fre.php
ptads.ml/pide/seed/fre.php
punjabjaogi.com/Panel/fre.php
qureshioffice.alasrglobal.com/admin7/bgn/sfe/fre.php
qureshioffice.alasrglobal.com/admin/xxx/zzz/fre.php
qureshioffice.alasrglobal.com/sam1/xknf/kdlt/fre.php
reachmy90s.com/includes/Panel/five/fre.php
rozedaro.com/administrator/Panel/five/fre.php
saintechelon.tk/fre.php
sccoast.tk/logs/panel/fre.php
sccoast.tk/phil/panel/fre.php
schooolcode.download/uk8k/Panel/five/fre.php
shaktiorkatimo.com/symboss/fre.php
shinyei-co.gq/cade/dope/fre.php
sinomagnetor3.cf/anyi/fre.php
soolitaytangya.com/blessed/Panel/five/fre.php
sternpid.ga/firm/fost/fre.php
strcutform.com/vinye/Panel/five/fre.php
strijdbladen.ga/donstan/five/fre.php
swaz.hanirnail.net/five/fre.php
szccf361.com/flinkas260/fre.php
theonlygoodman.com/eig/fre.php
theonlygoodman.com/nin/fre.php
tondice.flu.cc/images./45skele/fre.php
tondice.flu.cc/images./imgs01sg-/fre.php
tradelink.qa/aug/five/fre.php
tutorialdnsstep1.com/admin/fre.php
tutorialdnsstep1.com/toturial/fre.php
uzocloudservers.gq/jeff/five/fre.php
veloceqlobal.net/rain/hope/fre.php
victoralifts.com/wpss/fre.php
wapsihonaylo.com/wapsi3/five/fre.php
wapsihonaylo.com/wapsi4/five/fre.php
wapsihonaylo.com/wapsi/five/fre.php
wcegroups.com/done/hont/fre.php
westiles.ga/lope/coop/fre.php
wiglelamberfo.com/eme/fre.php
constantialiquidators.com/freg/fre.php
crownventureintl.com/wip-admin/Panel/five/fre.php
gardensun.ru/daily/fre.php
gardensun.ru/eca/fre.php
mysticalreflections.life/web-content/web/upgrade/wp_obtain/log/Panel/five/fre.php
netgateway.top/panel/fre.php
scoverykingdom.gq/jeff/five/fre.php
semaprin.info/mi/fre.php
sierracontrol.ru/cmd11/fre.php
sierracontrol.ru/vipu/fre.php
woelpuu.com/hertuyi/teryio/fre.php
woelpuu.com/terypp/youip/fre.php
zealsale.com.np/file/Panel/five/fre.php
xsftruss.ml/edunew/fre.php
ymwsolutions.com/testfilez/fre.php
nawck.ml
mitch-portal.tk
sintrol.cf
sirmitch.ml

# Reference: https://myonlinesecurity.co.uk/slightly-different-lokibot-delivery-via-embedded-ole-objects-in-rtf-word-doc/

kikehraeein.com/web-obtain/file/web/log/Panel/five/fre.php

# Reference: https://twitter.com/DynamicAnalysis/status/1034488992987860995

apidava.tk

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

szccf361.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

1113sophie.info
41230319.net
cryptocoindigital.com
kacakbahisfirmasi.com
marryingmaldonado.com
mywdn.com
risu-nursery.com
saurabh.online
shiqiyingli.com
sicknessfitness.com
themonkeygrindervintage.com
unsubchef.com
win.link
xn--vhq6e39ls7w.net
zexpar.com

# Reference: https://viriback.com/30-days-later-97-panels/

annamadums.ml/jazzy/PvqDq929BSx_A_D_M1n_a.php
bellegin.ru/doncha10/pen.php
bellegin.ru/don-cha11/pen.php
bellegin.ru/oshok/pen.php
bollingoes.ml/ngoes/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/blam/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/block/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/konvict/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/smith/five/PvqDq929BSx_A_D_M1n_a.php
cadjetbums.ml/tbums/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/moon/five/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/sun/five/PvqDq929BSx_A_D_M1n_a.php
dunysaki.ru/buch-x5/pen.php
dunysaki.ru/doncha-2/pen.php
dunysaki.ru/stephen/pen.php
erintoba.info/bbbb/Panel/five/PvqDq929BSx_A_D_M1n_a.php
eriousimen.ml/eriou/PvqDq929BSx_A_D_M1n_a.php
finelets.ru/buch-x3/pen.php
finelets.ru/buch-x4/pen.php
finelets.ru/fankzu/pen.php
gokuu.club/ckan/PvqDq929BSx_A_D_M1n_a.php
gokuu.club/M/PvqDq929BSx_A_D_M1n_a.php
joanread.ru/decap/pen.php
joanread.ru/work-1/pen.php
lidgeys.ru/buch-k/pen.php
lidgeys.ru/buch-l/pen.php
lidgeys.ru/buch-m/pen.php
lidgeys.ru/buchX-1/pen.php
lidgeys.ru/buch-x2/pen.php
lidgeys.ru/eddy/pen.php
papgon10.ru/davidm/pen.php
papgon10.ru/don-12/pen.php
papgon10.ru/don-one/pen.php
papgon10.ru/kennyB-1/pen.php
papgon10.ru/oshok-two/pen.php
thousandan.ml/andan/PvqDq929BSx_A_D_M1n_a.php
topreadz.ru/alexbe/pen.php
topreadz.ru/doncha-3/pen.php
topreadz.ru/willy-1/pen.php
ultrainstinct.ru/file/exe/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/Dstan/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/hsp1/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/nesto/Panel/five/PvqDq929BSx_A_D_M1n_a.php
uy-akwaibom.ru/vinho/Panel/five/PvqDq929BSx_A_D_M1n_a.php
vailablity.ml/vaila/PvqDq929BSx_A_D_M1n_a.php
viettrust-vn.net/samii/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/home/five/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/log/five/PvqDq929BSx_A_D_M1n_a.php
wheelonexs.ml/wheel/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://github.com/stamparm/maltrail/pull/284#issuecomment-417861246

ajmanz.gq

# Reference: https://twitter.com/DynamicAnalysis/status/1037472184636256256

theonlygoodman.com/fit/fre.php

# Reference: https://twitter.com/nullcookies/status/1038235674565066757

crasemerzom.com

# Reference: https://twitter.com/avman1995/status/1038285919219068928

http://99.198.127.106
blackdiamondsco.ae/test/fre.php

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

bartolini-system.net/loop/PvqDq929BSx_A_D_M1n_a.php
logs.boxxta.website/ikol/five/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Hploki-6682476-0)

bvasetro.com
com-logninsauthorize.info
grm-group.info
healinggoodness.com
losmejorescrm.com
mechakawaii.com
mytechnik-beratung.com
ptt-test.com
testci20170903033002.net
thlg8.com
vintageontheline.com

# Reference: https://pastebin.com/bEqJKZfZ

strutitinca.ro/ftp/fre.php
zenshinonline.ru/amb/fre.php
zenshinonline.ru/eka/fre.php
zenshinonline.ru/file/fre.php

# Reference: https://www.maltiverse.com/sample/1ea139164e3525a5a4f3feb333551a806852cca40e49698fbf65d49bd4f7c27c

loggerkeys-hosting.xyz

# Reference: https://www.maltiverse.com/sample/16d06c604487ad96b04f226827dc033d61c80b345a323faee5c9d4a0b2a108d0

tananaislanoidd.ga

# Reference: http://cybercrime-tracker.net/index.php?search=Lokibot

corelis.group
zenshinonline.ru
harltdoors.com
devhaevents.us
grace4good.cf
theonlygoodman.com
premierevents.co.zw

# Reference: https://twitter.com/ViriBack/status/1046391838448537601
# Reference: https://pastebin.com/4QRaU8T7

geranntibankasi.com/slowkizzy567/kertyui456/PvqDq929BSx_A_D_M1n_a.php
hkenngr.com/herty987/letry78/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/dertyu987/treyuo9809/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/lerty67/loivet56/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/mertyui567/kertli879/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/hermonth/jerk/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki2/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki3/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/gert67/teryu7/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/nwokorie45777/fertyuoui/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sert67/tyuio98/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sertyoup/latinoper90/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/slamp89/ketu56/PvqDq929BSx_A_D_M1n_a.php
kaokao-twn.com/yerter/getyu/PvqDq929BSx_A_D_M1n_a.php
karenandkarren.com/multi980/mertyui989/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/fertyuio/lopiytu/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuier/liouy56/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuio/lop0980/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/gertyu99/ertyu8/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/hertyuu89/menter67/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/kertyu767/jertyu657/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/loipter/teryuop999/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/cash2/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/kelle/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/money/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/tino/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki2/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki4/PvqDq929BSx_A_D_M1n_a.php
oliverrbatlle.com/setyi98/etruo89/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/dertyuop345/teryup234/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/limitedmert/menter567/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/nertyoiu67/eartyuoiyue67/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/slamptiert5/fertyupw456/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/startboi89234/netwer675/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/betstyui789/erty6786/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/fishyoiu/fishtery77/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/sertyu45/teryu34/PvqDq929BSx_A_D_M1n_a.php
redsseammgt.com/loki5/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/hertioyu567/lertu789/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/mentiyu98/letluy78/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/kogilop/yopuit77/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shakamally/loipy67/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/lokily89/werty6789/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/smello/ertyop009/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki4/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki5/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shunshuo/terrampeedar/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/serto99/jerty45/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/sertoiu/fertuiop/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopitre87/teryuio09/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopityrety/kerterty/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/hertuyi/teryio/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/terypp/youip/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/

oceanlinkmarrine.com/loki1/fre.php
oceanlinkmarrine.com/loki2/fre.php
oceanlinkmarrine.com/loki3/fre.php
oceanlinkmarrine.com/loki4/fre.php
oceanlinkmarrine.com/loki5/fre.php

# Reference: https://twitter.com/avman1995/status/1046751735971282944

nisol.ga/chika/fre.php

# Reference: https://pastebin.com/AasLyArF

monochromestr.site/fbm/encode.php

# Reference: https://twitter.com/avman1995/status/1052426452187185153

octone.igg.biz/chri1/cgi.php

# Reference: https://app.any.run/tasks/4515e611-f351-436b-982a-72229c1a1853

hmcrogenics.com

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

/LL0/200g-xz/cat.php

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

/kston/link.php

# Reference: https://twitter.com/Securityinbits/status/1090893221754884100

/scott/link.php

# Reference: https://twitter.com/Racco42/status/1027476386808848384

maxthon.duckdns.org
sockets.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1062658307507273733

/sgbbu2/cat.php

# Reference: https://twitter.com/illegalFawn/status/1113086451233755136

alexiwobi.ga
dandyla1.ga

# Reference: https://twitter.com/luc4m/status/1103214408682139648

aurelio.xyz

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1116638803475746816

camopionari.cf
dankasa.tk
olododo.tk
sweetreuyh.tk
underneat.gq
yriuiuteuieu.gq

# Reference: https://twitter.com/pancak3lullz/status/1121057197914509312

/cka2/cat.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1134360866550439936

/m/2/cat.php

# Reference: https://twitter.com/JayTHL/status/1124325778685087745

/lmark/atz/link.php

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk/anyi/fre.php

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml/tuneshi/fre.php

# Reference: https://twitter.com/ViriBack/status/1134662952898965504
# Reference: https://pastebin.com/pkZ0TBnc

beautynams.com
begurtyut.info
flmates.com
hyoki-jp.top

# Reference: http://tracker.viriback.com/ (# Lokibot)

bridgecornenterprises.com
doosantax.com
unimasa.icu

# Reference: https://www.virustotal.com/gui/ip-address/185.79.156.24/relations

http://185.79.156.24

# Reference: https://twitter.com/P3pperP0tts/status/1135824585885196288

leorentacars.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1136248211654545408

gadujez.tk

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/lethatch.se%2Fnelpa%2Ffive%2Ffre.php

lethatch.se

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/technosevregroup.com%2Fzxd%2Fpanel%2Ffre.php

technosevregroup.com

# Reference: https://github.com/runvirus/LokiPWS/blob/master/README.md

offset7.com

# Reference: https://twitter.com/James_inthe_box/status/1136674160862609408

execuitiveship.com

# Reference: https://twitter.com/dvk01uk/status/1137999393158770688

exalumnosldea.cl

# Reference: https://twitter.com/dms1899/status/1138742747773460482

mbh-co-uk.ml
sas-agri.ml

# Reference: https://twitter.com/dvk01uk/status/1138774057606926341

fantasticpipo.club

# Reference: https://twitter.com/dvk01uk/status/1138775767171698690

ezigbo-mmadu.xyz

# Reference: https://twitter.com/James_inthe_box/status/1138815213640114176

http://45.67.14.154
http://185.79.156.24

# Reference: https://twitter.com/dvk01uk/status/1139485923991785473

uehsjtsjksf.tk

# Reference: https://twitter.com/dvk01uk/status/1139494526307975168

fraiser-campbell.ga

# Reference: https://twitter.com/pancak3lullz/status/1139534936518594561

freecapes.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568

/kas/4/cat.php

# Reference: https://twitter.com/dvk01uk/status/1140936638148820995

sparkickwears.ga

# Reference: https://twitter.com/blackorbird/status/1141557021000552448

fileshareing.tk

# Reference: https://twitter.com/x42x5a/status/1141970343818665984

007akin.top

# Reference: https://twitter.com/Racco42/status/1141969102753423360

bichchats.top

# Reference: https://twitter.com/Racco42/status/1143810986920599553

saculcin.top

# Reference: https://twitter.com/x42x5a/status/1143895404527988736

tqe2009.com

# Reference: https://twitter.com/dvk01uk/status/1144811922715549696

lionelibrahimovich.tk

# Reference: https://twitter.com/dvk01uk/status/1146410395357339649

ayakkokulari.com

# Reference: https://twitter.com/killamjr/status/1147113714132275200

openningsoonming.zapto.org

# Reference: https://twitter.com/_odisseus/status/988303327090937857
# Reference: https://app.any.run/tasks/20ed9962-0799-4f3b-bfbf-6dd77e5b9979/

i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd

# Reference: https://twitter.com/smica83/status/1149194882231209985

mbixch.site

# Reference: https://twitter.com/Racco42/status/1149662812722978816

aliiff.com
villaviras.com

# Reference: https://twitter.com/hexlax/status/1149768235434352645

automatia.in
lestonline.ga
taleohio.ga

# Reference: https://twitter.com/Paladin3161/status/1149639116125921284

kitchenraja.com

# Reference: https://twitter.com/hexlax/status/1150113306545467393

bioconscolors.com

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

wupx.ga

# Reference: https://twitter.com/reecdeep/status/1151737917259354113

ysvina-vn.com

# Reference: https://app.any.run/tasks/69193d3f-ffe6-4db8-ba64-b408caeffde0

hotkey--cn.com

# Reference: https://twitter.com/coderippers/status/1152188547253846016

orientsdelivery.xyz

# Reference: https://twitter.com/reecdeep/status/1145960074046791680

eko-colors-pl.com

# Reference: https://twitter.com/IdoNaor1/status/1152892001844629505

abulutari.tk

# Reference: https://twitter.com/reecdeep/status/1153195564852547585
# Reference: https://app.any.run/tasks/4574a922-fd08-4230-ac49-59315b0702d5/

matbin.com

# Reference: https://twitter.com/blackorbird/status/1155781572718546944

sparkickwears.ga

# Reference: https://twitter.com/James_inthe_box/status/1155945383048011777

pitr0s.com

# Reference: https://twitter.com/reecdeep/status/1157201656397860865

hochom-tw.com

# Reference: https://twitter.com/Racco42/status/1157215058319040512

maviiletisim-com.tk

# Reference: https://twitter.com/Racco42/status/1158765032299270144

kusumgar.cf

# Reference: https://twitter.com/reecdeep/status/1158984342108090369

monastaybags.com

# Reference: https://twitter.com/reecdeep/status/1159008913691435008

hilbizworld.top

# Reference: https://twitter.com/reecdeep/status/1159438247208075264

hotkey--cn.com

# Reference: https://twitter.com/reecdeep/status/1159446926196183045

teslaghane.com

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

sovamegroup.com

# Reference: https://twitter.com/Paladin3161/status/1159984272897216513

quecik.info

# Reference: https://twitter.com/reecdeep/status/1161226121515544576

sportyclik.com

# Reference: https://twitter.com/reecdeep/status/1161220049413246977

sun-clear.net

# Reference: https://twitter.com/reecdeep/status/1164074211213807616

confirm3.pw

# Reference: https://any.run/report/a234966b36ea3816665501b926ef6fe22f4e8ba90a80af0f66662c4cd4dba915/6a5e8f49-5529-4f67-a457-eab7a3f1635e

scanchart-rny.com

# Reference: https://any.run/report/49e77f3fa26d7427bc726783325c2729c666038e0c4546c87e5678adcadaa4a8/8c88a7b4-fac6-494f-aba2-142d845136a2

cbnid.net

# Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329

clotiahs.info
jiraiya.info
zjvvymy.com

# Reference: https://twitter.com/reecdeep/status/1169151595747127296

modcloudserver.eu

# Reference: https://twitter.com/Mesiagh/status/1170048273366695936
# Reference: https://pastebin.com/kMXDsSNr

171.15.198.199:1443

# Reference: https://app.any.run/tasks/bf013836-f219-494b-a54b-e25c13a7a400/

ottappalam.com

# Reference: https://www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html

palikyu.ml

# Reference: https://twitter.com/reecdeep/status/1173492999457841154

mapsi-shipping.xyz

# Reference: https://twitter.com/dvk01uk/status/1173464780159508480

svmarketingindia.com

# Reference: https://twitter.com/Racco42/status/1173547031979278336

clotiahs.info

# Reference: https://app.any.run/tasks/84841357-56f4-4d71-9f7b-4e5dde21edf7/

nucsquaremall.ga
http://nucsquaremall.ga/~zadmin/lmark/ch/link.php

# Reference: https://twitter.com/ninoseki/status/1175189790469189632

fatmazpharmc.com

# Reference: https://app.any.run/tasks/6ecd4749-affb-4505-8b95-bd307a609be8/

handrass.co.rs/don/five/fre.php

# Reference: https://any.run/report/397217271ce8684d24144b1eb612d6d45921573bb8cdd0e53fae1d44d2456a64/ff14e78f-0c45-45b0-b93e-8170121cc7de

kaokao-twn.com

# Reference: https://any.run/report/91628bad8c6b90dd333f850db85dcc2c313dbbccd84ecae45441b72c2a09603d/aba660a1-69bc-4f44-bc21-c962997baf13

barzaker1.tk

# Reference: https://any.run/report/a2c93eb56dd983d63654dbbd82ee2967d1acb50f4fcd700ab3dfb7743fe64e9a/36fcc660-a97e-491f-9b05-af099620ac4c

gruputsk.com

# Reference: https://any.run/report/30e5e29f2e4e69e88032805b3cdfd8e86e48f6837a375f096263b86f9fe4de01/b5efffc2-b5b6-4e87-9958-4ab0e7c23db3

opercomex.co/php/webpanel/fre.php

# Reference: https://any.run/report/c407bb7c069e983d20752c582476ab1606b4947724194f949ba90eefe9e05a24/9012e28b-9667-4070-9751-b3f2ef211d50

ponsse.site

# Reference: https://any.run/report/050c206340ce8ea775797da9d55a250e488174d87d9529fb25db13a07168c471/8c33a2a5-51af-4547-bdb7-d5a3b93ea4c4

barzaker1.cf

# Reference: https://any.run/report/1c0f62f0277289f74ffd1f03f5097f17a1e14494c4c612ed30aa2a9899759d3a/d4d20c0c-7aa3-449b-b365-8b2b9e243050

dtolnba.tk

# Reference: https://any.run/report/78de464e43327ba4f9ef245c72e26b28e1fbd5175bccd15253fde852bd1eb61d/1a751b0b-e75f-4b67-829c-de5f1a86a932

megatradeinvestment.com

# Reference: https://any.run/report/7e6b471d1fe43841b1c995df98e2feede05280d251f50fcf6b6f084ae902817a/9fd319fa-3e9d-4d15-8837-9b2d08fe6b8e

185.234.216.240/0x22/loki/fre.php

# Reference: https://any.run/report/8897b096fa6661307bb3d2d97df155b2a4d673ee4e2e50ee37de23179a79afa6/e73a0ccf-14b0-4445-a00c-84076510d095

panelego018.info

# Reference: https://any.run/report/7c7d40b6e024d074acb2aa9b21e60e5a2e132424cdd4f23432013cfadc368392/88ea1ed2-25ac-4786-86dc-a052020f6b2d

62.108.37.205/jeff/five/fre.php

# Reference: https://any.run/report/af51d7d35c70e8572b1bf1bf7cac2f9c79da70920e972f5df338bd34b7908b51/17cb8efa-8ccb-4ccf-9e71-ca9cb30be138

jaobhaezrasam.com

# Reference: https://any.run/report/da8cb79eb0b11f4c7e18890217c465afe508900d4d0fe029df10a08d7f50722e/28736ba8-2474-4fe3-9e7d-766ff32819f5

twosisterswine.com.au/admin/Panel/five/fre.php

# Reference: https://any.run/report/856cfd8e4168c08f6382cc6a7a94f2812d40d09e4b5a17728f142c5bf1d7b892/76cc0b7e-1668-4fea-92db-47ce9f0e2d82

gracetime.tech

# Reference: https://twitter.com/P3pperP0tts/status/1179292959172370433

onlygoodm.com

# Reference: https://app.any.run/tasks/2bd648b0-c9cd-45a1-ac4b-3c253c2c01aa/

peaches19.com

# Reference: https://twitter.com/Racco42/status/983258396664229888

ritsuninfra.in

# Reference: https://twitter.com/smica83/status/1184381866243248128

cvnty.tk

# Reference: https://twitter.com/hexlax/status/1184471439476441088

cvnty.cf
ggvxt.ga
mbfqg.cf
mlzxvi.tk
prxtz.gq
prztz.ga
qvukl.ga
qvukl.gq
qvukl.tk

# Reference: https://app.any.run/tasks/9b5e5e7f-ac71-484e-8dad-0d0af3bfe73b/

atritei.icu

# Reference: https://app.any.run/tasks/856e216f-c979-450a-a0b7-b9dbc6ab1361/

torresansrl-it.com

# Reference: https://app.any.run/tasks/abd716d5-3267-4aec-b4e5-075b0f4ddf0a/

baiksan-kr.com

# Reference: https://app.any.run/tasks/2c80bfce-a4a7-4024-b943-39d4fa8e0a01/

yanchenghengxin.com
corpcougar.com

# Reference: https://app.any.run/tasks/2c93099b-2751-41c4-a764-f8d66dcf727d/

kaburto.info

# Reference: https://app.any.run/tasks/ff303a56-d3f6-4128-8876-1c91d4d7494e/

yanchenghengxin.com

# Reference: https://app.any.run/tasks/f1e17f2a-00bc-4eeb-b5be-2d10c735ed9e/

tps-finlogistics.com

# Reference: https://app.any.run/tasks/f09ecafa-3e69-4171-bd36-c415c5e5f0e0/
# Reference: https://twitter.com/P3pperP0tts/status/1185592600528637952

fueda.info

# Reference: https://app.any.run/tasks/9eaf57e9-015a-4357-b0f8-fe30df9c9be7/

cvnty.tk

# Reference: https://app.any.run/tasks/e1756c8b-3175-4232-a4ca-9818a8ac27e6/

john-donnelly.co.uk

# Reference: https://app.any.run/tasks/3318e0f8-d5e7-4316-b748-b83cc506aaf9/

danagupal.com

# Reference: https://app.any.run/tasks/69ce4ecc-f88e-4523-a568-6b6a79491855/

simantramart.net

# Reference: https://twitter.com/James_inthe_box/status/1185191156168065024

nvent.icu

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Trojan.Lokibot-7288215-1)

arkhesol.info
lapphuongshoe.com
majidfathalibeygi.com
novinsazvar.com
orientsdelivery.xyz
pliykies8.net
suksez-ab.com
versuvius.ru

# Reference: https://twitter.com/P3pperP0tts/status/1186987811553067009

sylvaclouds.eu

# Reference: https://twitter.com/Paladin3161/status/1187160642815291392

mikeservers.eu

# Reference: https://pastebin.com/29uSdMAk

atritei.icu
dadatiles.com.au
gracetime.tech
jajar.ru
modatie.gq
nonomonojolipoiubtrewert.tk
tahetah.ir

# Reference: https://twitter.com/P3pperP0tts/status/1190724582359089152

kaburto.info

# Reference: https://twitter.com/wwp96/status/1191009866720124928

conceriavictoria-it.com

# Reference: https://twitter.com/wwp96/status/1191009400015802368

beautynams.com

# Reference: https://twitter.com/James_inthe_box/status/1191325755084435457

allaige-global.com

# Reference: https://twitter.com/wwp96/status/1191408876303896576

cyttec.de

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Lokibot)

http://104.168.248.212
http://178.159.7.9
http://185.189.112.158
http://185.79.156.15
http://185.79.156.24
http://37.120.146.126
http://45.67.14.181
http://51.68.128.171
http://94.100.28.214
http://23.95.228.37
http://5.252.192.117
007akin.top
013nat.net
2lcfo.com
4thave.co.uk
9th-way.tech
abbasuit.top
abifph.com
acptw.icu
adamsjef.top
aerosport.tech
aljust.website
allstarbelts.com
andalemexico.com
apollocapitalp.com
baiksan-kr.com
baklaysinc.com
bakrakhada.com
bamastra.top
beancart9.top
beatfile3.top
beautynams.com
begurtyut.info
bichchats.top
bigshowinc.co.uk
biocodax.com
bluecornerblog.tk
bosal.tech
bp10.webhosting123.icu
bridgecornenterprises.com
broomingkingpoiuty.tk
bteenerji.com
buildingwiring.ir
bylima.icu
cbnid.net
cleaf.ml
clotiahs.info
cnedriect.com
cocshipmanagment.com
confirm2.pw
confirm3.pw
coolking-tw.com
corpcougar.com
corpcougar.in
cosmoi098.ga
cosmoi098.ml
cremeroloe.com
crippoloiutustrope.tk
cvnty.ga
diplomatgroup.org
doosantax.com
ebslaradio.cl
efore.info
eko-colors-pl.com
eko-logistics.com
emiliano-sala.ga
enchapa.info
epi.org.mk
esplanademauritius.com
execuitiveship.com
exsimpetroleum.com
extrememx.net
exwelloilfleld.com
ezigbo-mmadu.xyz
famoosonutt.com
fantasticpipo.club
fileshareing.tk
filmmagapp.ir
flmates.com
florence-malouda.ml
florence-malouda.tk
forexdispatch.info
fredwi.top
freecapes.com
freecaps4.ml
freewhcm.top
frenchman.icu
fueda.info
gama247.beget.tech
giftedhands-association.com
gihf2.com
goldenfashiondeeds.com
gooinnhtrr.ml
goriaya.com
gregvictor.co.uk
groz-toolz.com
gtigtex.info
habertjohnson.top
halwaja.com
higomanga.info
hotblowup.com
hpygol-acm.com
hyoki-jp.top
iiranair.com
iranssp.ir
ivandarina.top
jayconnect.co.uk
jbrightbuilders.sytes.net
jhpipaa.com
jonjoshelvey.gq
jttomwest.top
kaburto.info
kachi.cf
kalafyn10.tk
kin3p.co.uk
kitchenraja.com
kratheinz.com
lapphuongshoe.com
ledomainedesalizees.com
logfert.com
lovingu1.top
lronman4x4.com
mairon-hk.com
makopolos.com
manchester-derby.ga
manchesterderby.gq
manchesterderby.tk
maritlme-net.com
matbin.com
mbh-co-uk.ml
mbta.com.ng
mhydraulics.net
mizunogolfbags.com
modcloudserver.eu
monastaybags.com
morganans.co.uk
newwoldassem.top
nexmarket.ir
nkegi.com
oasisvillasmaurice.com
ofoleteadms.icu
oldendroff.com
orientsdelivery.xyz
palacegrades.com
perigon-no.com
pouruinhgtrewzip.tk
qkinz.tech
qoqip.com
quelmax.com
quurieun.top
rasavision.ir
razaacademy.info
ritedi.icu
rnuganbank.com
rtjf.ga
saliyumakan.club
scm-hk.com
season1.icu
sghecc.com
shakekur.top
shalets23.com
sherwoodpest.com
sibarzz.xyz
siiigroup.com
slimcase247.se
smarytie.ir
smilesbyme.com
smithtony.co.uk
sparkickwears.ga
spidook.bid
spuerinirominfo.tk
stedmanpharrna.com
stephero7.ml
sucalcin.top
sun-clear.net
sunvim.cf
sylvaclouds.eu
telcel.tech
thaeed.ir
thammyvienanthea.com
tienaris.com
tjfr.tk
tmjchange.com
tourscentralasian.com
tqe2009.com
tradesecretsgiveandtake.ca
treatascholars.com
trietrre.ml
unimasa.icu
uzocoms.eu
vastinopulotiste.tk
vbih.tk
venresf.ml
vibecore20.top
vicomdistribucion.top
villaviras.com
vinaprio.com
vteach.com.sg
wieiland.com
wilfred.top
willhelmsen.com
wohinqfood.com
yuxinproteins.com

# Reference: https://twitter.com/P3pperP0tts/status/1191999299061780480

http://151.80.3.78

# Reference: https://www.virustotal.com/gui/file/df3f26fa52e1d59ae86f3e4e3e0811ff0beb10f2588dcc5372130e93fc007908/behavior/Dr.Web%20vxCube

arctech--vn.com

# Reference: https://www.virustotal.com/gui/file/6979ee74e6d3dfcdaf0e146faa063d70659b56cfda034d46f6a611af58a71f70/behavior/Dr.Web%20vxCube

beautynams.com

# Reference: https://twitter.com/P3pperP0tts/status/1192710961641205760

http://51.81.26.73

# Reference: https://www.virustotal.com/gui/file/68a511a096b68f00f40d77b497122a0da58132ec86d565a7e314452fe18b8321/behavior/Dr.Web%20vxCube

kenturkeymanians.org

# Reference: https://twitter.com/P3pperP0tts/status/1192809962268962818

backbaymall.ga
nucsquaremall.ga

# Reference: https://www.group-ib.com/blog/fakesecurity

chuxagama.com
umbra-diego.com

# Reference: https://twitter.com/P3pperP0tts/status/1193844698370236416

http://157.52.211.11

# Reference: https://twitter.com/wwp96/status/1193942503864651776

efore.info

# Reference: https://app.any.run/tasks/205df181-d1c5-4315-80b2-5456b6bfeef2/

arctech--vn.com

# Reference: https://twitter.com/wwp96/status/1194325495686586370

pointqrace.com

# Reference: https://twitter.com/P3pperP0tts/status/1194590128129421313

http://37.187.207.221

# Reference: https://twitter.com/P3pperP0tts/status/1194761250078699520

nvent.icu

# Reference: https://twitter.com/P3pperP0tts/status/1194979247124860929

http://51.75.33.88

# Reference: https://twitter.com/JayTHL/status/1194992844039229441

onllygoodam.com

# Reference: https://twitter.com/James_inthe_box/status/982003272562044928
# Reference: https://app.any.run/tasks/0893ab89-f685-40ae-bddc-83699013c804/

hydeoutent.com

# Reference: https://twitter.com/Racco42/status/1196407632598310918

s-plt.club
s-top.xyz

# Reference: https://twitter.com/wwp96/status/1196472338960793603

gelcursot.top

# Reference: https://app.any.run/tasks/30e58965-3657-457d-8aba-cf857b1ae756/

junquam.com

# Reference: https://app.any.run/tasks/1dc0b30d-1713-41f3-a0f0-a98240ba9824/

onllygoodam.com

# Reference: https://app.any.run/tasks/60951b2e-aac7-46b6-be01-214e104282f2/

matbin.com

# Reference: https://twitter.com/wwp96/status/1196877315726135296

s-top.xyz

# Reference: https://twitter.com/wwp96/status/1196870261016059905

http://46.21.147.94

# Reference: https://www.fortinet.com/blog/threat-research/custom-packer-tool-frenchy.html
# Reference: https://otx.alienvault.com/pulse/5dd565d5cd733b662f366526

alphastand.top
alphastand.trade
alphastand.win
kbfvzoboss.bid
sun-clear.net

# Reference: https://twitter.com/P3pperP0tts/status/1197683883627700229

http://51.91.175.183

# Reference: https://twitter.com/JayTHL/status/1197922402828791808

findmypractice.org

# Reference: https://pastebin.com/a3tLkeSU

http://107.175.150.73

# Reference: https://app.any.run/tasks/2b37b818-369c-4c5c-a7af-fc7d20958920/

ray-den.xyz

# Reference: https://www.virustotal.com/gui/file/6b6ff1efd1dd41901c9c23dfd6d03ff6c1f6d846bf8ac8002b3af61744426e11/detection

lethatch.se

# Reference: https://app.any.run/tasks/216903ba-ad00-4e4b-8606-d329e1e8772e/

arctech--vn.com

# Reference: https://any.run/malware-trends/lokibot (Note: as seen on 2019-12-04)

worldatdoor.in
kitchenraja.in
gsuitekh.com
avertonbullk.com
offsolo-gbb.tech
1justfy.pw
l1n3n.site
elettroveneta-it.com
ddos.dnsnb8.net
smtp.siqanalytical.com
adonis-medicine.at

# Reference: https://twitter.com/wwp96/status/1202265059784835072

chennaiequipment.com

# Reference: https://pastebin.com/ghh2y3g3

kargozar1320.ir

# Reference: https://twitter.com/wwp96/status/1203005552248397824

gblasta.pw

# Reference: https://pastebin.com/7Ak2nP2T

awba-groups.com
indextechno.com
pms-center.com

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Trojan.LokiBot-7420275-1)

betaflexllc.us
beyondlogx.com
kontrolreport.com
oscontinental.online
phoenixdevs.ir
porno322.com
protestlabsmovings.es
secure-n2.top

# Reference: https://pastebin.com/B6EDa5x0

jb-qroups.com
logboxreports.top

# Reference: https://twitter.com/HeavyMetalAdmin/status/1204108254588080128

woobwoo.cf

# Reference: https://twitter.com/wwp96/status/1204430643800793088

woobwoo.ga

# Reference: https://twitter.com/wwp96/status/1204789643138473985

s-pod.xyz

# Reference: https://twitter.com/wwp96/status/1204805860129755141

kyant4.com

# Reference: https://www.virustotal.com/gui/file/1e191a6f8c36095e7a3c06d70086d82886447dab7119f1adb84ee321700dd7eb/detection

lkpswrd.cf

# Reference: https://www.virustotal.com/gui/file/994744f9be120c63c7d5819f9b9bd3fb43e19efc59b95d0153aa64adf6cc8d6c/detection

sentab.tk

# Reference: https://www.virustotal.com/gui/file/b939020a31f8ef30fd78bbb487469c72f61a857f699b689628a332fbedbf9959/detection

lkpswrd.ml

# Reference: https://twitter.com/James_inthe_box/status/1206952335764795392

onlygoood.com

# Reference: https://twitter.com/smica83/status/1209204228696227840

gcirsa.com

# Reference: https://twitter.com/wwp96/status/1214568832016142337

gquare.gq

# Reference: https://pastebin.com/Q6Sn446k

roryaftamart.duckdns.org

# Reference: https://twitter.com/wwp96/status/1214932312401600512

gquare.tk

# Reference: https://twitter.com/wwp96/status/1214940445530345472

egobetter.xyz

# Reference: https://app.any.run/tasks/90588195-450b-42b2-be93-65b97da7a2a0

gainflows.gq

# Reference: https://twitter.com/Racco42/status/1215312968348467200

cypress-tw.com

# Reference: https://twitter.com/Racco42/status/1215570689379524608

ptiihk.com

# Reference: https://twitter.com/Racco42/status/1214124427602022400

zni1.com

# Reference: https://twitter.com/P3pperP0tts/status/1215705099776987138

onlygoodem.com

# Reference: https://app.any.run/tasks/73a7b555-6bef-4aae-98a2-2dc6a5df6fda/

tranpip.com

# Reference: https://twitter.com/P3pperP0tts/status/1216852518640259073

noithathoanggia.net.vn

# Reference: https://app.any.run/tasks/8d60b414-aed6-4dba-80ca-f3d1b2f7556e/

allenservice.ga

# Reference: https://app.any.run/tasks/6d4f51ab-0149-4b7b-b43c-d55f7c7a046e/

tbt-sceitech.com

# Reference: https://twitter.com/malware_traffic/status/1217858107289866240

himkon.ga

# Reference: https://twitter.com/wwp96/status/1218227068896514051

afas-kr.com

# Reference: https://app.any.run/tasks/aa120a9f-7889-492b-9695-2b9c32c7a5fe/

oaa-my.com

# Reference: https://twitter.com/wwp96/status/1219361313735966721

agrabahd.ga

# Reference: https://twitter.com/wwp96/status/1219363482031861760

mecharnise.ir

# Reference: https://app.any.run/tasks/610b93f9-38f4-466f-a46e-f0dfbc750a1b/

chol.cc

# Reference: https://app.any.run/tasks/891ac638-b067-42b0-bf51-6120998204a9/
# Reference: https://app.any.run/tasks/7efd4037-e819-4b05-9dc5-c0baadcc7bb6/

http://107.175.150.73/~giftioz

# Reference: https://app.any.run/tasks/09a252ef-0ebb-4f48-b4a2-2261a44dd000/

sisenor.ml

# Reference: https://app.any.run/tasks/79df932f-0f42-441e-9071-64ddd88c7529/

kuomlog.xyz

# Reference: https://pastebin.com/DT3diCh7

didxbooks.com
fiftint.com

# Reference: https://app.any.run/tasks/a1af1cea-bf86-4702-b3a2-082c1d242f15/

http://193.142.59.89

# Reference: https://www.exposedbotnets.com/2018/02/kdotrakycomloki-bot-hosted-in-shinjiru.html

kdotraky.com
continentalrnovers.com

# Reference: https://twitter.com/wwp96/status/1220414670290456576

martirill.ga
/makave/sab.php

# Reference: https://www.virustotal.com/gui/file/d794747343409784e81b7754901acda8e2d3f5182ab9addc66c6121bc55aabc7/detection

teiup.xyz

# Reference: https://app.any.run/tasks/d4acf26b-aced-48a9-8dec-aeccd602c109/

heartychern.com

# Reference: https://www.virustotal.com/gui/file/8e68b6908534b24b52ba7a1d0ef445b9b2a8681a4d35fa9d5c4d447cf3efb300/detection

akito.be

# Reference: https://www.virustotal.com/gui/domain/alibabahugia.com/relations

alibabahugia.com

# Reference: https://www.virustotal.com/gui/domain/eferiwalabd.com/relations

eferiwalabd.com

# Reference: https://www.virustotal.com/gui/file/e1869921f052c6dc9387b18c6884191a2c637eb21cd638ed1b2e71b31cab7e0b/detection

kheeda.com

# Reference: https://www.virustotal.com/gui/domain/regalscoin.co/relations

regalscoin.co

# Reference: https://www.virustotal.com/gui/url/b27492bd716239fe2f17a20b4c60c24bb058b7b8023be0f5a5e78bde37ea7864/detection

molmarsl.com

# Reference: https://www.virustotal.com/gui/file/b509e105567fe4a14e31c96d71bdf2080df1d1737fe5b1928b2e5ad88add2b31/detection

bodegaslopezmoernas.com

# Reference: https://www.virustotal.com/gui/file/0dbbbc6aa0686ea19b55871f0ca0b9c722064683604c04e581c8498095f0cea9/detection

jdandado.info

# Reference: https://www.virustotal.com/gui/file/5ffa3eaa94c6a603d21525a72d56f23915279fbd755ac0fb24d04e9a2fdd26fe/detection

jscmy.co

# Reference: https://www.virustotal.com/gui/file/3fcbf0a0d8ab22f5762ebf4855165c1258b57462119eb5549e7b74edcc2ce1ad/detection

omabradley.ru

# Reference: https://www.virustotal.com/gui/file/eb0cc81ad318a7ee0d5aef0b51538178c5e590be837a2e81cb99bf89944547f3/detection

getvision2020.net

# Reference: https://twitter.com/wwp96/status/1221892381831766017

oaa-my.com

# Reference: https://twitter.com/wwp96/status/1222244913309454337

nwababy.cf
/chikincho/sab.php

# Reference: https://twitter.com/wwp96/status/1222259928422932480

wakanduz.tk
/sabali/sab.php

# Reference: https://twitter.com/James_inthe_box/status/1222541809454202880

zeyadigital.com

# Reference: https://twitter.com/wwp96/status/1222604774484430848

himkon.cf

# Reference: https://twitter.com/wwp96/status/1222651453673787393

drop-box.top

# Reference: https://twitter.com/Racco42/status/1222895330422706178

hanmha.com

# Reference: https://www.virustotal.com/gui/ip-address/193.142.59.107/relations

193.142.59.107:80

# Reference: https://www.virustotal.com/gui/ip-address/89.249.65.212/relations

89.249.65.212:80

# Reference: https://twitter.com/wwp96/status/1223277675688669185
# Reference: https://app.any.run/tasks/f9f4c66f-7e96-4ded-909a-f2f799658400/

gpi-q.com

# Reference: https://twitter.com/wwp96/status/1223283853395144704

everest--sh.com

# Reference: https://twitter.com/wwp96/status/1223331321969348613
# Reference: https://twitter.com/wwp96/status/1224402400674447361

butland.cf
ezilon.tk
/igine/sab.php

# Reference: https://pastebin.com/v5VKwUUR

batlxt.org
fiftint.com
top-sso3.top

# Reference: https://twitter.com/wwp96/status/1224395051486400513

kdi-kongsberg.com

# Reference: https://twitter.com/wwp96/status/1224395809879470080

baural.tk
nedoru3.ml

# Reference: https://twitter.com/wwp96/status/1224397130175041536

unrrwa.org

# Reference: https://twitter.com/wwp96/status/1224403562488389632

http://193.142.59.7

# Reference: https://twitter.com/wwp96/status/1224415503206244353

baurallc.ml
gadingsllc.cf
/vvd/sab.php

# Reference: https://twitter.com/wwp96/status/1224414499983237120

plosss.com

# Reference: https://twitter.com/wwp96/status/1224415881880621062

saclex.gq

# Reference: https://pastebin.com/5VDXdhPA

airlinecom.tk
babanovex.cf
babatnx.cf
bagariwa.tk
baurallc.ml
butland.cf
butland.gq
championsdeal.cf
champkit.tk
gadinacom.ga
gadinacom.gq
gadinacom.tk
gadinatr.cf
gadinatr.gq
gadinatr.tk
gbajagbaja.cf
gbajagbaja.gq
gbajagbaja.tk
januarytins.ml
juannylift.cf
kutuolog.cf
kutuolog.ga
kutuolog.gq
kutuolog.ml
kutuolog.tk
lilninop.ga
mamado.ml
martirill.ga
nwababy.cf
onyenzoputa.cf
onyenzoputa.ml
onyenzoputa.tk
precisiongmbh.tk
ramdymoore.ml
saffen.ml
simportexx.tk
simpotex.ml
simpotex.tk
sisenor.ml
solouro.ga
solouro.ml
tocheckoru.cf
udejimji.cf
ugomma.gq
ugougo.cf
ukwunkea.ml
unvacsth.gq
unvacsth.ml
unvacsth.tk
uwachukwuu.cf
uwachukwuu.ml
vintaded.ga
wakanduz.cf
wakanduz.ga
wakanduz.gq
webergmbh.ml
webergmbh.tk
/chikala/sab.php
/chikincho/sab.php
/igine/sab.php
/makave/sab.php
/nzubedubai/sab.php
/omega/sab.php
/pope/sab.php
/sabali/sab.php
/sweet/sab.php
/vvd/sab.php
/zanku/sab.php

# Reference: https://app.any.run/tasks/153c9ca2-38d7-46f8-a510-2d6d13fbde4e/

shgshgsndynationalindustrialandgoogledns.duckdns.org

# Reference: https://app.any.run/tasks/4dc538c1-e78e-41fe-b17e-ed9da474ea3c/

cranetechllc.ml
simpotex.ga

# Reference: https://app.any.run/tasks/e61bbc8a-d35d-4316-8232-b7cfd7f14a22/

cokhiquangbien.com

# Reference: https://twitter.com/wwp96/status/1224789442243723265

omabradley.ru

# Reference: https://twitter.com/wwp96/status/1224786717883936775

growyourwealth.cf
powerlinecom.ml
/makave/sab.php

# Reference: https://twitter.com/wwp96/status/1224781788033245191

trouserlanditd.com

# Reference: https://twitter.com/K_N1kolenko/status/1225009464815902720

http://104.223.170.113
http://107.175.150.73
http://198.23.200.241
http://78.142.18.109
about.panjihidayat.web.id
barential.cf
batlxt.org
cv.panjihidayat.web.id
difapackperu.com
everest--sh.com
fiftint.com
gpi-q.com
growyourwealth.cf
lkpswrd.tk
mecharnise.ir
mocdong.com.vn/gx/playbook/onelove/fre.php
omabradley.ru
petroindonesia.co.id
skyoceanshippinq.com
tecon.com.mx
tickerqube.com
trouserlanditd.com
tungyu.cf
u-knlt.com
worldatdoor.in
zeyadigital.com

# Reference: https://twitter.com/Bl4ng3l/status/1224999049880899586

etoro-miners.com

# Reference: https://twitter.com/wwp96/status/1225487541484302336

drkconstrucciones.com

# Reference: https://twitter.com/K_N1kolenko/status/1225784278732214272

euromopy.tech
mirrapl.com
missingandfound.com.my
yullifyne.ml
/v-2/pin.php
/makave/sab.php
/vvd/sab.php
/zanku/sab.php

# Reference: https://twitter.com/wwp96/status/1226945238448713732

serv-node4.top

# Reference: https://www.virustotal.com/gui/domain/ezzy-corp.com/relations

ezzy-corp.com

# Reference: https://twitter.com/wwp96/status/1227267903558496256

abumchukwugi.ga
coretelin.ml

# Reference: https://app.any.run/tasks/904abf72-63a7-4d8c-9be4-d25ca3872cbf/

http://192.3.183.226

# Reference: https://app.any.run/tasks/dce56dd7-e6b6-45e7-9845-9c1da2ac3cbd/

http://46.21.147.207

# Reference: https://twitter.com/K_N1kolenko/status/1227511439176458240
# Reference: https://twitter.com/K_N1kolenko/status/1227511407564001281

http://103.208.86.31
bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php
bdsphatphat.com/.dtt/playbook/onelove/fre.php
ijinwa.ml
innoexpo.tech
jfe-mineral-co.pw
naelele.ga
slnsa.trade
telincore.tk
telincorenw.gq
transmarine.pw
tungyu.cf
/makave/sab.php
/omega/sab.php
/zanku/sab.php

# Reference: https://twitter.com/K_N1kolenko/status/1227925694539337728

digi-sec.top
ijinwa.gq
telincore.gq
matantalbenna.com/.legolass/fine/fre.php (# compromised site)
/nzubedubai/sab.php

# Reference: https://twitter.com/wwp96/status/1228000721494315008

beautynams.com

# Reference: https://twitter.com/wwp96/status/1228360824676323328

dfsdfbdz.ml
telincore.ml

# Reference: https://twitter.com/wwp96/status/1228364048917565441

sogamco.com

# Reference: https://twitter.com/wwp96/status/1228357214538170369

workherna.ga

# Reference: https://twitter.com/wwp96/status/1228372948626690048

bantanmanta.cf
loverineta.tk

# Reference: https://twitter.com/reecdeep/status/1229403951675715586

powerlogs.top
taximolinaperu.com

# Reference: https://twitter.com/wwp96/status/1229438993584066562

cokhiquangbien.com

# Reference: https://twitter.com/wwp96/status/1229438428598689792

kdi-kongsberg.com

# Reference: https://twitter.com/wwp96/status/1229448871677485057

193.142.59.88:80

# Reference: https://twitter.com/wwp96/status/1229446037800181760
# Reference: https://twitter.com/_lockhum/status/1229477916234461184

46.21.147.206:80
/primseven/logs/omc.php

# Reference: https://pastebin.com/WWcPxMMU

http://paswordinc.xyz/new/fre.php
http://www.dadatiles.com.au/ju/fre.php
http://192.3.182.247/feblogs/logs/fre.php
http://brokenbrains.xyz/James/fre.php
http://185.126.201.167/~power13/.W0pohss134zCt/fre.php
http://transwesemayra.top/Lokivo/Panel/fre.php
http://taximolinaperu.com/fz/fre.php
http://best-aluminum-co.ml/CORONACUREXXX/fre.php
http://195.206.106.191/hoist3/logs/fre.php
http://wesemayra.top/Lokivo/Panel/fre.php
http://misiondeangeles.com/grace/five/fre.php
http://94.100.18.11/plugman/logs/fre.php
http://46.21.147.206/primseven/logs/fre.php
http://thefieldagent.net/yo/Panel/five/fre.php
http://193.142.59.109/primone/logs/fre.php
http://131.153.22.150/primfour/logs/fre.php
http://sariincofood.co.id/xx/Panel/fre.php
http://mediagift.vn/.ki/playbook/onelove/fre.php
http://masterteknoloji.com/.legolas/legolas/fine/fre.php
http://mecharnise.ir/ca10/fre.php
http://centrehotel.vn/oo/panel/fre.php
http://www.tiltteexx.co/soft/julxx/fre.php
http://pickupmylaundry.co.in/fonts/xfs/xch/fre.php
http://tiltteexx.co/rokzee/kor2/fre.php
http://176.57.70.28/angelo/Panel/five/fre.php
http://getupandcboz.com/mine/fre.php
http://www.biznetvgator.com/hyj/five/fre.php
http://kceeruth.tk/kcee/fre.php
http://www.matantalbenna.com/.legolass/fine/fre.php
http://gassettgroup.com/1/fre,php
http://netfliq.ml/binocular/fre.php
http://promecco.com.tr/nel/five/fre.php
http://sogamco.com/Work6/fre.php
http://empresadeperu.com/bn/fre.php
http://sogamco.com/Work4/fre.php
http://141.105.71.35/sss/fre.php
http://sogamco.com/Work5/fre.php
http://thefieldagent.net/ys/Panel/five/fre.php
http://portalcafecomnoticias.com.br/wp-includes/css/coco/fre.php
http://gentleprlnce.com/CanDyCrUSHXXX/fre.php
http://thefieldagent.net/loki/Panel/five/fre.php
http://epperfums.com/dull/five/fre.php
http://taximolinaperu.com/m/fre.php
http://192.3.183.226/~feragamo/.legolas/fine/fre.php
http://mawa2ef.com/core/five/fre.php
http://mediagift.vn/.bc/playbook/onelove/fre.php
http://blue-airship.com/empire/movement/kingz/fre.php
http://academydea.com/includes/Panel/five/fre.php
http://vlklz.xyz/A1/five/fre.php
http://techcefacos.org/config/Panel/five/fre.php
http://ayoobtextlie.com/cup/five/fre.php
http://ayoobtextlie.com/craks/five/fre.php
http://mckenzai-co.pw/Pablo/fre.php
http://beerberv.com/OPAYREXING/fre.php
http://portalcafecomnoticias.com.br/test/js/Panel/five/fre.php
http://epperfums.com/dino/five/fre.php
http://taximolinaperu.com/cg/fre.php
http://193.142.59.88/primsix/logs/fre.php
http://jfe-mineral-co.pw/Arinze/fre.php
http://petroindonesia.co.id/xxx/xx/Panel/fre.php
http://omabradley.ru/msn/Panel/fre.php
http://omabradley.ru/easyph/Panel/fre.php
http://corpcougar.com/zor/Panel/five/fre.php
http://omabradley.ru/arewaphazzy/Panel/fre.php
http://assemba.co.uk/bk2/Panel/five/fre.php
http://fentlix.com/pl2y/fre.php
http://isysu.net/zb_system/image/logo/good/fre.php
http://transmarine.pw/Pablo/fre.php
http://omabradley.ru/m16/Panel/fre.php
http://myaline.com.pe/img/h/fre.php
http://academydea.com/includes/pollux/Panel/five/fre.php
http://uniquepierce.tech/pdot/support/rslt/fre.php
http://transmarine.pw/Bobby/fre.php
http://blue-airship.com/agutaz/direct/pushin/fre.php
http://febspxi.xyz/P3/five/fre.php
http://slnsa.trade/Work3/fre.php
http://fentlix.com/onev/fre.php
http://slnsa.trade/Work7/fre.php
http://103.208.86.31/y/fre.php
http://jfe-mineral-co.pw/Chukwuka/fre.php
http://46.21.147.207/primeight/logs/fre.php
http://sariincofood.co.id/no/Panel/fre.php
http://184.164.142.217/primthree/logs/fre.php
http://184.164.142.213/primtwo/logs/fre.php
http://indiatoursntravels.in/cc/Panel/fre.php
http://37.220.0.11/primone/logs/fre.php
http://trailer.co.za/cg-wpi/Panel/five/fre.php
http://5.152.210.188/primfour/logs/fre.php
http://kimstar.com.vn/.tx/tx/playbook/onelove/fre.php
http://slnsa.trade/Work5/fre.php
http://innoexpo.tech/product/perf/Inc/fre.php
http://131.153.22.142/rokstwo/logs/fre.php
http://jfe-mineral-co.pw/Broken/fre.php
http://198.23.200.241/~power13/.swoexizp/fre.php
http://198.23.200.241/~power13/.firoxispz/fre.php
http://klickus.com/okye/Panel/five/fre.php
http://slnsa.trade/Work1/fre.php
http://slnsa.trade/Work8/fre.php
http://myaline.com.pe/nn/fre.php
http://corpcougar.com/nedu/Panel/five/fre.php
http://papelestecnicos.com.pe/vb/fre.php
http://empresadeperu.com/ved/fre.php
http://beerberv.com/SAMMYWAHALA/fre.php
http://empresadeperu.com/vv/fre.php
http://trailer.co.za/wp-cgi/Panel/five/fre.php
http://klickus.com/gozie/Panel/five/fre.php
http://klickus.com/cjay/Panel/five/fre.php
http://185.56.137.99/primfive/logs/fre.php
http://131.153.22.219/primsix/logs/fre.php
http://adminfixpop3settings.com/vkay/five/fre.php
http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php
http://karmar.com.au/wp-admin/css/colors/coffee/fre.php
http://borrdrillling.com/danb/five/fre.php
http://omabradley.ru/agwo/Panel/fre.php
http://forlinkserver.com//parl/id2244/fre.php
http://mellle.com/ses/Panel/fre.php
http://trouserlanditd.com/dark/five/fre.php
http://emesterul.ro/css/ok/fre.php
http://vlklz.xyz/Atoz/five/fre.php
http://198.23.200.241/~power13/.pRciyzfi/fre.php
http://centrehotel.vn/ss/Panel/fre.php
http://vcntq.ga/Mercy/five/fre.php
http://rlxivz.ga/SV3/five/fre.php
http://193.142.59.96/africa/logs/fre.php
http://198.23.200.241/~power13/.xoiaxozp/fre.php
http://etoro-miners.com/bird/five/fre.php
http://198.23.200.241/~power13/.sopawqo/fre.php
http://bdsphatphat.com/.dtt/playbook/onelove/fre.php
http://198.23.200.241/~power13/.gvuxosacy/fre.php
http://indiatoursntravels.in/oo/Panel/fre.php
http://107.175.150.73/~giftioz/.fkligxrzi/fre.php
http://oasischandigarh.com/wp-admin/js/widgets/Panel/five/fre.php
http://trailer.co.za/bin/Panel/five/fre.php
http://febtrxp.xyz/P4/five/fre.php
http://febvnxp.xyz/P4/five/fre.php
http://198.23.200.241/~power13/.xwospaxi/fre.php
http://xgkxc.xyz/P4/five/fre.php
http://www.worldatdoor.in/panel2/Panel/five/fre.php
http://liderazgocristoforo.org/n/fre.php
http://198.23.200.241/~power13/.sixnrpq/fre.php
http://hanmha.com/drunk/five/fre.php
http://rlxivz.tk/SV2/five/fre.php
http://198.23.200.241/~power13/.goxizmsxir/fre.php
http://datedi.icu/hoist1/logs/fre.php
http://mikeservers.eu/kings/five/fre.php
http://104.223.170.113/Silkop/Panel/five/fre.php
http://euromopy.tech/etty/black/download/fre.php
http://borrdrillling.com/luckyadmin/five/fre.php
http://expertisem.net/empire/movement/kingz/fre.php
http://blastforcleaningservices.com/fonts/panel/fre.php
http://etoro-miners.com/gate/five/fre.php
http://mecharnise.ir/ca11/fre.php
http://mkplogistics.co.id/oo/Panel/fre.php
http://mkplogistics.co.id/aa/Panel/fre.php
http://liderazgocristoforo.org/g/fre.php
http://centrehotel.vn/cc/Panel/fre.php
http://u-knlt.com/Bobby/fre.php
http://missingandfound.com.my/kv/Panel/fre.php
http://u-knlt.com/Pablo/fre.php
http://trouserlanditd.com/dabs/five/fre.php
http://everest--sh.com/coco/five/fre.php
http://gpi-q.com/cake/five/fre.php
http://trailer.co.za/wp-index/Panel/five/fre.php
http://198.23.200.241/~power13/.zipxzios/fre.php
http://tungyu.cf/CROWNEDPRINCE/fre.php
http://esenciamaya.com/leo/five/fre.php
http://saclex.gq/flabs/fre.php
http://5.196.123.14/yg/Panel/fre.php
http://omabradley.ru/smik/Panel/fre.php
http://mirrapl.com/big/Panel/fre.php
http://funerariapracadabandeira.com.br/include/Panel/five/fre.php
http://printystore.com.pe/img/lop/fre.php
http://printystore.com.pe/js/v/fre.php
http://66.85.173.45/africa/logs/fre.php
http://xlkz.xyz/P4/five/fre.php
http://5.152.210.181/roksone/logs/fre.php
http://103.70.137.123:82/five/fre.php
http://noniwire7.website/Work4/fre.php
http://107.175.150.73/~giftioz/.shptioixmaz/fre.php
http://centrehotel.vn/oo/Panel/fre.php
http://noniwire7.website/Work5/fre.php
http://drkconstrucciones.com/v/fre.php
http://trouserlanditd.com/didi/five/fre.php
http://xigkxc.xyz/Atoz/five/fre.php
http://193.142.59.7/hoist3/logs/fre.php
http://missingandfound.com.my/mba/Panel/fre.php
http://espoirpharmaceutical.com/includes/Panel/five/fre.php
http://missingandfound.com.my/bb/Panel/fre.php
http://terayu.tk/irkk/fre.php
http://unrrwa.org/rich/Panel/fre.php
http://hanmha.com/dope/five/fre.php
http://precisiongmbh.cf/kboss/fre.php
http://hanmha.com/duck/five/fre.php
http://hanmha.com/divide/five/fre.php
http://printystore.com.pe/img/hu/fre.php
http://kdi-kongsberg.com/stan/Panel/fre.php
http://217.64.114.179/africa/logs/fre.php
http://hedsoni.com/jahbless/fre.php
http://mediceldl.com/Broken/fre.php
http://tickerqube.com/Loki2020/fre.php
http://lethatch.se/nelpa/five/fre.php
http://tresolutionsdr.com/CHK/five/fre.php
http://missingandfound.com.my/urch/Panel/fre.php
http://trailer.co.za/wp-adon/Panel/five/fre.php
http://78.142.18.109/jaydee/logs/fre.php
http://serviciotecnicoenlima.com/js/g/fre.php
http://xecogioisg.com/go/playbook/onelove/fre.php
http://gimhon.ml/kcyi/fre.php
http://omabradley.ru/kiriko/Panel/fre.php
http://difapackperu.com/n/fre.php
http://tecon.com.mx/onye/five/fre.php
http://198.23.200.241/~power13/.xjksapxiz/fre.php
http://gpi-q.com/cup/five/fre.php
http://sino-spriulina.com/demo1/Panel/fre.php
http://aikchimhin.com/walterXXXX/fre.php
http://trouserlanditd.com/data/five/fre.php
http://107.175.150.73/~giftioz/.notoxo/fre.php
http://mediceldl.com/David/fre.php
http://everest--sh.com/cream/five/fre.php
http://mediceldl.com/Bobby/fre.php
http://duprcxoffshore.com/yaas/fre.php
http://everest--sh.com/click/five/fre.php
http://107.175.150.73/~giftioz/.fsabljkxioaxo/fre.php
http://corpcougar.com/buggy/Panel/five/fre.php
http://gpi-q.com/copy/five/fre.php
http://mediceldl.com/Pablo/fre.php
http://borrdrillling.com/lokiadmin/five/fre.php
http://198.23.200.241/~power13/.xoiaspxo/fre.php
http://cokhiquangbien.com/.jx/playbook/onelove/fre.php
http://omabradley.ru/garuba/Panel/fre.php
http://expertisem.net/agutaz/direct/pushin/fre.php
http://193.142.59.107/africa/logs/fre.php
http://cleaning-hygiene.com/kay/Panel/five/fre.php
http://perfectelectricalsolution.com/css/bb/Panel/fre.php
http://brokenskul.xyz/Bobby/fre.php
http://gpi-q.com/craks/five/fre.php
http://trouserlanditd.com/drug/five/fre.php
http://trouserlanditd.com/draw/five/fre.php
http://gpi-q.com/cutter/five/fre.php
http://petroindonesia.co.id/xx/Panel/fre.php
http://omabradley.ru/ekene/Panel/fre.php
http://petroindonesia.co.id/admin/Panel/fre.php
http://trailer.co.za/cgi/Panel/five/fre.php
http://gpi-q.com/clean/five/fre.php
http://everest--sh.com/cola/five/fre.php
http://amotach-cn.com/DOTNETXXX/fre.php
http://gpi-q.com/clap/five/fre.php
http://uniformescorporativosperu.com/catalogopw/g/fre.php
http://uniformescorporativosperu.com/imgdamas/faldas/j/fre.php
http://ecoorganic.co/Work8/fre.php
http://euromopy.tech/rosemond/backup/dataz/fre.php
http://89.249.65.212/africa/logs/fre.php
http://uwhfdsndcjdn.ml/chikafams/fre.php
http://zeyadigital.com/etty/black/download/fre.php
http://hanmha.com/deal/five/fre.php
http://petroindonesia.co.id/ss/Panel/fre.php
http://stampilam.ro/axe/five/fre.php
http://securesharing.top/Lokivo/Panel/five/fre.php
http://107.175.150.73/~giftioz/.vodojik/fre.php
http://everest--sh.com/clock/five/fre.php
http://aivazidis.gq/mad-ooo/fre.php
http://grensena.tk/kboss/fre.php
http://107.175.150.73/~giftioz/.myprolokip/fre.php
http://drop-box.top/Lokivo/Panel/five/fre.php
http://pipermode.com/agutaz/direct/pushin/fre.php
http://defacci22.net/rosemond/backup/dataz/fre.php
http://perfectelectricalsolution.com/mb/panel/fre.php
http://sino-spriulina.com/demo/Panel/fre.php
http://brokenskul.xyz/Broken/fre.php
http://cleaning-hygiene.com/bab/Panel/five/fre.php
http://ecoorganic.co/Work2/fre.php
http://ecoorganic.co/Work4/fre.php
http://aladebtrading.com/loki/Panel/fre.php
http://sccslink.xyz/P5/five/fre.php
http://ecoorganic.co/Work7/fre.php
http://ecoorganic.co/Work1/fre.php
http://somafe.dz/zmnko/five/fre.php
http://corpcougar.com/bin/Panel/five/fre.php
http://himkon.cf/kcyi/fre.php
http://107.175.150.73/~giftioz/.ASlxkaDx8x/fre.php
http://107.175.150.73/~giftioz/.xozizuxoze/fre.php
http://institutdemathologie.fr/GO/ve/fre.php
http://altoinfor.co/base/fre.php
http://softtouchcollars.com/Loki/Panel/five/fre.php
http://107.175.150.73/~giftioz/.suxozisxfi/fre.php
http://104.223.170.113/dsikio/Panel/five/fre.php
http://dongthanhcompany.vn/.ox/playbook/onelove/fre.php
http://heartychern.com/deal/five/fre.php
http://192.210.238.10/five/fre.php
http://193.142.59.3/teejay/logs/fre.php
http://perfectelectricalsolution.com/bb/Panel/fre.php
http://kimstar.com.vn/.tx/playbook/onelove/fre.php
http://193.142.59.98/africa/logs/fre.php
http://xylanperu.com/op/fre.php
http://petroindonesia.co.id/cgi-bin/cc/Panel/fre.php
http://107.175.150.73/~giftioz/.ciiiiiiric/fre.php
http://seguridadindustrialujan.com/hu/fre.php
http://seguridadindustrialujan.com/jii/fre.php
http://docupubfilesretrieve.com/sp/five/fre.php
http://thaubenuocngam.com/go/playbook/onelove/fre.php
http://buasang5sao.com/Panel/five/fre.php
http://107.152.36.110/GhosTHunTerX/fre.php
http://bollorre.pw/Work4/fre.php
http://bollorre.pw/Work5/fre.php
http://oaa-my.com/copy/five/fre.php
http://xgkixc.xyz/Atoz/five/fre.php
http://plosss.com/lok/Panel/fre.php
http://molmarsl.com/leks/five/fre.php
http://assemba.co.uk/mk/Panel/five/fre.php
http://byedtronchgroup.yt/jik/Panel/five/fre.php
http://192.210.238.10/emmy/fre.php
http://iplusvietnam.com.vn/jo/playbook/onelove/fre.php
http://xecogioisg.com/mx/playbook/onelove/fre.php
http://bollorre.pw/Work6/fre.php
http://tbt-sceitech.com/coco/five/fre.php
http://107.175.150.73/~giftioz/.xotorsvi/fre.php
http://sino-spriulina.com/Panel/fre.php
http://107.175.150.73/~giftioz/.vorokimovi/fre.php
http://107.175.150.73/~giftioz/.coterzio/fre.php
http://sccslink.xyz/P4/five/fre.php
http://uwhfdsndcjdn.tk/evawater/fre.php
http://107.175.150.73/~giftioz/.dycosmxiz/fre.php
http://about.panjihidayat.web.id/cc/Panel/fre.php
http://193.142.59.89/africa/logs/fre.php
http://asi1.ir/sch/five/fre.php
http://protestlabsmovings.es/blender/Panel/five/fre.php
http://w-tranz.club/game/luxx/fre.php
http://rohockey.ro/wp-content/five/fre.php
http://107.175.150.73/~giftioz/.fodoixz/fre.php
http://chol.cc/Work2/fre.php
http://chol.cc/Work1/fre.php
http://107.175.150.73/~giftioz/.cotolier/fre.php
http://107.175.150.73/~giftioz/.dsabkjczpxzo/fre.php
http://107.175.150.73/~giftioz/.vogofis/fre.php
http://snodrite.pw/tipe/hope/fre.php
http://zoncline.club/stud/hace/fre.php
http://fvrlink.online/P2/five/fre.php
http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/fre.php
http://ma.co.ir/huu/fre.php
http://alwaysdelivery.xyz/five/fre.php
http://www.traz.ir/erqzxewqrtyacxz/five/fre.php
http://worldatdoor.in/lewis/Panel/five/fre.php
http://107.175.150.73/~giftioz/.jorosin/fre.php
http://superson-com.cc/Bobby/fre.php
http://oaa-my.com/clean/five/fre.php
http://deliveryexpressworld.xyz/five/fre.php
http://sccslink.online/P3/five/fre.php
http://govirtual.ga/targets/fre.php
http://chol.cc/Work4/fre.php
http://cleaning-hygiene.com/bin/Panel/five/fre.php
http://apexsourcingltd.com/maka/emmy/fre.php
http://107.175.150.73/~giftioz/.zozoas/fre.php
http://vlkl.xyz/Atoz/five/fre.php
http://107.175.150.73/~giftioz/.lokijisi/fre.php
http://107.175.150.73/~giftioz/.kobovoih/fre.php
http://fvrlink.xyz/P1/five/fre.php
http://digi-sec.top/lokivo/Panel/five/fre.php
http://deliciasdvally.com.pe/includes/gter/fre.php
http://krompres.tk/loki/Panel/five/fre.php
http://piscinasaguamarinha.com.br/moon/five/fre.php
http://mecharnise.ir/ca3/fre.php
http://penworkresearch.com/app/five/fre.php
http://difapackperu.com/fg/fre.php
http://brodam.ro/rtc/five/fre.php
http://chol.cc/Work3/fre.php
http://leakaryadeen.com/parl/id345/fre.php
http://107.175.150.73/~giftioz/.ckyfdgxo/fre.php
http://pehledinekam.com/amey/fre.php
http://noithathoanggia.net.vn/jo/playbook/onelove/fre.php
http://chol.cc/Work5/fre.php
http://pur-ant.club/page/gain/fre.php
http://107.175.150.73/~giftioz/.sfaojaxz/fre.php
http://agrabahd.ga/locale/fre.php
http://afas-kr.com/drug/five/fre.php
http://cast-den.pw/cape/spot/fre.php
http://107.175.150.73/~giftioz/.pojonv/fre.php
http://about.panjihidayat.web.id/aa/Panel/fre.php
http://ivad.com.vn/go/playbook/onelove/fre.php
http://mocdong.com.vn/gx/playbook/onelove/fre.php
http://omabradley.ru/china20/Panel/fre.php
http://getvision2020.net/etty/black/download/fre.php
http://ht-electric.dz/qatar/five/fre.php
http://107.175.150.73/~giftioz/.zohohov/fre.php
http://mecharnise.ir/ca6/fre.php
http://noithathoanggia.net.vn/kk/playbook/onelove/fre.php
http://nan5.ir/jty/fre.php
http://southeasterncontractingco.com/jo/panel/five/fre.php
http://178.17.170.6/five/fre.php
http://107.175.150.73/~giftioz/.tororo/fre.php

# Reference: https://app.any.run/tasks/ed92457b-1989-490b-86d6-80392502143f/

http://107.189.10.150/Pi2/
martiq.org

# Reference: https://app.any.run/tasks/62e6801e-cabb-4cf7-af74-0cc2e9997080/
# Reference: https://www.virustotal.com/gui/ip-address/107.175.150.73/relations

chnthreewealthsndy3andreinforcementagenc.duckdns.org
http://107.175.150.73/~giftioz/

# Reference: https://app.any.run/tasks/32270993-012f-4ec8-a88f-119917767e7d/

epperfums.com

# Reference: https://app.any.run/tasks/1376f2cb-7008-4840-9df3-a54be7c75fd1/

sndy2kungglobalinvestmentgooglednsaddres.duckdns.org

# Reference: https://twitter.com/wwp96/status/1229809833521614849

brokenhead.xyz

# Reference: https://twitter.com/wwp96/status/1230208744824410113

bdzdfsdf.gq

# Reference: https://twitter.com/wwp96/status/1230209217015025666

fdjshe.tk

# Reference: https://twitter.com/wwp96/status/1230213776521269249

shefdj.cf

# Reference: https://twitter.com/wwp96/status/1230220429832445953

bdzdfsdf.cf

# Reference: https://app.any.run/tasks/3b425f86-5b45-413b-82ce-94572bc89f77/

desertfox.ru

# Reference: https://twitter.com/Bl4ng3l/status/1230429843118006273

zdwallcoveing.com

# Reference: https://twitter.com/wwp96/status/1230546137427435520

matantalbenna.com/.legolass/fine/fre.php

# Reference: https://app.any.run/tasks/9cfa85fa-ed4e-4629-a2bc-98aa095bbd29/

duclongetc.com

# Reference: https://app.any.run/tasks/0579bdb6-a14f-458f-80c3-222c5c251cec/

atlasdecarqo.com

# Reference: https://app.any.run/tasks/7890bc79-567c-403b-be23-19e52c91664f/

naourl.com

# Reference: https://app.any.run/tasks/156ee10c-d61a-478e-b0b7-b8088ee4d0d1/

http://198.12.125.130/~axsonipc/

# Reference: https://twitter.com/wwp96/status/1232400592787693568

hergyi.com

# Reference: https://twitter.com/wwp96/status/1232394253118115848
# Reference: https://app.any.run/tasks/4750d11b-76c7-46c8-820f-fe87e6159117/

febspxii.xyz

# Reference: https://app.any.run/tasks/fef43720-c2c0-4305-8697-0b2637c44db9/

sisiinno.tech

# Reference: https://app.any.run/tasks/08c78083-b2f6-4c61-90c7-6fc4c0291226/

vivalingard.gq
vivalingard.cf

# Reference: https://app.any.run/tasks/9fbcb0ae-61c8-42b0-8314-adf7202a8a45/

falcontension.tech

# Reference: https://app.any.run/tasks/71fb5323-5556-4b24-90b3-c835d0d095a9/

missingandfound.com.my/prin/Panel/fre.php

# Reference: https://app.any.run/tasks/be2aca26-f021-4a7c-8f9e-8a536549eafd/

blog.huangyang.cc/goziiu/
klickus.com/gozie/Panel/five/fre.php

# Reference: https://app.any.run/tasks/6145a1fc-6bcf-42e5-b3bb-9d4830fb738b/

doqantekstil.com

# Reference: https://app.any.run/tasks/d46ce8df-0f19-40c7-97bd-7ca23c6360a1/

http://107.175.150.73/~giftioz/

# Reference: https://app.any.run/tasks/1248ab72-b0de-4ebc-af9e-3b6f68a70d86/

epperfums.com

# Reference: https://app.any.run/tasks/cc714b2d-7440-45c4-a70e-e25ad256dd27/

nileloqistics.com

# Reference: https://any.run/report/7767c2ec0369f22b90a0edb03260057b834195b6a5d12d67fa26e28ac2e6933a/4c4433cd-e9c7-46bc-bebf-c88a90b36bff

expertswebservices.com

Reference: https://www.virustotal.com/gui/domain/aquavictus.hr/relations

aquavictus.hr

# Reference: https://app.any.run/tasks/2cf293f3-2994-483d-adfe-7f5988288cae/

http://198.23.148.71

# Reference: https://twitter.com/K_N1kolenko/status/1234817078458290176

academydea.com/noni/Panel/five/fre.php
imperiaskygarden.net/.wp-admini/wp-admini1/wp-admini2/fre.php
lucianogroup.xyz
sonqan-vn.com
topuogodo.ga
wesemayra.top

# Reference: https://twitter.com/wwp96/status/1234946520329445378

kdhema.ga
topuogodo.ml

# Reference: https://app.any.run/tasks/58554586-a4b7-4586-b7b1-cc8f86f0caa8/

vnn-nv.com

# Reference: https://app.any.run/tasks/40f44fdd-5eeb-41b1-98b3-bfc102ee0865/

altamonteorators.com/images/images/Panel/five/fre.php

# Reference: https://app.any.run/tasks/6b80811c-c9f7-43c5-aab1-d4a1eb8cd54f/

tailuong.com.vn/.xxx/playbook/onelove/fre.php

# Reference: https://app.any.run/tasks/9194de26-2044-405c-be7c-340e4da5dd83/

worldatdoor.in/lewis1/Panel/five/fre.php

# Reference: https://app.any.run/tasks/eedcbfc1-89e0-49f4-8fa9-b7cbb9afc577/

gorillahikeafrica.com/wp-includes/images/img/five/fre.php

# Reference: https://app.any.run/tasks/e2412cb7-33cc-4e57-87c2-44e8c79e7edd/

pmw-ch.com

# Reference: https://www.virustotal.com/gui/file/4a0e276b4730abd7ee51cf8876d25cd3928321acbb39d6d5f0e2fa8138312e2d/behavior/Dr.Web%20vxCube

topuogodo.cf
drakum.ml

# Reference: https://twitter.com/casual_malware/status/1235189716917645312

mmanueud.cf
topuogodo.ga

# Reference: https://twitter.com/wwp96/status/1234938182208278529

hockvvee.com

# Reference: https://twitter.com/wwp96/status/1234567430900535297

lieshitextile.com

# Reference: https://www.virustotal.com/gui/ip-address/91.215.169.70/relations

pmw-ch.com
vnn-nv.com
cpf-th.com
solefex.com

# Reference: https://twitter.com/wwp96/status/1235248119354478595

vnn-nv.com

# Reference: https://app.any.run/tasks/2cfba30b-91b9-4827-ba96-e3dfb4d71b9e/

http://193.142.59.22/jaydee/logs/fre.php

# Reference: https://app.any.run/tasks/a6d64f54-c294-49eb-82e6-f952777d80bb/

http://107.175.150.73/~giftioz/.dxuz/fre.php

# Generic (callback) paths
# Reference: https://twitter.com/hexlax/status/1157657573790814208
# Reference: https://pastebin.com/LHJrNpnV
# Reference: https://pastebin.com/wHV90Sc2
# Reference: https://twitter.com/P3pperP0tts/status/1185096874241548291
# Reference: https://twitter.com/P3pperP0tts/status/1185096537271164928

/0110/s/cat.php
/0110/s/desk.php
/092j/7/cat.php
/092j/7/desk.php
/0sc9/cat.php
/l3y0/cat.php
/200/zc-b/cat.php
/200/zc-b/desk.php
/2leek/cat.php
/50-red/cat.php
/500two/cat.php
/52006/link.php
/atz/link.php
/ch/link.php
/hol/1/cat.php
/hol/1/desk.php
/humb/1/cat.php
/humb/1/desk.php
/igine/sabali.php
/jes/link.php
/key/link.php
/chri1/cgi.php
/fbm/encode.php
/ka22/cat.php
/makave/sabali.php
/st3ph/cat.php
/umgo2/cat.php
/sail/cat.php
/seems/cat.php
/slek-b/cat.php
/vh/630/cat.php
/vh/630/desk.php
/3sx0z2.php
/45_76_8.php
/AklDq9M1n_a.php
/BobBy929BSx_A_D_M1n_a.php
/BobDq929BSx_A_D_M1n_a.php
/ChiNa929BSx_A_D_M1n_a.php
/CvqDq929BSx_A_D_M1n_a.php
/DaqDq929BSx_A_D_M1n_a.php
/EvqTq939BSx_B_D_D1p_a.php
/IkeNn929BSx_A_D_M1n_a.php
/KelDq929BSx_A_D_M1n_a.php
/KelEc929BSx_A_D_M1n_a.php
/KelEh929BSx_A_D_M1n_a.php
/KenDq929BSx_A_D_M1n_a.php
/Natyyx_A_D_M4n_a.php
/NonYe929BSx_A_D_M1n_a.php
/ObiNn929BSx_A_D_M1n_a.php
/PceHq925BSx_L_B_M1n_a.php
/PrCm98ArhvF_A_K_M2n_a.php
/Pvq929sM1n_a.php
/PvqDNINo_M1n_a.php
/PvqDerereA_D_M1n_a.php
/PvqDq929BSx_A_D_M1n_a.php
/PvqDq92allin_a.php
/PvqDq92nat1n_a.php
/PvqDq9MAxxxoloa.php
/PvqDq9ohhho_a.php
/SliDq929BSx_A_D_M1n_a.php
/SlqDq929BSx_A_D_M1n_a.php
/SomAq929BSx_A_D_M1n_a.php
/SsgDq929BSx_A_D_M1n_a.php
/SsqDq929BSx_A_D_M1n_a.php
/StaDq929BSx_A_D_M1n_a.php
/StaRm929BSx_A_D_M1n_a.php
/StaRq929BSx_A_D_M1n_a.php
/TryNdie.php
/Ttq929BSx_A_X_M11n_a.php
/UpDated_X_T_N1q_a.php
/VirGi929BSx_A_D_M1n_a.php
/graceofgod-favour.php
/okwy_A_D_server.php
/panel_jee.php

# Reference: https://twitter.com/wwp96/status/1235606545771175943

site-inspection.com

# Reference: https://twitter.com/wwp96/status/1235976467215011841

fllxprint.com

# Reference: https://twitter.com/wwp96/status/1236012534534213632

yal1am.com

# Reference: https://twitter.com/wwp96/status/1236016958564372482

http://192.3.204.226

# Reference: https://twitter.com/wwp96/status/1236018276909690884

halloway.ru

# Reference: https://app.any.run/tasks/461c4d7b-f11c-45eb-b5bf-7c0aefbfe24d/

damagedskull.xyz

# Reference: https://app.any.run/tasks/faeeb41c-fe3a-4165-b65d-eba3d49bcfda/
# Reference: https://app.any.run/tasks/ebe2f251-79c3-403a-87c0-4882f0765e19/

posqit.net
martiq.org
didxbooks.com

# Reference: https://app.any.run/tasks/e0296815-ebdf-43ce-87c3-22fabbaa4f07/

http://67.43.224.151

# Reference: https://pastebin.com/vMc4ATVq
# Reference: https://app.any.run/tasks/58c77ed3-4d5a-4816-8422-bfcc0cf9bd12/

http://141.105.71.126
http://23.95.132.48
bibpap.com

# Reference: https://twitter.com/wwp96/status/1237138658404294657

snxmrch.xyz

# Reference: https://twitter.com/wwp96/status/1237141226350096386

fitrtefast.com

# Reference: https://app.any.run/tasks/422168f9-9d03-49dc-827e-51ec179b296f/

onllygooodam.com

# Reference: https://twitter.com/wwp96/status/1237808235689762818 

fucksars.xyz

# Reference: http://cybercrime-tracker.net/index.php?search=turasogutmas.com
# Reference: https://app.any.run/tasks/b67fc2b1-2b6b-49f0-abb4-d2e94703bad9/

turasogutmas.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1238073558326292480

castrologs.xyz

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0306-0313.html (# Win.Malware.Ursu-7610305-0)

abizima.gq
forza-lindelof.cf
forza-lindelof.ga
forza-maguire.cf
forzalindelof.ml
forzamaguire.ga
forzamaguire.ml
forzamaguire.tk
global-solution.gq
mabelis.cf
nomnyz.cf
nomnyz.ga
radiomar.cf
somaplast.cf
somaplast.ga
yanguz.cf

# Reference: https://twitter.com/James_inthe_box/status/1239577931195662338

seacrafts.ru

# Reference: https://app.any.run/tasks/5900bea3-b146-4982-94bb-023e082dfe13/

anoroc.ru

# Reference: https://app.any.run/tasks/a94b863f-caec-4f26-ac3f-6ac55575456b/

cpf-th.com

# Reference: https://app.any.run/tasks/15d7e6c5-0078-4d61-be32-af531fcb932b/

pyungz.org

# Reference: https://app.any.run/tasks/fcee8e0c-120d-417a-96bb-489a5d5be106/
# Reference: https://app.any.run/tasks/3aca1800-6fc0-4c4a-a8f4-a9bd4b03169f/
# Reference: https://app.any.run/tasks/22e3ec37-4972-4ef1-aa53-e94c082cb7e4/

russchine2specialstdy2plumbingmaterialgh.duckdns.org
http://23.95.132.48/~main/

# Reference: https://app.any.run/tasks/51111254-4c18-4627-bdd2-5216a4c85bab/

greenelectronicsandkitchen10apliancestdy.duckdns.org
asia-maap.com

# Reference: https://app.any.run/tasks/cd98661a-75f9-4900-8d02-59275e05e4a6/
# Reference: https://app.any.run/tasks/196ba7fa-9850-4c4f-9b9a-e19fc4c72b86/

castmart.ga

# Reference: https://app.any.run/tasks/bfc65c50-f43c-41d7-8ba4-febf6ccc7eea/

byedtronchgroup.yt
http://104.223.170.93/jore/Panel/five/fre.php

# Reference: https://app.any.run/tasks/80cab2e3-1373-4479-a8e0-0f079ec5757e/

hgmatal.com

# Reference: https://twitter.com/bit_dam/status/1242553127548735488

/1g7/pin.php

# Reference: https://www.virustotal.com/gui/domain/fuly-lucky.com/relations

fuly-lucky.com

# Reference: https://www.virustotal.com/gui/file/564121a4958991dcbdd3cbd18ae899c960c2f633decb3dfff09ca0a9abc3338f/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/9e7bfbe18c5482f6967dfd30d79dd92679167ee400f9bd525737ee83842754c5/behavior/Dr.Web%20vxCube

http://77.81.121.20/~kukddoco/

# Reference: https://twitter.com/K_N1kolenko/status/1235896986659889153

http://185.94.191.8
http://193.142.59.2
aliminksrl.cf
assemba.co.uk/jpg/five/fre.php
centrehotel.vn/wp-admin/user/cc/Panel/fre.php
fitrtefast.com

# Reference: https://twitter.com/JayTHL/status/1245781548776947717

parisgranhotels.ga

# Reference: https://twitter.com/_lockhum/status/1239596021778448384

xpologistics.ga

# Reference: https://pastebin.com/jd2T3CeC
# Reference: https://www.virustotal.com/gui/ip-address/185.126.202.111/relations

http://185.126.202.111
/.ku/sj'x.php

# Reference: https://www.virustotal.com/gui/url/07e950cfaf51929eba8128986f4d2a704b6da6ee773a6826cd592d5dace13081/detection

orderhrf.info

# Reference: https://pastebin.com/zQD12eKq

jinglejinglen.sytes.net

# Reference: https://app.any.run/tasks/fc9b4808-e1ee-4c09-835d-512690fbba60/

brokenme.xyz

# Reference: https://twitter.com/jcarndt/status/1250094793558036480
# Reference: https://app.any.run/tasks/854f4157-cb4c-4aa1-b1bc-ceea2e17b4fa/

http://198.23.200.239
stdy3frndgreencreamcostmeticsbabystored.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1253013042557849602

iranssp.ir

# Reference: https://twitter.com/Bl4ng3l/status/1253681108304232455

alforcargo.com

# Reference: https://twitter.com/DynamicAnalysis/status/1253740533186527234

15wsdychneswealthandmoduleorganisationcv.duckdns.org
avertonbullk.com

# Reference: https://twitter.com/Bl4ng3l/status/1254779727442665472

oneflextiank.com

# Reference: https://twitter.com/jorgemieres/status/1254791348445515783

i-bss.com
pyv.cl

# Reference: https://twitter.com/James_inthe_box/status/1255496095586713606

nicecars.com.ar/mine/Panel/five/fre.php

# Reference: https://www.virustotal.com/gui/domain/obimmaa.ir/relations

obimmaa.ir

# Reference: https://app.any.run/tasks/a7d1e0c4-3672-4b1e-a226-eeeae7f2eda7/

victorlascos.tech

# Reference: https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/loki-info-stealer-propagates-through-lzh-files
# Reference: https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/loki-delivered-as-cab-file-attachment
# Reference: https://otx.alienvault.com/pulse/5eb18e3eefd6849508bbfbf4
# Reference: https://www.virustotal.com/gui/domain/retrak.co.ke/relations

retrak.co.ke/psy/five/fre.php
retrak.co.ke/wrdp/five/fre.php
retrak.co.ke/wrdp4/five/fre.php

# Reference: https://twitter.com/Racco42/status/1259780193142616065

evervisionicd.com
vitecqroup.com

# Reference: https://twitter.com/Bl4ng3l/status/1260481607200395264

beesco.net

# Reference: https://twitter.com/malwrhunterteam/status/1260927561166553089

gllnar.com

# Reference: https://app.any.run/tasks/948b2be1-45ec-4945-bc1b-e7c340b70053/

suckadick.website

# Reference: https://twitter.com/malwrhunterteam/status/1261550904773402626

attlogistics-vn.com

# Reference: https://twitter.com/James_inthe_box/status/1262383816724959233

abass.ir

# Reference: https://twitter.com/James_inthe_box/status/1262742262968020994

achbiz.xyz
mecharnise.ir

# Reference: https://twitter.com/reecdeep/status/1263123147517239297

shehig.com

# Reference: http://tracker.viriback.com/dump.php (2020-02-29)

# Reference: https://twitter.com/malwrhunterteam/status/1263421500142518279

maylnk.ml

# Reference: https://twitter.com/ScarletSharkSec/status/1268202304995557378

1filesharing.ga

# Reference: https://pastebin.com/FEP38DaR

zangs.ga

# Reference: https://pastebin.com/ZfiFFaaU

b2bseller.ga
medfinals.co.uk

# Reference: https://app.any.run/tasks/325bf778-36b5-45c0-96ff-755f9cc0b1c1/

primalfoodsqroup.com

# Reference: https://pastebin.com/4pZn49kK

skullisland.gq

# Reference: https://twitter.com/JCyberSec_/status/1272561016853991424

remote1.ga

# Reference: https://twitter.com/malware_traffic/status/1272577932783947777

crogtrt.com

# Reference: https://www.virustotal.com/gui/file/f5f343318832ad44e43a225a1b454d54ccbedfa4e6447c6467869b90c0e92e52/detection
'
http://31.220.2.200

# Reference: https://www.virustotal.com/gui/file/d2857b888fbab6dc4e36c403e86f39fedee428ba5ed45b28b8f99e59fb93ff58/detection

http://104.223.170.102

# Reference: https://twitter.com/JAMESWT_MHT/status/1275079040773189634
# Reference: https://app.any.run/tasks/212e514b-3f3d-4177-88ba-f242e081781d/

nnasout.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

http://193.142.59.169
apoxnew.com
bchicct.com
broken2.cf
broken3.cf
broken4.cf
broken5.cf
broken6.cf
broken7.cf
broken8.cf
broken9.cf
broken10.cf
brokenservices.xyz
bubuyayatoolslog.ir
capital-sd.com
clemglobal.com
deloilte.com
ducatl.com
eocaenlogistics.com
furnituresales.ir
hazelmayclothing.com
idehados.com.ar
jastex.info
just-in-timelog.com
lapphoungshoes.com
mahetechasia.com
orangetoolzdemo.com
orthopaedix.com.au
psqdover.com
rnarport.com
sdgengtie.com
skull247.cf
skull3.ga
skullisland.tk
spqlobal.info
taksamall.ir
taruntextlies.com
tehranfish.ir
toyo-at-jp.info
yaliapartotel.com
ygsddl1.ml
gorillahikeafrica.com/wp-includes/images/app/five/PvqDq929BSx_A_D_M1n_a.php
gorillahikeafrica.com/wp-includes/images/img/five/PvqDq929BSx_A_D_M1n_a.php
gorillahikeafrica.com/wp-includes/images/js/five/PvqDq929BSx_A_D_M1n_a.php
irangoodshop.com/cd/PvqDq929BSx_A_D_M1n_a.php
vancouverkitchencabinetrefinishing.com/five/fre.php
vfsds.com/ark/fre.php
wardia.com.pe/files/five/fre.php
wardia.com.pe/wp-content/update/five/fre.php
wardia.com.pe/wp-includes/files/five/fre.php

# Generic

/.halo/rsd.php
/.isuoxiso/w.php
/.tcsogb/
/.tcsogb/gi'v.php
/.tcsogb/vc.php
/.well-known/pki-validation/w.php
/high/sumy/ltd.php
/ibiki/gate.php
/logs/omc.php
/luck/ag.php
/$01/5l/h/site.php
/$01/b1/c/site.ph
/$01/t7/x/site.php
/$01/zC/f/site.php
/iH/cy/l/site.php
/iH/da/!/site.php
/amb/0/site.php
/b0/t8/site.php
/bu/!!/site.php
/m/2/site.php
/ne3/h/site.php
/r!/e/site.php
/t70/H/site.php
/vp-/9/site.php
/liv-01/pin.php
/slice/pin.php
/3yt00/pin.php
/rozay/pin.php
/chikincho/fina.php
/makave/fina.php
/monyman/gate.php
/newman/fina.php
/omega/fina.php
/vvd/fina.php
/zanku/fina.php
/zmzmz/file.php
/zszszs/file.php
/fre.php
