# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ps66uk/status/1032177208335450112
# Note: C2 direct link is added due to remark from #239

occe.com/image1/image/Panel/five/fre.php

# Reference: https://twitter.com/malwrhunterteam/status/1032537769787183104

americaircairmakan.com
botnet.americaircairmakan.com

# Reference: https://twitter.com/FewAtoms/status/1033040103155871744

agodatex.ga
http://185.185.40.152/jeff/five/fre.php

# Reference: https://twitter.com/olihough86/status/1033055339359420417

polixservices.com

# Reference: https://twitter.com/0xffff08000/status/1033054440306036737
 
embramedica.com.br/site/wp-content/plugnis/ipconfig/five/PvqDq929BSx_A_D_M1n_a.php
 
# Reference: https://twitter.com/malware_traffic/status/1033003634001367042
 
yardng.com
 
# Reference: https://twitter.com/pollo290987/status/1032998085503447041
 
rmsalf.com

# Reference: https://twitter.com/olihough86/status/1031644479109963776

http://191.101.42.43/fdgd/five/PvqDq929BSx_A_D_M1n_a.php
studemplo.com/admin/studemplo/Panel/five/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com
typrat.club
www.cem-hk.co

# Reference: https://twitter.com/asset_island_/status/1031608741504933889

pldtdsll.net

# Reference: https://twitter.com/0xffff08000/status/1031613343797207040

claudfx.win

# Reference: https://twitter.com/pollo290987/status/1031544753505165312

http://191.101.42.43/fdgd/five/fre.php

# Reference: https://twitter.com/James_inthe_box/status/1030579493910413312

acadaman.com
dandoesinternet.com

# Reference: https://twitter.com/James_inthe_box/status/1030487639688794115

kelvinarinze.ml
scoverykingdom.gq

# Reference: https://pastebin.com/UGm39pdU
# Reference: https://pastebin.com/mgVvSRHi

002vt.tk/james/fre.php
http://141.105.71.166/me/fre.php
http://141.105.71.76/blz/fre.php
http://151.80.162.219/marle/fre.php
http://185.111.75.169/cart/disk/fre.php
http://185.148.146.193/~agroinovate/zizisisi/Panel/five/fre.php
http://185.206.144.81/lawi/fre.php
http://185.24.233.254/donep/fre.php
http://185.24.233.32/open/libs/fre.php
http://185.24.233.46/dusx/busz/fre.php
http://185.24.233.74/dusk/hond/fre.php
http://185.24.233.79/baca/opio/fre.php
http://185.24.233.80/pend/chan/fre.php
http://188.215.229.41//GIS/fre.php
http://191.101.42.43/fdgd/five/fre.php
http://31.220.2.200/~hancockw/nok/five/fre.php
http://31.220.2.200/~justicet/ag/five/fre.php
http://5.206.226.99/juicy/fre.php
http://80.211.102.126/deve/tide/fre.php
http://84.38.132.105/oki/Panel/fre.php
http://84.38.133.160/new/Panel/fre.php
http://85.254.72.30/donbig/c1/fre.php
http://89.187.86.7/~blackdia/new/mhoney/fre.php
http://89.187.86.7/~blackdia/vic/bless/fre.php
http://89.45.67.131/smg/fre.php
http://89.45.67.145/emy/fre.php
ace.alasrglobal.com/ace/Panel/five/fre.php
ace.alasrglobal.com/skinny/Panel/five/fre.php
ace.alasrglobal.com/wise/Panel/five/fre.php
ackh.ir/gabi/five/fre.php
ackh.ir/hamid/five/fre.php
ackh.ir/papa/five/fre.php
ackh.ir/sp/five/fre.php
adrack.us/wp-content/uploads/five/fre.php
ahmad52sell.cf/admin/five/fre.php
alexamondwonderltd.com/freeBrow/fre.php
alpacham.com/ndretr5478/fre.php
anitoid.alasrglobal.com/austine/five/fre.php
araslanow.net/js/Panel/five/fre.php
araslanow.net/wipadmin/Panel/five/fre.php
awele.duckdns.org:1717/zip/fre.php
babasoft.ooo/fre.php
bapican.com/image/admin/Panel/five/fre.php
blackdiamondsco.ae/bossftown/fre.php
blackdiamondsco.ae/rooney/fre.php
blackdiamondsco.ae/wogor/fre.php
blogsports.com.ng/cli/Panel/five/fre.php
brighten2.alasrglobal.com/file/bell/five/fre.php
brighten2.alasrglobal.com/file/tin/five/fre.php
brighten2.alasrglobal.com/file/vas/five/fre.php
brighten.alasrglobal.com/file/do/five/fre.php
britlite.ga/fade/type/fre.php
bsales.cf/bs/Panel/five/fre.php
bsales.cf/ft/Panel/five/fre.php
cityhotel.ge/believe/five/fre.php
cityhotel.ge/focus/five/fre.php
cityhotel.ge/rozay/five/fre.php
colnoygums.com/freg/fre.php
cytanets-com.cf/philip/panel/fre.php
cytanets-com.cf/qwertyu/panel/fre.php
dandoesinternet.com/cis1406/tutorial10/fre.php
dandoesinternet.com/cis1407/fre.php
dandoesinternet.com/mobile/ch1/fre.php
devhaevents.us/2415452354/242424/fre.php
dutch-tour-guide-marrakech.com/app/Panel/five/fre.php
eastlandproduce.us/.well-known/acme-challenge/over/raw/fre.php
eholes.viewyoursite.co.uk/LucianoLokiPanel/fre.php
emakqroup.tk/obi/panel/fre.php
emakqroup.tk/sim/panel/fre.php
embramedica.com.br/site/wp-content/plugnis/fre.php
emoticon.tk/hcode/kmaster/fre.php
e-ne1.com/Hab-Lok/fre.php
eurobike1.cf/obinna/fre.php
familyhealths.ga/cdi-directory/five/fre.php
fascine-cemdene.com/wp/wp-includes/js/js/five/fre.php
fasterre.gq/hcode/bazon/fre.php
fojidedar.com/bazz/fojide2/fre.php
fojidedar.com/fojide/fre.php
fojidedar.com/soft/amadin/fre.php
fox-lighting.ga/poop/club/fre.php
freecaps.ml/over/jump/fre.php
fruitfulmonth.tk/raphael/fre.php
geranntibankasi.com/getyoui980/jertyui989/fre.php
haksenlimited.com/slim/fre.php
hamon.ir/mate/five/fre.php
highstarsino.cf/anyi/fre.php
hkenngr.com/herty987/letry78/fre.php
homeduderezort.com/includes/1010/fre.php
homeduderezort.com/includes/gator/fre.php
homeduderezort.com/includes/nas/fre.php
homefieldtech.com/anu/five/fre.php
homefieldtech.com/box/five/fre.php
homefieldtech.com/juke/five/fre.php
homefieldtech.com/mzx/five/fre.php
homefieldtech.com/Obo/five/fre.php
homefieldtech.com/uok/five/fre.php
housded.cf/hcode/azuka/fre.php
icannsorg.com/icann2/five/fre.php
icannsorg.com/icann/five/fre.php
incitecpivot-au.com/mertyui567/kertli879/fre.php
inout-me.ml/fixx/sure/fre.php
inquire.website/images/five/fre.php
isnmainpasedal.com/amb/fre.php
jamespanel.tk/cole/fre.php
jamespanel.tk/low/five2/fre.php
jamespanel.tk/odee/fre.php
joxax.privatedocuments.site/jox/loki/fre.php
jvl-jp.co/ser567/gotert/fre.php
katherinajetter.com/vxzc/Panel/fre.php
katherinajetter.com/xzcsadwqe23/fre.php
khanapenaband.com/jon/fre.php
lablocks.site/Panel/five/fre.php
laloderkozam.com/laloder2/five/fre.php
laloderkozam.com/laloder3/five/fre.php
laloderkozam.com/laloder4/five/fre.php
launchgrowthtoday.download/bobo22/Panel/five/fre.php
launchgrowthtoday.download/choo/Panel/five/fre.php
launchgrowthtoday.download/jamike/Panel/five/fre.php
logsession.space/citycenter/fashion/trending/fre.php
lovaniacreative.com/wp-admin/js/inc/Panel/five/fre.php
madlovert.ml/swanky/wp-content/uploads/Panel/five/fre.php
magic1.cf/gat/fre.php
magic3.ml/gozie/fre.php
marksky.org/medosky/fre.php
msa-fit.gq/sql/Panel/five/fre.php
mxchlp.com/team/wide/fre.php
namesnetworks.com/blog/educational/fre.php
nextlevelshop.info/woldpress/logistics/Panel/five/fre.php
nextwaveconsulting.com.au/Cpanel/Panel/five/fre.php
novachim.ro/plugins/editors/five/fre.php
nutgetsloversplay.usa.cc/wp-content/themes/twentyfifteen/Panel/five/fre.php
oajandassociates.com/images/oajand/Panel/five/fre.php
officebase.website/js/five/fre.php
ojoboplaza.club/Angel/Panel/five/fre.php
ojoboplaza.club/Drama/Panel/five/fre.php
ojoboplaza.club/Man/Panel/five/fre.php
onlyadoonbit.com/asji/fre.php
opercomex.co/billionaire/kendra/fre.php
orkaden.com/wp-includes/Text/me/fre.php
panelhq.cf/jr/five/fre.php
panelhq.gq/airforce/five/fre.php
panelhq.gq/chelsea/five/fre.php
panelhq.gq/gold/five/fre.php
panelhq.gq/stars/five/fre.php
profirst.com.vn/aug777/five/fre.php
profirst.com.vn/aug/five/fre.php
ptads.ml/pide/seed/fre.php
punjabjaogi.com/Panel/fre.php
qureshioffice.alasrglobal.com/admin7/bgn/sfe/fre.php
qureshioffice.alasrglobal.com/admin/xxx/zzz/fre.php
qureshioffice.alasrglobal.com/sam1/xknf/kdlt/fre.php
reachmy90s.com/includes/Panel/five/fre.php
rozedaro.com/administrator/Panel/five/fre.php
saintechelon.tk/fre.php
sccoast.tk/logs/panel/fre.php
sccoast.tk/phil/panel/fre.php
schooolcode.download/uk8k/Panel/five/fre.php
shaktiorkatimo.com/symboss/fre.php
shinyei-co.gq/cade/dope/fre.php
sinomagnetor3.cf/anyi/fre.php
soolitaytangya.com/blessed/Panel/five/fre.php
sternpid.ga/firm/fost/fre.php
strcutform.com/vinye/Panel/five/fre.php
strijdbladen.ga/donstan/five/fre.php
swaz.hanirnail.net/five/fre.php
szccf361.com/flinkas260/fre.php
theonlygoodman.com/eig/fre.php
theonlygoodman.com/nin/fre.php
tondice.flu.cc/images./45skele/fre.php
tondice.flu.cc/images./imgs01sg-/fre.php
tradelink.qa/aug/five/fre.php
tutorialdnsstep1.com/admin/fre.php
tutorialdnsstep1.com/toturial/fre.php
uzocloudservers.gq/jeff/five/fre.php
veloceqlobal.net/rain/hope/fre.php
victoralifts.com/wpss/fre.php
wapsihonaylo.com/wapsi3/five/fre.php
wapsihonaylo.com/wapsi4/five/fre.php
wapsihonaylo.com/wapsi/five/fre.php
wcegroups.com/done/hont/fre.php
westiles.ga/lope/coop/fre.php
wiglelamberfo.com/eme/fre.php
constantialiquidators.com/freg/fre.php
crownventureintl.com/wip-admin/Panel/five/fre.php
gardensun.ru/daily/fre.php
gardensun.ru/eca/fre.php
mysticalreflections.life/web-content/web/upgrade/wp_obtain/log/Panel/five/fre.php
netgateway.top/panel/fre.php
scoverykingdom.gq/jeff/five/fre.php
semaprin.info/mi/fre.php
sierracontrol.ru/cmd11/fre.php
sierracontrol.ru/vipu/fre.php
woelpuu.com/hertuyi/teryio/fre.php
woelpuu.com/terypp/youip/fre.php
zealsale.com.np/file/Panel/five/fre.php
xsftruss.ml/edunew/fre.php
ymwsolutions.com/testfilez/fre.php
nawck.ml
mitch-portal.tk
sintrol.cf
sirmitch.ml

# Reference: https://myonlinesecurity.co.uk/slightly-different-lokibot-delivery-via-embedded-ole-objects-in-rtf-word-doc/

kikehraeein.com/web-obtain/file/web/log/Panel/five/fre.php

# Reference: https://twitter.com/DynamicAnalysis/status/1034488992987860995

apidava.tk

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

szccf361.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

1113sophie.info
41230319.net
cryptocoindigital.com
kacakbahisfirmasi.com
marryingmaldonado.com
mywdn.com
risu-nursery.com
saurabh.online
shiqiyingli.com
sicknessfitness.com
themonkeygrindervintage.com
unsubchef.com
win.link
xn--vhq6e39ls7w.net
zexpar.com

# Reference: https://viriback.com/30-days-later-97-panels/

annamadums.ml/jazzy/PvqDq929BSx_A_D_M1n_a.php
bellegin.ru/doncha10/pen.php
bellegin.ru/don-cha11/pen.php
bellegin.ru/oshok/pen.php
bollingoes.ml/ngoes/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/blam/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/block/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/konvict/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/smith/five/PvqDq929BSx_A_D_M1n_a.php
cadjetbums.ml/tbums/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/moon/five/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/sun/five/PvqDq929BSx_A_D_M1n_a.php
dunysaki.ru/buch-x5/pen.php
dunysaki.ru/doncha-2/pen.php
dunysaki.ru/stephen/pen.php
erintoba.info/bbbb/Panel/five/PvqDq929BSx_A_D_M1n_a.php
eriousimen.ml/eriou/PvqDq929BSx_A_D_M1n_a.php
finelets.ru/buch-x3/pen.php
finelets.ru/buch-x4/pen.php
finelets.ru/fankzu/pen.php
gokuu.club/ckan/PvqDq929BSx_A_D_M1n_a.php
gokuu.club/M/PvqDq929BSx_A_D_M1n_a.php
joanread.ru/decap/pen.php
joanread.ru/work-1/pen.php
lidgeys.ru/buch-k/pen.php
lidgeys.ru/buch-l/pen.php
lidgeys.ru/buch-m/pen.php
lidgeys.ru/buchX-1/pen.php
lidgeys.ru/buch-x2/pen.php
lidgeys.ru/eddy/pen.php
papgon10.ru/davidm/pen.php
papgon10.ru/don-12/pen.php
papgon10.ru/don-one/pen.php
papgon10.ru/kennyB-1/pen.php
papgon10.ru/oshok-two/pen.php
thousandan.ml/andan/PvqDq929BSx_A_D_M1n_a.php
topreadz.ru/alexbe/pen.php
topreadz.ru/doncha-3/pen.php
topreadz.ru/willy-1/pen.php
ultrainstinct.ru/file/exe/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/Dstan/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/hsp1/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/nesto/Panel/five/PvqDq929BSx_A_D_M1n_a.php
uy-akwaibom.ru/vinho/Panel/five/PvqDq929BSx_A_D_M1n_a.php
vailablity.ml/vaila/PvqDq929BSx_A_D_M1n_a.php
viettrust-vn.net/samii/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/home/five/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/log/five/PvqDq929BSx_A_D_M1n_a.php
wheelonexs.ml/wheel/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://github.com/stamparm/maltrail/pull/284#issuecomment-417861246

ajmanz.gq

# Reference: https://twitter.com/DynamicAnalysis/status/1037472184636256256

theonlygoodman.com/fit/fre.php

# Reference: https://twitter.com/nullcookies/status/1038235674565066757

crasemerzom.com

# Reference: https://twitter.com/avman1995/status/1038285919219068928

http://99.198.127.106
blackdiamondsco.ae/test/fre.php

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

bartolini-system.net/loop/PvqDq929BSx_A_D_M1n_a.php
logs.boxxta.website/ikol/five/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Hploki-6682476-0)

bvasetro.com
com-logninsauthorize.info
grm-group.info
healinggoodness.com
losmejorescrm.com
mechakawaii.com
mytechnik-beratung.com
ptt-test.com
testci20170903033002.net
thlg8.com
vintageontheline.com

# Reference: https://pastebin.com/bEqJKZfZ

strutitinca.ro/ftp/fre.php
zenshinonline.ru/amb/fre.php
zenshinonline.ru/eka/fre.php
zenshinonline.ru/file/fre.php

# Reference: https://www.maltiverse.com/sample/1ea139164e3525a5a4f3feb333551a806852cca40e49698fbf65d49bd4f7c27c

loggerkeys-hosting.xyz

# Reference: https://www.maltiverse.com/sample/16d06c604487ad96b04f226827dc033d61c80b345a323faee5c9d4a0b2a108d0

tananaislanoidd.ga

# Reference: http://cybercrime-tracker.net/index.php?search=Lokibot

corelis.group
zenshinonline.ru
harltdoors.com
devhaevents.us
grace4good.cf
theonlygoodman.com
premierevents.co.zw

# Reference: https://twitter.com/ViriBack/status/1046391838448537601
# Reference: https://pastebin.com/4QRaU8T7

geranntibankasi.com/slowkizzy567/kertyui456/PvqDq929BSx_A_D_M1n_a.php
hkenngr.com/herty987/letry78/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/dertyu987/treyuo9809/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/lerty67/loivet56/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/mertyui567/kertli879/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/hermonth/jerk/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki2/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki3/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/gert67/teryu7/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/nwokorie45777/fertyuoui/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sert67/tyuio98/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sertyoup/latinoper90/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/slamp89/ketu56/PvqDq929BSx_A_D_M1n_a.php
kaokao-twn.com/yerter/getyu/PvqDq929BSx_A_D_M1n_a.php
karenandkarren.com/multi980/mertyui989/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/fertyuio/lopiytu/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuier/liouy56/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuio/lop0980/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/gertyu99/ertyu8/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/hertyuu89/menter67/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/kertyu767/jertyu657/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/loipter/teryuop999/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/cash2/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/kelle/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/money/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/tino/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki2/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki4/PvqDq929BSx_A_D_M1n_a.php
oliverrbatlle.com/setyi98/etruo89/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/dertyuop345/teryup234/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/limitedmert/menter567/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/nertyoiu67/eartyuoiyue67/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/slamptiert5/fertyupw456/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/startboi89234/netwer675/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/betstyui789/erty6786/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/fishyoiu/fishtery77/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/sertyu45/teryu34/PvqDq929BSx_A_D_M1n_a.php
redsseammgt.com/loki5/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/hertioyu567/lertu789/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/mentiyu98/letluy78/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/kogilop/yopuit77/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shakamally/loipy67/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/lokily89/werty6789/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/smello/ertyop009/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki4/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki5/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shunshuo/terrampeedar/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/serto99/jerty45/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/sertoiu/fertuiop/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopitre87/teryuio09/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopityrety/kerterty/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/hertuyi/teryio/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/terypp/youip/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/

oceanlinkmarrine.com/loki1/fre.php
oceanlinkmarrine.com/loki2/fre.php
oceanlinkmarrine.com/loki3/fre.php
oceanlinkmarrine.com/loki4/fre.php
oceanlinkmarrine.com/loki5/fre.php

# Reference: https://twitter.com/avman1995/status/1046751735971282944

nisol.ga/chika/fre.php

# Reference: https://pastebin.com/AasLyArF

monochromestr.site/fbm/encode.php

# Reference: https://twitter.com/avman1995/status/1052426452187185153

octone.igg.biz/chri1/cgi.php

# Reference: https://app.any.run/tasks/4515e611-f351-436b-982a-72229c1a1853

hmcrogenics.com

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

/LL0/200g-xz/cat.php

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

/kston/link.php

# Reference: https://twitter.com/Securityinbits/status/1090893221754884100

/scott/link.php

# Reference: https://twitter.com/Racco42/status/1027476386808848384

maxthon.duckdns.org
sockets.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1062658307507273733

/sgbbu2/cat.php

# Reference: https://twitter.com/illegalFawn/status/1113086451233755136

alexiwobi.ga
dandyla1.ga

# Reference: https://twitter.com/luc4m/status/1103214408682139648

aurelio.xyz

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1116638803475746816

camopionari.cf
dankasa.tk
olododo.tk
sweetreuyh.tk
underneat.gq
yriuiuteuieu.gq

# Reference: https://twitter.com/pancak3lullz/status/1121057197914509312

/cka2/cat.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1134360866550439936

/m/2/cat.php

# Reference: https://twitter.com/JayTHL/status/1124325778685087745

/lmark/atz/link.php

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk/anyi/fre.php

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml/tuneshi/fre.php

# Reference: https://twitter.com/ViriBack/status/1134662952898965504
# Reference: https://pastebin.com/pkZ0TBnc

beautynams.com
begurtyut.info
flmates.com
hyoki-jp.top

# Reference: http://tracker.viriback.com/ (# Lokibot)

bridgecornenterprises.com
doosantax.com
unimasa.icu

# Reference: https://www.virustotal.com/gui/ip-address/185.79.156.24/relations

http://185.79.156.24

# Reference: https://twitter.com/P3pperP0tts/status/1135824585885196288

leorentacars.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1136248211654545408

gadujez.tk

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/lethatch.se%2Fnelpa%2Ffive%2Ffre.php

lethatch.se

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/technosevregroup.com%2Fzxd%2Fpanel%2Ffre.php

technosevregroup.com

# Reference: https://github.com/runvirus/LokiPWS/blob/master/README.md

offset7.com

# Reference: https://twitter.com/James_inthe_box/status/1136674160862609408

execuitiveship.com

# Reference: https://twitter.com/dvk01uk/status/1137999393158770688

exalumnosldea.cl

# Reference: https://twitter.com/dms1899/status/1138742747773460482

mbh-co-uk.ml
sas-agri.ml

# Reference: https://twitter.com/dvk01uk/status/1138774057606926341

fantasticpipo.club

# Reference: https://twitter.com/dvk01uk/status/1138775767171698690

ezigbo-mmadu.xyz

# Reference: https://twitter.com/James_inthe_box/status/1138815213640114176

http://45.67.14.154
http://185.79.156.24

# Reference: https://twitter.com/dvk01uk/status/1139485923991785473

uehsjtsjksf.tk

# Reference: https://twitter.com/dvk01uk/status/1139494526307975168

fraiser-campbell.ga

# Reference: https://twitter.com/pancak3lullz/status/1139534936518594561

freecapes.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568

/kas/4/cat.php

# Reference: https://twitter.com/dvk01uk/status/1140936638148820995

sparkickwears.ga

# Reference: https://twitter.com/blackorbird/status/1141557021000552448

fileshareing.tk

# Reference: https://twitter.com/x42x5a/status/1141970343818665984

007akin.top

# Reference: https://twitter.com/Racco42/status/1141969102753423360

bichchats.top

# Reference: https://twitter.com/Racco42/status/1143810986920599553

saculcin.top

# Reference: https://twitter.com/x42x5a/status/1143895404527988736

tqe2009.com

# Reference: https://twitter.com/dvk01uk/status/1144811922715549696

lionelibrahimovich.tk

# Reference: https://twitter.com/dvk01uk/status/1146410395357339649

ayakkokulari.com

# Reference: https://twitter.com/killamjr/status/1147113714132275200

openningsoonming.zapto.org

# Reference: https://twitter.com/_odisseus/status/988303327090937857
# Reference: https://app.any.run/tasks/20ed9962-0799-4f3b-bfbf-6dd77e5b9979/

i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd

# Reference: https://twitter.com/smica83/status/1149194882231209985

mbixch.site

# Reference: https://twitter.com/Racco42/status/1149662812722978816

aliiff.com
villaviras.com

# Reference: https://twitter.com/hexlax/status/1149768235434352645

automatia.in
lestonline.ga
taleohio.ga

# Reference: https://twitter.com/Paladin3161/status/1149639116125921284

kitchenraja.com

# Reference: https://twitter.com/hexlax/status/1150113306545467393

bioconscolors.com

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

wupx.ga

# Reference: https://twitter.com/reecdeep/status/1151737917259354113

ysvina-vn.com

# Reference: https://app.any.run/tasks/69193d3f-ffe6-4db8-ba64-b408caeffde0

hotkey--cn.com

# Reference: https://twitter.com/coderippers/status/1152188547253846016

orientsdelivery.xyz

# Reference: https://twitter.com/reecdeep/status/1145960074046791680

eko-colors-pl.com

# Reference: https://twitter.com/IdoNaor1/status/1152892001844629505

abulutari.tk

# Reference: https://twitter.com/reecdeep/status/1153195564852547585
# Reference: https://app.any.run/tasks/4574a922-fd08-4230-ac49-59315b0702d5/

matbin.com

# Reference: https://twitter.com/blackorbird/status/1155781572718546944

sparkickwears.ga

# Reference: https://twitter.com/James_inthe_box/status/1155945383048011777

pitr0s.com

# Reference: https://twitter.com/reecdeep/status/1157201656397860865

hochom-tw.com

# Reference: https://twitter.com/Racco42/status/1157215058319040512

maviiletisim-com.tk

# Reference: https://twitter.com/Racco42/status/1158765032299270144

kusumgar.cf

# Reference: https://twitter.com/reecdeep/status/1158984342108090369

monastaybags.com

# Reference: https://twitter.com/reecdeep/status/1159008913691435008

hilbizworld.top

# Reference: https://twitter.com/reecdeep/status/1159438247208075264

hotkey--cn.com

# Reference: https://twitter.com/reecdeep/status/1159446926196183045

teslaghane.com

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

sovamegroup.com

# Reference: https://twitter.com/Paladin3161/status/1159984272897216513

quecik.info

# Reference: https://twitter.com/reecdeep/status/1161226121515544576

sportyclik.com

# Reference: https://twitter.com/reecdeep/status/1161220049413246977

sun-clear.net

# Reference: https://twitter.com/reecdeep/status/1164074211213807616

confirm3.pw

# Reference: https://any.run/report/a234966b36ea3816665501b926ef6fe22f4e8ba90a80af0f66662c4cd4dba915/6a5e8f49-5529-4f67-a457-eab7a3f1635e

scanchart-rny.com

# Reference: https://any.run/report/49e77f3fa26d7427bc726783325c2729c666038e0c4546c87e5678adcadaa4a8/8c88a7b4-fac6-494f-aba2-142d845136a2

cbnid.net

# Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329

clotiahs.info
jiraiya.info
zjvvymy.com

# Reference: https://twitter.com/reecdeep/status/1169151595747127296

modcloudserver.eu

# Reference: https://twitter.com/Mesiagh/status/1170048273366695936
# Reference: https://pastebin.com/kMXDsSNr

171.15.198.199:1443

# Reference: https://app.any.run/tasks/bf013836-f219-494b-a54b-e25c13a7a400/

ottappalam.com

# Reference: https://www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html

palikyu.ml

# Reference: https://twitter.com/reecdeep/status/1173492999457841154

mapsi-shipping.xyz

# Reference: https://twitter.com/dvk01uk/status/1173464780159508480

svmarketingindia.com

# Reference: https://twitter.com/Racco42/status/1173547031979278336

clotiahs.info

# Reference: https://app.any.run/tasks/84841357-56f4-4d71-9f7b-4e5dde21edf7/

nucsquaremall.ga

# Reference: https://twitter.com/ninoseki/status/1175189790469189632

fatmazpharmc.com

# Reference: https://app.any.run/tasks/6ecd4749-affb-4505-8b95-bd307a609be8/

handrass.co.rs/don/five/fre.php

# Reference: https://any.run/report/397217271ce8684d24144b1eb612d6d45921573bb8cdd0e53fae1d44d2456a64/ff14e78f-0c45-45b0-b93e-8170121cc7de

kaokao-twn.com

# Reference: https://any.run/report/91628bad8c6b90dd333f850db85dcc2c313dbbccd84ecae45441b72c2a09603d/aba660a1-69bc-4f44-bc21-c962997baf13

barzaker1.tk

# Reference: https://any.run/report/a2c93eb56dd983d63654dbbd82ee2967d1acb50f4fcd700ab3dfb7743fe64e9a/36fcc660-a97e-491f-9b05-af099620ac4c

gruputsk.com

# Reference: https://any.run/report/30e5e29f2e4e69e88032805b3cdfd8e86e48f6837a375f096263b86f9fe4de01/b5efffc2-b5b6-4e87-9958-4ab0e7c23db3

opercomex.co/php/webpanel/fre.php

# Reference: https://any.run/report/c407bb7c069e983d20752c582476ab1606b4947724194f949ba90eefe9e05a24/9012e28b-9667-4070-9751-b3f2ef211d50

ponsse.site

# Reference: https://any.run/report/050c206340ce8ea775797da9d55a250e488174d87d9529fb25db13a07168c471/8c33a2a5-51af-4547-bdb7-d5a3b93ea4c4

barzaker1.cf

# Reference: https://any.run/report/1c0f62f0277289f74ffd1f03f5097f17a1e14494c4c612ed30aa2a9899759d3a/d4d20c0c-7aa3-449b-b365-8b2b9e243050

dtolnba.tk

# Reference: https://any.run/report/78de464e43327ba4f9ef245c72e26b28e1fbd5175bccd15253fde852bd1eb61d/1a751b0b-e75f-4b67-829c-de5f1a86a932

megatradeinvestment.com

# Reference: https://any.run/report/7e6b471d1fe43841b1c995df98e2feede05280d251f50fcf6b6f084ae902817a/9fd319fa-3e9d-4d15-8837-9b2d08fe6b8e

185.234.216.240/0x22/loki/fre.php

# Reference: https://any.run/report/8897b096fa6661307bb3d2d97df155b2a4d673ee4e2e50ee37de23179a79afa6/e73a0ccf-14b0-4445-a00c-84076510d095

panelego018.info

# Reference: https://any.run/report/7c7d40b6e024d074acb2aa9b21e60e5a2e132424cdd4f23432013cfadc368392/88ea1ed2-25ac-4786-86dc-a052020f6b2d

62.108.37.205/jeff/five/fre.php

# Reference: https://any.run/report/af51d7d35c70e8572b1bf1bf7cac2f9c79da70920e972f5df338bd34b7908b51/17cb8efa-8ccb-4ccf-9e71-ca9cb30be138

jaobhaezrasam.com

# Reference: https://any.run/report/da8cb79eb0b11f4c7e18890217c465afe508900d4d0fe029df10a08d7f50722e/28736ba8-2474-4fe3-9e7d-766ff32819f5

twosisterswine.com.au/admin/Panel/five/fre.php

# Reference: https://any.run/report/856cfd8e4168c08f6382cc6a7a94f2812d40d09e4b5a17728f142c5bf1d7b892/76cc0b7e-1668-4fea-92db-47ce9f0e2d82

gracetime.tech

# Reference: https://twitter.com/P3pperP0tts/status/1179292959172370433

onlygoodm.com

# Reference: https://app.any.run/tasks/2bd648b0-c9cd-45a1-ac4b-3c253c2c01aa/

peaches19.com

# Reference: https://twitter.com/Racco42/status/983258396664229888

ritsuninfra.in

# Reference: https://twitter.com/smica83/status/1184381866243248128

cvnty.tk

# Reference: https://twitter.com/hexlax/status/1184471439476441088

cvnty.cf
ggvxt.ga
mbfqg.cf
mlzxvi.tk
prxtz.gq
prztz.ga
qvukl.ga
qvukl.gq
qvukl.tk

# Reference: https://app.any.run/tasks/9b5e5e7f-ac71-484e-8dad-0d0af3bfe73b/

atritei.icu

# Reference: https://app.any.run/tasks/856e216f-c979-450a-a0b7-b9dbc6ab1361/

torresansrl-it.com

# Reference: https://app.any.run/tasks/abd716d5-3267-4aec-b4e5-075b0f4ddf0a/

baiksan-kr.com

# Reference: https://app.any.run/tasks/2c80bfce-a4a7-4024-b943-39d4fa8e0a01/

yanchenghengxin.com
corpcougar.com

# Reference: https://app.any.run/tasks/2c93099b-2751-41c4-a764-f8d66dcf727d/

kaburto.info

# Reference: https://app.any.run/tasks/ff303a56-d3f6-4128-8876-1c91d4d7494e/

yanchenghengxin.com

# Reference: https://app.any.run/tasks/f1e17f2a-00bc-4eeb-b5be-2d10c735ed9e/

tps-finlogistics.com

# Reference: https://app.any.run/tasks/f09ecafa-3e69-4171-bd36-c415c5e5f0e0/
# Reference: https://twitter.com/P3pperP0tts/status/1185592600528637952

fueda.info

# Reference: https://app.any.run/tasks/9eaf57e9-015a-4357-b0f8-fe30df9c9be7/

cvnty.tk

# Reference: https://app.any.run/tasks/e1756c8b-3175-4232-a4ca-9818a8ac27e6/

john-donnelly.co.uk

# Reference: https://app.any.run/tasks/3318e0f8-d5e7-4316-b748-b83cc506aaf9/

danagupal.com

# Reference: https://app.any.run/tasks/69ce4ecc-f88e-4523-a568-6b6a79491855/

simantramart.net

# Reference: https://twitter.com/James_inthe_box/status/1185191156168065024

nvent.icu

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Trojan.Lokibot-7288215-1)

arkhesol.info
lapphuongshoe.com
majidfathalibeygi.com
novinsazvar.com
orientsdelivery.xyz
pliykies8.net
suksez-ab.com
versuvius.ru

# Reference: https://twitter.com/P3pperP0tts/status/1186987811553067009

sylvaclouds.eu

# Reference: https://twitter.com/Paladin3161/status/1187160642815291392

mikeservers.eu

# Reference: https://pastebin.com/29uSdMAk

atritei.icu
dadatiles.com.au
gracetime.tech
jajar.ru
modatie.gq
nonomonojolipoiubtrewert.tk
tahetah.ir

# Reference: https://twitter.com/P3pperP0tts/status/1190724582359089152

kaburto.info

# Reference: https://twitter.com/wwp96/status/1191009866720124928

conceriavictoria-it.com

# Reference: https://twitter.com/wwp96/status/1191009400015802368

beautynams.com

# Reference: https://twitter.com/James_inthe_box/status/1191325755084435457

allaige-global.com

# Reference: https://twitter.com/wwp96/status/1191408876303896576

cyttec.de

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Lokibot)

http://104.168.248.212
http://178.159.7.9
http://185.189.112.158
http://185.79.156.15
http://185.79.156.24
http://37.120.146.126
http://45.67.14.181
http://51.68.128.171
http://94.100.28.214
http://23.95.228.37
http://5.252.192.117
007akin.top
013nat.net
2lcfo.com
4thave.co.uk
9th-way.tech
abbasuit.top
abifph.com
acptw.icu
adamsjef.top
aerosport.tech
aljust.website
allstarbelts.com
andalemexico.com
apollocapitalp.com
baiksan-kr.com
baklaysinc.com
bakrakhada.com
bamastra.top
beancart9.top
beatfile3.top
beautynams.com
begurtyut.info
bichchats.top
bigshowinc.co.uk
biocodax.com
bluecornerblog.tk
bosal.tech
bp10.webhosting123.icu
bridgecornenterprises.com
broomingkingpoiuty.tk
bteenerji.com
buildingwiring.ir
bylima.icu
cbnid.net
cleaf.ml
clotiahs.info
cnedriect.com
cocshipmanagment.com
confirm2.pw
confirm3.pw
coolking-tw.com
corpcougar.com
corpcougar.in
cosmoi098.ga
cosmoi098.ml
cremeroloe.com
crippoloiutustrope.tk
cvnty.ga
diplomatgroup.org
doosantax.com
ebslaradio.cl
efore.info
eko-colors-pl.com
eko-logistics.com
emiliano-sala.ga
enchapa.info
esplanademauritius.com
execuitiveship.com
exsimpetroleum.com
extrememx.net
exwelloilfleld.com
ezigbo-mmadu.xyz
famoosonutt.com
fantasticpipo.club
fileshareing.tk
filmmagapp.ir
flmates.com
florence-malouda.ml
florence-malouda.tk
forexdispatch.info
fredwi.top
freecapes.com
freecaps4.ml
freewhcm.top
frenchman.icu
fueda.info
gama247.beget.tech
giftedhands-association.com
gihf2.com
goldenfashiondeeds.com
gooinnhtrr.ml
goriaya.com
gregvictor.co.uk
groz-toolz.com
gtigtex.info
habertjohnson.top
halwaja.com
higomanga.info
hotblowup.com
hpygol-acm.com
hyoki-jp.top
iiranair.com
iranssp.ir
ivandarina.top
jayconnect.co.uk
jbrightbuilders.sytes.net
jhpipaa.com
jonjoshelvey.gq
jttomwest.top
kaburto.info
kachi.cf
kalafyn10.tk
kin3p.co.uk
kitchenraja.com
kratheinz.com
lapphuongshoe.com
ledomainedesalizees.com
logfert.com
lovingu1.top
lronman4x4.com
mairon-hk.com
makopolos.com
manchester-derby.ga
manchesterderby.gq
manchesterderby.tk
maritlme-net.com
matbin.com
mbh-co-uk.ml
mbta.com.ng
mhydraulics.net
mizunogolfbags.com
modcloudserver.eu
monastaybags.com
morganans.co.uk
newwoldassem.top
nexmarket.ir
nkegi.com
oasisvillasmaurice.com
ofoleteadms.icu
oldendroff.com
orientsdelivery.xyz
palacegrades.com
perigon-no.com
pouruinhgtrewzip.tk
qkinz.tech
qoqip.com
quelmax.com
quurieun.top
rasavision.ir
razaacademy.info
ritedi.icu
rnuganbank.com
rtjf.ga
saliyumakan.club
scm-hk.com
season1.icu
sghecc.com
shakekur.top
shalets23.com
sherwoodpest.com
sibarzz.xyz
siiigroup.com
slimcase247.se
smarytie.ir
smilesbyme.com
smithtony.co.uk
sparkickwears.ga
spidook.bid
spuerinirominfo.tk
stedmanpharrna.com
stephero7.ml
sucalcin.top
sun-clear.net
sunvim.cf
sylvaclouds.eu
telcel.tech
thaeed.ir
thammyvienanthea.com
tienaris.com
tjfr.tk
tmjchange.com
tourscentralasian.com
tqe2009.com
tradesecretsgiveandtake.ca
treatascholars.com
trietrre.ml
unimasa.icu
uzocoms.eu
vastinopulotiste.tk
vbih.tk
venresf.ml
vibecore20.top
vicomdistribucion.top
villaviras.com
vinaprio.com
vteach.com.sg
wieiland.com
wilfred.top
willhelmsen.com
wohinqfood.com
yuxinproteins.com

# Reference: https://twitter.com/P3pperP0tts/status/1191999299061780480

http://151.80.3.78

# Reference: https://www.virustotal.com/gui/file/df3f26fa52e1d59ae86f3e4e3e0811ff0beb10f2588dcc5372130e93fc007908/behavior/Dr.Web%20vxCube

arctech--vn.com

# Reference: https://www.virustotal.com/gui/file/6979ee74e6d3dfcdaf0e146faa063d70659b56cfda034d46f6a611af58a71f70/behavior/Dr.Web%20vxCube

beautynams.com

# Reference: https://twitter.com/P3pperP0tts/status/1192710961641205760

http://51.81.26.73

# Reference: https://www.virustotal.com/gui/file/68a511a096b68f00f40d77b497122a0da58132ec86d565a7e314452fe18b8321/behavior/Dr.Web%20vxCube

kenturkeymanians.org

# Reference: https://twitter.com/P3pperP0tts/status/1192809962268962818

backbaymall.ga
nucsquaremall.ga

# Reference: https://www.group-ib.com/blog/fakesecurity

chuxagama.com
umbra-diego.com

# Reference: https://twitter.com/P3pperP0tts/status/1193844698370236416

http://157.52.211.11

# Reference: https://twitter.com/wwp96/status/1193942503864651776

efore.info

# Reference: https://app.any.run/tasks/205df181-d1c5-4315-80b2-5456b6bfeef2/

arctech--vn.com

# Reference: https://twitter.com/wwp96/status/1194325495686586370

pointqrace.com

# Reference: https://twitter.com/P3pperP0tts/status/1194590128129421313

http://37.187.207.221

# Reference: https://twitter.com/P3pperP0tts/status/1194761250078699520

nvent.icu

# Reference: https://twitter.com/P3pperP0tts/status/1194979247124860929

http://51.75.33.88

# Reference: https://twitter.com/JayTHL/status/1194992844039229441

onllygoodam.com

# Reference: https://twitter.com/James_inthe_box/status/982003272562044928
# Reference: https://app.any.run/tasks/0893ab89-f685-40ae-bddc-83699013c804/

hydeoutent.com

# Reference: https://twitter.com/Racco42/status/1196407632598310918

s-plt.club
s-top.xyz

# Reference: https://twitter.com/wwp96/status/1196472338960793603

gelcursot.top

# Reference: https://app.any.run/tasks/30e58965-3657-457d-8aba-cf857b1ae756/

junquam.com

# Reference: https://app.any.run/tasks/1dc0b30d-1713-41f3-a0f0-a98240ba9824/

onllygoodam.com

# Reference: https://app.any.run/tasks/60951b2e-aac7-46b6-be01-214e104282f2/

matbin.com

# Reference: https://twitter.com/wwp96/status/1196877315726135296

s-top.xyz

# Reference: https://twitter.com/wwp96/status/1196870261016059905

http://46.21.147.94

# Reference: https://www.fortinet.com/blog/threat-research/custom-packer-tool-frenchy.html
# Reference: https://otx.alienvault.com/pulse/5dd565d5cd733b662f366526

alphastand.top
alphastand.trade
alphastand.win
kbfvzoboss.bid
sun-clear.net

# Reference: https://twitter.com/P3pperP0tts/status/1197683883627700229

http://51.91.175.183

# Reference: https://twitter.com/JayTHL/status/1197922402828791808

findmypractice.org

# Reference: https://pastebin.com/a3tLkeSU

http://107.175.150.73

# Reference: https://app.any.run/tasks/2b37b818-369c-4c5c-a7af-fc7d20958920/

ray-den.xyz

# Reference: https://www.virustotal.com/gui/file/6b6ff1efd1dd41901c9c23dfd6d03ff6c1f6d846bf8ac8002b3af61744426e11/detection

lethatch.se

# Reference: https://app.any.run/tasks/216903ba-ad00-4e4b-8606-d329e1e8772e/

arctech--vn.com

# Reference: https://any.run/malware-trends/lokibot (Note: as seen on 2019-12-04)

worldatdoor.in
kitchenraja.in
gsuitekh.com
avertonbullk.com
offsolo-gbb.tech
1justfy.pw
l1n3n.site
elettroveneta-it.com
ddos.dnsnb8.net
smtp.siqanalytical.com
adonis-medicine.at

# Reference: https://twitter.com/wwp96/status/1202265059784835072

chennaiequipment.com

# Reference: https://pastebin.com/ghh2y3g3

kargozar1320.ir

# Reference: https://twitter.com/wwp96/status/1203005552248397824

gblasta.pw

# Reference: https://pastebin.com/7Ak2nP2T

awba-groups.com
indextechno.com
pms-center.com

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Trojan.LokiBot-7420275-1)

betaflexllc.us
beyondlogx.com
kontrolreport.com
oscontinental.online
phoenixdevs.ir
porno322.com
protestlabsmovings.es
secure-n2.top

# Reference: https://pastebin.com/B6EDa5x0

jb-qroups.com
logboxreports.top

# Reference: https://twitter.com/HeavyMetalAdmin/status/1204108254588080128

woobwoo.cf

# Reference: https://twitter.com/wwp96/status/1204430643800793088

woobwoo.ga

# Reference: https://twitter.com/wwp96/status/1204789643138473985

s-pod.xyz

# Reference: https://twitter.com/wwp96/status/1204805860129755141

kyant4.com

# Reference: https://www.virustotal.com/gui/file/1e191a6f8c36095e7a3c06d70086d82886447dab7119f1adb84ee321700dd7eb/detection

lkpswrd.cf

# Reference: https://www.virustotal.com/gui/file/994744f9be120c63c7d5819f9b9bd3fb43e19efc59b95d0153aa64adf6cc8d6c/detection

sentab.tk

# Reference: https://www.virustotal.com/gui/file/b939020a31f8ef30fd78bbb487469c72f61a857f699b689628a332fbedbf9959/detection

lkpswrd.ml

# Reference: https://twitter.com/James_inthe_box/status/1206952335764795392

onlygoood.com

# Reference: https://twitter.com/smica83/status/1209204228696227840

gcirsa.com

# Reference: https://twitter.com/wwp96/status/1214568832016142337

gquare.gq

# Reference: https://pastebin.com/Q6Sn446k

roryaftamart.duckdns.org

# Reference: https://twitter.com/wwp96/status/1214932312401600512

gquare.tk

# Reference: https://twitter.com/wwp96/status/1214940445530345472

egobetter.xyz

# Reference: https://app.any.run/tasks/90588195-450b-42b2-be93-65b97da7a2a0

gainflows.gq

# Reference: https://twitter.com/Racco42/status/1215312968348467200

cypress-tw.com

# Reference: https://twitter.com/Racco42/status/1215570689379524608

ptiihk.com

# Reference: https://twitter.com/Racco42/status/1214124427602022400

zni1.com

# Reference: https://twitter.com/P3pperP0tts/status/1215705099776987138

onlygoodem.com

# Reference: https://app.any.run/tasks/73a7b555-6bef-4aae-98a2-2dc6a5df6fda/

tranpip.com

# Reference: https://twitter.com/P3pperP0tts/status/1216852518640259073

noithathoanggia.net.vn

# Reference: https://app.any.run/tasks/8d60b414-aed6-4dba-80ca-f3d1b2f7556e/

allenservice.ga

# Reference: https://app.any.run/tasks/6d4f51ab-0149-4b7b-b43c-d55f7c7a046e/

tbt-sceitech.com

# Reference: https://twitter.com/malware_traffic/status/1217858107289866240

himkon.ga

# Reference: https://twitter.com/wwp96/status/1218227068896514051

afas-kr.com

# Reference: https://app.any.run/tasks/aa120a9f-7889-492b-9695-2b9c32c7a5fe/

oaa-my.com

# Reference: https://twitter.com/wwp96/status/1219361313735966721

agrabahd.ga

# Reference: https://twitter.com/wwp96/status/1219363482031861760

mecharnise.ir

# Reference: https://app.any.run/tasks/610b93f9-38f4-466f-a46e-f0dfbc750a1b/

chol.cc

# Reference: https://app.any.run/tasks/891ac638-b067-42b0-bf51-6120998204a9/
# Reference: https://app.any.run/tasks/7efd4037-e819-4b05-9dc5-c0baadcc7bb6/

http://107.175.150.73/~giftioz

# Reference: https://app.any.run/tasks/09a252ef-0ebb-4f48-b4a2-2261a44dd000/

sisenor.ml

# Reference: https://app.any.run/tasks/79df932f-0f42-441e-9071-64ddd88c7529/

kuomlog.xyz

# Reference: https://pastebin.com/DT3diCh7

didxbooks.com
fiftint.com

# Reference: https://app.any.run/tasks/a1af1cea-bf86-4702-b3a2-082c1d242f15/

http://193.142.59.89

# Reference: https://www.exposedbotnets.com/2018/02/kdotrakycomloki-bot-hosted-in-shinjiru.html

kdotraky.com
continentalrnovers.com

# Reference: https://twitter.com/wwp96/status/1220414670290456576

martirill.ga
/makave/sab.php

# Reference: https://www.virustotal.com/gui/file/d794747343409784e81b7754901acda8e2d3f5182ab9addc66c6121bc55aabc7/detection

teiup.xyz

# Reference: https://app.any.run/tasks/d4acf26b-aced-48a9-8dec-aeccd602c109/

heartychern.com

# Reference: https://www.virustotal.com/gui/file/8e68b6908534b24b52ba7a1d0ef445b9b2a8681a4d35fa9d5c4d447cf3efb300/detection

akito.be

# Reference: https://www.virustotal.com/gui/domain/alibabahugia.com/relations

alibabahugia.com

# Reference: https://www.virustotal.com/gui/domain/eferiwalabd.com/relations

eferiwalabd.com

# Reference: https://www.virustotal.com/gui/file/e1869921f052c6dc9387b18c6884191a2c637eb21cd638ed1b2e71b31cab7e0b/detection

kheeda.com

# Reference: https://www.virustotal.com/gui/domain/regalscoin.co/relations

regalscoin.co

# Reference: https://www.virustotal.com/gui/url/b27492bd716239fe2f17a20b4c60c24bb058b7b8023be0f5a5e78bde37ea7864/detection

molmarsl.com

# Reference: https://www.virustotal.com/gui/file/b509e105567fe4a14e31c96d71bdf2080df1d1737fe5b1928b2e5ad88add2b31/detection

bodegaslopezmoernas.com

# Reference: https://www.virustotal.com/gui/file/0dbbbc6aa0686ea19b55871f0ca0b9c722064683604c04e581c8498095f0cea9/detection

jdandado.info

# Reference: https://www.virustotal.com/gui/file/5ffa3eaa94c6a603d21525a72d56f23915279fbd755ac0fb24d04e9a2fdd26fe/detection

jscmy.co

# Reference: https://www.virustotal.com/gui/file/3fcbf0a0d8ab22f5762ebf4855165c1258b57462119eb5549e7b74edcc2ce1ad/detection

omabradley.ru

# Reference: https://www.virustotal.com/gui/file/eb0cc81ad318a7ee0d5aef0b51538178c5e590be837a2e81cb99bf89944547f3/detection

getvision2020.net

# Reference: https://twitter.com/wwp96/status/1221892381831766017

oaa-my.com

# Reference: https://twitter.com/wwp96/status/1222244913309454337

nwababy.cf
/chikincho/sab.php

# Reference: https://twitter.com/wwp96/status/1222259928422932480

wakanduz.tk
/sabali/sab.php

# Reference: https://twitter.com/James_inthe_box/status/1222541809454202880

zeyadigital.com

# Reference: https://twitter.com/wwp96/status/1222604774484430848

himkon.cf

# Reference: https://twitter.com/wwp96/status/1222651453673787393

drop-box.top

# Reference: https://twitter.com/Racco42/status/1222895330422706178

hanmha.com

# Reference: https://www.virustotal.com/gui/ip-address/193.142.59.107/relations

193.142.59.107:80

# Reference: https://www.virustotal.com/gui/ip-address/89.249.65.212/relations

89.249.65.212:80

# Reference: https://twitter.com/wwp96/status/1223277675688669185
# Reference: https://app.any.run/tasks/f9f4c66f-7e96-4ded-909a-f2f799658400/

gpi-q.com

# Reference: https://twitter.com/wwp96/status/1223283853395144704

everest--sh.com

# Reference: https://twitter.com/wwp96/status/1223331321969348613
# Reference: https://twitter.com/wwp96/status/1224402400674447361

butland.cf
ezilon.tk
/igine/sab.php

# Reference: https://pastebin.com/v5VKwUUR

batlxt.org
fiftint.com
top-sso3.top

# Reference: https://twitter.com/wwp96/status/1224395051486400513

kdi-kongsberg.com

# Reference: https://twitter.com/wwp96/status/1224395809879470080

baural.tk
nedoru3.ml

# Reference: https://twitter.com/wwp96/status/1224397130175041536

unrrwa.org

# Reference: https://twitter.com/wwp96/status/1224403562488389632

http://193.142.59.7

# Reference: https://twitter.com/wwp96/status/1224415503206244353

baurallc.ml
gadingsllc.cf
/vvd/sab.php

# Reference: https://twitter.com/wwp96/status/1224414499983237120

plosss.com

# Reference: https://twitter.com/wwp96/status/1224415881880621062

saclex.gq

# Reference: https://pastebin.com/5VDXdhPA

airlinecom.tk
babanovex.cf
babatnx.cf
bagariwa.tk
baurallc.ml
butland.cf
butland.gq
championsdeal.cf
champkit.tk
gadinacom.ga
gadinacom.gq
gadinacom.tk
gadinatr.cf
gadinatr.gq
gadinatr.tk
gbajagbaja.cf
gbajagbaja.gq
gbajagbaja.tk
januarytins.ml
juannylift.cf
kutuolog.cf
kutuolog.ga
kutuolog.gq
kutuolog.ml
kutuolog.tk
lilninop.ga
mamado.ml
martirill.ga
nwababy.cf
onyenzoputa.cf
onyenzoputa.ml
onyenzoputa.tk
precisiongmbh.tk
ramdymoore.ml
saffen.ml
simportexx.tk
simpotex.ml
simpotex.tk
sisenor.ml
solouro.ga
solouro.ml
tocheckoru.cf
udejimji.cf
ugomma.gq
ugougo.cf
ukwunkea.ml
unvacsth.gq
unvacsth.ml
unvacsth.tk
uwachukwuu.cf
uwachukwuu.ml
vintaded.ga
wakanduz.cf
wakanduz.ga
wakanduz.gq
webergmbh.ml
webergmbh.tk
/chikala/sab.php
/chikincho/sab.php
/igine/sab.php
/makave/sab.php
/nzubedubai/sab.php
/omega/sab.php
/pope/sab.php
/sabali/sab.php
/sweet/sab.php
/vvd/sab.php
/zanku/sab.php

# Reference: https://app.any.run/tasks/153c9ca2-38d7-46f8-a510-2d6d13fbde4e/

shgshgsndynationalindustrialandgoogledns.duckdns.org

# Reference: https://app.any.run/tasks/4dc538c1-e78e-41fe-b17e-ed9da474ea3c/

cranetechllc.ml
simpotex.ga

# Reference: https://app.any.run/tasks/e61bbc8a-d35d-4316-8232-b7cfd7f14a22/

cokhiquangbien.com

# Reference: https://twitter.com/wwp96/status/1224789442243723265

omabradley.ru

# Reference: https://twitter.com/wwp96/status/1224786717883936775

growyourwealth.cf
powerlinecom.ml
/makave/sab.php

# Reference: https://twitter.com/wwp96/status/1224781788033245191

trouserlanditd.com

# Reference: https://twitter.com/K_N1kolenko/status/1225009464815902720

http://104.223.170.113
http://107.175.150.73
http://198.23.200.241
http://78.142.18.109
about.panjihidayat.web.id
barential.cf
batlxt.org
cv.panjihidayat.web.id
difapackperu.com
everest--sh.com
fiftint.com
gpi-q.com
growyourwealth.cf
lkpswrd.tk
mecharnise.ir
mocdong.com.vn/gx/playbook/onelove/fre.php
omabradley.ru
petroindonesia.co.id
skyoceanshippinq.com
tecon.com.mx
tickerqube.com
trouserlanditd.com
tungyu.cf
u-knlt.com
worldatdoor.in
zeyadigital.com

# Reference: https://twitter.com/Bl4ng3l/status/1224999049880899586

etoro-miners.com

# Reference: https://twitter.com/wwp96/status/1225487541484302336

drkconstrucciones.com

# Reference: https://twitter.com/K_N1kolenko/status/1225784278732214272

euromopy.tech
mirrapl.com
missingandfound.com.my
yullifyne.ml
/v-2/pin.php
/makave/sab.php
/vvd/sab.php
/zanku/sab.php

# Reference: https://twitter.com/wwp96/status/1226945238448713732

serv-node4.top

# Reference: https://www.virustotal.com/gui/domain/ezzy-corp.com/relations

ezzy-corp.com

# Reference: https://twitter.com/wwp96/status/1227267903558496256

abumchukwugi.ga
coretelin.ml

# Reference: https://app.any.run/tasks/904abf72-63a7-4d8c-9be4-d25ca3872cbf/

http://192.3.183.226

# Reference: https://app.any.run/tasks/dce56dd7-e6b6-45e7-9845-9c1da2ac3cbd/

http://46.21.147.207

# Reference: https://twitter.com/K_N1kolenko/status/1227511439176458240
# Reference: https://twitter.com/K_N1kolenko/status/1227511407564001281

http://103.208.86.31
bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php
bdsphatphat.com/.dtt/playbook/onelove/fre.php
ijinwa.ml
innoexpo.tech
jfe-mineral-co.pw
naelele.ga
slnsa.trade
telincore.tk
telincorenw.gq
transmarine.pw
tungyu.cf
/makave/sab.php
/omega/sab.php
/zanku/sab.php

# Reference: https://twitter.com/K_N1kolenko/status/1227925694539337728

digi-sec.top
ijinwa.gq
telincore.gq
matantalbenna.com/.legolass/fine/fre.php  # compromised site
/nzubedubai/sab.php

# Reference: https://twitter.com/wwp96/status/1228000721494315008

beautynams.com

# Reference: https://twitter.com/wwp96/status/1228360824676323328

dfsdfbdz.ml
telincore.ml

# Reference: https://twitter.com/wwp96/status/1228364048917565441

sogamco.com

# Reference: https://twitter.com/wwp96/status/1228357214538170369

workherna.ga

# Reference: https://twitter.com/wwp96/status/1228372948626690048

bantanmanta.cf
loverineta.tk

# Reference: https://twitter.com/reecdeep/status/1229403951675715586

powerlogs.top
taximolinaperu.com

# Reference: https://twitter.com/wwp96/status/1229438993584066562

cokhiquangbien.com

# Reference: https://twitter.com/wwp96/status/1229438428598689792

kdi-kongsberg.com

# Reference: https://twitter.com/wwp96/status/1229448871677485057

193.142.59.88:80

# Reference: https://twitter.com/wwp96/status/1229446037800181760
# Reference: https://twitter.com/_lockhum/status/1229477916234461184

46.21.147.206:80
/primseven/logs/omc.php

# Reference: https://pastebin.com/WWcPxMMU

http://paswordinc.xyz/new/fre.php
http://www.dadatiles.com.au/ju/fre.php
http://192.3.182.247/feblogs/logs/fre.php
http://brokenbrains.xyz/James/fre.php
http://185.126.201.167/~power13/.W0pohss134zCt/fre.php
http://transwesemayra.top/Lokivo/Panel/fre.php
http://taximolinaperu.com/fz/fre.php
http://best-aluminum-co.ml/CORONACUREXXX/fre.php
http://195.206.106.191/hoist3/logs/fre.php
http://wesemayra.top/Lokivo/Panel/fre.php
http://misiondeangeles.com/grace/five/fre.php
http://94.100.18.11/plugman/logs/fre.php
http://46.21.147.206/primseven/logs/fre.php
http://thefieldagent.net/yo/Panel/five/fre.php
http://193.142.59.109/primone/logs/fre.php
http://131.153.22.150/primfour/logs/fre.php
http://sariincofood.co.id/xx/Panel/fre.php
http://mediagift.vn/.ki/playbook/onelove/fre.php
http://masterteknoloji.com/.legolas/legolas/fine/fre.php
http://mecharnise.ir/ca10/fre.php
http://centrehotel.vn/oo/panel/fre.php
http://www.tiltteexx.co/soft/julxx/fre.php
http://pickupmylaundry.co.in/fonts/xfs/xch/fre.php
http://tiltteexx.co/rokzee/kor2/fre.php
http://176.57.70.28/angelo/Panel/five/fre.php
http://getupandcboz.com/mine/fre.php
http://www.biznetvgator.com/hyj/five/fre.php
http://kceeruth.tk/kcee/fre.php
http://www.matantalbenna.com/.legolass/fine/fre.php
http://gassettgroup.com/1/fre,php
http://netfliq.ml/binocular/fre.php
http://promecco.com.tr/nel/five/fre.php
http://sogamco.com/Work6/fre.php
http://empresadeperu.com/bn/fre.php
http://sogamco.com/Work4/fre.php
http://141.105.71.35/sss/fre.php
http://sogamco.com/Work5/fre.php
http://thefieldagent.net/ys/Panel/five/fre.php
http://portalcafecomnoticias.com.br/wp-includes/css/coco/fre.php
http://gentleprlnce.com/CanDyCrUSHXXX/fre.php
http://thefieldagent.net/loki/Panel/five/fre.php
http://epperfums.com/dull/five/fre.php
http://taximolinaperu.com/m/fre.php
http://192.3.183.226/~feragamo/.legolas/fine/fre.php
http://mawa2ef.com/core/five/fre.php
http://mediagift.vn/.bc/playbook/onelove/fre.php
http://blue-airship.com/empire/movement/kingz/fre.php
http://academydea.com/includes/Panel/five/fre.php
http://vlklz.xyz/A1/five/fre.php
http://techcefacos.org/config/Panel/five/fre.php
http://ayoobtextlie.com/cup/five/fre.php
http://ayoobtextlie.com/craks/five/fre.php
http://mckenzai-co.pw/Pablo/fre.php
http://beerberv.com/OPAYREXING/fre.php
http://portalcafecomnoticias.com.br/test/js/Panel/five/fre.php
http://epperfums.com/dino/five/fre.php
http://taximolinaperu.com/cg/fre.php
http://193.142.59.88/primsix/logs/fre.php
http://jfe-mineral-co.pw/Arinze/fre.php
http://petroindonesia.co.id/xxx/xx/Panel/fre.php
http://omabradley.ru/msn/Panel/fre.php
http://omabradley.ru/easyph/Panel/fre.php
http://corpcougar.com/zor/Panel/five/fre.php
http://omabradley.ru/arewaphazzy/Panel/fre.php
http://assemba.co.uk/bk2/Panel/five/fre.php
http://fentlix.com/pl2y/fre.php
http://isysu.net/zb_system/image/logo/good/fre.php
http://transmarine.pw/Pablo/fre.php
http://omabradley.ru/m16/Panel/fre.php
http://myaline.com.pe/img/h/fre.php
http://academydea.com/includes/pollux/Panel/five/fre.php
http://uniquepierce.tech/pdot/support/rslt/fre.php
http://transmarine.pw/Bobby/fre.php
http://blue-airship.com/agutaz/direct/pushin/fre.php
http://febspxi.xyz/P3/five/fre.php
http://slnsa.trade/Work3/fre.php
http://fentlix.com/onev/fre.php
http://slnsa.trade/Work7/fre.php
http://103.208.86.31/y/fre.php
http://jfe-mineral-co.pw/Chukwuka/fre.php
http://46.21.147.207/primeight/logs/fre.php
http://sariincofood.co.id/no/Panel/fre.php
http://184.164.142.217/primthree/logs/fre.php
http://184.164.142.213/primtwo/logs/fre.php
http://indiatoursntravels.in/cc/Panel/fre.php
http://37.220.0.11/primone/logs/fre.php
http://trailer.co.za/cg-wpi/Panel/five/fre.php
http://5.152.210.188/primfour/logs/fre.php
http://kimstar.com.vn/.tx/tx/playbook/onelove/fre.php
http://slnsa.trade/Work5/fre.php
http://innoexpo.tech/product/perf/Inc/fre.php
http://131.153.22.142/rokstwo/logs/fre.php
http://jfe-mineral-co.pw/Broken/fre.php
http://198.23.200.241/~power13/.swoexizp/fre.php
http://198.23.200.241/~power13/.firoxispz/fre.php
http://klickus.com/okye/Panel/five/fre.php
http://slnsa.trade/Work1/fre.php
http://slnsa.trade/Work8/fre.php
http://myaline.com.pe/nn/fre.php
http://corpcougar.com/nedu/Panel/five/fre.php
http://papelestecnicos.com.pe/vb/fre.php
http://empresadeperu.com/ved/fre.php
http://beerberv.com/SAMMYWAHALA/fre.php
http://empresadeperu.com/vv/fre.php
http://trailer.co.za/wp-cgi/Panel/five/fre.php
http://klickus.com/gozie/Panel/five/fre.php
http://klickus.com/cjay/Panel/five/fre.php
http://185.56.137.99/primfive/logs/fre.php
http://131.153.22.219/primsix/logs/fre.php
http://adminfixpop3settings.com/vkay/five/fre.php
http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php
http://karmar.com.au/wp-admin/css/colors/coffee/fre.php
http://borrdrillling.com/danb/five/fre.php
http://omabradley.ru/agwo/Panel/fre.php
http://forlinkserver.com//parl/id2244/fre.php
http://mellle.com/ses/Panel/fre.php
http://trouserlanditd.com/dark/five/fre.php
http://emesterul.ro/css/ok/fre.php
http://vlklz.xyz/Atoz/five/fre.php
http://198.23.200.241/~power13/.pRciyzfi/fre.php
http://centrehotel.vn/ss/Panel/fre.php
http://vcntq.ga/Mercy/five/fre.php
http://rlxivz.ga/SV3/five/fre.php
http://193.142.59.96/africa/logs/fre.php
http://198.23.200.241/~power13/.xoiaxozp/fre.php
http://etoro-miners.com/bird/five/fre.php
http://198.23.200.241/~power13/.sopawqo/fre.php
http://bdsphatphat.com/.dtt/playbook/onelove/fre.php
http://198.23.200.241/~power13/.gvuxosacy/fre.php
http://indiatoursntravels.in/oo/Panel/fre.php
http://107.175.150.73/~giftioz/.fkligxrzi/fre.php
http://oasischandigarh.com/wp-admin/js/widgets/Panel/five/fre.php
http://trailer.co.za/bin/Panel/five/fre.php
http://febtrxp.xyz/P4/five/fre.php
http://febvnxp.xyz/P4/five/fre.php
http://198.23.200.241/~power13/.xwospaxi/fre.php
http://xgkxc.xyz/P4/five/fre.php
http://www.worldatdoor.in/panel2/Panel/five/fre.php
http://liderazgocristoforo.org/n/fre.php
http://198.23.200.241/~power13/.sixnrpq/fre.php
http://hanmha.com/drunk/five/fre.php
http://rlxivz.tk/SV2/five/fre.php
http://198.23.200.241/~power13/.goxizmsxir/fre.php
http://datedi.icu/hoist1/logs/fre.php
http://mikeservers.eu/kings/five/fre.php
http://104.223.170.113/Silkop/Panel/five/fre.php
http://euromopy.tech/etty/black/download/fre.php
http://borrdrillling.com/luckyadmin/five/fre.php
http://expertisem.net/empire/movement/kingz/fre.php
http://blastforcleaningservices.com/fonts/panel/fre.php
http://etoro-miners.com/gate/five/fre.php
http://mecharnise.ir/ca11/fre.php
http://mkplogistics.co.id/oo/Panel/fre.php
http://mkplogistics.co.id/aa/Panel/fre.php
http://liderazgocristoforo.org/g/fre.php
http://centrehotel.vn/cc/Panel/fre.php
http://u-knlt.com/Bobby/fre.php
http://missingandfound.com.my/kv/Panel/fre.php
http://u-knlt.com/Pablo/fre.php
http://trouserlanditd.com/dabs/five/fre.php
http://everest--sh.com/coco/five/fre.php
http://gpi-q.com/cake/five/fre.php
http://trailer.co.za/wp-index/Panel/five/fre.php
http://198.23.200.241/~power13/.zipxzios/fre.php
http://tungyu.cf/CROWNEDPRINCE/fre.php
http://esenciamaya.com/leo/five/fre.php
http://saclex.gq/flabs/fre.php
http://5.196.123.14/yg/Panel/fre.php
http://omabradley.ru/smik/Panel/fre.php
http://mirrapl.com/big/Panel/fre.php
http://funerariapracadabandeira.com.br/include/Panel/five/fre.php
http://printystore.com.pe/img/lop/fre.php
http://printystore.com.pe/js/v/fre.php
http://66.85.173.45/africa/logs/fre.php
http://xlkz.xyz/P4/five/fre.php
http://5.152.210.181/roksone/logs/fre.php
http://103.70.137.123:82/five/fre.php
http://noniwire7.website/Work4/fre.php
http://107.175.150.73/~giftioz/.shptioixmaz/fre.php
http://centrehotel.vn/oo/Panel/fre.php
http://noniwire7.website/Work5/fre.php
http://drkconstrucciones.com/v/fre.php
http://trouserlanditd.com/didi/five/fre.php
http://xigkxc.xyz/Atoz/five/fre.php
http://193.142.59.7/hoist3/logs/fre.php
http://missingandfound.com.my/mba/Panel/fre.php
http://espoirpharmaceutical.com/includes/Panel/five/fre.php
http://missingandfound.com.my/bb/Panel/fre.php
http://terayu.tk/irkk/fre.php
http://unrrwa.org/rich/Panel/fre.php
http://hanmha.com/dope/five/fre.php
http://precisiongmbh.cf/kboss/fre.php
http://hanmha.com/duck/five/fre.php
http://hanmha.com/divide/five/fre.php
http://printystore.com.pe/img/hu/fre.php
http://kdi-kongsberg.com/stan/Panel/fre.php
http://217.64.114.179/africa/logs/fre.php
http://hedsoni.com/jahbless/fre.php
http://mediceldl.com/Broken/fre.php
http://tickerqube.com/Loki2020/fre.php
http://lethatch.se/nelpa/five/fre.php
http://tresolutionsdr.com/CHK/five/fre.php
http://missingandfound.com.my/urch/Panel/fre.php
http://trailer.co.za/wp-adon/Panel/five/fre.php
http://78.142.18.109/jaydee/logs/fre.php
http://serviciotecnicoenlima.com/js/g/fre.php
http://xecogioisg.com/go/playbook/onelove/fre.php
http://gimhon.ml/kcyi/fre.php
http://omabradley.ru/kiriko/Panel/fre.php
http://difapackperu.com/n/fre.php
http://tecon.com.mx/onye/five/fre.php
http://198.23.200.241/~power13/.xjksapxiz/fre.php
http://gpi-q.com/cup/five/fre.php
http://sino-spriulina.com/demo1/Panel/fre.php
http://aikchimhin.com/walterXXXX/fre.php
http://trouserlanditd.com/data/five/fre.php
http://107.175.150.73/~giftioz/.notoxo/fre.php
http://mediceldl.com/David/fre.php
http://everest--sh.com/cream/five/fre.php
http://mediceldl.com/Bobby/fre.php
http://duprcxoffshore.com/yaas/fre.php
http://everest--sh.com/click/five/fre.php
http://107.175.150.73/~giftioz/.fsabljkxioaxo/fre.php
http://corpcougar.com/buggy/Panel/five/fre.php
http://gpi-q.com/copy/five/fre.php
http://mediceldl.com/Pablo/fre.php
http://borrdrillling.com/lokiadmin/five/fre.php
http://198.23.200.241/~power13/.xoiaspxo/fre.php
http://cokhiquangbien.com/.jx/playbook/onelove/fre.php
http://omabradley.ru/garuba/Panel/fre.php
http://expertisem.net/agutaz/direct/pushin/fre.php
http://193.142.59.107/africa/logs/fre.php
http://cleaning-hygiene.com/kay/Panel/five/fre.php
http://perfectelectricalsolution.com/css/bb/Panel/fre.php
http://brokenskul.xyz/Bobby/fre.php
http://gpi-q.com/craks/five/fre.php
http://trouserlanditd.com/drug/five/fre.php
http://trouserlanditd.com/draw/five/fre.php
http://gpi-q.com/cutter/five/fre.php
http://petroindonesia.co.id/xx/Panel/fre.php
http://omabradley.ru/ekene/Panel/fre.php
http://petroindonesia.co.id/admin/Panel/fre.php
http://trailer.co.za/cgi/Panel/five/fre.php
http://gpi-q.com/clean/five/fre.php
http://everest--sh.com/cola/five/fre.php
http://amotach-cn.com/DOTNETXXX/fre.php
http://gpi-q.com/clap/five/fre.php
http://uniformescorporativosperu.com/catalogopw/g/fre.php
http://uniformescorporativosperu.com/imgdamas/faldas/j/fre.php
http://ecoorganic.co/Work8/fre.php
http://euromopy.tech/rosemond/backup/dataz/fre.php
http://89.249.65.212/africa/logs/fre.php
http://uwhfdsndcjdn.ml/chikafams/fre.php
http://zeyadigital.com/etty/black/download/fre.php
http://hanmha.com/deal/five/fre.php
http://petroindonesia.co.id/ss/Panel/fre.php
http://stampilam.ro/axe/five/fre.php
http://securesharing.top/Lokivo/Panel/five/fre.php
http://107.175.150.73/~giftioz/.vodojik/fre.php
http://everest--sh.com/clock/five/fre.php
http://aivazidis.gq/mad-ooo/fre.php
http://grensena.tk/kboss/fre.php
http://107.175.150.73/~giftioz/.myprolokip/fre.php
http://drop-box.top/Lokivo/Panel/five/fre.php
http://pipermode.com/agutaz/direct/pushin/fre.php
http://defacci22.net/rosemond/backup/dataz/fre.php
http://perfectelectricalsolution.com/mb/panel/fre.php
http://sino-spriulina.com/demo/Panel/fre.php
http://brokenskul.xyz/Broken/fre.php
http://cleaning-hygiene.com/bab/Panel/five/fre.php
http://ecoorganic.co/Work2/fre.php
http://ecoorganic.co/Work4/fre.php
http://aladebtrading.com/loki/Panel/fre.php
http://sccslink.xyz/P5/five/fre.php
http://ecoorganic.co/Work7/fre.php
http://ecoorganic.co/Work1/fre.php
http://somafe.dz/zmnko/five/fre.php
http://corpcougar.com/bin/Panel/five/fre.php
http://himkon.cf/kcyi/fre.php
http://107.175.150.73/~giftioz/.ASlxkaDx8x/fre.php
http://107.175.150.73/~giftioz/.xozizuxoze/fre.php
http://institutdemathologie.fr/GO/ve/fre.php
http://altoinfor.co/base/fre.php
http://softtouchcollars.com/Loki/Panel/five/fre.php
http://107.175.150.73/~giftioz/.suxozisxfi/fre.php
http://104.223.170.113/dsikio/Panel/five/fre.php
http://dongthanhcompany.vn/.ox/playbook/onelove/fre.php
http://heartychern.com/deal/five/fre.php
http://192.210.238.10/five/fre.php
http://193.142.59.3/teejay/logs/fre.php
http://perfectelectricalsolution.com/bb/Panel/fre.php
http://kimstar.com.vn/.tx/playbook/onelove/fre.php
http://193.142.59.98/africa/logs/fre.php
http://xylanperu.com/op/fre.php
http://petroindonesia.co.id/cgi-bin/cc/Panel/fre.php
http://107.175.150.73/~giftioz/.ciiiiiiric/fre.php
http://seguridadindustrialujan.com/hu/fre.php
http://seguridadindustrialujan.com/jii/fre.php
http://docupubfilesretrieve.com/sp/five/fre.php
http://thaubenuocngam.com/go/playbook/onelove/fre.php
http://buasang5sao.com/Panel/five/fre.php
http://107.152.36.110/GhosTHunTerX/fre.php
http://bollorre.pw/Work4/fre.php
http://bollorre.pw/Work5/fre.php
http://oaa-my.com/copy/five/fre.php
http://xgkixc.xyz/Atoz/five/fre.php
http://plosss.com/lok/Panel/fre.php
http://molmarsl.com/leks/five/fre.php
http://assemba.co.uk/mk/Panel/five/fre.php
http://byedtronchgroup.yt/jik/Panel/five/fre.php
http://192.210.238.10/emmy/fre.php
http://iplusvietnam.com.vn/jo/playbook/onelove/fre.php
http://xecogioisg.com/mx/playbook/onelove/fre.php
http://bollorre.pw/Work6/fre.php
http://tbt-sceitech.com/coco/five/fre.php
http://107.175.150.73/~giftioz/.xotorsvi/fre.php
http://sino-spriulina.com/Panel/fre.php
http://107.175.150.73/~giftioz/.vorokimovi/fre.php
http://107.175.150.73/~giftioz/.coterzio/fre.php
http://sccslink.xyz/P4/five/fre.php
http://uwhfdsndcjdn.tk/evawater/fre.php
http://107.175.150.73/~giftioz/.dycosmxiz/fre.php
http://about.panjihidayat.web.id/cc/Panel/fre.php
http://193.142.59.89/africa/logs/fre.php
http://asi1.ir/sch/five/fre.php
http://protestlabsmovings.es/blender/Panel/five/fre.php
http://w-tranz.club/game/luxx/fre.php
http://rohockey.ro/wp-content/five/fre.php
http://107.175.150.73/~giftioz/.fodoixz/fre.php
http://chol.cc/Work2/fre.php
http://chol.cc/Work1/fre.php
http://107.175.150.73/~giftioz/.cotolier/fre.php
http://107.175.150.73/~giftioz/.dsabkjczpxzo/fre.php
http://107.175.150.73/~giftioz/.vogofis/fre.php
http://snodrite.pw/tipe/hope/fre.php
http://zoncline.club/stud/hace/fre.php
http://fvrlink.online/P2/five/fre.php
http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/fre.php
http://ma.co.ir/huu/fre.php
http://alwaysdelivery.xyz/five/fre.php
http://www.traz.ir/erqzxewqrtyacxz/five/fre.php
http://worldatdoor.in/lewis/Panel/five/fre.php
http://107.175.150.73/~giftioz/.jorosin/fre.php
http://superson-com.cc/Bobby/fre.php
http://oaa-my.com/clean/five/fre.php
http://deliveryexpressworld.xyz/five/fre.php
http://sccslink.online/P3/five/fre.php
http://govirtual.ga/targets/fre.php
http://chol.cc/Work4/fre.php
http://cleaning-hygiene.com/bin/Panel/five/fre.php
http://apexsourcingltd.com/maka/emmy/fre.php
http://107.175.150.73/~giftioz/.zozoas/fre.php
http://vlkl.xyz/Atoz/five/fre.php
http://107.175.150.73/~giftioz/.lokijisi/fre.php
http://107.175.150.73/~giftioz/.kobovoih/fre.php
http://fvrlink.xyz/P1/five/fre.php
http://digi-sec.top/lokivo/Panel/five/fre.php
http://deliciasdvally.com.pe/includes/gter/fre.php
http://krompres.tk/loki/Panel/five/fre.php
http://piscinasaguamarinha.com.br/moon/five/fre.php
http://mecharnise.ir/ca3/fre.php
http://penworkresearch.com/app/five/fre.php
http://difapackperu.com/fg/fre.php
http://brodam.ro/rtc/five/fre.php
http://chol.cc/Work3/fre.php
http://leakaryadeen.com/parl/id345/fre.php
http://107.175.150.73/~giftioz/.ckyfdgxo/fre.php
http://pehledinekam.com/amey/fre.php
http://noithathoanggia.net.vn/jo/playbook/onelove/fre.php
http://chol.cc/Work5/fre.php
http://pur-ant.club/page/gain/fre.php
http://107.175.150.73/~giftioz/.sfaojaxz/fre.php
http://agrabahd.ga/locale/fre.php
http://afas-kr.com/drug/five/fre.php
http://cast-den.pw/cape/spot/fre.php
http://107.175.150.73/~giftioz/.pojonv/fre.php
http://about.panjihidayat.web.id/aa/Panel/fre.php
http://ivad.com.vn/go/playbook/onelove/fre.php
http://mocdong.com.vn/gx/playbook/onelove/fre.php
http://omabradley.ru/china20/Panel/fre.php
http://getvision2020.net/etty/black/download/fre.php
http://ht-electric.dz/qatar/five/fre.php
http://107.175.150.73/~giftioz/.zohohov/fre.php
http://mecharnise.ir/ca6/fre.php
http://noithathoanggia.net.vn/kk/playbook/onelove/fre.php
http://nan5.ir/jty/fre.php
http://southeasterncontractingco.com/jo/panel/five/fre.php
http://178.17.170.6/five/fre.php
http://107.175.150.73/~giftioz/.tororo/fre.php

# Reference: https://app.any.run/tasks/ed92457b-1989-490b-86d6-80392502143f/

http://107.189.10.150/Pi2/
martiq.org

# Reference: https://app.any.run/tasks/62e6801e-cabb-4cf7-af74-0cc2e9997080/
# Reference: https://www.virustotal.com/gui/ip-address/107.175.150.73/relations

chnthreewealthsndy3andreinforcementagenc.duckdns.org
http://107.175.150.73/~giftioz/

# Reference: https://app.any.run/tasks/32270993-012f-4ec8-a88f-119917767e7d/

epperfums.com

# Reference: https://app.any.run/tasks/1376f2cb-7008-4840-9df3-a54be7c75fd1/

sndy2kungglobalinvestmentgooglednsaddres.duckdns.org

# Reference: https://twitter.com/wwp96/status/1229809833521614849

brokenhead.xyz

# Reference: https://twitter.com/wwp96/status/1230208744824410113

bdzdfsdf.gq

# Reference: https://twitter.com/wwp96/status/1230209217015025666

fdjshe.tk

# Reference: https://twitter.com/wwp96/status/1230213776521269249

shefdj.cf

# Reference: https://twitter.com/wwp96/status/1230220429832445953

bdzdfsdf.cf

# Reference: https://app.any.run/tasks/3b425f86-5b45-413b-82ce-94572bc89f77/

desertfox.ru

# Reference: https://twitter.com/Bl4ng3l/status/1230429843118006273

zdwallcoveing.com

# Reference: https://twitter.com/wwp96/status/1230546137427435520

matantalbenna.com/.legolass/fine/fre.php

# Reference: https://app.any.run/tasks/9cfa85fa-ed4e-4629-a2bc-98aa095bbd29/

duclongetc.com

# Reference: https://app.any.run/tasks/0579bdb6-a14f-458f-80c3-222c5c251cec/

atlasdecarqo.com

# Reference: https://app.any.run/tasks/7890bc79-567c-403b-be23-19e52c91664f/

naourl.com

# Reference: https://app.any.run/tasks/156ee10c-d61a-478e-b0b7-b8088ee4d0d1/

http://198.12.125.130/~axsonipc/

# Reference: https://twitter.com/wwp96/status/1232400592787693568

hergyi.com

# Reference: https://twitter.com/wwp96/status/1232394253118115848
# Reference: https://app.any.run/tasks/4750d11b-76c7-46c8-820f-fe87e6159117/

febspxii.xyz

# Reference: https://app.any.run/tasks/fef43720-c2c0-4305-8697-0b2637c44db9/

sisiinno.tech

# Reference: https://app.any.run/tasks/08c78083-b2f6-4c61-90c7-6fc4c0291226/

vivalingard.gq
vivalingard.cf

# Reference: https://app.any.run/tasks/9fbcb0ae-61c8-42b0-8314-adf7202a8a45/

falcontension.tech

# Reference: https://app.any.run/tasks/71fb5323-5556-4b24-90b3-c835d0d095a9/

missingandfound.com.my/prin/Panel/fre.php

# Reference: https://app.any.run/tasks/be2aca26-f021-4a7c-8f9e-8a536549eafd/

blog.huangyang.cc/goziiu/
klickus.com/gozie/Panel/five/fre.php

# Reference: https://app.any.run/tasks/6145a1fc-6bcf-42e5-b3bb-9d4830fb738b/

doqantekstil.com

# Reference: https://app.any.run/tasks/d46ce8df-0f19-40c7-97bd-7ca23c6360a1/

http://107.175.150.73/~giftioz/

# Reference: https://app.any.run/tasks/1248ab72-b0de-4ebc-af9e-3b6f68a70d86/

epperfums.com

# Reference: https://app.any.run/tasks/cc714b2d-7440-45c4-a70e-e25ad256dd27/

nileloqistics.com

# Reference: https://any.run/report/7767c2ec0369f22b90a0edb03260057b834195b6a5d12d67fa26e28ac2e6933a/4c4433cd-e9c7-46bc-bebf-c88a90b36bff

expertswebservices.com

# Reference: https://www.virustotal.com/gui/domain/aquavictus.hr/relations

aquavictus.hr/img/panel/index.php
aquavictus.hr/ap/Panel/index.php
aquavictus.hr/mkk/Panel/five/fre.php

# Reference: https://app.any.run/tasks/2cf293f3-2994-483d-adfe-7f5988288cae/

http://198.23.148.71

# Reference: https://twitter.com/K_N1kolenko/status/1234817078458290176

academydea.com/noni/Panel/five/fre.php
imperiaskygarden.net/.wp-admini/wp-admini1/wp-admini2/fre.php
lucianogroup.xyz
sonqan-vn.com
topuogodo.ga
wesemayra.top

# Reference: https://twitter.com/wwp96/status/1234946520329445378

kdhema.ga
topuogodo.ml

# Reference: https://app.any.run/tasks/58554586-a4b7-4586-b7b1-cc8f86f0caa8/

vnn-nv.com

# Reference: https://app.any.run/tasks/40f44fdd-5eeb-41b1-98b3-bfc102ee0865/

altamonteorators.com/images/images/Panel/five/fre.php

# Reference: https://app.any.run/tasks/6b80811c-c9f7-43c5-aab1-d4a1eb8cd54f/

tailuong.com.vn/.xxx/playbook/onelove/fre.php

# Reference: https://app.any.run/tasks/9194de26-2044-405c-be7c-340e4da5dd83/

worldatdoor.in/lewis1/Panel/five/fre.php

# Reference: https://app.any.run/tasks/eedcbfc1-89e0-49f4-8fa9-b7cbb9afc577/

gorillahikeafrica.com/wp-includes/images/img/five/fre.php

# Reference: https://app.any.run/tasks/e2412cb7-33cc-4e57-87c2-44e8c79e7edd/

pmw-ch.com

# Reference: https://www.virustotal.com/gui/file/4a0e276b4730abd7ee51cf8876d25cd3928321acbb39d6d5f0e2fa8138312e2d/behavior/Dr.Web%20vxCube

topuogodo.cf
drakum.ml

# Reference: https://twitter.com/casual_malware/status/1235189716917645312

mmanueud.cf
topuogodo.ga

# Reference: https://twitter.com/wwp96/status/1234938182208278529

hockvvee.com

# Reference: https://twitter.com/wwp96/status/1234567430900535297

lieshitextile.com

# Reference: https://www.virustotal.com/gui/ip-address/91.215.169.70/relations

pmw-ch.com
vnn-nv.com
cpf-th.com
solefex.com

# Reference: https://twitter.com/wwp96/status/1235248119354478595

vnn-nv.com

# Reference: https://app.any.run/tasks/2cfba30b-91b9-4827-ba96-e3dfb4d71b9e/

http://193.142.59.22/jaydee/logs/fre.php

# Reference: https://app.any.run/tasks/a6d64f54-c294-49eb-82e6-f952777d80bb/

http://107.175.150.73/~giftioz/.dxuz/fre.php

# Generic (callback) paths
# Reference: https://twitter.com/hexlax/status/1157657573790814208
# Reference: https://pastebin.com/LHJrNpnV
# Reference: https://pastebin.com/wHV90Sc2
# Reference: https://twitter.com/P3pperP0tts/status/1185096874241548291
# Reference: https://twitter.com/P3pperP0tts/status/1185096537271164928

/0110/s/cat.php
/0110/s/desk.php
/092j/7/cat.php
/092j/7/desk.php
/0sc9/cat.php
/l3y0/cat.php
/200/zc-b/cat.php
/200/zc-b/desk.php
/2leek/cat.php
/50-red/cat.php
/500two/cat.php
/52006/link.php
/atz/link.php
/ch/link.php
/hol/1/cat.php
/hol/1/desk.php
/humb/1/cat.php
/humb/1/desk.php
/igine/sabali.php
/jes/link.php
/key/link.php
/chri1/cgi.php
/fbm/encode.php
/ka22/cat.php
/makave/sabali.php
/st3ph/cat.php
/umgo2/cat.php
/sail/cat.php
/seems/cat.php
/slek-b/cat.php
/vh/630/cat.php
/vh/630/desk.php
/3sx0z2.php
/45_76_8.php
/AklDq9M1n_a.php
/BobBy929BSx_A_D_M1n_a.php
/BobDq929BSx_A_D_M1n_a.php
/ChiNa929BSx_A_D_M1n_a.php
/CvqDq929BSx_A_D_M1n_a.php
/DaqDq929BSx_A_D_M1n_a.php
/EvqTq939BSx_B_D_D1p_a.php
/IkeNn929BSx_A_D_M1n_a.php
/KelDq929BSx_A_D_M1n_a.php
/KelEc929BSx_A_D_M1n_a.php
/KelEh929BSx_A_D_M1n_a.php
/KenDq929BSx_A_D_M1n_a.php
/Natyyx_A_D_M4n_a.php
/NonYe929BSx_A_D_M1n_a.php
/ObiNn929BSx_A_D_M1n_a.php
/PceHq925BSx_L_B_M1n_a.php
/PrCm98ArhvF_A_K_M2n_a.php
/Pvq929sM1n_a.php
/PvqDNINo_M1n_a.php
/PvqDerereA_D_M1n_a.php
/PvqDq929BSx_A_D_M1n_a.php
/PvqDq92allin_a.php
/PvqDq92nat1n_a.php
/PvqDq9MAxxxoloa.php
/PvqDq9ohhho_a.php
/SliDq929BSx_A_D_M1n_a.php
/SlqDq929BSx_A_D_M1n_a.php
/SomAq929BSx_A_D_M1n_a.php
/SsgDq929BSx_A_D_M1n_a.php
/SsqDq929BSx_A_D_M1n_a.php
/StaDq929BSx_A_D_M1n_a.php
/StaRm929BSx_A_D_M1n_a.php
/StaRq929BSx_A_D_M1n_a.php
/TryNdie.php
/Ttq929BSx_A_X_M11n_a.php
/UpDated_X_T_N1q_a.php
/VirGi929BSx_A_D_M1n_a.php
/graceofgod-favour.php
/okwy_A_D_server.php
/panel_jee.php

# Reference: https://twitter.com/wwp96/status/1235606545771175943

site-inspection.com

# Reference: https://twitter.com/wwp96/status/1235976467215011841

fllxprint.com

# Reference: https://twitter.com/wwp96/status/1236012534534213632

yal1am.com

# Reference: https://twitter.com/wwp96/status/1236016958564372482

http://192.3.204.226

# Reference: https://twitter.com/wwp96/status/1236018276909690884

halloway.ru

# Reference: https://app.any.run/tasks/461c4d7b-f11c-45eb-b5bf-7c0aefbfe24d/

damagedskull.xyz

# Reference: https://app.any.run/tasks/faeeb41c-fe3a-4165-b65d-eba3d49bcfda/
# Reference: https://app.any.run/tasks/ebe2f251-79c3-403a-87c0-4882f0765e19/

posqit.net
martiq.org
didxbooks.com

# Reference: https://app.any.run/tasks/e0296815-ebdf-43ce-87c3-22fabbaa4f07/

http://67.43.224.151

# Reference: https://pastebin.com/vMc4ATVq
# Reference: https://app.any.run/tasks/58c77ed3-4d5a-4816-8422-bfcc0cf9bd12/

http://141.105.71.126
http://23.95.132.48
bibpap.com

# Reference: https://twitter.com/wwp96/status/1237138658404294657

snxmrch.xyz

# Reference: https://twitter.com/wwp96/status/1237141226350096386

fitrtefast.com

# Reference: https://app.any.run/tasks/422168f9-9d03-49dc-827e-51ec179b296f/

onllygooodam.com

# Reference: https://twitter.com/wwp96/status/1237808235689762818 

fucksars.xyz

# Reference: http://cybercrime-tracker.net/index.php?search=turasogutmas.com
# Reference: https://app.any.run/tasks/b67fc2b1-2b6b-49f0-abb4-d2e94703bad9/

turasogutmas.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1238073558326292480

castrologs.xyz

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0306-0313.html (# Win.Malware.Ursu-7610305-0)

abizima.gq
forza-lindelof.cf
forza-lindelof.ga
forza-maguire.cf
forzalindelof.ml
forzamaguire.ga
forzamaguire.ml
forzamaguire.tk
global-solution.gq
mabelis.cf
nomnyz.cf
nomnyz.ga
radiomar.cf
somaplast.cf
somaplast.ga
yanguz.cf

# Reference: https://twitter.com/James_inthe_box/status/1239577931195662338

seacrafts.ru

# Reference: https://app.any.run/tasks/5900bea3-b146-4982-94bb-023e082dfe13/

anoroc.ru

# Reference: https://app.any.run/tasks/a94b863f-caec-4f26-ac3f-6ac55575456b/

cpf-th.com

# Reference: https://app.any.run/tasks/15d7e6c5-0078-4d61-be32-af531fcb932b/

pyungz.org

# Reference: https://app.any.run/tasks/fcee8e0c-120d-417a-96bb-489a5d5be106/
# Reference: https://app.any.run/tasks/3aca1800-6fc0-4c4a-a8f4-a9bd4b03169f/
# Reference: https://app.any.run/tasks/22e3ec37-4972-4ef1-aa53-e94c082cb7e4/

russchine2specialstdy2plumbingmaterialgh.duckdns.org
http://23.95.132.48/~main/

# Reference: https://app.any.run/tasks/51111254-4c18-4627-bdd2-5216a4c85bab/

greenelectronicsandkitchen10apliancestdy.duckdns.org
asia-maap.com

# Reference: https://app.any.run/tasks/cd98661a-75f9-4900-8d02-59275e05e4a6/
# Reference: https://app.any.run/tasks/196ba7fa-9850-4c4f-9b9a-e19fc4c72b86/

castmart.ga

# Reference: https://app.any.run/tasks/bfc65c50-f43c-41d7-8ba4-febf6ccc7eea/

byedtronchgroup.yt
http://104.223.170.93/jore/Panel/five/fre.php

# Reference: https://app.any.run/tasks/80cab2e3-1373-4479-a8e0-0f079ec5757e/

hgmatal.com

# Reference: https://twitter.com/bit_dam/status/1242553127548735488

/1g7/pin.php

# Reference: https://www.virustotal.com/gui/domain/fuly-lucky.com/relations

fuly-lucky.com

# Reference: https://www.virustotal.com/gui/file/564121a4958991dcbdd3cbd18ae899c960c2f633decb3dfff09ca0a9abc3338f/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/9e7bfbe18c5482f6967dfd30d79dd92679167ee400f9bd525737ee83842754c5/behavior/Dr.Web%20vxCube

http://77.81.121.20/~kukddoco/

# Reference: https://twitter.com/K_N1kolenko/status/1235896986659889153

http://185.94.191.8
http://193.142.59.2
aliminksrl.cf
assemba.co.uk/jpg/five/fre.php
centrehotel.vn/wp-admin/user/cc/Panel/fre.php
fitrtefast.com

# Reference: https://twitter.com/JayTHL/status/1245781548776947717

parisgranhotels.ga

# Reference: https://twitter.com/_lockhum/status/1239596021778448384

xpologistics.ga

# Reference: https://pastebin.com/jd2T3CeC
# Reference: https://www.virustotal.com/gui/ip-address/185.126.202.111/relations

http://185.126.202.111
/.ku/sj'x.php

# Reference: https://www.virustotal.com/gui/url/07e950cfaf51929eba8128986f4d2a704b6da6ee773a6826cd592d5dace13081/detection

orderhrf.info

# Reference: https://pastebin.com/zQD12eKq

jinglejinglen.sytes.net

# Reference: https://app.any.run/tasks/fc9b4808-e1ee-4c09-835d-512690fbba60/

brokenme.xyz

# Reference: https://twitter.com/jcarndt/status/1250094793558036480
# Reference: https://app.any.run/tasks/854f4157-cb4c-4aa1-b1bc-ceea2e17b4fa/

http://198.23.200.239
stdy3frndgreencreamcostmeticsbabystored.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1253013042557849602

iranssp.ir

# Reference: https://twitter.com/Bl4ng3l/status/1253681108304232455

alforcargo.com

# Reference: https://twitter.com/DynamicAnalysis/status/1253740533186527234

15wsdychneswealthandmoduleorganisationcv.duckdns.org
avertonbullk.com

# Reference: https://twitter.com/Bl4ng3l/status/1254779727442665472

oneflextiank.com

# Reference: https://twitter.com/jorgemieres/status/1254791348445515783

i-bss.com
pyv.cl

# Reference: https://twitter.com/James_inthe_box/status/1255496095586713606

nicecars.com.ar/mine/Panel/five/fre.php

# Reference: https://www.virustotal.com/gui/domain/obimmaa.ir/relations

obimmaa.ir

# Reference: https://app.any.run/tasks/a7d1e0c4-3672-4b1e-a226-eeeae7f2eda7/

victorlascos.tech

# Reference: https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/loki-info-stealer-propagates-through-lzh-files
# Reference: https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/loki-delivered-as-cab-file-attachment
# Reference: https://otx.alienvault.com/pulse/5eb18e3eefd6849508bbfbf4
# Reference: https://www.virustotal.com/gui/domain/retrak.co.ke/relations

retrak.co.ke/psy/five/fre.php
retrak.co.ke/wrdp/five/fre.php
retrak.co.ke/wrdp4/five/fre.php

# Reference: https://twitter.com/Racco42/status/1259780193142616065

evervisionicd.com
vitecqroup.com

# Reference: https://twitter.com/Bl4ng3l/status/1260481607200395264

beesco.net

# Reference: https://twitter.com/malwrhunterteam/status/1260927561166553089

gllnar.com

# Reference: https://app.any.run/tasks/948b2be1-45ec-4945-bc1b-e7c340b70053/

suckadick.website

# Reference: https://twitter.com/malwrhunterteam/status/1261550904773402626

attlogistics-vn.com

# Reference: https://twitter.com/James_inthe_box/status/1262383816724959233

abass.ir

# Reference: https://twitter.com/James_inthe_box/status/1262742262968020994
# Reference: https://app.any.run/tasks/a03db040-fc61-416e-b178-61a8b15dddc8/

achbiz.xyz
mecharnise.ir
opilacorp-bd.com

# Reference: https://twitter.com/reecdeep/status/1263123147517239297

shehig.com

# Reference: http://tracker.viriback.com/dump.php (2020-02-29)

# Reference: https://twitter.com/malwrhunterteam/status/1263421500142518279

maylnk.ml

# Reference: https://twitter.com/ScarletSharkSec/status/1268202304995557378

1filesharing.ga

# Reference: https://pastebin.com/FEP38DaR

zangs.ga

# Reference: https://pastebin.com/ZfiFFaaU

b2bseller.ga
medfinals.co.uk

# Reference: https://app.any.run/tasks/325bf778-36b5-45c0-96ff-755f9cc0b1c1/

primalfoodsqroup.com

# Reference: https://pastebin.com/4pZn49kK

skullisland.gq

# Reference: https://twitter.com/JCyberSec_/status/1272561016853991424

remote1.ga

# Reference: https://twitter.com/malware_traffic/status/1272577932783947777

crogtrt.com

# Reference: https://www.virustotal.com/gui/file/f5f343318832ad44e43a225a1b454d54ccbedfa4e6447c6467869b90c0e92e52/detection

http://31.220.2.200

# Reference: https://www.virustotal.com/gui/file/d2857b888fbab6dc4e36c403e86f39fedee428ba5ed45b28b8f99e59fb93ff58/detection

http://104.223.170.102

# Reference: https://twitter.com/JAMESWT_MHT/status/1275079040773189634
# Reference: https://app.any.run/tasks/212e514b-3f3d-4177-88ba-f242e081781d/

nnasout.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

http://193.142.59.169
apoxnew.com
bchicct.com
broken2.cf
broken3.cf
broken4.cf
broken5.cf
broken6.cf
broken7.cf
broken8.cf
broken9.cf
broken10.cf
brokenservices.xyz
bubuyayatoolslog.ir
capital-sd.com
clemglobal.com
deloilte.com
ducatl.com
eocaenlogistics.com
furnituresales.ir
hazelmayclothing.com
idehados.com.ar
jastex.info
just-in-timelog.com
lapphoungshoes.com
mahetechasia.com
orangetoolzdemo.com
orthopaedix.com.au
psqdover.com
rnarport.com
sdgengtie.com
skull247.cf
skull3.ga
skullisland.tk
spqlobal.info
taksamall.ir
taruntextlies.com
tehranfish.ir
toyo-at-jp.info
yaliapartotel.com
ygsddl1.ml
gorillahikeafrica.com/wp-includes/images/app/five/PvqDq929BSx_A_D_M1n_a.php
gorillahikeafrica.com/wp-includes/images/img/five/PvqDq929BSx_A_D_M1n_a.php
gorillahikeafrica.com/wp-includes/images/js/five/PvqDq929BSx_A_D_M1n_a.php
irangoodshop.com/cd/PvqDq929BSx_A_D_M1n_a.php
vancouverkitchencabinetrefinishing.com/five/fre.php
vfsds.com/ark/fre.php
wardia.com.pe/files/five/fre.php
wardia.com.pe/wp-content/update/five/fre.php
wardia.com.pe/wp-includes/files/five/fre.php

# Reference: https://app.any.run/tasks/7c509e00-8424-4ffd-b5ee-7a8cc560a266/

argensudalimentaria.com.ar

# Reference: https://pastebin.com/Hc73BzJT

http://104.223.143.181
asatech.cf
asatechw.gq
asatechw.ml
asatechw.tk
emirate-net.me
flexpak-th.com
karachiwalla.com
kranement.cf
kranement.gq

# Reference: https://www.virustotal.com/gui/file/d524ee4c7f70b45694218e309e9aaef64f96e812505c9c95891585555a195459/detection

http://192.236.146.147

# Reference: https://app.any.run/tasks/d070ad67-c4e5-4c66-acda-c88a46885264/

beckhoff-th.com

# Reference: https://app.any.run/tasks/dbb2312b-d7e1-468f-8956-9dfe6942e234/

reklaimapparel.com/wp-includes/

# Reference: https://app.any.run/tasks/c3ee77fd-bd3b-4ac8-a0fa-26cb0a8409f7/

http://195.69.140.147

# Reference: https://twitter.com/theDark3d/status/1288867976209469442

ckrlmay.ml

# Reference: https://pastebin.com/iATkHK3K

http://104.223.143.234

# Reference: https://pastebin.com/MUXDnknj

joyn.com.pk

# Reference: https://www.virustotal.com/gui/file/eeadaefc0f9331fbb9e1ceecf90667722dcae800a29c37413be37ff484daa61a/detection

jetterweb.tech

# Reference: https://www.virustotal.com/gui/file/23eb723f81c3f73aa38542436c30d9f1fe6a9bd26739b96438eb7a60b3f4b6c5/detection

rbuaction.com

# Reference: https://www.virustotal.com/gui/file/cc3053cb6f811fbef11211393b78e6e6fc49c05ba706a6daea440dab97db3736/detection

goxer.club

# Reference: https://securityliterate.com/analysis-of-lokibot-infostealer/

smallthingstress.sytes.net

# Reference: https://twitter.com/ganeshnathan28/status/1297527613049712640

buildbd.org/slid/btc/Panel/five/PvqDq929BSx_A_D_M1n_a.php
thernagictouch.com

# Reference: https://twitter.com/ganeshnathan28/status/1297794454665953280

brokenbones.ml
candestie.pw
sieqwarteg.com

# Reference: https://twitter.com/jstrosch/status/1298650225092034562
# Reference: https://www.virustotal.com/gui/file/e495e0e080d84256bbbd2b12d9ca05c4d1bcfcd623095ba87ec67f5abada017c/behavior

alifmedical.shop

# Reference: https://twitter.com/ganeshnathan28/status/1298656876800942087

sabzihome.com
preprod.bridge2finance.com/xx/
petroindonesia.co.id
optimavaluers.com

# Reference: https://twitter.com/ganeshnathan28/status/1299024973026275329

joovy.ga

# Reference: https://twitter.com/James_inthe_box/status/1014556042141679616

life-is-beautiful.in/inc/Panel/five/fre.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1300342452839161857

espaciointeriores.com.ar/espac/five/fre.php

# Reference: https://pastebin.com/7LNRJB0c

pvcfloorco.com

# Reference: https://app.any.run/tasks/aa135b0a-6820-464a-9bb2-265eebc0ae06
# Reference: https://www.virustotal.com/gui/file/f3e4d77337c25f19d92971ac9386f5d0d22696d82f13cf28a7b3ab340e0c0295/behavior/VMRay

mogawes.pw

# Reference: https://app.any.run/tasks/e3801880-86d1-4828-bccf-634027c23a52/

remzclot.ga

# Reference: https://otx.alienvault.com/pulse/5f522d7eaaaf821e26a2ba7c

coltec.ga

# Reference: https://twitter.com/VirITeXplorer/status/1305771835016044544

septxpm.xyz

# Reference: https://otx.alienvault.com/pulse/5f60ae09c4538222cf48ad7c

afcompresors.com

# Reference: https://app.any.run/tasks/3e297077-5e3e-4f76-9b21-758e3efb15a7/

mflogistics-my.com

# Reference: https://twitter.com/reecdeep/status/1313729438736146432
# Reference: https://app.any.run/tasks/86d35181-6dbf-412d-b965-f299882ea27e/

pklz.xyz

# Reference: https://twitter.com/reecdeep/status/1315527072358576128
# Reference: https://app.any.run/tasks/25e32d38-6409-493f-a468-49f7c2696627/
# Reference: https://www.virustotal.com/gui/file/e4d4a263b17fa6e270bac22967c430a96671cc462862f15c9d5e917a32222118/detection

xcpx.xyz

# Reference: https://www.virustotal.com/gui/file/838a8c1b12270b248fd13d1f110998a79ee9442d19fb3f3562dfe734d7033367/detection

http://104.223.143.132

# Reference: https://app.any.run/tasks/7e41dd5c-ac10-4032-81f5-034c985f26d6/

http://192.236.178.210

# Reference: https://www.virustotal.com/gui/file/0ddaa044ebe06ddc2b50948728a493bb027da4d42a7b15fa3a3361d590457fa7/detection

theonlygoodman.com

# Reference: https://www.virustotal.com/gui/file/580e2cee4eaf9102e25345a5d152f57a98b1d9299983d176575115ac6267f04e/detection

venitronics.com/oo/Panel/fre.php

# Reference: https://app.any.run/tasks/e7d8c2d3-81c8-4158-923e-66b9dc19484a/

magicview.ga

# Reference: https://otx.alienvault.com/pulse/5f9023f897491403e533b1c0

amhercom-mx.com
crestmart.ga
kregmartlime.ga

# Reference: https://otx.alienvault.com/pulse/5f9175733036fb104e24dd74

xvbt.ga

# Reference: https://app.any.run/tasks/c607d61f-c52e-43ad-a2f3-737f29f26a75/

http://79.124.8.8/plesk-site-preview/heliopoliss.com/

# Reference: https://www.virustotal.com/gui/file/8ab355a4e825d4b233ce66f8e5f5b75b4c161cbb25f070f3355b6b15625dc784/detection
# Reference: https://www.virustotal.com/gui/file/9fe21e1d604d54836584a3d8397e626200f3f4a533485bfb1922a46f7a4c0b96/detection
# Reference: https://www.virustotal.com/gui/file/802b71bbcc620842158906bae965562bdaa4f5651529c3956dc2d6ac8ac6962a/detection

smithandwollensky.com.tw/y1/Panel/fre.php
smithandwollensky.com.tw/y2/Panel/fre.php
smithandwollensky.com.tw/y3/Panel/fre.php

# Reference: https://twitter.com/Racco42/status/1320715529754185730
# Reference: https://app.any.run/tasks/adc29078-5f0e-46e4-b9e3-819c37cc96fd/

olaplexs.com

# Reference: https://twitter.com/d4rksystem/status/1321149663928614914

ckav.ru

# Reference: https://app.any.run/tasks/a9efae2b-8245-496a-a52a-47f66ac1b094/

qataracfridgerepaire.com/templates/five/fre.php

# Reference: https://twitter.com/James_inthe_box/status/1321453787576291328

pabloservices.ml

# Reference: https://twitter.com/Racco42/status/1321596828765347841
# Reference: https://app.any.run/tasks/a51d3726-63d4-4d7e-ac67-e0bfb18f6afc/

vn-toupo.com

# Reference: https://www.virustotal.com/gui/file/602c58e4deb0110c6b00d71231f12af54ee438c6a5e26ebda65021de6acaed32/behavior/C2AE

mexicocomix.com

# Reference: https://www.virustotal.com/gui/file/f4b7759a1a42ebd89a61ed697ca26661dff56719bbf254b7b1f400f3cf4487d1/detection

brokensoul.cf

# Reference: https://www.virustotal.com/gui/file/ed76de60fc812d7a8361a6b476f960ed8d3c07a6e1425d6c02c5d63e449cb0b3/detection

pabloservices.ga

# Reference: https://www.virustotal.com/gui/file/5ece83fb3098dfcfa2c8e9dbae44041364219db26d8a653dbb7b0a8223e04dc6/detection

jagajaga-chichi.com

# Reference: https://twitter.com/gorimpthon/status/1135854857682792448

epi.org.mk/css/vgn/

# Reference: https://www.virustotal.com/gui/file/76f44ea3c148283602e4dbd717f22ac95828b7e8e7677428f759c03cab0c8d49/detection

nevomw.com

# Reference: https://www.virustotal.com/gui/file/7c26db40707fee3b4f842feb653bad7e1dfa20cd05d8cdb944f0916d7de3453a/detection

qqmailappupdate.ga

# Reference: https://tria.ge/201112-l27a6ga2hj

azzmtool.com
kbfvzoboss.bid
alphastand.trade
alphastand.win
alphastand.top

# Reference: https://twitter.com/wwp96/status/1329978193932148736

drdoganaykurkcu.com
myrilullimoti.blogspot.com

# Reference: https://twitter.com/wwp96/status/1331061816466825217
# Reference: https://app.any.run/tasks/0aee4b8a-f366-4664-9064-c57f2464f9be/

alahlasi.com

# Reference: https://www.virustotal.com/gui/file/f33cdff4f644b093d5781173c8de5df4d59f862c7b7744223b7190f4f385bdaa/detection

blueriiver-eu.com

# Reference: https://twitter.com/wwp96/status/1331050614520942597

drdoganaykurkcu.com

# Reference: https://twitter.com/ffforward/status/1331239313036742658
# Reference: https://twitter.com/wwp96/status/1331415443375091714

alphastand.top
alphastand.trade
alphastand.win
kbfvzoboss.bid
legalpath.in/cc/Panel/fre.php

# Reference: https://www.virustotal.com/gui/file/786bf0aa16596b06d3675c227f92bf8e0480c583b519b6b245933b46c268ecdd/detection

propertymanagementmelbourne.biz

# Reference: https://www.virustotal.com/gui/domain/x2z6c.xyz/relations
# Reference: https://app.any.run/tasks/35acbab8-06d0-46d2-8f6f-3a1b198c24ae/

x2z6c.xyz

# Reference: https://www.virustotal.com/gui/domain/quehenbergar.com/relations

quehenbergar.com

# Reference: https://www.virustotal.com/gui/file/af1a2e495c046c3b0e03d321c1f20c43198e2e8c88c41ab09a91ae80c5610137/community
# Reference: https://urlhaus.abuse.ch/url/852301/

stdyshgshgnationalobjindustrialatstvar.ydns.eu

# Reference: https://twitter.com/wwp96/status/1332138215877316608

tradesgroups.com

# Reference: https://app.any.run/tasks/0fe6cd64-2924-4c30-9fd9-3fc06373293c/

endustrigm.eu

# Reference: https://otx.alienvault.com/pulse/5fcb7771ab7af05588bf0f85
# Reference: https://app.any.run/tasks/823eff01-5489-4ae3-a364-aaab1cba7822/
# Reference: https://app.any.run/tasks/cd3ce9d3-e315-455e-84f7-de96cd1cb52c/
# Reference: https://app.any.run/tasks/ca5c5b8f-f927-481b-ba08-1226901a19d8/

greenwsdykegheedahatakankeadeshnaawsgma.ydns.eu
digicon.com.mx
hanmails.net
thunlen.com
webtex.ga

# Reference: https://twitter.com/wwp96/status/1335697459452973057

x26zc.xyz

# Reference: https://twitter.com/wwp96/status/1335698009515057160
# Reference: https://www.virustotal.com/gui/ip-address/104.168.146.103/relations

http://104.168.146.103
/eXcessBLESSINGforTheBoy/
/MegAMOneyMenINTurkey/

# Reference: https://twitter.com/wwp96/status/1335698347051671553
# Reference: https://app.any.run/tasks/5bb59473-bef2-4392-9b65-00885ef59489/

http://45.134.225.18

# Reference: https://twitter.com/wwp96/status/1335698992768954373
# Reference: https://app.any.run/tasks/38bcb9fb-7377-4850-a0da-137748114e80/

retrak.co.ke/psy/five/fre.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1335857233792557056

benweve.com

# Reference: https://twitter.com/wwp96/status/1336054621501071361

roycolemandds.com/royco/five/fre.php

# Reference: https://twitter.com/wwp96/status/1336055936893509640

foremanindustrial.com

# Reference: https://twitter.com/wwp96/status/1336342722131730432
# Reference: https://app.any.run/tasks/22cf8f61-87d2-4b93-b7a1-f0a674694f8c/

begadi.ga
sndyantipiracydetectorganisationfsnfilm.ydns.eu

# Reference: https://twitter.com/wwp96/status/1336339387085307904
# Reference: https://app.any.run/tasks/429f4ced-640a-4690-b6c3-87e2e2ce38c4/

http://185.239.242.219

# Reference: https://twitter.com/wwp96/status/1336338329235648514
# Reference: https://app.any.run/tasks/56e10048-ca4a-47fd-b009-7d6b8954d56f/

http://37.46.150.41

# Reference: https://twitter.com/wwp96/status/1336342967230062597
# Reference: https://app.any.run/tasks/3d21e672-ad77-4e06-a4c6-a49b22799f04/

ge0x.com

# Reference: https://twitter.com/wwp96/status/1336487986519830533

clubulvacantei.ro

# Reference: https://twitter.com/wwp96/status/1336838356316073987
# Reference: https://app.any.run/tasks/9bc031c5-cb69-4318-b51c-0c89033cc5b5/

http://198.44.96.231
/ZanGarOLLIngChiFAGbor/

# Reference: https://twitter.com/wwp96/status/1336832463868452870
# Reference: https://app.any.run/tasks/254603fe-3ca6-4de2-923d-eb841a889697/

forrastfoods.com

# Reference: https://twitter.com/wwp96/status/1336831438315016193
# Reference: https://app.any.run/tasks/ca33f943-cb89-494c-950b-20ca747dc70e/

jessicaarnold.com

# Reference: https://twitter.com/wwp96/status/1338467036037574657

balanceconmunity.com

# Reference: https://twitter.com/wwp96/status/1338467507313782785

bms-itd.com

# Reference: https://twitter.com/wwp96/status/1338465275142868993

asiacmolds.com

# Reference: https://www.virustotal.com/gui/file/79c9d49f88ea4b408c8bfd88e0b60ffbd9f63dd6542eb54867b49cfb09933a8a/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/url/e29d5fc79b469f8028281e4a08ef2a3e372e9d5521509a6a36a52ba9b438c44f/details

shgshgstdynationalobjindustrialatstftp.ydns.eu

# Reference: https://twitter.com/wwp96/status/1338897248894275585

stdyantipiracydetectorganisationfstfbbc.ydns.eu

# Reference: https://twitter.com/wwp96/status/1338885068601896960

cyber-access.co.uk

# Reference: https://twitter.com/wwp96/status/1338893400750211074

cleo2solutions.com.au/wp212/five/fre.php

# Reference: https://twitter.com/reecdeep/status/1339494112278573056

wsdychnesqudusisabadassniggainthewsbkw.ydns.eu

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1211-1218.html (# Win.Dropper.LokiBot-9810026-0)
# Reference: https://www.virustotal.com/gui/file/7134a18aa564b29298bc83a170ad8262264b18d788d5fcc104de189b1522deab/detection

pionveriy.com
resgisupdatex.com
seeuaround.info
techsupdate1.com

# Reference: https://www.virustotal.com/gui/file/31d3b6f541ae1432070588b31f3e57ea088d96c19ca00780b7e3a5a9637f393e/detection

microsoft23-uslive4.online

# Reference: https://app.any.run/tasks/6122c973-3625-4a60-aef7-511ae9d1a248/

habibmentro.com

# Reference: https://www.virustotal.com/gui/file/dcc94b0c8fdf6952bd3018d92c1264651d50aaa7911195bb6f9bc6b97618b191/detection

http://185.206.215.56

# Reference: https://www.virustotal.com/gui/file/84bad84c6f92ba34b25d9a3164f1abc82986ddd901128eb5e71f60d23d063c32/detection

http://79.124.8.6

# Reference: https://www.virustotal.com/gui/file/956741cfb963a29651abae4b0bee9185ad7688cdc0f97f2336c891daab84976e/detection

gulshanti.com

# Reference: https://www.virustotal.com/gui/file/89ca0ea25e05983099ae8221becde0d57c5528d85d6ab8fd944f7c941437d679/detection

deqtmaysoor.com

# Reference: https://www.virustotal.com/gui/file/81274d23515440feac07a591db64f946640ab3a4350bbfaa0d955ced83175fb0/detection

taiwanmoid.com

# Reference: https://www.virustotal.com/gui/file/02944dc72a15e92ec94c453c74c9564cb59ac7717dffcb25fa854a2e587fb737/detection

worldpackmx.com

# Reference: https://app.any.run/tasks/f22144f0-004d-4a55-845e-9cee9c776cef/
# Reference: https://www.virustotal.com/gui/domain/paciflxinc.com/community

paciflxinc.com

# Reference: https://twitter.com/reecdeep/status/1349635770060042240
# Reference: https://otx.alienvault.com/pulse/600184f383b1874288c3d81f
# Reference: https://www.virustotal.com/gui/file/9213594d63646a5144de658badc6f9fd4ac15ce711bac1f115ccdf08d74c8add/detection

blueriiver-eu.com
lmpulsefashion.net
shgshgwsdynationalws.dns.navy

# Reference: https://twitter.com/reecdeep/status/1351181201382502402
# Reference: https://app.any.run/tasks/3cd52c62-e96c-465c-ae06-aec3059a8414/
# Reference: https://app.any.run/tasks/2f90556b-c4c6-4b1a-a6ce-f924fbb49be1/

becharnise.ir

# Reference: https://www.virustotal.com/gui/domain/dcspm.xyz/community

dcspm.xyz

# Reference: https://www.virustotal.com/gui/domain/katikati1.ga/community

katikati1.ga

# Reference: https://www.virustotal.com/gui/domain/xz26c.xyz/community

xz26c.xyz

# Reference: https://www.virustotal.com/gui/domain/martinskrtel.gq/community

martinskrtel.gq

# Reference: https://www.virustotal.com/gui/domain/ovcslogs.ml/community

ovcslogs.ml

# Reference: https://www.virustotal.com/gui/domain/spmdc.xyz/community

spmdc.xyz

# Reference: https://www.virustotal.com/gui/domain/jumiliaintl.ml/community

jumiliaintl.ml

# Reference: https://www.virustotal.com/gui/domain/kox.juristi.info/community

kox.juristi.info

# Reference: https://www.virustotal.com/gui/domain/pkuz.xyz/community

pkuz.xyz

# Reference: https://www.virustotal.com/gui/domain/mnbp.tk/community

mnbp.tk

# Reference: https://www.virustotal.com/gui/domain/onlygodem.com/community

onlygodem.com

# Reference: https://www.virustotal.com/gui/domain/ge0x.com/community

ge0x.com

# Reference: https://www.virustotal.com/gui/domain/adobedocument.cf/community

adobedocument.cf

# Reference: https://www.virustotal.com/gui/domain/microsoft23-uslive4.online/community

microsoft23-uslive4.online

# Reference: https://www.virustotal.com/gui/domain/balanceconmunity.com/relations

balanceconmunity.com

# Reference: https://www.virustotal.com/gui/domain/asiacmolds.com/relations

asiacmolds.com

# Reference: https://www.virustotal.com/gui/domain/tuandat-vn.com/community

tuandat-vn.com

# Reference: https://app.any.run/tasks/9f65a096-38c7-4f88-b7f7-6ed925e70995/

zunlen.com

# Reference: https://www.virustotal.com/gui/file/03cf03d1cb4fa502ef1992e2aad3f1f7f0d7fbf1f16839d87eaa04f330211bbe/detection

http://104.223.170.100

# Reference: https://otx.alienvault.com/pulse/600abf719f1151b28321f55a
# Reference: https://www.virustotal.com/gui/file/902097c3f3f47a39b7d661c3ee5736ce258ed3862a3740a71820b10cc2fcf939/detection
# Reference: https://www.virustotal.com/gui/file/600e4f952ff54d9e5051b0b7b1a32a8a12c8efd6e08a87b9f67447d354853e91/detection
# Reference: https://www.virustotal.com/gui/file/0363812a5fc968e7f43e83873dcf81915da64f4458ce84deb8906a31a1b7962b/detection

mannaton.com
papanwa.com
wagisz.com

# Reference: https://app.any.run/tasks/aae239db-83f1-4277-a29a-e1e9bacef997/

oct2.xyz

# Reference: https://app.any.run/tasks/f224a884-cda3-48da-9aca-5e3361a6bbee/

pearl-energia-hu.ml

# Reference: https://app.any.run/tasks/47bea1eb-f304-4820-a700-f14886b77741/

upbckwsdyfaruzevwskx.dns.army

# Reference: https://app.any.run/tasks/47bea1eb-f304-4820-a700-f14886b77741/

zangaa.com

# Reference: https://app.any.run/tasks/7c07b1d2-7595-48c6-b3eb-4e63dafd72a4/
# Reference: https://urlhaus.abuse.ch/url/986053/
# Reference: https://urlhaus.abuse.ch/url/980012/
# Reference: https://www.virustotal.com/gui/file/bf96d045cd9edd9519e2f4738ca03e73c409dd1a36b2cb70228bb6c7aaf53cc5/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/dfe044c12d3cd08182460432bc569811a9d657fc69d18549b7e66fcf1d16af2d/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/ip-address/103.99.1.173/relations

mslogstdyinvestmstqw.dns.army
mslogtsdyinvestmntsn.dns.army
sndymsloginvestmntsn.dns.army
mslogwsdyinvestmntws.dns.army

# Reference: https://twitter.com/reecdeep/status/1357239822667177984

ragnaar.us

# Reference: https://twitter.com/MSteve25/status/1357400557015695360

dstutoring.co.za/dstu/five/fre.php

# Reference: https://twitter.com/reecdeep/status/1359083800337252353

sspmoct.xyz

# Reference: https://twitter.com/whitehoodie4/status/1359427231907471361
# Reference: https://app.any.run/tasks/0ea99cf7-a982-4fd5-8fdb-8fb87bb91729/
# Reference: https://app.any.run/tasks/7cd630b8-aa8f-4b94-b825-b12e5ab8ab00/

http://51.195.53.221

# Reference: https://app.any.run/tasks/27248d81-0a85-4dea-8024-88a95d3b0f72/

atlasqrp.com

# Reference: https://www.virustotal.com/gui/file/84262bd7245efd69020a3c4dadc42814d6450467c7f111326019ccbd5cb1a4c1/detection

azmtool.us

# Reference: https://www.virustotal.com/gui/file/96fc6262a2fc1c74b041cbf0189fe02225dd5b117a2d80dca53d665f34376d71/detection

klimsourcinq.com

# Reference: https://www.virustotal.com/gui/file/b2bb1dbe470290b55f3e236d70d497ada40c1436c61432924c4503f120e191a0/detection

newcesarnex.com

# Reference: https://app.any.run/tasks/9087025d-aeb9-4c0a-b5fb-0c6c01bdc161/

3tril.com

# Reference: https://twitter.com/wwp96/status/1364222356844130305
# Reference: https://app.any.run/tasks/1e40d1c0-441f-4f04-8c63-0b11b66a64be/

opdebeeck-vvorth.com

# Reference: https://twitter.com/reecdeep/status/1364120441430892545

nitengystdylunatsthj.dns.army
or-logistlcs.com

# Reference: https://twitter.com/wwp96/status/1364617639595761667
# Reference: https://app.any.run/tasks/d84243a5-a811-4f9f-8f74-a4d1d62758f4/

ianmaclaod.com

# Reference: https://twitter.com/wwp96/status/1364811956763455489

stdychnesquduslasisi.dns.army

# Reference: https://twitter.com/wwp96/status/1364985123918200833

mndytheviejupcafgast.dns.army

# Reference: https://otx.alienvault.com/pulse/603cd878f5c176eb44d16c62

fakeme.us
notaires.ml

# Reference: https://twitter.com/wwp96/status/1366423563067080708
# Reference: https://app.any.run/tasks/cb3e403c-8a4e-4e11-bd17-3998d52be8d3/

takr.xyz

# Reference: https://twitter.com/wwp96/status/1366433733331595267
# Reference: https://app.any.run/tasks/52134e48-f8f9-4211-a5c0-de8221497f19/

nbnbstdynewagedevice.dns.army

# Reference: https://twitter.com/wwp96/status/1366434054904684548

ritcophysiotherapy.com.au/hod/five/fre.php

# Reference: https://twitter.com/wwp96/status/1366433733331595267

twocups.io/fonts/csm/twoc2/fre.php

# Reference: https://twitter.com/luc4m/status/1366807263168499713
# Reference: https://www.virustotal.com/gui/file/25316976638e2904db2baa1dcaee6f5b2aa1745e268236545cb0bb353bdd3133/detection

gilardoni-it.xyz

# Reference: https://twitter.com/wwp96/status/1366833259167023112

sunwindz.in.net

# Reference: https://twitter.com/wwp96/status/1366833336430325761

hiqhway39clothing.com

# Reference: https://twitter.com/wwp96/status/1367333816461897728
# Reference: https://app.any.run/tasks/e49801eb-8626-452b-b053-b01ae8383661/

tsdytopretwoanimavin.dns.army
turbinetechnlcs.com

# Reference: https://www.virustotal.com/gui/file/17c2cd6cfad567f1a23bba2bba2ffa42127fc96a47b16ec712a6cfb861329d37/detection

manioscinetools.ga

# Reference: https://www.virustotal.com/gui/file/267d978525035bd0bea01078c5d2370e39eeb0580c644ea9ded109175ce99db2/detection

stdyrusschine2ganmax.dns.army

# Reference: https://twitter.com/pmmkowalczyk/status/1367513333629337604

ibgreenstdyfestivers.dns.army
kungsb2stdygotmental.dns.army
stdyrusschine2ganmax.dns.army

# Reference: https://twitter.com/K_N1kolenko/status/1367777662341636097

http://142.11.210.173
eurasiacl--kr.com
locandasolagna.xyz
merivaara.xyz

# Reference: https://twitter.com/K_N1kolenko/status/1367777709032677378

schroederindustries.cf
sdworks-kh.com
turbinetechnlcs.com

# Reference: https://www.virustotal.com/gui/file/4c5927931366b44575743070f799c7f7b4ac67a248fd4551dcbd4cced53fd358/detection

taker1.xyz

# Reference: https://www.virustotal.com/gui/domain/gunrunners.com/detection

gunrunners.com

# Reference: https://twitter.com/wwp96/status/1369456626231607302
# Reference: https://app.any.run/tasks/1062df81-c0b5-4d74-8c68-9aca280a2578/

bremileintl.ga

# Reference: https://twitter.com/wwp96/status/1369455636434591749
# Reference: https://app.any.run/tasks/095e3089-f42a-4a20-9071-054ccb5db7f0/

optimalwellengineering.com/hkd/five/fre.php

# Reference: https://twitter.com/wwp96/status/1369452911193956353
# Reference: https://app.any.run/tasks/ba3afc27-b868-4873-b6d2-5167d570386a/

taker2.xyz

# Reference: https://twitter.com/wwp96/status/1369685805057314817
# Reference: https://app.any.run/tasks/ca5905fd-4141-42af-b1d7-2375f4a9dbf0/

http://193.56.29.165

# Reference: https://twitter.com/wwp96/status/1369685649918398469
# Reference: https://app.any.run/tasks/1e8c8938-2f96-4e72-b1ea-6c865223e098/

eurasiacl--kr.com
stdytopreoneenversrw.dns.army

# Reference: https://twitter.com/wwp96/status/1369682990628999175
# Reference: https://app.any.run/tasks/b93ad205-66a9-4104-810b-7f6cf14d89da/

seafirst-kr.com
theviestdyjupcafgsvb.dns.army

# Reference: https://otx.alienvault.com/pulse/604b58f4d2a09cb827a9df55

astro--pacific.com

# Reference: https://twitter.com/pmmkowalczyk/status/1370437460971360265

libo-cc.com

# Reference: https://twitter.com/wwp96/status/1371823183347728385
# Reference: https://app.any.run/tasks/4cb0713d-41dc-4598-9883-e8cbddf4503f/

exchangebill.xyz

# Reference: https://twitter.com/wwp96/status/1371824003392942094
# Reference: https://app.any.run/tasks/e9508d8c-38c7-41fe-951a-e8f78e502232/

http://87.251.79.157

# Reference: https://twitter.com/wwp96/status/1371823839278211073

doshlforex.com

# Reference: https://twitter.com/wwp96/status/1372017516961280005
# Reference: https://app.any.run/tasks/520f4cc5-26fe-4af2-9a6c-e3cd0cd35ed8/

raptechenglneering.com

# Reference: https://twitter.com/wwp96/status/1372015190036865026
# Reference: https://app.any.run/tasks/be4e8355-d827-4522-a2fc-b833a2757f1a/

kweend.com

# Reference: https://twitter.com/wwp96/status/1372014489290350595
# Reference: https://app.any.run/tasks/d3e8c107-7139-4dac-928a-1f25f75d0e34/

btsuganda.net

# Reference: https://twitter.com/wwp96/status/1372013239517773824
# Reference: https://app.any.run/tasks/6accddac-e53b-4f13-9abd-5effeeaacee5/

solumaticsac.com

# Reference: https://twitter.com/wwp96/status/1372012705687732224
# Reference: https://app.any.run/tasks/c474020f-46e4-46ee-8f5a-b4585881f17f/

wonkwonschoolrp.hopto.org

# Reference: https://twitter.com/wwp96/status/1372218390761377792
# Reference: https://app.any.run/tasks/4aac3803-55b7-4cba-9224-19cc193c42b2/

nakib.buet.ac.bd/ox/Panel/fre.php

# Reference: https://twitter.com/wwp96/status/1372219685098389509
# Reference: https://app.any.run/tasks/f5088ddd-0c00-42d6-9405-533605623cf2/

papanwa.us

# Reference: https://twitter.com/reecdeep/status/1372831122174963713

stdykungsb2talentwej.dns.army

# Reference: https://twitter.com/wwp96/status/1374089580337623044
# Reference: https://app.any.run/tasks/4dd28dbf-a5d5-418b-a275-d0dbd65ed241/

splitwise.xyz

# Reference: https://twitter.com/wwp96/status/1374087082503778308
# Reference: https://app.any.run/tasks/85549f57-5e33-425c-806a-f4141c414edc/

kencana-sakti.com

# Reference: https://twitter.com/wwp96/status/1374086006589296646
# Reference: https://app.any.run/tasks/0b18d4be-7833-4ae4-a5df-6fb791c866a5/

http://203.159.80.87

# Reference: https://twitter.com/wwp96/status/1374085642309804039
# Reference: https://app.any.run/tasks/8f3c8422-e6ea-4738-9e47-c1e7b910e91d/

akhtargroup.xyz

# Reference: https://twitter.com/pmmkowalczyk/status/1374317050320068610
# Reference: https://twitter.com/pmmkowalczyk/status/1374317051788021762

fauracia.biz
moem-my.com
transcorpoil.us
nbnbnstdylionkistwcx.dns.army
pmrimestdylimtstwork.dns.army
rkkrstdygorgiousejds.dns.army
stdyunitedkesokostxc.dns.army

# Reference: https://twitter.com/wwp96/status/1376023882168156163
# Reference: https://app.any.run/tasks/99a8ed00-e4e4-44dc-bce6-451c00f47455/

camfil.xyz

# Reference: https://twitter.com/wwp96/status/1376544786069458954
# Reference: https://app.any.run/tasks/2eb65481-a609-4cd3-a354-0f047fc93733/

baysankazan.biz
rkkrstdygorgiousejtw.dns.army

# Reference: https://twitter.com/jstrosch/status/1376561007477280775

chem.buet.ac.bd/ox/

# Reference: https://twitter.com/wwp96/status/1376721258004500483

interocean-my.com

# Reference: https://www.virustotal.com/gui/file/07ec8aba1d41b1769e50c309d5a8a7f6a513c1d373f8e32bbc2fc766bfc66e04/detection

gccorps.com

# Reference: https://www.virustotal.com/gui/file/8e15f76149baa634caba6bcb021a5793f9b86c6290247d62a3f9628e5e147c7f/detection

lucreneluxe.com

# Reference: https://twitter.com/wwp96/status/1379440650689593345
# Reference: https://app.any.run/tasks/43f83b67-59ff-46db-b39f-03c8d1cc92c1/

transcorpoil.com

# Reference: https://www.virustotal.com/gui/file/90264601dc078ff9628a36dcca7a4ca0c65c7c68315601f6688f2690847fdab7/detection

amrp.tw

# Reference: https://otx.alienvault.com/pulse/606ef1757caeabbc2d4aa847

laes12.com

# Reference: https://twitter.com/malwrhunterteam/status/1381494190706659329

covid19vaccinations.hopto.org

# Reference: https://www.virustotal.com/gui/file/7eacabe85e7c5d75c8505348c3729fb9b1a865674632cbe95bf2b3a23828a6b1/detection

zkl-cz.com

# Reference: https://twitter.com/wwp96/status/1382001625498271748
# Reference: https://app.any.run/tasks/a2fe837f-befc-4d24-bc8b-039e9f87316e/

eyecos.ga

# Reference: https://twitter.com/reecdeep/status/1385500693591691264

meirback.co.uk
nbnbnwsdyewagedevibc.dns.army

# Reference: https://twitter.com/wwp96/status/1385604326530367491
# Reference: https://app.any.run/tasks/883bffbc-29bc-4f27-8cf3-fe6f73b7162a/

optimalwellengineering.com/f9wp/five/fre.php

# Reference: https://twitter.com/wwp96/status/1385605815386714115
# Reference: https://app.any.run/tasks/e2579e8b-cab1-4fd7-a466-723ded7bf67e/

http://104.168.213.88

# Reference: https://twitter.com/wwp96/status/1385604849883140099
# Reference: https://app.any.run/tasks/2c20c9db-6556-4bc5-a719-af0e61b2060d/

http://104.168.140.79

# Reference: https://twitter.com/wwp96/status/1385599764713164803
# Reference: https://app.any.run/tasks/8b9e8a8d-f248-4738-a635-e79eed4e043f/

dlcswsdymedicalcenfw.dns.army
qrnigroup.xyz

# Reference: https://twitter.com/wwp96/status/1385600035832881157
# Reference: https://app.any.run/tasks/8960af00-15f7-4267-880f-b64acd48e8c5/

bncoporations.gq
nmxwllwsdyminorawsbx.dns.army

# Reference: https://twitter.com/wwp96/status/1385600469184172033
# Reference: https://app.any.run/tasks/9993aa16-9c9c-460e-b785-cb00c8bd1148/

issth.com
wsdyblyblycomunicakh.dns.army

# Reference: https://twitter.com/reecdeep/status/1386660777948598278

http://173.208.204.37

# Reference: https://twitter.com/jorgemieres/status/1386690315445211138
# Reference: https://twitter.com/jorgemieres/status/1386696255338917900

alhjchstdyfonlinstft.dns.army
annyms2stdygeneratga.dns.army
blyblystdycomunicafb.dns.army
kungsb2stdytalengvs.dns.army
stdydlcsmedicalcendc.dns.army
stdykungcommunicathf.dns.army
stdynmxwllminorabxst.dns.army
stdyrusschine2opelkm.dns.army
stdysara2entertastxc.dns.army
stdysara3entertastkp.dns.army
stdysuresbonescagemv.dns.army
stdyunitedkesokohpst.dns.army
stdyworkfinetrairest.dns.army

# Reference: https://twitter.com/petrovic082/status/1388178799532126210

mdtudymicrosoftfstix.dns.army

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

ertfjgcjfkgkkgvkgkfdxcfc.cf

# Reference: https://www.virustotal.com/gui/file/872bf451a298ebb966dc6b9703776b3e2c1066c7602245eb4e7a2ea0b81a3b27/detection

gracebytry.tk

# Reference: https://www.virustotal.com/gui/file/6244fb6343241ba1715ea8d107bca4e5697a385bd1c6f5aafbdd4c1d4604f4f5/detection

hfhlagljsljtls.ml

# Reference: https://www.virustotal.com/gui/file/ec346d91c9e79ce00a1d0a08f50547a6aa1114d2fec2d76495a1eb931acab9bc/detection

tequakes.xyz

# Reference: https://www.virustotal.com/gui/file/4d427a00778a6dead673e64606f3e1dcca673a024c2bf92ec93803ce0812f6bb/detection

aflcargo-hk.com

# Reference: https://www.virustotal.com/gui/file/fd5e9435f8d31ea16d0fbb723591451088d360f6096ef5823ddcae4bd4ba3a44/detection

greenbazaar.xyz

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt
# Reference: https://www.virustotal.com/gui/domain/ayioramaboli.com/detection

ayioramaboli.com

# Reference: https://www.virustotal.com/gui/file/2dfe18eed3b10ed896756e5c61d05b974368ef2b42eedb415c55b7ab6e43a9b7/detection

learef.tk

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt
# Reference: https://www.virustotal.com/gui/domain/mazeedkyabar.com/detection

mazeedkyabar.com

# Reference: https://www.virustotal.com/gui/file/d9b3d253203b2cb5216b1b69b1e8eea44910815ba569c17656f46790c9694571/detection

livbayn.ml

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

042newpanel.tk
11n.nl
195482902.ga
22y456.com
36258560.com
365-team.org
3glytldqdo.xyz
aarasid.com
abachereku.bid
abatii.web.id
abchome.ml
accesssinfo.site
accountnumb.com
ace3.legendsbotnet.live
acsbaroda.com
adimma.xyz
admino.gq
adrack.us
agricomimpex.com
ajibadatzalim.com
ajmanz.gq
albertoforwardings.us
alexboolooobinna.info
alhadin.nl
aljesvin.com
allstroyka.by
alpacham.com
americanbestseasfood.com
americas-tsubaki-nakashima.com
anchormarineqroup.com
anguiillanet.com
annamadums.ml
antespan.com
apbco-co-za.tk
apllusbat.com
appointedright.ru
araphat.thewisemen.ml
archive.linux-archive.org
arispedservices.eu
arneropa.com
arnylco.ru
askchyariwaraph.pw
atlansexpress.com
auscanforum.com
autocomms.co.za
avvalves-com.ml
baidudownload.com
balerji.cf
balerji.ga
balerji3.tk
bandllnc.com
bandroxoma.com
baonlineinc.com
barryfitnessgym.com
bartolini-system.net
baycord.ga
bclm-es.info
bearings1.eu
beeder.club
behinpaad.gdn
berfipol.co.vu
bestmomreviews.com
betim.nut.cc
betnet.usa.cc
bisan.com.sa
blackat-com.gq
blaztech.us
blentus.nut.cc
blessing.werner-rnertz.com
blocomplimited.biz
bluebolts.pw
blumetterflu.tk
bnswoods.pw
bobbyflakes.tk
bobbywaysg.cf
bollingoes.ml
bosmax.ga
bradlack12.ru
braithwalte.co.uk
bravest.beslermakarna.us
bravest.navelr.com
brixtrading.org
brokenskull247.ru
bsales.cf
bustaguy.ml
bynewcrest.ru
cadjetbums.ml
cafe-family-club.by
camprai.com
capitaltantrum.com
capty.nut.cc
catalogobrasil.net
cavenaghi-it.com
cbiraqi.com
ccrushers.site
changdeacorp.com
cheapcarinsuranceways.info
check-your-file.gq
chelsoto.cf
chenghudmfg.co
chiddy.baxishop.ro
chidodo.gq
chilliseudp.tk
chinaquanchenq.com
chitasheesha.com
chritlebrittle.tk
chuloworks.org
chyasktutorial.ml
cillad.ga
cilt-m.com.my
citymoney.tk
claeverbrooks.com
claudfx.win
clcb.flu.cc
cng-europ.com
coins.btcsfarm.com
comatprojects.com
compraventaeloro.com
contrig.ga
cooldark.ml
copride.ml
corelis.group
coteserca.com.co
crackjack.club
cred0paper.com
creeden.ml
cronwtyres.com
cultiva-es.co
cyber-loki.gq
cyberink.btcsfarm.com
d4t.com.mx
daconstructions-ksa.com
daicoaero.ru
damiano.modexcommunications.eu
dandoesinternet.com
darartcraft.com
darlinculture.tk
darlingtraders.tk
darlinlove.xyz
darlinmove.tk
davuchi.eroea.com
dcm2195.com
dcproduct.ml
ddclsmcc.eu
dealinproces.com
decemberrushing.us
declog.eu
defeatvillage.ml
degea.ga
deips.com
deloilte.com
densefox.ml
deradprash.com
derekmotionpictures.com
deskverifycontent.com
detini.nut.cc
devhaevents.us
diamond-fox.ru
diferreirabarbershop.com.br
dilinger.ga
dixii.org
dogged.cf
domainsender.info
donsnookie.club
dos-bilz.ml
download9.cf
dragon-ballz.ru
dreadtraders.tk
dresson1.com
dualpanels.biz
dubzfile.tk
dukhdardhis.com
e-qreentech.com
earlhome.gq
eastcoastrest.com
eastern1961-sg.com
easyflexible.ru
ebukagodsy.com
ebzoet.gq
egombia.xyz
eketego.xyz
ekhourkaintazar.com
eleletieleleparthard.cf
eleletieleleparthard.ga
eleletieleleparthard.gq
eliscoinc.com
elppete.ir
emakgroup.de
embarasstor.com
embramedica.com.br
emeka.kenal-cn.com
enerqyintl.com
enerrpac.com
enerst.thawaslobem.com
enesadvert.ru
erintoba.info
eriousimen.ml
erobinhood.com
eroea.com
estedoctorhair.com
etc.ashcarsales.co.za
euro-union-uk.com
europharmaint.com
eurotexifilati.com
expenlid.ga
extrainformativo.com.au
eyota.com.sg
falgahnim.com
fashfunds.ml
fashionstune.com
father.kenal-cn.com
fatoil.ga
felix.thawaslobem.com
fghnj.gq
fidingonman.com
file.kenal-cn.com
filteroceans.club
finixgroup.ga
finixgroup.ml
finixgroup.tk
fintin.ml
firscool.us
firstfive.net
flakehop.ga
flockrib.ml
floxblog.ru
flsmidhtmaaggear.com
forevergod2017.com
formypeople.ml
forrentinvegas.com
forum.somedizzy.com
fourrese.net
frank.ge-com.us
frankjoe.uzocoms.eu
franklin.navelr.com
fredricklanehsc.ga
freshfund.in
front.postmaster.services
froshserv.com
fullofdeals.tk
gabtlc.com
gamesarena.gdn
gamestoredownload.download
gartanfinanceltd.com
gebbatrip.club
geckoplumbing.com.au
generaldope.ml
georgepablo.ga
geranntibankasi.com
get-cryptostorm.com
getupandcboz.com
gidynamictiling.com.au
glohard.ga
godblessmedisyear4me.ml
gokuu.club
goodisgoodter.com
goodman99.info
goodtimegroup-tw.com
govietbac.com
grace4good.cf
graceandjoyfamily.cf
graced2.info
graceisall.com
grantis.us
grantlopez.cf
graviteocup.us
greenchem.xyz
greenfleld.com
gsstationery.com.my
gtowers.ga
gtowers.ml
gtrnusa.com
guelphupholstery.com
gulfclouds.site
halimofset.com.tr
hamagepine.ml
hamon.ir
hardigononne.com
harltdoors.com
hatsgood.co.uk
henrikoffice.tk
hiepphat.com.vn
hilonguea.com
hitech-mfg.cf
hkenngr.com
hotbloggerslab.usa.cc
hriata.com
hs-bc-grps.com
hta.duckdns.org
humsabkinz.info
hushkush.net
huverg.ru
hydeoutent.com
i042.mobi
ibclinited.com
ibexexpressint.com
iclear.studentworkbook.pw
ieuchanesz.co.uk
igtckeep.com
ijabosspanel.tk
ijapersonal.ga
ijelevine.ru
ike.kenal-cn.com
inciqsyuasa.com
infodayclubhai.com
ininox.com
insightthk.com
ipm-com.tk
iprogyz.com
irclass-org.ml
irgkaz.me
irukastella.tk
isolve-id.com
itgpll.com
jahisable.com
jalango.co.ke
jamespanel2018.tk
jaobhaezrasam.com
jaygarish.com
jayp.eu
jdstaron.ga
jelimold.com
jeryterss.ga
jhfjfiwjdnfnfwwa.ga
jiren.ru
jizzy.kenal-cn.com
jlabcheminc.ru
joe.kenal-cn.com
jojohats.co.uk
jollipa.net
joshkelly.club
jowakasuperlinksltd.com
jukinem.ml
jukinewnem.info
jumangiback.com
just-toboy.ga
justasiamwithnoplea.ml
justcj.info
justloki.com
justpick.pw
jvl-jp.co
kabelospy.ga
kabospy.ml
kadugoshtwah.com
kahanigharlo.com
kajlaraykaj.com
kaokao-twn.com
karmartec.com.au
kasongogold.com
katherinajetter.com
kc.kenal-cn.com
kc2zx.trade
kdotraky.com
keftylador.xyz
kekene.cf
kekene1.cf
kelechideve.tk
kelechienter.tk
kelsandsons.info
kenabee.in
kennycarson.info
kentex.pw
kerlogers.tk
kersterus.gq
kikehraeein.com
killz.pro
kindomstar.com
king.thawaslobem.com
kings.jesseworld.eu
kitnasedhasa.com
klpra.com
komputerowybank.pl
kox.termofoc.gr
koz.farmia.rs
kurarray.com
kz.thawaslobem.com
labibread.info
lahtiprecission.com
lahtiprecission.ir
lahtiprecission.ru
lallahome2.ru
lamid1.nut.cc
landmarksand.ru
lastlapsantos.info
launchgrowthtoday.download
launchgrowthtoday1.download
lauzon-ent.com
laykaruthunga.com
lbtem.flu.cc
leak-hub.com
ledteroptyi.xyz
lembe.flu.cc
lenet.usa.cc
leparadisdemarie.ca
life-is-beautiful.in
liftupmyhead.biz
lights-craft.net
liltem.flu.cc
linkhome.ga
lionltd.pw
lipairfoods.com
lisgroup.info
littleindiadentist.com.sg
lltagrain.com
lnsect-net.com
lockhome.ml
lodestarlegal.com.au
loggerkeys.us
logs.fttrnas.com
loki-business-gathering.gq
loki-panels.cf
loki-panels.tk
loki5.info
lokibotnet.ru
lokibotnetpaneltwist.tk
lokipanelhostingpanel.ga
lokipanelhostingpanel.gq
lokipanelhostingpanel.ml
lolibes.nut.cc
lopdent.club
louloulisle.com
luck1.ir
luck2.ir
lukaku4.gq
mabnibatain.com
mabuhaymarlne.com
maduifeanyi.tk
magic3.ml
magic4.ml
magii.club
mahkotamaju.com
mailsecuritysxyz.ru
main.podcastim.net
makeyourbrandz.com
mamat-sa.com
marcphillipsrugs.ml
masgrop.gq
massageseatssure.com
mattlc.com
maxesupport.com
mclhk-net.com
mdolk.ru
mega25.ga
megatradeinvestment.com
mejeq.xyz
messic.cf
meta-mim.in
metalhubadf.xyz
metalurgicaruedams.me
mi.kenal-cn.com
michelle777.ru
micol.date
migtates.ga
migtates.ml
mindslaver.com
mini-azs.com.ua
minitex.nut.cc
mirka-sg.com
modcloudserver.eu
modestclouds.eu
modexcloudserver.cf
modexintl.xyz
mohamedghareeb.com
molazporam.com
molcarjo.com
molinolatebaida.com
mountaintopbuilders.com
mountainviewproductions.ca
ms12hinet.com
mtene.nut.cc
munachi.ru
muztarelakop.com
myapplicationsdownload.download
mylokipanel.cf
mylokipanel.ml
mypnel.usa.cc
naman-pn2.usa.cc
napat.tk
narcosblue.net
neduneche.tk
nemmarchending.info
netpy.usa.cc
networko.tk
newconnect.duckdns.org
newdawn18.com
newhousepanel.info
newstuart.com
nikasaprobz.com
niki-gmhb.com
nl63.com
nnpcaids.com.ng
nomlist.ml
nsdic.pp.ru
nsogbu1.tk
ntgas.ml
nunuseasondoggy.cf
nutbe.nut.cc
nutbep8.nut.cc
nutp7.nut.cc
obatoolz.ir
oceanclubsreloaded.us
oceanlinkmarrine.com
octaver.ga
off335.info
ogaces.ru
oilwell.pw
okilo.kenal-cn.com
okungbowo.com
oliverrbatlle.com
oloshilogs.gq
olufseni.cf
omann.ir
oneluvs.ru
onlygoodman.com
ontime52.com
openworldgames.net
optimumcash.net
oputaobie.eu
orderhrf.info
ordheet.gq
oredis.ma
oshapra.com
osspanels.info
paadasala.com.au
paclficinsight.com
padyitoppon.ga
pafindo.me
pandemoniumsp.ml
panelonetwothree.tk
panels18.info
parsleytire.bid
paylesssignandprinters.ca
pecfetc.com
perfectjudge.com.ng
perkasaloki.info
petroneel.co
petrowind.com.ph
pf-pv.xyz
phcc-india.com
pierret.ml
plasplupunion.com
pldtdsll.net
pmxmc.party
poeppelmannn.com
portlovers.usa.cc
poweringinfluence.com
prassqautor.in
premierevents.co.zw
premoldadoslopes.com.br
primausaha.net
propertymanagementmelbourne.biz
publicspeaking.co.id
pupetg.ml
pvcfloorco.com
qaza.pw
qood-universe.com
quantumegypt.com
qzec.club
ragasgki.gq
rajas.cf
rb-nitl.com
redkantipur.com
refractoriesexperiencesrl-it.com
regdombe.com
resensepas.com
rettgive.org
rextaeri.bid
richkidinvestment.biz
ritsuninfra.in
rmsalf.com
rockingworld.gq
rostizadonaums.tk
s116832.smrtp.ru
s117238.smrtp.ru
s117247.smrtp.ru
s56569.smrtp.ru
saeeaglesgroup.com
safaricomfreemb.000webhostapp.com
safemann.tk
saftygroup.com
sahakyanshn.com
sahibokashma.com
saintiment.us
salesakapamu.pw
saleschinak.us
salesgroupmotive.ga
salesxpert.ml
salesxpert.xyz
sanapetiope.com
sandivartgallery.com
sanpacsinergi.co.id
sarana-sukses.com
saresware.com
satixxxx.xyz
schlntek.com
schwingsteterindia.com
scoplit.ml
scoth.ml
scrolgraft.com
secure-business.cf
secured-panel-verification.cf
seerwty.ru
sefanivc.com
segami.ga
segami.ml
semaprin.info
sensimatino.us
sertencee.xyz
service-us.ml
setlop.ml
sexnyoga.com
shamaldecorations.com
shangde-intl.com
shannon-be.com
sharing-details.ml
shiipco.com
sicc-italia.cf
sierracontrol.club
sinfastener.com
sinonem.tk
sinowaychina.co
sirndoe.ga
sirndoe.tk
sixpacksbnonye.eu
siyaghasourccing.com
skalesause.com
skyflle.com
slimpityio3.us
slimteaversis.us
slowidyter.us
solution.org.ng
sonahelton.ru
soyasticks.club
soyastik.club
spacemc.com
specsnarts.gr
spectrocoinss.com
starterpackproductions.ru
startrightet.com
startupnigeria.xyz
stl-host.com
strutitinca.ro
studemplo.com
suggesshop.com
sunny-displays.com
sunnynaturelstone.com
supersaiyan.ru
supplyexpert.ca
support-office365.date
sureserver.xyz
suresinos1.cf
surkeycn.com
svit-zer.com
sylvaclouds.eu
szccf361.com
t-bagnation.com
taughtcom.ga
tbmr.nut.cc
tclokies.biz
tcoolonline.mobi
thammyvienanthea.com
thawaslobem.com
themutualbenefits.com
theonlygoodman.com
thewinningchild.ru
thomsun.ml
thorasgardstorm.com
thousandan.ml
ti-film.com
ticmac.nut.cc
timbb.usa.cc
timbet.space
timo.space
tobecome.website
tokimecltd.ru
tokoyplast.com
toplock.ml
topstar-it.com
tpended.xyz
tractvin.ml
transliop.com
traucotravel.com
trigvnarnandala-id.com
triplealaw.co.ke
tsq-hk.com
tuhibtadaymol.com
typingone.xyz
typrat.club
tywebbing.ml
u0000171.cp.regruhosting.ru
u0418693.cp.regruhosting.ru
u0431828.cp.regruhosting.ru
u0437697.cp.regruhosting.ru
u0448593.cp.regruhosting.ru
u0450198.cp.regruhosting.ru
u0456259.cp.regruhosting.ru
u0462189.cp.regruhosting.ru
u0466390.cp.regruhosting.ru
u0469399.cp.regruhosting.ru
ujaas.ml
ukaytrades.tk
ukonlinejfk.ru
ultrainstinct.ru
umelo.ga
umnalalobae.com
umumi.xyz
umunna.info
unifarmex.net
unseengrace.ru
upgrademailboxsecurity.org
urbanworldofgoodluck.cf
userrlive.xyz
ushamartin-in.cf
utasarmsinc.ru
vaiit.com
vailablity.ml
valtoboy.info
vatanplastki.com
veezer.club
venitex.nut.cc
verifygmailcom.com
vicesman.ru
vicesstudios.ru
victoralifts.com
vietjetair.cf
viettrust-vn.net
viparac.us
viruscheckmake.cf
vivadesssssswer.gq
vividerenaz.com
vopspyder.website
vsp.com.mx
vthingsure.gq
vvdliv.cf
vystah.com
webapp-mpp2.com
wegotakedistime.ru
wellshyeng.com
wenever.ru
whipwack.com
whoizzupp.com
whoyouhelp.ru
whytepolo.ru
wildlifeworld.gq
willaimsclarke.com
willmoretraders.tk
windjutsu.nl
wisefile.ga
wizzyalone.ga
woelpuu.com
workfromhomeplc.ru
workitto.xyz
worldwar5.ga
wwment.ml
xemontd.xyz
xemontdsd.xyz
yellatthemz.com
yelogmahtma.com
yemuraichahuruva.com
yg.kenal-cn.com
ymams.cf
ymwsolutions.com
younqone.com
yourgrowthpartner.website
yxzzone.info
zartashakona.com
zealtin.ml
zedekus.com.ng
zeesportvissen.be
zenshinonline.ru
zeromb.website
zgtco.com
zinnywendy.cf
ziqrah.com
ztkeco.com

# Reference: https://www.virustotal.com/gui/ip-address/209.141.50.70/detection
# Reference: https://gist.github.com/silence-is-best/852a1c7c7dcf29fdc8d5df73433e7676

http://209.141.50.70

# Reference: https://twitter.com/petrovic082/status/1390586387066507268

wsdykungcommunicatdf.dns.army

# Reference: https://www.virustotal.com/gui/file/29fcdfdbb33bdc271397e33e9c9c8629810764fc3eb46e02824eb92ed6ad53e1/detection

chnsndyglobalwealthandreinforcementagenc.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1395637836074864640

mbyi.xyz
vnmbyi.xyz

# Reference: https://www.virustotal.com/gui/file/b8934d2a6daca6a21badf97c95d9bcc2909fc74bb8fe1ff485c703e17df109b8/detection

g2m2.xyz

# Reference: https://www.virustotal.com/gui/file/e363615fe5237baf73271b1c71dfdb375917253f76932543910ce1f2838281fc/detection

pkzz.xyz

# Reference: https://www.virustotal.com/gui/file/20dcf7fad0dafd0771178477de1e48795d0380651e75bcf2e12f1e7eb0c8d5e8/detection

msslrsa-motherson.com

# Reference: https://www.virustotal.com/gui/file/85179df65f7b3dee099f8f91f5d1c207d66fbbfbb639d6853503ec16f9d96b39/detection

saniceramics.com

# Reference: https://twitter.com/TeamDreier/status/1399998905413144576

swissbully.gq

# Reference: https://www.csis.dk/newsroom-blog-overview/2021/danskbank-spearphish-loki/

bhuddy.tk
drongubuoy.duckdns.org
flowadutz.cf
gypkuts.gq
nijawright.tk
quintox.duckdns.org

# Reference: https://app.any.run/tasks/7d6e3562-a2cc-4e0c-a187-478bd57745d1/

http://63.141.228.141

# Reference: https://app.any.run/tasks/94932b41-ca9d-4006-904a-d248ef4927de/

ctp1.xyz

# Reference: https://twitter.com/reecdeep/status/1404695309599580161
# Reference: https://app.any.run/tasks/9bff6553-ceb7-40fe-abc7-d7da5cc2c895/

aft-forge-tw.com

# Reference: https://twitter.com/FewAtoms/status/1407405344767283201
# Reference: https://twitter.com/James_inthe_box/status/1407406090627682304

maizefucanism.hopto.org

# Reference: https://www.virustotal.com/gui/file/8a52b6f10097b3c5fd1ae397a5ddce9d11e58c654d590baf0d7de988dd9fc60b/detection
# Reference: https://www.virustotal.com/gui/file/17dce1f7477b9519037952c6fb6f3b56e0b5afc9a82b7ccf2229d105c3e48c99/detection

wilfredzaha.cf

# Reference: https://twitter.com/wwp96/status/1410320860037238784

apponline97.ir

# Reference: https://twitter.com/wwp96/status/1410325849581182977
# Reference: https://app.any.run/tasks/efdbaaae-0184-4041-ab39-d6d482d9b770/

pakilogs2020.xyz

# Reference: https://twitter.com/wwp96/status/1410613354037534725
# Reference: https://app.any.run/tasks/4d434cbb-3c6b-47b8-9b17-2d8e5371f338/

brokenpipes.cf

# Reference: https://twitter.com/wwp96/status/1410615305693319185
# Reference: https://app.any.run/tasks/139fc93a-399c-4f73-b52e-4684067b78c7/

http://192.236.193.138

# Reference: https://twitter.com/reecdeep/status/1410871093418659841

karinedocesesalgados.com.br/karin/five/fre.php

# Reference: https://twitter.com/wwp96/status/1411207917953552384

domainaccountsupport.tk

# Reference: https://twitter.com/wwp96/status/1411765432877568006

http://185.110.190.5

# Reference: https://otx.alienvault.com/pulse/60e446ef1832c2df83af7753
# Reference: https://www.virustotal.com/gui/file/2e212f21f7c0ecf0dc4dbba2916fb802de978780955fa68c936cb5059e3470bf/detection
# Reference: https://www.virustotal.com/gui/file/494ac0275d68f3a9274b66b98166f163e61ab1d72a740a0822d2b209b3adbd15/detection

elojomiradordelapaz.com.ar

# Reference: https://twitter.com/pollo290987/status/1413428878786416642
# Reference: https://www.virustotal.com/gui/file/922135a10e85dde50c701490c1b71fa8c686becb0c8bbf020e64cd3b36927754/detection

http://185.227.139.18

# Reference: https://www.virustotal.com/gui/file/418399f3a43e0194760d05e2ffd6a61bcde6d79bff4c016114f58fb4aa6e1b4f/detection

judyhkde.ddns.net

# Reference: https://www.virustotal.com/gui/file/d324d33233edf16f00bb4c9a06a14eee0ef15f8d90a3b9f62213e0ea9054312d/detection

faski.nut.cc
/b-slek-t/fred.php

# Reference: https://www.virustotal.com/gui/file/49d9f64ca22cb1c7b3f8cdd75d06286f87d5abb736b7a0a8b0651df5620b0c66/detection
# Reference: https://www.virustotal.com/gui/file/0f1d9f17d6380c6318f136f9f951922cffd80ba90fa8748ab88e6fd0b0b19ceb/detection

http://101.99.84.46
/adams/book/fred.php
/buc010/110/fred.php

# Reference: https://twitter.com/reecdeep/status/1416024585271664641

bauxx.xyz

# Reference: https://www.virustotal.com/gui/file/c8c3389034ebc85a51f95feec24db71e6d2183a709e0286a5bee51d14b5a0e1c/detection

http://104.168.166.188

# Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-0716-0723.html (# Win.Dropper.LokiBot-9879411-0)

googleforshares.publicvm.com
judge2020.ddns.net
omglunie.hopto.org
sportsgroup-hk.com
vuadaubepz15-29353.portmap.host
whores.hopto.org

# Reference: https://www.virustotal.com/gui/file/287b1ea666b7d71e8f499e4f216a352ca83dde8116ffde96ef97aee25406ea7c/detection

lushbb.xyz

# Reference: https://www.virustotal.com/gui/file/a9218232b7ccbcce51498e20b9f2a44f2802f051d646fac94ef5a2c54c212c50/detection

moorim.xyz

# Reference: https://www.virustotal.com/gui/file/ab99527876af2a4f02542bd2eda871142f23eedb4b344f3b227f87657bbf2104/detection

minairinours.sytes.net

# Reference: https://www.virustotal.com/gui/file/4dbbc0516c8a84ac523ab6d73991a4c608b99dd7339ca762a2a4b116e74a7609/detection

oct1.xyz

# Reference: https://www.virustotal.com/gui/file/6408f4bb3c9014fb9392ef59a53f449eb2389a9972b468a37c64c7083c80d1e0/detection

kago.us/nwamama/five/fre.php

# Reference: https://otx.alienvault.com/pulse/610299742f8bdb1aa56b2213

ccjjlogsx.com
fossilcourt.com
ikloki.xyz
luoslasco.xyz
manvim.co

# Reference: https://otx.alienvault.com/pulse/6103eaf5501505929c284f01

apponline354.ir
brokenethicalgod.tk
luoslasco.xyz
newblessings.gq
sureflt.com
zascocs.xyz

# Reference: https://www.virustotal.com/gui/file/631b540d7f8c3741039ff4d346718ba6c44f2997e1f863a68d04ef43ffe64ec7/detection

askenya.org

# Reference: https://www.virustotal.com/gui/file/b92592d97954817dffb8d067b1c28d26dfc75b213e8b7bfcefbd559f21a14c75/detection

kdhema.tk
mmanueud.gq
/newman/sab.php

# Reference: https://twitter.com/peterkruse/status/1424975188073066513

express-gus52.duckdns.org
moneyrepresentpairme.live
myprofitmethods3.com
pakke-postnord.web.app
poseidon99.ddns.net

# Reference: https://twitter.com/reecdeep/status/1442774670701379586

lokich.xyz

# Reference: https://twitter.com/pr0xylife/status/1445686399064166400
# Reference: https://www.virustotal.com/gui/file/be9101f039f916ca626a4570cf36f1d251ee563e57507a9aadb6c4342bee6afc/detection

checkvim.com

# Reference: https://twitter.com/reecdeep/status/1447503618031202304

farmanat.ro

# Reference: https://www.virustotal.com/gui/file/7ea5f5d1f96eb486c8fd9293d8bb390656e4fb60caebeae993e9a911b9378009/detection

bobbyelectronics.xyz

# Reference: https://twitter.com/dodo_sec/status/1455724475857649664

gervenez.xyz

# Reference: https://www.virustotal.com/gui/file/0eff36fe3a003611e22d5609ff009c12e4f4c8aefd4d908570885889d53ccb12/detection

secure01-redirect.net

# Reference: https://twitter.com/reecdeep/status/1460514950745579521

gridnetworks.xyz

# Reference: https://www.virustotal.com/gui/file/6edc1de4c35d3f5768b4ff27a5b76655e4d83979ac3cc756275563b9d1bf111c/detection

panlad.com

# Reference: https://www.virustotal.com/gui/file/68fc45a82df9a4260e3de70a73eed09f47e9a3fb0ca74d8d3c85d6579a7fa0be/detection

http://66.29.151.252
/~nextimageblog/picture.php

# Reference: https://www.virustotal.com/gui/file/df59bc80a105bcc98613c3ce0b6635f69359a99ba44865db21d46a3fb8cbfff7/detection

umuloki.xyz

# Reference: https://twitter.com/pr0xylife/status/1465395868597690368

74f26d34ffff049368a6cff8812f86ee.gq

# Reference: https://www.virustotal.com/gui/file/caaa9c3c18c70d0fa3ce8eeb331098923c5d66c85852d61ff35e44ef3717d552/detection

http://37.0.10.190

# Reference: https://www.virustotal.com/gui/file/828962bfc3cc29b54adf64d9a15c9a9865abac09bc571eec47d8e2c7bab095ec/detection

http://185.94.191.80

# Reference: https://twitter.com/pr0xylife/status/1468505451167891461

http://63.250.34.171

# Reference: https://www.virustotal.com/gui/file/6f5c922b9dbe3cef8c06050203055e646d49c3e976ef93c02c54264ad9739064/detection

hdmibonquet.ir

# Reference: https://otx.alienvault.com/pulse/61b09f75365e2857bc72c057

aboasu.xyz
lokaxz.xyz

# Reference: https://www.virustotal.com/gui/file/54c84f8fad62a58d7e3490bb6e702fd85aa5bb10bdb7569fbc03689b791603a7/detection

vietphatjsc.xyz

# Reference: https://www.virustotal.com/gui/file/57421d815fd6a060ccd61b682db92d7b9a116e7ffe68272c490577be0e3956c4/detection

fruityx.tk

# Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b
# Reference: https://www.virustotal.com/gui/file/75e5171c975ae001bf82ab53fe026b4dba7f9008b0bb037b4628e3375ff6abe7/detection

usuthucoal.co.za

# Reference: https://www.virustotal.com/gui/file/6e8669e029cced959869d6634d6943b37bb16cf3e6cc5829ff230f09778659e5/detection

moneyfinders.xyz

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html (# Win.Dropper.Lokibot-9899536-1)

freakybros.ml
jesicastreetdesign.com
zoicstudios.info

# Reference: https://twitter.com/pr0xylife/status/1451463572639436820

http://63.250.40.204

# Reference: https://www.virustotal.com/gui/file/2a7064ef86916204f66da8f701a5ba979b0ea97a6a9ee4c6b955527a3cd4af21/detection

peakledz.xyz
samsung-tv.tk

# Reference: https://twitter.com/pr0xylife/status/1480494355177779202

mangeruio.ir

# Reference: https://twitter.com/reecdeep/status/1481994048500084744
# Reference: https://www.virustotal.com/gui/file/f167842e13628e375ee9746f7351d1042cdb77e475d382a35c34fc462a869c72/detection

slimpackage.com

# Reference: https://twitter.com/pr0xylife/status/1483100182829019144

mainlandtoisland.ml

# Reference: https://twitter.com/pr0xylife/status/1483140652263215105

mainlandtoisland.ga

# Reference: https://www.virustotal.com/gui/ip-address/13.68.141.149/relations
# Reference: https://www.virustotal.com/gui/file/67f2ac673104bb3b17acde4dc66186d0481c142c9683db3e20c3eceb03b61baf/detection

capgosit.gq
domynuts.ga
gobonamud.gq
nesofirenit.gq

# Reference: https://www.virustotal.com/gui/file/eb6ba1886a60c4948b45d9acc048187acdf8b941c9259f478eacedf519260035/detection

lospwix.duckdns.org

# Reference: https://www.virustotal.com/gui/file/80bc22eb094a019c29b891722be26c152adcebd3e3b95d85ef004ac4dfbb35cd/detection

akiwinds.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f861b22de2dce92e689b895e8b862fe51bfab56cf466db8d1ea7513682cd3c36/behavior/VirusTotal%20ZenBox

noithatcombo.com.vn

# Reference: https://www.virustotal.com/gui/file/c27e339893d3e5fc1e61e73ffafac8a7bcf76813a92f91ecfa38535210d6c7a7/detection

s442136.smrtp.ru

# Reference: https://twitter.com/pmmkowalczyk/status/1485588602893570049

jxcnx.xyz

# Reference: https://twitter.com/reecdeep/status/1485979072933117952

http://62.197.136.186

# Reference: https://www.virustotal.com/gui/file/e326648386211c2f9b5b582c24ca5b108897af4a9637285b6e8b8cbc0e8d8d37/detection

http://167.71.40.10

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_31.01.2022.txt

http://178.128.244.245

# Reference: https://www.virustotal.com/gui/file/29fc755c18229a2b6e0f5af5ccc41f59b7858ff91c8317dfea10cf8faf70d842/detection
# Reference: https://www.virustotal.com/gui/file/25cbea94201df54fb7ac7c44d4f02e4ac5ae4501a0a12d811e42142f9fa16e26/detection

http://192.3.121.131
windowssecuritycheck.gdn
/Pony_THlhRcvvCv31.bin

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_02.02.2022.txt

http://128.199.46.58

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_04.02.2022.txt

s446272.smrtp.ru

# Reference: https://www.virustotal.com/gui/file/c4c1b199cf84e8aaa835220f5fc34e8f05981c0f3e79ee6def29858780a7ed1b/detection
# Reference: https://www.virustotal.com/gui/file/68f3c6392d7796a95c120279edc9506fc547c994d89a004bfc07e96ec8f9636b/detection
# Reference: https://www.virustotal.com/gui/file/68101164b5882ebdec2a42f16e24d90c67412e8f41ef07ab9a32c34d94b104c2/detection

smloki.xyz
/cs/u/cooz.php
/cs/u/fufu.php

# Reference: https://github.com/stamparm/maltrail/edit/master/trails/static/malware/lokibot.txt

250b48d798957fbf33b77ae8a74a45ca.ml
asiaoil.bar

# Reference: https://www.virustotal.com/gui/file/0b99b8d927c0b4686744bb7fec2ca9feb75ab5d2e9e28e8e666d54fbc6118917/detection

nextlevlcourier.com

# Reference: http://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html (# Win.Dropper.Lokibot-9938416-1)
# Reference: https://www.virustotal.com/gui/file/05df89435977607add23c46692b555deae3478a61d7da0f614f13ea86d1be337/detection

kkeyvenus.ru

# Reference: https://www.virustotal.com/gui/file/bb8e5543df945a55653a320f95ac3f81a8b266ca788fa800139c61a1d5c88549/detection

http://164.90.194.235

# Reference: https://twitter.com/reecdeep/status/1494262764042338309
# Reference: https://www.virustotal.com/gui/file/e88b0371276205e7ca3a6cf7f45de7c1c2114e63f573796119580d3919b57430/detection

250b48d798957fbf33b77ae8a74a45ca.cf

# Reference: https://www.virustotal.com/gui/file/073aef37b9c2c323073a2880725ff8e123342f47a7c8a805f4815f65c0406b1a/detection

peak-tv.tk

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_22.02.2022.txt

dieselloil.buzz

# Reference: https://twitter.com/reecdeep/status/1499668276149948416

hstfurnaces.net

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_08.03.2022.txt

qtd8gcdoplav737wretjqmaiy.gq

# Reference: https://www.virustotal.com/gui/file/f5d8fad28929c9f531235be0f36a22daf051206bbde4a97a9955891615ada166/detection

vlascx.xyz

# Reference: https://www.virustotal.com/gui/file/ee2440922354d6be2dce4ab27274ae2cc2108d8dde37837a739a7e2a36e317d5/detection

ui3opgrowthproton.sytes.net
/polfhkgsgh/

# Reference: https://twitter.com/cluster25_io/status/1502241981875040258
# Reference: https://www.virustotal.com/gui/file/e0fb87e9ad0d063d8627006f57bf3a75fdd2ee4f4dcd4ff7933b8a6a3a41eab4/detection

qtd8gcdoplav737wretjqmaiy.cf

# Reference: https://twitter.com/jstrosch/status/1502294984082530308
# Reference: https://www.virustotal.com/gui/file/0eecd143d84fde7775035d32a7b7cfdce6a909f5aee9908b93d8d4a942da44a0/detection

sudais.com.pk

# Reference: https://twitter.com/tosscoinwitcher/status/1505784120927932418
# Reference: https://app.any.run/tasks/ce9f5b6d-2274-41ea-a882-0dc11e95c911/

chrisupdated.xyz

# Reference: https://www.virustotal.com/gui/file/69f9cffe5e803f964ffa8cd28190fe2f580408c13aceceeb4d6fa40a70a967a8/detection

plxnva67001gs6gljacjpqudhatjqf.gq

# Reference: https://www.virustotal.com/gui/file/0405c940e93ba13527c87b6a80aeac058734fa4ce0c9a594774d696eca07b28e/detection

furnaceshst.net

# Reference: https://www.virustotal.com/gui/file/f4989c44ae69ec60a1b824ec91a6c30e8382968a1c57acf7c0ecd036e02c2597/detection

http://212.192.241.50

# Reference: https://www.virustotal.com/gui/file/c9b9a12acd65513eca14c391f93caa3b54afc4865a6dec15f870e2324bd46094/detection

bulenikgroup.com

# Reference: https://www.virustotal.com/gui/file/c5d7da05bec838aeede4b87a83064eadd85dbfe4eb886ee631b63a66d2d845d5/detection

gaviscon.tk

# Reference: https://www.virustotal.com/gui/file/017547419287e895a76b91cddf21a84c9f21a2086cead44a224cbd8ad0cc8db8/detection

sempersim.su

# Reference: https://www.virustotal.com/gui/file/0018299b30892d405f7e9bcab955a3ec9c5494b0ae42a003d805351b0e3bed99/detection

snuniform.com

# Reference: https://otx.alienvault.com/pulse/613751e2a4ce99633a3977de
# Reference: https://www.virustotal.com/gui/ip-address/46.173.214.209/relations

http://46.173.214.209

# Reference: https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html (# Win.Dropper.LokiBot-9949439-0)

kzi.ddns.net
pxv.ddns.net
qbz.ddns.net
phprat.wm01.to

# Reference: https://www.virustotal.com/gui/file/0c5657913772f1b6183f55c3da5a44b905b5a27599140c6c265fb8abfa2210e6/detection

hyatqfuh9olahvxf.gq

# Reference: https://twitter.com/reecdeep/status/1531196537497391105

giskia.xyz

# Reference: https://www.virustotal.com/gui/file/9b44c677587d3cbd6eeb546e50011fbeb5e7e5ed5768d25858be6da683ba5bde/detection

plxnva67001gs6gljacjpqudhatjqf.ml

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Lokibot/Lokibot-%2029062022

http://198.187.30.47

# Reference: https://www.virustotal.com/gui/file/b725e73edec2f3fcaca92038ddcaffd70a8209b5e86d503e70053e336975b58c/detection

http://85.202.169.172

# Reference: https://www.virustotal.com/gui/file/00a29990bde1f816a68e2c1a61370c851f0f4a603e12a2455400effe6d6edd52/detection

http://45.133.1.45

# Reference: https://www.virustotal.com/gui/file/50df0cf773a17c1cf9f8daacd24a9665e8f443a1efa986b61f235ca58bb738c6/detection

http://185.102.170.20

# Reference: https://www.virustotal.com/gui/file/10f2804ab00ab8bdaca0ae1c36787d0620859dc31df47583990f2caacd45cc9e/detection

blinkcard.co.vu

# Reference: https://www.virustotal.com/gui/file/525873f7c7a8cfd76719ad589667e853fe31b78ee2e79fc4730e36297e27176f/detection

azomoney.ddns.net

# Reference: https://twitter.com/reecdeep/status/1546464045083103232

lasloki.us

# Reference: https://tracker.viriback.com/dump.php (2022-07-11)

http://104.148.41.58
http://104.148.41.60
http://104.168.220.122
http://104.223.143.150
http://104.223.143.21
http://104.223.170.13
http://104.223.170.68
http://137.184.73.79
http://137.74.86.140
http://142.11.195.130
http://156.96.128.246
http://156.96.47.5
http://157.52.211.137
http://157.52.211.247
http://158.69.39.138
http://185.100.87.134
http://185.141.25.227
http://185.208.182.56
http://185.243.215.191
http://185.243.215.88
http://192.119.86.105
http://192.119.97.23
http://192.236.161.205
http://192.236.176.109
http://192.236.179.167
http://193.142.59.105
http://193.56.28.124
http://194.85.248.167
http://195.133.40.71
http://195.154.23.200
http://198.44.96.228
http://2.56.57.48
http://203.159.80.151
http://203.159.80.209
http://203.159.80.29
http://208.70.248.230
http://217.64.114.181
http://23.254.215.137
http://2lcfo.com
http://31.210.20.58
http://31.210.20.71
http://31.210.21.236
http://37.0.10.225
http://45.142.202.11
http://45.95.168.158
http://46.183.221.234
http://46.183.221.237
http://46.21.147.175
http://49.12.47.176
http://5.152.210.166
http://66.85.157.122
http://84.38.130.67
http://89.43.107.198
http://94.100.18.81
27802482-46-20180725142719.webstarterz.com
74f26d34ffff049368a6cff8812f86ee.cf
74f26d34ffff049368a6cff8812f86ee.ml
7thstreetmotelmildura.com.au
abiz-solutoins.com
abrokenskull.tk
absogain.ir
acmanets.com
acpanode-sg.com
act-tokodenko-jp.cc
ad4teg.com
adminserver.xyz
aerocorpevionics.com
aesseal-my.com
agbisiulokompko.sytes.net
ageacci.ml
airmanselectiontest.com
alexandreguillemain.com
alhajikudi.com
alutach.com
ameropa.gq
ameropa.tk
amit4uservices.aits.ooo
anatoli1.ga
aradhana.faith
arinzeproducts.xyz
arkt.xyz
arku.xyz
athansie.com
atimewiththeskull.ga
audiosv.com
avatar.ps
aws--vn.com
axislearning.org
azme-contractors.com
b7team.com
babaseoa.com
bambamli.com
banboocnc.com
barotechf.ml
bashan.to
basungaintl.gq
batdongsangiacatloi.vn
baybaytolie.com
bbelectronics.xyz
beheshtsoft.com
benera.xyz
birn.xyz
blackstone.com.pk
blemblem.us
blesblochem.com
blorehost.in
bmaudio.com.vn
bnbrokenhead.cf
bobbyservices.cf
bobbyservices.tk
bobydomain.com
boeschboddenspies.com
bombetong.vn
bouquetltd.xyz
bouxwe.ml
brandbuckit.ml
brasch-adolf.xyz
brightlookoptic.xyz
brokenbones.cf
brokenethicalgod.cf
brokenethicalgod.ga
brokenheart.xyz
brokenislegion.cf
brokenislegion.ml
brokenislegion.tk
brokenpipes.ga
brokenservices.cf
brokenservices.gq
brokenservices.tk
brokenskull.cf
brokensoul.ga
brokensoul.gq
brokentools.xyz
byorn.us
cambridgelodge.com.au
cantlemedical.com
cbicbc.com
cfdprivateme9082.serveirc.com
chelitos.com.ve
chosunshippinq.com
ciberipan.com
ckjdx.xyz
codezonelab.com
coegroupco.com
colbaservices.ml
colorlux.ro
comercializadoranino.com
conmklopc.sytes.net
consuminero.com.co
coolgirlsnation.com
crazyhost.xyz
crazzzycrab.com
d-hub.pw
davidmorgann.com
ddhhd.xyz
dewi.cf
dewi.tk
dewii.ga
dewli.cf
dewli.tk
dfdprivateme9082.gotdns.ch
dhlglobalexpress.shop
digamx.com
doanlee.com
drsmarinegroup.com
druseidt.ml
dsifoe.ml
dulfix.com
duncaamaechi.com
dunlopmill.org
duro-tw.com
dyjcgvdfgdzgzdzzf.gq
easydriverservice.com
ecoad.in
edarah.com.eg
edificiosafico.com.ar
egobiakita.xyz
eightelegance.com.br
einihutintl.gq
eloquentcs.com
engelsmah0mes.com
englee-sg.com
eoci.ml
eocie.cf
eocie.gq
erdesqs.com
everydaywegrind.ga
everydaywegrind.gq
everydaywegrind.ml
everydaywegrind.tk
excommercial.com
eyesonvaughan.ca
febspxiii.xyz
fedon-it.com
ferreraembroideryandprinting.com
fesmed-inst.com
finacafe.net
firnabulking.com
fitydent.com
fleximexi.ir
flinstonees.us
flokii.us
freestone.co.in
fucheun.com
fuscon.ga
fuscon.gq
future--seafood.com
gaoshengfuruiture.com
gbbrg45g.gb.net
geeccaships.ga
ghadtanter.ml
ghadtanter.tk
gjsd.xyz
globalresults.cf
goodservices.co.vu
gsppower.xyz
hatchlogics.ml
hcsnursing.com
hettichlab.cf
hfktichen.com
hikmahmuliautama.co.id
hoist.cloudns.asia
homemakerandcompanionservices.com
homex.az
ibmcloud.tk
iii-asiacarqo.com
impac.vn
inductotherrnindia.com
intco.tk
interplasts-uae.com
irimox.com
itrad3r.com
jackmoynehan.com
javadijudo.com
jlk-comercial.com
jlpack.email
kaleemimamig.com
kazlcomposite.com
kboyud.com
kerenzohar.co.il
kibossuqar.com
kibossuqarmen.com
kill3rr.com
kingrashford.xyz
kjxd.xyz
klinklan.us
koreanbeautyexpert.com
kovachevpress.com
kunu-kunu.com
kushikushi.us
laptopcudanang.vn
leedproje.com.tr
lewukwu.to
lightloog.ddns.net
linkk-my.com
lkpswrd.ga
logboxreport.top
logspot.pw
lokvrtz.ml
lokvrtz.tk
luatthienminhlong.com.vn
lugaribeiro.com.br
luxdele.com
luxlogics.ml
luzongrace.to
maderasperuanas.com.pe
mafivaz.biz
maiithaiii.com
mail.jithiadaproperties.com
maisadour.co
mamado.tk
mamvurafarm.co.zw
manaman.xyz
marianne.tk
mcrnsw.com.au
mekamaka.com
microdots.in
milonga-a-promotora.pt
minimini.us
mito--cn.com
miwoodworkingservices.com
mjlog-vn.com
mobitechgroup.com
monndigroup.com
morilloart.com
mrchtr.xyz
mxrz.xyz
myinsidertraveltips.com
mymakporo.com
myramauritius.com
myutyrhb.gb.net
nanohes.com
napco.xyz
naturepack.cc
nayablabs.com
ncdongyanq.com
nedskytrex.xyz
nemcatacoateatro.org
netease-163mail-com.gq
netsolcomputers.in
newnailssystem.com
newrokshipping.com
nganyin-my.com
nightmarefile.ga
niskioglasi.rs
nl5329.ir
nl9970.ir
now-release.tk
nsfaktor.com
obostreet.com
octvt.xyz
office365-account-verify.tk
ogidoil.us
oilproduce.xyz
okpana.com
omegamarinagroup.com
onlygodam.com
optimize-apiv2.barantum.com
oziltestfw.ml
pablofile.ga
pablofile.ml
pandrol.gq
pardicshini.com
parsegitim.com
pfstechexpo.com
phanphucland.com
phiheatings.ir
piavee.com
pkez.xyz
pkhz.xyz
pkxz.xyz
plugman1.ga
plugman1.ml
pnkp.co.id
postmasterupdate.gq
powerbankbless.xyz
premacorceb.com
prometall-cm.com
prosperman.us
pswrdlk.cf
pualofficelogs.xyz
puppuslog.xyz
purelogsnet.ir
purinex.co.id
pyaiki.ml
qlaston.net
qreenmaple.com
quitricks.com
rabbleserlokclogin.com
radiomandeep.com
rapidations.ml
rastaturin.gallery
rayvvin.cc
refloxty.com
reiangkor.com
rejgroups.com
remote1.cf
rfsfju.xyz
rhinestone.cc
rinnai-th.com
rip-tion.icu
rnalema.com
rologopoulos.cf
roscontinental.online
rostovafile.cf
rostovafile.ga
rostovafile.gq
rsesteel.xyz
rudemath.com
sabmilagawait.com
sallysellmore.com
samsungs10.com.ar
sanibath.com
saptarangtrust.com
sascihomes.com
sbqlobalfoods.com
sbsinstitute.co.in
serviciotecnicoenperu.com
shalewa.ml
shiftbd.com
shophousesunshine.com
shyh-tw.com
sieqwarteggroups.com
sieqwartegtotolet.com
siircharrhaha.com
siniormaintl.ml
sirjoramo.club
skscarsrjn.in
skullisland.ml
skyfors.ru
skynetgroupp.com
slimfile.cf
sokoltech.ir
sonicradius.cf
spiceperfect.org
spunkyiopkslookup.ddns.net
sso-belsat.top
sterline.lt
studenhances.com
supergeorgia.ge
superson-com.ml
t-mk.me
taka.casa
taker0120.xyz
taker3.xyz
takoons.com
tayladanismanlik.com
tech-vopsire.ro
techarnise.ru
techfonet.com
tepevizyon.com.tr
thecentury.edu.vn
thesunsettrocadero.com
tkanilux.com.ua
totalleecase.xyz
troickoe22.ru
truantinmobiliaria.com.ar
tuqianq.com
tvmii.xyz
underdog1.xyz
underdog2.xyz
unitedplantations.xyz
uzoma.ru
vancouverindustrialpainting.com
vihaiha.com
vikinproducts.com
vimnam.co
warrtegg.com
webserverboxservices.com
wendoun.com
win-post.pw
world--hand.com
xc45.xyz
xcipx.xyz
xcoct.xyz
xcpxv.xyz
xianikol.com
xpmsept.xyz
xrt4tr.com
yachtservicegroup.cf
ygsddl1.cf
ygsddl1.tk
yoffc.com
ytho.com.vn
zarnaftdiar.ir

# Reference: https://www.virustotal.com/gui/file/598ffadc1fd20bae7b3f21e16827a4fb89c3796bd828060b7f7c00a0e4d355ad/detection

http://66.29.145.162

# Reference: https://www.virustotal.com/gui/file/96af90397e66be7bb5d0f9da9e8f3bfec4adc7effa74f1e82e687980551e574f/detection

tixfilmz.tk

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-29%20Lokibot%20IOCs

vmopahtqdf84hfvsqepalcbcch63gdyvah.ml

# Reference: https://twitter.com/kienbigmummy/status/1556860942956515328
# Reference: https://twitter.com/kienbigmummy/status/1556860946819465216

wwwhxxpswwwhxxpwww.myftp.biz

# Reference: https://twitter.com/BushidoToken/status/1557671002653528064
# Reference: https://app.any.run/tasks/4a6ad037-b352-45e8-a084-1beae435eade/

khaurl.com

# Reference: https://twitter.com/reecdeep/status/1557729983648260099
# Reference: https://www.virustotal.com/gui/file/2d0fb58b442846dc7d6ec46b19ea8e2819c429929e69e95137b7e282f83a6032/detection

tixfilmz.ga

# Reference: https://www.virustotal.com/gui/file/fadcfd2f990a0f871a1834723d403a0598faf9f06ca75465c58b69d81342c08f/detection

http://208.67.105.161

# Reference: https://www.virustotal.com/gui/file/00064ab13de50919fd7a194903538834e1f2c40486741d8a54574d7f2a9afa60/detection

http://208.67.105.162

# Reference: https://www.virustotal.com/gui/file/0627647ce2d12185c2e2f16c21497c3f232132c55d7ebcaba6f440448ff065c7/detection

http://162.213.249.190

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-30%20Lokibot%20IOCs
# Reference: https://www.virustotal.com/gui/ip-address/64.44.102.23/relations
# Reference: https://www.virustotal.com/gui/file/027ea94c8071a809bdface54b89f793e9c8471a6883f86d5c47093d1cb6c539d/detection
# Reference: https://www.virustotal.com/gui/file/e1d02c4389b28487e005d29b5ee0aa8d2f7b73036a1ba35864e739db6df107ab/detection

microsoft-webpage-auth.ml
office-webpage-auth.ml

# Reference: https://www.virustotal.com/gui/file/65fccd78398e413832c53a4b0341b87a3f374c8fcfb183cc45301a2f671c0c43/detection

xhvbzueifhdbjdfywete4y8va.cf

# Reference: https://twitter.com/pollo290987/status/1572239659119575040
# Reference: https://www.virustotal.com/gui/file/107b6b206140ed200f6440f30077c53ed7db2447c04cde954c52437962ea0fcb/detection

http://162.0.223.13
/?liARodoeAoISHzlzjUctUnGGtWs

# Reference: https://www.virustotal.com/gui/file/08fe3480b9cc914a39f16ffb08eac254eb75d7b4628b1b94b3c4d9bc370b9509/detection

fastlink042.com

# Reference: https://www.virustotal.com/gui/file/acca1aa7ac7fcf62d818158d0ca536b1bcad2083c67146ff7a1fd1c205c5b2ec/detection

aboutblank.in
ezeegonaigbo.in

# Reference: https://www.virustotal.com/gui/file/3ad292ab37e9e518d9d0ecab0cc469dd9d7fe4f1fc553ffc9eafa9afba79e586/detection

lokiz.org

# Reference: https://www.virustotal.com/gui/file/9d3a6225b5afb12815d37e34f88cf8d33d366c401bb53ae23a75599361e33bde/detection

darls.us

# Reference: https://www.virustotal.com/gui/file/eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c/detection

iklok.us

# Reference: https://www.virustotal.com/gui/file/51571264ea17f6eb11267797cfd17a462c408580ecbfd10587dd8f848a79e15f/detection

lazarovs.tk

# Reference: https://www.virustotal.com/gui/file/0aa1e3120a445947f6130eaff1bf585fd9b460ede841456b35427ad2d4cecb76/detection

assaggip.tk

# Reference: https://twitter.com/pollo290987/status/1579485245178798080
# Reference: https://www.virustotal.com/gui/file/c7d3f84ddd6664a2a50c9cfd3f66c03016dd5264f775a119272f8a78875b4b94/detection

julypc.ga

# Reference: https://www.virustotal.com/gui/file/290b9cd7f795ed30712637f8e6f7779412260c6f7ac70c70615d2e4a92960e0a/detection

ekens.us
/JOY/homee.php

# Reference: https://www.virustotal.com/gui/file/1976995a7a0c4a23e2ea1f6a8c3d902c02969cf1e1363c1e426ae6335dcece60/detection

http://192.64.118.167

# Reference: https://www.virustotal.com/gui/file/123f0434ed8e6d0697642b11bfb143c7e2c78b4f2f7890232e90e5b1b33fde99/detection

roslet.com

# Reference: https://www.virustotal.com/gui/file/043335bf23315d98ac9bb02410eebb6bd451440c7fe1fe73e12fb80d8cd70cf2/detection

gfxtra.us

# Reference: https://www.virustotal.com/gui/file/b6414f29e6a15ad46af0137506063f692213228b583df5e291e4a8cb0ebca1db/detection

julypc.ml

# Reference: https://www.virustotal.com/gui/file/0c15596656afd3dc5b000766495f12c2aa88b498253aee871a2b9d4b2e5c5858/detection

http://171.22.30.147

# Reference: https://www.virustotal.com/gui/file/0f7fad28f333d50d2fdd8004839e9d421b053694d9be0622af1e5e6e7bfd49b5/detection

indrageet.top

# Reference: https://www.virustotal.com/gui/file/148b48cf29eb65a944967040a7380ba7a2f41a8c34c2e7cf37e9a07f42c8dca0/detection

lomboster.top

# Reference: https://www.virustotal.com/gui/file/0f7fad28f333d50d2fdd8004839e9d421b053694d9be0622af1e5e6e7bfd49b5/detection

indrageet.top

# Reference: https://www.virustotal.com/gui/file/078023d375daed4c5cd65c8518fad6a7780ff8d8750c2008c33e4118850ba894/detection

http://103.232.54.143

# Reference: https://www.virustotal.com/gui/file/2cb755b44a07942f62c8e695520b7a2e23811430111527ba3c54eaf6cfeac013/detection

http://171.22.30.164

# Reference: https://www.virustotal.com/gui/file/123886464f55b7e5dbb297e437c1569e4521c839a6b2ee643f09e28444ad4424/detection

zynova.hawklogger.repl.co

# Reference: https://www.virustotal.com/gui/file/431b77e98ebe13cce86d413a73ef77c01aca5b758c66d27837ee9a557d4402f3/detection

efvsx.cf

# Reference: https://www.virustotal.com/gui/file/aefe5754459fbae160dc381c09ec8d3ad5484f527a1ea9accdb01b2d8f4c45e7/detection

http://212.87.204.204

# Reference: https://twitter.com/suyog41/status/1629053362653077505

http://185.246.220.85

# Reference: https://twitter.com/kienbigmummy/status/1632038253443575811
# Reference: https://www.virustotal.com/gui/file/cb87ec5825659ec1919ac6ffdec4b88e4336c0be420c726ceab1917689fdd161/detection
# Reference: https://www.virustotal.com/gui/file/97ceffc6a9462c025e344a0b709c3470ff551a914cce1ed209e4ddd63b734182/detection

http://185.246.220.60

# Reference: https://unit42.paloaltonetworks.com/lokibot-spike-analysis/
# Reference: https://www.virustotal.com/gui/file/1b574a66c84924886daec4841e1b107258e019aaf6f336329ae8fae7cbd52a34/detection

efvsx.gq

# Reference: https://tracker.viriback.com/dump.php (2023-03-15)

http://142.11.211.144
http://185.246.220.212
http://194.49.94.97
http://23.254.128.166
http://45.139.105.181
allfamax.com
assaggip.gq
binatbless.me
cands.tel
cantebo.buzz
dopilnram.cf
dopilnram.ml
dopilnram.tk
efvsx.ga
efvsx.ml
efvsx.tk
eleronixzkt.cf
hghfe.tk
lazarovs.ga
s603740.smrtp.ru
s604983.smrtp.ru
s607323.smrtp.ru
sedesadre.gq
segoremlolgv.ml
teleportstation.tk
telexmint.me
tompsup.me

# Reference: https://www.virustotal.com/gui/file/4518a9d2fc6df7a7968445f7400b95f67ebad90b9bd0ac00220510778f15ef76/detection

http://185.10.68.163

# Reference: https://www.virustotal.com/gui/file/069c5cef3137864269c1b8e7e7c4674b2a5fe17cc0310e69b4e1403ea620a51f/detection

http://157.245.36.27

# Reference: https://blog.talosintelligence.com/threat-roundup-0421-0428-2/ (# Win.Dropper.LokiBot-9997784-0)
# Reference: https://www.virustotal.com/gui/ip-address/69.61.56.73/relations
# Reference: https://www.virustotal.com/gui/file/bc0c8696fe49f30edb39ac7c4bce2fa9d48d714298b8b06e883d162752092c34/detection

5673.co.pl
abc-xyz-1.waw.pl
abc-xyz-2.waw.pl
abc-xyz-3.waw.pl
abc-xyz-4.waw.pl
abc-xyz-5.waw.pl
abc-xyz-6.waw.pl
abc-xyz-7.waw.pl
abc-xyz-8.waw.pl
ad-aaaa.bid
ad-aaab.bid
ad-aaac.bid
ad-aaae.bid
ad-aaaf.bid
ad-aaag.bid
ad-aaah.bid
ad-aaai.bid
ad-aaaj.bid
ad-aaak.bid
ad-aaam.bid
ad-aaan.bid
ad-aaao.bid
ad-dec1.bid
ad-dec10.bid
ad-dec11.bid
ad-dec12.bid
ad-dec13.bid
ad-dec14.bid
ad-dec15.bid
ad-dec16.bid
ad-dec17.bid
ad-dec18.bid
ad-dec19.bid
ad-dec2.bid
ad-dec20.bid
ad-dec21.bid
ad-dec22.bid
ad-dec23.bid
ad-dec24.bid
ad-dec25.bid
ad-dec26.bid
ad-dec27.bid
ad-dec28.bid
ad-dec29.bid
ad-dec3.bid
ad-dec30.bid
ad-dec31.bid
ad-dec32.bid
ad-dec33.bid
ad-dec34.bid
ad-dec4.bid
ad-dec5.bid
ad-dec6.bid
ad-dec7.bid
ad-dec8.bid
ad-dec9.bid
ad-decimal.co.pl
ad-jan1.bid
ad-jan1.co.pl
ad-jan10.bid
ad-jan11.bid
ad-jan12.bid
ad-jan13.bid
ad-jan14.bid
ad-jan15.bid
ad-jan16.bid
ad-jan17.bid
ad-jan18.bid
ad-jan19.bid
ad-jan2.bid
ad-jan2.co.pl
ad-jan20.bid
ad-jan21.bid
ad-jan22.bid
ad-jan23.bid
ad-jan24.bid
ad-jan25.bid
ad-jan26.bid
ad-jan27.bid
ad-jan28.bid
ad-jan29.bid
ad-jan3.bid
ad-jan30.bid
ad-jan31.bid
ad-jan32.bid
ad-jan33.bid
ad-jan34.bid
ad-jan35.bid
ad-jan36.bid
ad-jan37.bid
ad-jan38.bid
ad-jan39.bid
ad-jan4.bid
ad-jan40.bid
ad-jan41.bid
ad-jan42.bid
ad-jan43.bid
ad-jan44.bid
ad-jan45.bid
ad-jan46.bid
ad-jan47.bid
ad-jan48.bid
ad-jan49.bid
ad-jan5.bid
ad-jan5.co.pl
ad-jan50.bid
ad-jan51.bid
ad-jan52.bid
ad-jan53.bid
ad-jan54.bid
ad-jan55.bid
ad-jan56.bid
ad-jan57.bid
ad-jan58.bid
ad-jan59.bid
ad-jan6.bid
ad-jan60.bid
ad-jan61.bid
ad-jan62.bid
ad-jan63.bid
ad-jan64.bid
ad-jan65.bid
ad-jan66.bid
ad-jan67.bid
ad-jan68.bid
ad-jan69.bid
ad-jan7.bid
ad-jan70.bid
ad-jan71.bid
ad-jan72.bid
ad-jan73.bid
ad-jan74.bid
ad-jan8.bid
ad-jan9.bid
ad-nov1.bid
ad-nov10.bid
ad-nov11.bid
ad-nov12.bid
ad-nov13.bid
ad-nov14.bid
ad-nov15.bid
ad-nov17.bid
ad-nov18.bid
ad-nov19.bid
ad-nov2.bid
ad-nov20.bid
ad-nov21.bid
ad-nov22.bid
ad-nov23.bid
ad-nov24.bid
ad-nov25.bid
ad-nov26.bid
ad-nov27.bid
ad-nov28.bid
ad-nov29.bid
ad-nov3.bid
ad-nov30.bid
ad-nov31.bid
ad-nov32.bid
ad-nov33.bid
ad-nov34.bid
ad-nov4.bid
ad-nov5.bid
ad-nov6.bid
ad-nov7.bid
ad-nov8.bid
ad-nov9.bid
ad-oct12.bid
ad-oct13.bid
ad-oct14.bid
ad-oct15.bid
ad-oct17.bid
ad-oct18.bid
ad-oct19.bid
ad-oct20.bid
ad-oct21.bid
ad-oct22.bid
ad-oct23.bid
ad-oct24.bid
ad-oct25.bid
ad-oct26.bid
ad-oct27.bid
ad-oct28.bid
ad-oct29.bid
ad-oct30.bid
ad-oct31.bid
ad1track.host
adjan100.bid
adjan101.bid
adjan102.bid
adjan102.co.pl
adjan103.bid
adjan104.co.pl
adjan105.co.pl
adjan108.bid
adjan109.bid
adjan110.bid
adjan111.bid
adjan111.co.pl
adjan113.bid
adjan114.bid
adjan115.bid
adjan116.bid
adjan117.bid
adjan118.bid
adjan119.bid
adjan91.bid
adjan92.bid
adjan93.bid
adjan94.bid
adjan95.bid
adjan96.bid
adjan97.bid
adjan98.bid
adjan99.bid
adownload9.club
adsr2.one
adtrack1.club
adtrack2.club
adtrack6.bid
adtrack7.bid
adtracker1.club
anizan47.bid
anizanads.bid
anizanbid.bid
anizandownland.bid
anizanek.bid
anizanfile9.bid
anizanpromo.bid
anizanxml.bid
apiowl.waw.pl
apiowl1.waw.pl
atrack3.bid
atrack4.bid
atrack5.bid
atrack6.bid
axtrack1.bid
axtrack2.bid
axtrack3.bid
axtrack4.bid
axtrack5.bid
axtrack6.bid
big7download.club
bluedot171.bid
bluedot175.bid
bluedot177.bid
bluedot178.bid
bluedot179.bid
bluedot180.bid
bluedot181.bid
bluedot184.bid
bluedot231.bid
bluedot232.bid
bluedot233.bid
bluedot234.bid
bluedot235.bid
bluedot236.bid
bluedot237.bid
bluedot238.bid
bluedownload2.com
buba104.bid
buba105.bid
buba106.bid
buba107.bid
bziumdownload.bid
cxdl30.bid
cxdl31.bid
dec-1.co.pl
dec-10.co.pl
dec-11.co.pl
dec-3.co.pl
dec-4.co.pl
dec-5.co.pl
downlaod1.co.pl
downlaod4.co.pl
downloadcom.club
downloadio.club
downloadux.club
downloadux736.club
downloadux736.cyou
downloadux736.xyz
downloadxd.club
downloadzoom.club
easydownload1.club
easydownload2.club
easydownload3.club
easydownload4.club
easydownload5.club
ebook-center1.bid
fuzzydownload1.club
fuzzydownload2.club
getdownloadcom.club
idown765.club
infile1.bid
infile3.bid
isfile01.bid
isfile02.bid
isfile03.bid
isfile04.bid
isfile35.bid
isfile36.bid
isfile37.bid
isfile89.bid
isfile90.bid
isfile92.bid
isfile93.bid
isfile94.bid
iso-download.co.pl
jxxdownload938.site
jxxdownload939.site
jxxdownload940.site
jxxdownload941.site
livedomain827.site
livedomain828.site
livedomain829.site
livedomain830.site
livedomain831.site
mac-versions.club
nxtrack1.bid
nxtrack2.bid
nxtrack3.bid
nxtrack4.bid
nxtrack5.bid
nxtrack6.bid
nxtrack7.bid
nxtrack8.bid
nxtrack9.bid
pdown176.club
pdown177.club
pdown178.club
pdownload109.bid
pdownload489.bid
pdownload545.bid
pdownload635.bid
pdownload637.bid
pdownload639.bid
pinkfile39.site
pinkfile40.site
pinkfile41.site
pinkydown1.club
pinkydown2.club
pinkydown3.club
pinkydown4.club
pinkydown5.club
poyrezbunker.xyz
premiumappsforfree.com
privatedownload256.club
privatedownload257.club
privatedownload258.club
privatedownload389.casa
privatedownload389.cyou
privatedownload389.fun
privatedownload389.icu
privatedownload389.monster
privatedownload389.site
privatedownload389.space
privatedownload389.website
privatedownload389.work
privdl125.bid
privdl188.bid
privdl210.bid
privdl219.bid
privdl241.bid
privdl386.bid
privdl398.bid
privdl486.bid
privdl540.bid
privdl591.bid
privoffer427.bid
privoffer429.bid
privoffer430.bid
privoffer437.bid
privoffer445.bid
privoffer447.bid
rdownloadcom.club
rxdownload31.bid
rxdownload33.bid
rxfile48.bid
rxfile49.bid
rxfile50.bid
rxfile51.bid
rxfile52.bid
rxfile53.bid
software32dl.club
step1.waw.pl
vidtechblack.club
vidtechblue.club
vidtechgreen.club
vidtechpink.club
vidtechred.club
vidtechwhite.club
vidtechyellow.club
zxtrack1.bid
zxtrack2.bid
zxtrack3.bid
zxtrack4.bid
zxtrack5.bid
zxtrack6.bid
zxtrack8.bid
zxtrack9.bid

# Reference: https://www.virustotal.com/gui/file/e9179d5b024e8d1d72b2338377afdcce5b33bd2272eeb19b2b136d5d8baeded7/detection

http://104.156.227.195

# Reference: https://www.virustotal.com/gui/file/03eeb75cca16039018b144a1d6a00d26e7f6e06970ff2bb3d1644ee884573676/detection

centos10.com

# Reference: https://www.virustotal.com/gui/file/fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5/detection

http://185.252.179.165

# Reference: https://threatfox.abuse.ch/ioc/1143971/

http://87.121.47.132

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/

http://103.139.44.52
http://103.156.90.111
http://103.167.85.164
http://103.219.154.200
http://107.175.218.32
http://137.74.157.83
http://138.68.56.139
http://141.98.6.162
http://146.19.233.219
http://146.190.157.174
http://159.89.118.162
http://161.35.102.56
http://172.93.181.75
http://179.43.149.50
http://185.162.10.145
http://185.165.31.194
http://192.3.121.203
http://193.42.32.209
http://194.180.48.58
http://194.55.224.15
http://194.55.224.16
http://194.55.224.9
http://195.133.19.4
http://195.154.34.135
http://198.98.54.161
http://2.59.254.19
http://212.192.246.61
http://216.128.145.196
http://23.239.31.197
http://31.220.40.22
http://37.0.11.227
http://37.139.128.94
http://45.133.174.204
http://45.155.165.70
http://46.21.147.34
http://62.108.40.64
http://63.250.44.84
http://64.227.48.212
http://68.183.13.128
http://79.110.48.215
http://79.110.49.21
http://79.110.62.142
http://79.110.62.42
http://80.208.226.98
http://80.209.231.24
http://85.31.46.190
http://85.31.46.94
http://91.223.82.29
http://93.188.165.64
http://94.131.105.161
http://95.164.23.2
http://95.179.142.132
ab-services.ma
abjkad.com
aboyus.buzz
africa.jithiadaproperties.com
aguxobi.buzz
arabdocx.buzz
asbogadajuli.tk
assaggip.cf
assaggip.ga
assaggip.ml
bencus.buzz
blacklifestyle.net
bobby1.xyz
bobibad.co.vu
cherubm.site
chilok.us
chykolands.buzz
chykosky.xyz
civcxs.xyz
climatte.uz
darkeyes.co.vu
debs.jithiadaproperties.com
dlokis.xyz
dopilnram.ga
dopilnram.gq
drinz.us
ebelk.us
ekens.top
eleronixzkt.ga
eleronixzkt.gq
eleronixzkt.ml
eleronixzkt.tk
esrmho.com
eventovirtualbdb.com
filcoco.xyz
fufux.xyz
gensis-advpg.com
gopliu.com
gorbachetuts.buzz
gorbat.xyz
hghfe.cf
hmsd.us
holinamet.us
honghuat.co.vu
hyatqfuh9olahvxf.ga
impexawards.com
internetstores.co.vu
itop.so
julypc.gq
julypc.tk
kene.us
kossa.xyz
lazarovs.cf
lazarovs.ml
lightgear.co.vu
litepad.co.vu
login-mail-server.s3rv.me
logs1.co.vu
mainpage-auth.ml
maylnk.gq
nice-can.cf
ornivska.cf
parpee.com
payypal.info
penairs.ml
pgixx.xyz
phoenixcreation.in
predictindia.co
qsbtankers.com
qtd8gcdoplav737wretjqmaiy.tk
recoverydatahdd.com
rnileniaexpress.com
s492410.smrtp.ru
s505413.smrtp.ru
s509040.smrtp.ru
s519403.smrtp.ru
s519460.smrtp.ru
s520723.smrtp.ru
satrading.us
sedesadre.cf
sedesadre.ga
sedesadre.ml
sedesadre.tk
segoremlolgv.cf
segoremlolgv.ga
segoremlolgv.gq
segoremlolgv.tk
skbloki.us
somontoz.xyz
spec.ir
stardoors.com.br
teleportstation.gq
tetiquila.me
tixfilmz.cf
tixfilmz.gq
tixfilmz.ml
tjfr.ga
ttloki.us
uipmcenter.net
umulok.us
unitedcourierparcel.com
walinstitute.com
wexno.us
xpznl.click
ziuxte.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-08-15)

http://194.55.224.10
edulinkr.com

# Reference: https://threatfox.abuse.ch/ioc/1150478/

http://194.55.224.11

# Reference: https://www.virustotal.com/gui/file/b2b6b2635d7a21a6dbce62811b4614d26160fc156fa74592efa7cfb24ffa8b80/detection
# Reference: https://www.virustotal.com/gui/file/21675edce1fdabfee96407ac2683bcad0064c3117ef14a4333e564be6adf0539/detection

vertebromed.md/temp/

# Reference: https://threatfox.abuse.ch/ioc/1152270/

http://163.123.143.202
http://163.123.143.204
http://163.123.143.215
http://163.123.143.216
http://163.123.143.217

# Reference: https://www.virustotal.com/gui/file/ace4774810376e5dd8bf3131c3dad03ae2c7d1d95a2edea39de42fec95a1cb19/detection

backupleads24.sytes.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-05)

http://141.98.6.249
141.98.6.249:8383
megared.buzz
oracover.buzz
pelsotin.buzz
chandler.megared.buzz
enterprisetyubeacam.webhop.me
fiorentcamcycle.redirectme.net
fresh1.oracover.buzz
menufreith.sytes.net

# Reference: https://twitter.com/smica83/status/1700079386542645452
# Reference: https://www.virustotal.com/gui/file/e1333b612da8a0435c3e071f057db334c9fec56bd93b51bf0dbfe323eb5045ac/detection

0x0.mitnyik.hu

# Reference: https://www.virustotal.com/gui/file/09eb9bffa073b0941732477cafb795d902811282e67208c0dc8544cdc5dd17c2/detection

141.98.6.249:8383

# Reference: https://www.virustotal.com/gui/file/c35a6ebdca67922ec242d49395daebe8295a2508a6557a19e05ee75bef455702/detection

141.98.6.249:6798
141.98.6.249:6868
/hfsdofsugfugsfsjrhfgeygsfs/zsdufhaisudgfszkdfasegvfjffteaskgdfygaosergaksugsyefrgskr/
/hfsdofsugfugsfsjrhfgeygsfs/
/zsdufhaisudgfszkdfasegvfjffteaskgdfygaosergaksugsyefrgskr/

# Reference: https://www.virustotal.com/gui/file/7b460ff8aca9bf842d4935a0d818a0311b675cccf76da964a8ff50443872387b/detection

141.98.6.249:7563
/sfbfghzg/

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-11)

141.98.6.249:8177
141.98.6.249:8287
141.98.6.249:8623
141.98.6.249:8947
fengpower.buzz
solariseng.icu
china.fengpower.buzz
collins.solariseng.icu

# Reference: https://threatfox.abuse.ch/ioc/1163108/

tiscali.buzz
sirr.tiscali.buzz

# Reference: https://threatfox.abuse.ch/ioc/1163614/

meyervanderwalt.top
moore.meyervanderwalt.top

# Reference: https://threatfox.abuse.ch/ioc/1163853/

oilrig.sbs
official.oilrig.sbs

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-20)

http://45.61.169.32
areen.top
caesarsgroup.top
chinacarbonfiber.buzz
ebnsina.top
edtagproducts.buzz
hncelectric.cf
midlandpaper.icu
shunfengpower.buzz
simcoes.top
evil2.simcoes.top
fresh1.edtagproducts.buzz
fresh2.shunfengpower.buzz
kelly.chinacarbonfiber.buzz
mous.midlandpaper.icu
ugopounds.caesarsgroup.top
zang2.areen.top
zsin2.ebnsina.top

# Reference: https://threatfox.abuse.ch/ioc/1165822/

http://185.216.71.207

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-25)

http://45.77.76.224
aerostarmodel.buzz
aluminprodu.top
andrebadi.top
dhabigroup.top
entracollc.top
ironoreprod.top
pearlgroup.icu
topendpower.top
alimatata.topendpower.top
china.dhabigroup.top
collins.ironoreprod.top
evil22.aerostarmodel.buzz
ffice.aluminprodu.top
investor.entracollc.top
office.aluminprodu.top
sirr2.pearlgroup.icu
zsin1.andrebadi.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-29)

spencerstuartllc.top
fresh1.ironoreprod.top
kelly.spencerstuartllc.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-10-10)

moodelstore.tel

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-10-16)

http://45.12.253.69
45.12.253.69:8168
ftvproclad.top
villar.ftvproclad.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-10-19)

bagsrad.com
blueyonderllc.top
dolphinair.top
ebnsina.top
kalnet.top
ransomproducts.top
305.ebnsina.top
305friend.caesarsgroup.top
blessedjay.dolphinair.top
davinci.kalnet.top
evil22.dhabigroup.top
ify.ironoreprod.top
jay.ransomproducts.top
link.blueyonderllc.top
nab.blueyonderllc.top
uche.blueyonderllc.top
ugopounds.ironoreprod.top
jinodoplacecam.viewdns.net

# Reference: https://www.virustotal.com/gui/file/56d16f65b67c4b1ff6e09e36489d507838b92e3ecd8aab44ccbb00e280f933b0/detection

almashreaq.top
zang1.almashreaq.top

# Reference: https://www.virustotal.com/gui/file/97359e9ad711f7cf6faab9eba12037eb496f480ea9a1fdf47559ed8d392df766/detection
# Reference: https://www.virustotal.com/gui/file/0e272e91122b2f7abb9888f6336bbdbd01d5492c30f2e0d88742edca1efd9535/detection

indexed.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c648f85cfb4717429d6c53d6106e2cab940cd43a677be5ac6606984d7dc8d713/detection

endeenduque.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-11-18)

acutbank.com
miners-gold.com
swiftguaranteedb.com/dftyh/lokinew/fre.php
/lokinew/fre.php

# Reference: https://threatfox.abuse.ch/ioc/1204213/

homoeo4u.com/john/Panel/fre.php

# Reference: https://threatfox.abuse.ch/ioc/1205079/

topendpower.top
prime.topendpower.top

# Reference: https://www.virustotal.com/gui/file/f680717659c07ce65766cacf5a108186e38565e91bb0e40e36b07780bb7eb1a3/detection

http://217.12.206.218

# Reference: https://www.virustotal.com/gui/file/cf209f1477fa2db39423e1be03acadbcca31029b1c2a19ce2efadda8c099dc6c/detection

dcqapz.shop
/pws/fre.php

# Reference: https://twitter.com/banthisguy9349/status/1736680539770212673
# Reference: https://www.virustotal.com/gui/ip-address/103.215.221.168/relations
# Reference: https://www.virustotal.com/gui/ip-address/104.237.252.65/relations

bfdlcloud.lol
cfgd.in
deutsche-aktivierung.ir
deutsche-registrierung.ir
kwk-identificatie.ir

# Reference: https://twitter.com/Gi7w0rm/status/1737981565076967749

mail.newearth-superfoods.com
view.nuvaringsideffectslawsuit.com

# Reference: https://www.virustotal.com/gui/file/ce6acf3fe7ca9978fcb0183042d1f210cc3003b4a9f8e349c3afe093c954aece/detection

saldanha.top

# Reference: https://threatfox.abuse.ch/ioc/1233881/

http://139.99.153.82

# Reference: https://www.virustotal.com/gui/file/04b2a609d7908200a05433067de41dbca4d0e930341fa3798b2ccd588111f150/detection

novlkyy.shop

# Reference: https://www.virustotal.com/gui/ip-address/104.21.46.100/relations
# Reference: https://www.virustotal.com/gui/file/7eb68960a6b79e0705d3ca8d54744d29a8744442ea6f232d961558cb1e31a561/detection

spencerstuartllc.top
roof.spencerstuartllc.top

# Reference: https://www.virustotal.com/gui/file/235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3/detection

abixmaly.duckdns.org

# Reference: https://twitter.com/SarlackLab/status/1751751414752104682

rocheholding.top

# Reference: https://www.virustotal.com/gui/file/1e4e8faeba1b1fa5520145bab6d7bb950a4362b4ff3821cbd900f9cc4e7da434/detection

http://192.236.162.234

# Reference: https://www.virustotal.com/gui/file/59cfa4ba3c3cec94d4dd4f7cd606e58155f8258c7e5cf001ec29e08183ffc9cf/detection

xmail.cfd

# Reference: https://www.virustotal.com/gui/file/ebf157f127c5ad505509b7e45474a31d31478d2cf7d4f2a2eb71100b4e9ae96d/detection

http://91.92.252.146
91.92.252.146:8002

# Reference: https://www.virustotal.com/gui/file/bbf84fd4fa7ad546805057b6e9a81840260da7655753b45e5d22d860a9d4a0a1/detection

91.92.252.146:8003

# Reference: https://www.virustotal.com/gui/file/ccb8ee71522dcf347b894d126205b7468a18a52f528d23ca86ffbf7357d80587/detection

91.92.252.146:8004

# Reference: https://www.virustotal.com/gui/file/7da9f6c9248f27db228764714777d3584c24eb6c69561b9353050cfe5eb528fa/detection

91.92.252.146:9006

# Reference: https://www.virustotal.com/gui/file/5d453be2591655ea7a303c3549afc86e759a769a5aa9e75855193a2153dbea25/detection

91.92.252.146:8008

# Reference: https://www.virustotal.com/gui/file/366c3e4f90b97f849ae44a2d0f6c6d78b9dab71582e3fbeca225180b39d589b3/detection

mauricioclopatofsky.tel

# Reference: https://www.virustotal.com/gui/ip-address/64.32.6.209/relations
# Reference: https://www.virustotal.com/gui/file/cc335f43842672e7c0a010d69d9bcc6586f1f8237388a294359ed518690d88ed/detection
# Reference: https://www.virustotal.com/gui/file/e619acb52d03adec96ae4e467a3b398a9fae20bc53e351c856b229152418343e/detection

chase.dns04.com
ebanbrown.dynamic-dns.net
micosoftoutlook.dns04.com
microsoft-01.dynamic-dns.net
microsoft-live.zzux.com
microsoft.ddns.us
microsoftoffice.ns01.us
microsoftoutlook.ddns.info
microsoftoutlook.dynamic-dns.net
microsoftoutlook.dynamicdns.org.uk
microsoftpro.dns-report.com
microsoftservice.ddns.mobi
microsoftservice.dns-report.com
microsoftservice.dynamic-dns.net
microsoftsoftwareupdate.dynamicdns.org.uk
microsoftupdate.dns-report.com
microsoftupdate.dynamicdns.org.uk
microsoftword.dynamicdns.org.uk
offcie-live.zzux.com
outlook-live.zzux.com
outlookupdate.dynamicdns.org.uk
unionspares.25u.com
webzz.vicp.cc

# Reference: https://www.virustotal.com/gui/file/b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f/detection

meridianresourcellc.top

# Reference: https://www.virustotal.com/gui/file/320b460785e3f8155ef2b11652493843d293b893a713b66e6d2cb5770e77f5c7/detection
# Reference: https://www.virustotal.com/gui/file/bf0db2eda1cc6923349fc6510a00d443e0f1fe3618acc9d46aefc2392c02aeda/detection

yiikm.xyz

# Reference: https://threatfox.abuse.ch/ioc/1255676/

http://24.199.107.111

# Reference: https://www.virustotal.com/gui/file/7e5bb28ff3ef1590d7b9cb07abd4639c1db273c7a646d4b0ea6774b5e30f54e5/detection
# Reference: https://www.virustotal.com/gui/file/4989f0bfd201ba820a8ee658ca5cc3c89812bc7540d7ce3bf22e48b7873a0306/detection

http://94.156.67.130
/page/doszx.scr

# Reference: https://www.virustotal.com/gui/file/dfb5006b16d8cbcfec9a219b6a1085bf985b7d8c4c19b1a249527ae69d90f659/detection

213.183.58.15:4886
wetransfiles.duckdns.org

# Reference: https://www.virustotal.com/gui/file/03dd84439fdb13952fbb1ef3a1f3eda0c9593ade3f6eea5a9289c60fb355bf79/detection

flypadi.com/hnn/five/fre.php

# Reference: https://www.virustotal.com/gui/file/3703fd0a78dd7c0c7fd95039b852f630910cdb38edf6eac223c4174603ac89d8/detection

tampabayllc.top

# Reference: https://www.virustotal.com/gui/file/d8c8496ad93779966bb498f8749bae4b6cdf2e1bd46c75a341e81a19fefde4a3/detection

djanic.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8482eba558dec3838458620690f31c2c8f1d0331d97dd82810d072d7fe9d927f/detection
# Reference: https://www.virustotal.com/gui/file/4faa0f24f8100aac8478d7d90f0b9f2320a81d3fac35e44244c638884352c5b1/detection

seadrill.top

# Reference: https://www.virustotal.com/gui/file/06574c6cefac987b1988ed1397a86fdd5715742f78413d0a3a24ba0a7b751cdd/detection

kingu.xyz

# Reference: https://www.virustotal.com/gui/file/c3afa10b59adb96b68cb066cb56585e4fbd5d0e93f427d2d15ea463a5c07c352/detection

sssteell-com.asia

# Reference: https://x.com/SarlackLab/status/1795198604048527752
# Reference: https://www.virustotal.com/gui/file/03fdc9fa0ccc9f2ff890f6a4b553daa1e5f71ea070728295b2db8bd08b6ea572/detection

fiseriy.nut.cc

# Reference: https://www.virustotal.com/gui/file/13d2af181a594655294318124037e2057636e479ad37ee85dc1247434dc351be/detection

erxst.info

# Reference: https://x.com/SarlackLab/status/1795379840519967226
# Reference: https://www.virustotal.com/gui/file/f6d86c60ee545a797e9fe169a07c856603c8855af5fd88d23df087077c0acae7/detection

http://192.3.209.101

# Reference: https://www.virustotal.com/gui/file/c36a6d093a31124e6b050c3eb81b366560f6d511771a6fed3424877ce4992ff7/detection

jumbie.duckdns.org

# Reference: https://x.com/SarlackLab/status/1797463292551504103
# Reference: https://www.virustotal.com/gui/file/6bedede89d5da863ed511594e3fb7c5e18a113ccdbd0f8d7611bcfe61f59641d/detection

namex-na.com

# Reference: https://x.com/SarlackLab/status/1797953141364711603
# Reference: https://www.virustotal.com/gui/file/4a33ff4869bc6b011f8c5c9babb2c9607326073d184f1784badf68e65b474888/detection
# Reference: https://www.virustotal.com/gui/file/50915f63fd75300e47e427d61797e7eb1807326171ebfbc6397d726fa591e9fa/detection

ulysse-cazabonne.cam

# Reference: https://www.virustotal.com/gui/file/3f73df609b2ed443bdecd5b0f9c1ce647d1e93fa2d821576d5f0f5d5552ed49f/detection

alphabetllc.top

# Reference: https://x.com/SarlackLab/status/1803284527327981855
# Reference: https://www.virustotal.com/gui/file/71455e610f8b5005a92e6e4eb80f17d0a23d166a58c1285dbf3ccd23ae22e071/detection

fortindo-fsm.com

# Reference: https://www.virustotal.com/gui/file/2407da1627f35dafc162c06c93c95d612ac0349488241d297152e41d0f8af7a0/detection

http://104.129.27.23
sssteell-com.pro

# Reference: https://x.com/SarlackLab/status/1808350324601581880
# Reference: https://www.virustotal.com/gui/file/0464da926fb18f221087c3d88c51b18b81d5776e559fbf9b76d8e1301c95a8b9/detection

dashboardproducts.info

# Reference: https://www.virustotal.com/gui/file/ca6dfcec2bbedebb30e4fb9a96e26ffb75f332f47b10b8ec169b9ee89c17293a/detection

stema-it.cfd
/Lchost/PWS/

# Reference: https://x.com/SarlackLab/status/1810509301556945029
# Reference: https://www.virustotal.com/gui/file/8a28668302df8fea6ea0361fd4823410aea2dcd86934736e977b356ab9052a62/detection
# Reference: https://www.virustotal.com/gui/file/4c298ecbfd5556b81ba8dc2e59a5fc273ffecae09f315b93565631b9edf2212f/detection

kinltd.top

# Reference: https://x.com/SarlackLab/status/1810645204170404089
# Reference: https://www.virustotal.com/gui/file/4f0243930267af37170243d384fc111b2ca3da9a3497cb7862485d7b62d71607/detection

gitak.top

# Reference: https://x.com/SarlackLab/status/1810886788677767385
# Reference: https://www.virustotal.com/gui/file/9ca4491594bed34f77e581987fb61a0085c1311d94b8118bee73b4f08710da5c/detection

samsunglimited.top

# Reference: https://x.com/SarlackLab/status/1820731616102121728
# Reference: https://www.virustotal.com/gui/file/a362e5c6d19b4a70a1a928a3da8763bb16d3a6296f55a488206e344c7b54aeb7/detection

werdotx.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2024-08-25)

http://104.237.252.22
http://104.248.205.66
http://162.241.114.21
http://192.185.3.67
http://203.170.84.89
http://50.63.8.251
http://94.156.66.169
94.156.66.169:5788
94.156.66.169:5888
94.156.66.169:5988
sodiumlaurethsulfatedesyroyer.com

# Reference: https://www.virustotal.com/gui/file/006ff29cd63d78ea2b6d1f7f785e991550c331c9a7430ad6eed3b7f8d733b87d/detection

http://185.34.52.14

# Reference: https://www.virustotal.com/gui/file/84fb2ec298bec7a70493394b6d6caabcd0522a8f5f7753d8e725118c7e08da4e/detection

overclockingmachines.info

# Reference: https://www.virustotal.com/gui/file/4deac63304f94a525071be2d499ef79c27c60a7713fbeeae3baa8bddf38beabc/detection

mtuogioanis.com

# Reference: https://www.virustotal.com/gui/file/52cb8571d856ec72b8a9e998e5e0b95ceeee5d90f47ae517cf71a1d2cb5930e1/detection

tequilacofradiamx.com

# Reference: https://x.com/cyberfeeddigest/status/1838665695665516866
# Reference: https://www.virustotal.com/gui/file/894c0c6ed9f70d74809ac39ff693cceef4b9030b9d76b82e4d16976d69e90c82/detection

trvtest.click

# Reference: https://www.virustotal.com/gui/file/02ea140f26a0e7ce7bc2f4a0d95040c4c8083ab04e1c2bb4367ee8b1840151da/detection

solutviewmen.viewdns.net

# Reference: https://x.com/banthisguy9349/status/1849729723439440120
# Reference: https://www.virustotal.com/gui/file/0e7c67f0651fd8cc7306be9e71121d77272b8a776e56b77d9644aaa7ddf2ab08/detection

http://94.156.177.220

# Reference: https://x.com/ShanHolo/status/1863277334427533687

http://66.63.187.231
http://94.156.177.41

# Reference: https://x.com/banthisguy9349/status/1865033667279561115
# Reference: https://app.validin.com/detail?type=hash&find=0ba9b1ac4f164c53a5e6e932e2747ead#tab=host_pairs
# Reference: https://app.validin.com/detail?find=d34ad0cb2ca0ebdaaeb0e411db1b725c&type=hash&ref_id=b01a5300a1e#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/07810455fb5920a2345429630746bce89e6f2542f978755961ac8fd1461e0b45/detection
# Reference: https://www.virustotal.com/gui/file/481d35dd2f799eae40ecf9965a7c41b2aec41770260870199f2188fb728e49c6/detection

dddotx.shop
ddrtot.shop
dvlref.online
ghcopz.shop
rottot.shop

# Reference: https://www.virustotal.com/gui/file/2c1dd1102e90e5dcc0afb629f35286a8f83c79085269e38ae11ea4c7a6a7891d/detection

rotomet.mycpanel.rs

# Reference: https://www.virustotal.com/gui/file/14a513986800bfef76a8f563d654044896408b3d91c2d27982be59fd1eab93c2/detection

reudic.ga

# Reference: https://www.virustotal.com/gui/file/03387d254277fdd8772fc793f41a8bb2b26cc92ec05f52e3a430ab4baef668ca/detection

knowkeren.xyz

# Reference: https://www.virustotal.com/gui/file/47e2bd28e93c047783c899c3f76765ddb263b3062f50a55c11d32fc354b15c6b/detection

montblancgroup.cfd

# Generic

/~dasdas/ff.php
/~hgyf/?search=
/~wpdemo/file.php
/.halo/rsd.php
/.isuoxiso/w.php
/.op/cr.php/
/.tcsogb/
/.tcsogb/gi'v.php
/.tcsogb/vc.php
/.well-known/pki-validation/w.php
/etc/main/l09/
/high/sumy/ltd.php
/ibiki/gate.php
/logs/omc.php
/luck/ag.php
/22/2/cgi.php
/mor/f/cgi.php
/32.php/0qzhfol01ljuv
/32.php/209hwrriygnfo
/32.php/2fhjw7eqie0rj
/32.php/3bi7icv31dccw
/32.php/3iwdp1vnotsv8
/32.php/3ljazguigmmjv
/32.php/3v16bri6suxpx
/32.php/5l0znna7ab6dl
/32.php/5mGrB9x77E21g
/32.php/5mgrb9x77e21g
/32.php/6mr5c1qfwrz4o
/32.php/6we0yznidcg3l
/32.php/8400chmgujese
/32.php/NHNmTUOdS6fzz
/32.php/S4wFP8QBww9Tp
/32.php/a1nqk98ewcwx2
/32.php/aujmyigbl7jhg
/32.php/bmnwlq62x3dhz
/32.php/clsdqrhiilvb5
/32.php/cuubrzldzttbs
/32.php/cviu8nooolcrf
/32.php/deuz9gruoehin
/32.php/doglqlrii1o27
/32.php/fhaq3ugei7ni8
/32.php/fn1tojtmzu3td
/32.php/fw2pm7fnrpmci
/32.php/fxsbyx1k4utzs
/32.php/gfdfin96yb4pf
/32.php/gi4ujrts3jtjm
/32.php/gsoxa3yq3p8ih
/32.php/hgp9nhkiide7r
/32.php/hgvmlp0umvswm
/32.php/hsspki8plzu2g
/32.php/hvjgjl5jkemrq
/32.php/jyucisqpqtrra
/32.php/kfgvwugxlydxb
/32.php/kh0lz55275rih
/32.php/kmb4f28c3jzi6
/32.php/l6j4kh5oogtj5
/32.php/ly0xuvgkjma3b
/32.php/ngbv5izqdfzrl
/32.php/nhnmtuods6fzz
/32.php/npqcl6elqb1mw
/32.php/ntbxo1knhre3c
/32.php/nuldton9sbn3g
/32.php/o0zzsfefa0s9k
/32.php/ocgtdefq2swdx
/32.php/pwdpseliromqv
/32.php/pxqvbj1ory8md
/32.php/pydakox9ety5y
/32.php/qb0gq2gklyuou
/32.php/qmluucoah0bzk
/32.php/qqojjujm8byet
/32.php/qyozifpk5owce
/32.php/s396ka3xazwy1
/32.php/s4wfp8qbww9tp
/32.php/s7zr5v1fxi3rb
/32.php/sczbkxcqzqyvr
/32.php/tavywqro1iiy4
/32.php/tfqt7rifxpw3w
/32.php/tv9f9towml3dq
/32.php/uo2q8e3iznlpa
/32.php/vkuep8jt3rhq5
/32.php/w2gf0zvk0cv5n
/32.php/wkdb8tpicodoq
/32.php/xqqt9mzag0t6v
/32.php/yjfku88zv6lc0
/dsaicosaicasdi.php/bI7xvNbnxScDp
/dsaicosaicasdi.php/nGBv5iZqdfzrl
/gugufdre.php/NHNmTUOdS6fzz
/k.php/0qzhfol01ljuv
/k.php/1ffrfnkqx9s48
/k.php/209hwrrIygNFO
/k.php/209hwrriygnfo
/k.php/2l5ke2lif96yu
/k.php/3bZQklG6hGLlX
/k.php/3bzqklg6hgllx
/k.php/3ljazguigmmjv
/k.php/5fdronm5pxizh
/k.php/5l0znna7ab6dl
/k.php/6we0yznidcg3l
/k.php/7MPTLmOD4nAsj
/k.php/7mptlmod4nasj
/k.php/8F1Wz9GpS2l8W
/k.php/93fzgk5iipsgc
/k.php/9n12ima5kra6y
/k.php/a7QhUqOAwuKQ2
/k.php/a7qhuqoawukq2
/k.php/aghiinzrvufqi
/k.php/AIbQb9SX9TP4Q
/k.php/arzt1yuf26ojv
/k.php/dbepepyej6qjn
/k.php/gfdfin96yb4pf
/k.php/hhq0lrvuyhpmx
/k.php/hsspki8plzu2g
/k.php/kh0lz55275rih
/k.php/kmb4f28c3jzi6
/k.php/l8icssgxcvazg
/k.php/la2mtqe7mrzvc
/k.php/llzttkhskaaaf
/k.php/ly0xuvgkjma3b
/k.php/mvm4bzptu0i2s
/k.php/o3d3eiu7cutlh
/k.php/oawlc954mcfko
/k.php/om5h4e8yrj8g3
/k.php/oud6quwaq00qx
/k.php/psdpyp0ignd7t
/k.php/pxqvbj1ory8md
/k.php/qmluucoah0bzk
/k.php/qqdv4aft6ob1s
/k.php/qqzri6xmlsi34
/k.php/rhtktwvhgvgvs
/k.php/s30hiblgfgkiy
/k.php/sczbkxcqzqyvr
/k.php/sqriw2va3rnpz
/k.php/t9pxt9pd0nqm9
/k.php/tavywqro1iiy4
/k.php/tfqt7rifxpw3w
/k.php/tqlqrv9lpokau
/k.php/udyg1fhnl70rt
/k.php/vfUK4zeelBmNW
/k.php/whb9azuvv5wzb
/k.php/wkdb8tpicodoq
/k.php/wlmbsvczvslos
/k.php/xrjgppvqgibin
/k.php/yefjbphgqgdjo
/p.php/3bzqklg6hgllx
/p.php/3g7lxZzzM12qa
/p.php/6LCNCuwTJZMVe
/p.php/7MPTLmOD4nAsj
/p.php/8efelx93dnlc9
/p.php/FgbebrOHmwbrQ
/p.php/Gs8nhPqptLJln
/p.php/S7zr5v1fXI3Rb
/p.php/TABGAUKhpT2hu
/p.php/UjL7jh4u2t3CH
/p.php/a7qhuqoawukq2
/p.php/arzt1yuf26ojv
/p.php/dT1AczPg2GOit
/p.php/jpmhpg6nc7cut
/p.php/lJ606117cGKwY
/p.php/nslswzmawjww1
/p.php/oawlc954mcfko
/p.php/qmluucoah0bzk
/p.php/qqdv4aft6ob1s
/p.php/vtjfumjc5kr48
/p.php/xifaarhhnhtoa
/S7zr5v1fXI3Rb
/bI7xvNbnxScDp
/t/e/cos.php
/$01/5l/h/site.php
/$01/b1/c/site.ph
/$01/t7/x/site.php
/$01/zC/f/site.php
/iH/cy/l/site.php
/iH/da/!/site.php
/amb/0/site.php
/b0/t8/site.php
/bu/!!/site.php
/m/2/site.php
/ne3/h/site.php
/r!/e/site.php
/t70/H/site.php
/vp-/9/site.php
/liv-01/pin.php
/slice/pin.php
/3i030/pin.php
/3yt00/pin.php
/qd-7lv1/pin.php
/tyi/pin.php
/m0ham/pin.php
/mmc/300/pin.php
/non/z/pin.php
/morx/1/cgi.php
/rozay/pin.php
/chikincho/fina.php
/makave/fina.php
/monyman/gate.php
/newman/fina.php
/omega/fina.php
/vvd/fina.php
/zanku/fina.php
/zmzmz/file.php
/zszszs/file.php
/fre.php
/Lokii_Panel.zip
/oy1vwB10bvfF3
/receipmt/regasm.exe
/m0ha/0/pin.php
/bo22/1/pin.php
/dsaicosaicasdi.php
/gugufdre.php
/koko/mm.php
/uu/koko/mm.php
/Loki%20builder.exe
/Lokii_Panel.zip
