# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ps66uk/status/1032177208335450112
# Note: C2 direct link is added due to remark from #239

occe.com/image1/image/Panel/five/fre.php

# Reference: https://twitter.com/malwrhunterteam/status/1032537769787183104

americaircairmakan.com
botnet.americaircairmakan.com

# Reference: https://twitter.com/FewAtoms/status/1033040103155871744

agodatex.ga
http://185.185.40.152/jeff/five/fre.php

# Reference: https://twitter.com/olihough86/status/1033055339359420417

polixservices.com

# Reference: https://twitter.com/0xffff08000/status/1033054440306036737
 
embramedica.com.br/site/wp-content/plugnis/ipconfig/five/PvqDq929BSx_A_D_M1n_a.php
 
# Reference: https://twitter.com/malware_traffic/status/1033003634001367042
 
yardng.com
 
# Reference: https://twitter.com/pollo290987/status/1032998085503447041
 
rmsalf.com

# Reference: https://twitter.com/olihough86/status/1031644479109963776

http://191.101.42.43/fdgd/five/PvqDq929BSx_A_D_M1n_a.php
studemplo.com/admin/studemplo/Panel/five/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com
typrat.club
www.cem-hk.co

# Reference: https://twitter.com/asset_island_/status/1031608741504933889

pldtdsll.net

# Reference: https://twitter.com/0xffff08000/status/1031613343797207040

claudfx.win

# Reference: https://twitter.com/pollo290987/status/1031544753505165312

http://191.101.42.43/fdgd/five/fre.php

# Reference: https://twitter.com/James_inthe_box/status/1030579493910413312

acadaman.com
dandoesinternet.com

# Reference: https://twitter.com/James_inthe_box/status/1030487639688794115

kelvinarinze.ml
scoverykingdom.gq

# Reference: https://pastebin.com/UGm39pdU
# Reference: https://pastebin.com/mgVvSRHi

002vt.tk/james/fre.php
http://141.105.71.166/me/fre.php
http://141.105.71.76/blz/fre.php
http://151.80.162.219/marle/fre.php
http://185.111.75.169/cart/disk/fre.php
http://185.148.146.193/~agroinovate/zizisisi/Panel/five/fre.php
http://185.206.144.81/lawi/fre.php
http://185.24.233.254/donep/fre.php
http://185.24.233.32/open/libs/fre.php
http://185.24.233.46/dusx/busz/fre.php
http://185.24.233.74/dusk/hond/fre.php
http://185.24.233.79/baca/opio/fre.php
http://185.24.233.80/pend/chan/fre.php
http://188.215.229.41//GIS/fre.php
http://191.101.42.43/fdgd/five/fre.php
http://31.220.2.200/~hancockw/nok/five/fre.php
http://31.220.2.200/~justicet/ag/five/fre.php
http://5.206.226.99/juicy/fre.php
http://80.211.102.126/deve/tide/fre.php
http://84.38.132.105/oki/Panel/fre.php
http://84.38.133.160/new/Panel/fre.php
http://85.254.72.30/donbig/c1/fre.php
http://89.187.86.7/~blackdia/new/mhoney/fre.php
http://89.187.86.7/~blackdia/vic/bless/fre.php
http://89.45.67.131/smg/fre.php
http://89.45.67.145/emy/fre.php
ace.alasrglobal.com/ace/Panel/five/fre.php
ace.alasrglobal.com/skinny/Panel/five/fre.php
ace.alasrglobal.com/wise/Panel/five/fre.php
ackh.ir/gabi/five/fre.php
ackh.ir/hamid/five/fre.php
ackh.ir/papa/five/fre.php
ackh.ir/sp/five/fre.php
adrack.us/wp-content/uploads/five/fre.php
ahmad52sell.cf/admin/five/fre.php
alexamondwonderltd.com/freeBrow/fre.php
alpacham.com/ndretr5478/fre.php
anitoid.alasrglobal.com/austine/five/fre.php
araslanow.net/js/Panel/five/fre.php
araslanow.net/wipadmin/Panel/five/fre.php
awele.duckdns.org:1717/zip/fre.php
babasoft.ooo/fre.php
bapican.com/image/admin/Panel/five/fre.php
blackdiamondsco.ae/bossftown/fre.php
blackdiamondsco.ae/rooney/fre.php
blackdiamondsco.ae/wogor/fre.php
blogsports.com.ng/cli/Panel/five/fre.php
brighten2.alasrglobal.com/file/bell/five/fre.php
brighten2.alasrglobal.com/file/tin/five/fre.php
brighten2.alasrglobal.com/file/vas/five/fre.php
brighten.alasrglobal.com/file/do/five/fre.php
britlite.ga/fade/type/fre.php
bsales.cf/bs/Panel/five/fre.php
bsales.cf/ft/Panel/five/fre.php
cityhotel.ge/believe/five/fre.php
cityhotel.ge/focus/five/fre.php
cityhotel.ge/rozay/five/fre.php
colnoygums.com/freg/fre.php
cytanets-com.cf/philip/panel/fre.php
cytanets-com.cf/qwertyu/panel/fre.php
dandoesinternet.com/cis1406/tutorial10/fre.php
dandoesinternet.com/cis1407/fre.php
dandoesinternet.com/mobile/ch1/fre.php
devhaevents.us/2415452354/242424/fre.php
dutch-tour-guide-marrakech.com/app/Panel/five/fre.php
eastlandproduce.us/.well-known/acme-challenge/over/raw/fre.php
eholes.viewyoursite.co.uk/LucianoLokiPanel/fre.php
emakqroup.tk/obi/panel/fre.php
emakqroup.tk/sim/panel/fre.php
embramedica.com.br/site/wp-content/plugnis/fre.php
emoticon.tk/hcode/kmaster/fre.php
e-ne1.com/Hab-Lok/fre.php
eurobike1.cf/obinna/fre.php
familyhealths.ga/cdi-directory/five/fre.php
fascine-cemdene.com/wp/wp-includes/js/js/five/fre.php
fasterre.gq/hcode/bazon/fre.php
fojidedar.com/bazz/fojide2/fre.php
fojidedar.com/fojide/fre.php
fojidedar.com/soft/amadin/fre.php
fox-lighting.ga/poop/club/fre.php
freecaps.ml/over/jump/fre.php
fruitfulmonth.tk/raphael/fre.php
geranntibankasi.com/getyoui980/jertyui989/fre.php
haksenlimited.com/slim/fre.php
hamon.ir/mate/five/fre.php
highstarsino.cf/anyi/fre.php
hkenngr.com/herty987/letry78/fre.php
homeduderezort.com/includes/1010/fre.php
homeduderezort.com/includes/gator/fre.php
homeduderezort.com/includes/nas/fre.php
homefieldtech.com/anu/five/fre.php
homefieldtech.com/box/five/fre.php
homefieldtech.com/juke/five/fre.php
homefieldtech.com/mzx/five/fre.php
homefieldtech.com/Obo/five/fre.php
homefieldtech.com/uok/five/fre.php
housded.cf/hcode/azuka/fre.php
icannsorg.com/icann2/five/fre.php
icannsorg.com/icann/five/fre.php
incitecpivot-au.com/mertyui567/kertli879/fre.php
inout-me.ml/fixx/sure/fre.php
inquire.website/images/five/fre.php
isnmainpasedal.com/amb/fre.php
jamespanel.tk/cole/fre.php
jamespanel.tk/low/five2/fre.php
jamespanel.tk/odee/fre.php
joxax.privatedocuments.site/jox/loki/fre.php
jvl-jp.co/ser567/gotert/fre.php
katherinajetter.com/vxzc/Panel/fre.php
katherinajetter.com/xzcsadwqe23/fre.php
khanapenaband.com/jon/fre.php
lablocks.site/Panel/five/fre.php
laloderkozam.com/laloder2/five/fre.php
laloderkozam.com/laloder3/five/fre.php
laloderkozam.com/laloder4/five/fre.php
launchgrowthtoday.download/bobo22/Panel/five/fre.php
launchgrowthtoday.download/choo/Panel/five/fre.php
launchgrowthtoday.download/jamike/Panel/five/fre.php
logsession.space/citycenter/fashion/trending/fre.php
lovaniacreative.com/wp-admin/js/inc/Panel/five/fre.php
madlovert.ml/swanky/wp-content/uploads/Panel/five/fre.php
magic1.cf/gat/fre.php
magic3.ml/gozie/fre.php
marksky.org/medosky/fre.php
msa-fit.gq/sql/Panel/five/fre.php
mxchlp.com/team/wide/fre.php
namesnetworks.com/blog/educational/fre.php
nextlevelshop.info/woldpress/logistics/Panel/five/fre.php
nextwaveconsulting.com.au/Cpanel/Panel/five/fre.php
novachim.ro/plugins/editors/five/fre.php
nutgetsloversplay.usa.cc/wp-content/themes/twentyfifteen/Panel/five/fre.php
oajandassociates.com/images/oajand/Panel/five/fre.php
officebase.website/js/five/fre.php
ojoboplaza.club/Angel/Panel/five/fre.php
ojoboplaza.club/Drama/Panel/five/fre.php
ojoboplaza.club/Man/Panel/five/fre.php
onlyadoonbit.com/asji/fre.php
opercomex.co/billionaire/kendra/fre.php
orkaden.com/wp-includes/Text/me/fre.php
panelhq.cf/jr/five/fre.php
panelhq.gq/airforce/five/fre.php
panelhq.gq/chelsea/five/fre.php
panelhq.gq/gold/five/fre.php
panelhq.gq/stars/five/fre.php
profirst.com.vn/aug777/five/fre.php
profirst.com.vn/aug/five/fre.php
ptads.ml/pide/seed/fre.php
punjabjaogi.com/Panel/fre.php
qureshioffice.alasrglobal.com/admin7/bgn/sfe/fre.php
qureshioffice.alasrglobal.com/admin/xxx/zzz/fre.php
qureshioffice.alasrglobal.com/sam1/xknf/kdlt/fre.php
reachmy90s.com/includes/Panel/five/fre.php
rozedaro.com/administrator/Panel/five/fre.php
saintechelon.tk/fre.php
sccoast.tk/logs/panel/fre.php
sccoast.tk/phil/panel/fre.php
schooolcode.download/uk8k/Panel/five/fre.php
shaktiorkatimo.com/symboss/fre.php
shinyei-co.gq/cade/dope/fre.php
sinomagnetor3.cf/anyi/fre.php
soolitaytangya.com/blessed/Panel/five/fre.php
sternpid.ga/firm/fost/fre.php
strcutform.com/vinye/Panel/five/fre.php
strijdbladen.ga/donstan/five/fre.php
swaz.hanirnail.net/five/fre.php
szccf361.com/flinkas260/fre.php
theonlygoodman.com/eig/fre.php
theonlygoodman.com/nin/fre.php
tondice.flu.cc/images./45skele/fre.php
tondice.flu.cc/images./imgs01sg-/fre.php
tradelink.qa/aug/five/fre.php
tutorialdnsstep1.com/admin/fre.php
tutorialdnsstep1.com/toturial/fre.php
uzocloudservers.gq/jeff/five/fre.php
veloceqlobal.net/rain/hope/fre.php
victoralifts.com/wpss/fre.php
wapsihonaylo.com/wapsi3/five/fre.php
wapsihonaylo.com/wapsi4/five/fre.php
wapsihonaylo.com/wapsi/five/fre.php
wcegroups.com/done/hont/fre.php
westiles.ga/lope/coop/fre.php
wiglelamberfo.com/eme/fre.php
constantialiquidators.com/freg/fre.php
crownventureintl.com/wip-admin/Panel/five/fre.php
gardensun.ru/daily/fre.php
gardensun.ru/eca/fre.php
mysticalreflections.life/web-content/web/upgrade/wp_obtain/log/Panel/five/fre.php
netgateway.top/panel/fre.php
scoverykingdom.gq/jeff/five/fre.php
semaprin.info/mi/fre.php
sierracontrol.ru/cmd11/fre.php
sierracontrol.ru/vipu/fre.php
woelpuu.com/hertuyi/teryio/fre.php
woelpuu.com/terypp/youip/fre.php
zealsale.com.np/file/Panel/five/fre.php
xsftruss.ml/edunew/fre.php
ymwsolutions.com/testfilez/fre.php
nawck.ml
mitch-portal.tk
sintrol.cf
sirmitch.ml

# Reference: https://myonlinesecurity.co.uk/slightly-different-lokibot-delivery-via-embedded-ole-objects-in-rtf-word-doc/

kikehraeein.com/web-obtain/file/web/log/Panel/five/fre.php

# Reference: https://twitter.com/DynamicAnalysis/status/1034488992987860995

apidava.tk

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

szccf361.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

1113sophie.info
41230319.net
cryptocoindigital.com
kacakbahisfirmasi.com
marryingmaldonado.com
mywdn.com
risu-nursery.com
saurabh.online
shiqiyingli.com
sicknessfitness.com
themonkeygrindervintage.com
unsubchef.com
win.link
xn--vhq6e39ls7w.net
zexpar.com

# Reference: https://viriback.com/30-days-later-97-panels/

annamadums.ml/jazzy/PvqDq929BSx_A_D_M1n_a.php
bellegin.ru/doncha10/pen.php
bellegin.ru/don-cha11/pen.php
bellegin.ru/oshok/pen.php
bollingoes.ml/ngoes/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/blam/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/block/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/konvict/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/smith/five/PvqDq929BSx_A_D_M1n_a.php
cadjetbums.ml/tbums/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/moon/five/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/sun/five/PvqDq929BSx_A_D_M1n_a.php
dunysaki.ru/buch-x5/pen.php
dunysaki.ru/doncha-2/pen.php
dunysaki.ru/stephen/pen.php
erintoba.info/bbbb/Panel/five/PvqDq929BSx_A_D_M1n_a.php
eriousimen.ml/eriou/PvqDq929BSx_A_D_M1n_a.php
finelets.ru/buch-x3/pen.php
finelets.ru/buch-x4/pen.php
finelets.ru/fankzu/pen.php
gokuu.club/ckan/PvqDq929BSx_A_D_M1n_a.php
gokuu.club/M/PvqDq929BSx_A_D_M1n_a.php
joanread.ru/decap/pen.php
joanread.ru/work-1/pen.php
lidgeys.ru/buch-k/pen.php
lidgeys.ru/buch-l/pen.php
lidgeys.ru/buch-m/pen.php
lidgeys.ru/buchX-1/pen.php
lidgeys.ru/buch-x2/pen.php
lidgeys.ru/eddy/pen.php
papgon10.ru/davidm/pen.php
papgon10.ru/don-12/pen.php
papgon10.ru/don-one/pen.php
papgon10.ru/kennyB-1/pen.php
papgon10.ru/oshok-two/pen.php
thousandan.ml/andan/PvqDq929BSx_A_D_M1n_a.php
topreadz.ru/alexbe/pen.php
topreadz.ru/doncha-3/pen.php
topreadz.ru/willy-1/pen.php
ultrainstinct.ru/file/exe/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/Dstan/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/hsp1/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/nesto/Panel/five/PvqDq929BSx_A_D_M1n_a.php
uy-akwaibom.ru/vinho/Panel/five/PvqDq929BSx_A_D_M1n_a.php
vailablity.ml/vaila/PvqDq929BSx_A_D_M1n_a.php
viettrust-vn.net/samii/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/home/five/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/log/five/PvqDq929BSx_A_D_M1n_a.php
wheelonexs.ml/wheel/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://github.com/stamparm/maltrail/pull/284#issuecomment-417861246

ajmanz.gq

# Reference: https://twitter.com/DynamicAnalysis/status/1037472184636256256

theonlygoodman.com/fit/fre.php

# Reference: https://twitter.com/nullcookies/status/1038235674565066757

crasemerzom.com

# Reference: https://twitter.com/avman1995/status/1038285919219068928

http://99.198.127.106
blackdiamondsco.ae/test/fre.php

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

bartolini-system.net/loop/PvqDq929BSx_A_D_M1n_a.php
logs.boxxta.website/ikol/five/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Hploki-6682476-0)

bvasetro.com
com-logninsauthorize.info
grm-group.info
healinggoodness.com
losmejorescrm.com
mechakawaii.com
mytechnik-beratung.com
ptt-test.com
testci20170903033002.net
thlg8.com
vintageontheline.com

# Reference: https://pastebin.com/bEqJKZfZ

strutitinca.ro/ftp/fre.php
zenshinonline.ru/amb/fre.php
zenshinonline.ru/eka/fre.php
zenshinonline.ru/file/fre.php

# Reference: https://www.maltiverse.com/sample/1ea139164e3525a5a4f3feb333551a806852cca40e49698fbf65d49bd4f7c27c

loggerkeys-hosting.xyz

# Reference: https://www.maltiverse.com/sample/16d06c604487ad96b04f226827dc033d61c80b345a323faee5c9d4a0b2a108d0

tananaislanoidd.ga

# Reference: http://cybercrime-tracker.net/index.php?search=Lokibot

corelis.group
zenshinonline.ru
harltdoors.com
devhaevents.us
grace4good.cf
theonlygoodman.com
premierevents.co.zw

# Reference: https://twitter.com/ViriBack/status/1046391838448537601
# Reference: https://pastebin.com/4QRaU8T7

geranntibankasi.com/slowkizzy567/kertyui456/PvqDq929BSx_A_D_M1n_a.php
hkenngr.com/herty987/letry78/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/dertyu987/treyuo9809/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/lerty67/loivet56/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/mertyui567/kertli879/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/hermonth/jerk/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki2/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki3/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/gert67/teryu7/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/nwokorie45777/fertyuoui/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sert67/tyuio98/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sertyoup/latinoper90/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/slamp89/ketu56/PvqDq929BSx_A_D_M1n_a.php
kaokao-twn.com/yerter/getyu/PvqDq929BSx_A_D_M1n_a.php
karenandkarren.com/multi980/mertyui989/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/fertyuio/lopiytu/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuier/liouy56/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuio/lop0980/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/gertyu99/ertyu8/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/hertyuu89/menter67/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/kertyu767/jertyu657/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/loipter/teryuop999/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/cash2/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/kelle/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/money/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/tino/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki2/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki4/PvqDq929BSx_A_D_M1n_a.php
oliverrbatlle.com/setyi98/etruo89/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/dertyuop345/teryup234/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/limitedmert/menter567/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/nertyoiu67/eartyuoiyue67/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/slamptiert5/fertyupw456/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/startboi89234/netwer675/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/betstyui789/erty6786/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/fishyoiu/fishtery77/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/sertyu45/teryu34/PvqDq929BSx_A_D_M1n_a.php
redsseammgt.com/loki5/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/hertioyu567/lertu789/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/mentiyu98/letluy78/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/kogilop/yopuit77/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shakamally/loipy67/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/lokily89/werty6789/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/smello/ertyop009/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki4/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki5/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shunshuo/terrampeedar/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/serto99/jerty45/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/sertoiu/fertuiop/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopitre87/teryuio09/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopityrety/kerterty/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/hertuyi/teryio/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/terypp/youip/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/

oceanlinkmarrine.com/loki1/fre.php
oceanlinkmarrine.com/loki2/fre.php
oceanlinkmarrine.com/loki3/fre.php
oceanlinkmarrine.com/loki4/fre.php
oceanlinkmarrine.com/loki5/fre.php

# Reference: https://twitter.com/avman1995/status/1046751735971282944

nisol.ga/chika/fre.php

# Reference: https://pastebin.com/AasLyArF

monochromestr.site/fbm/encode.php

# Reference: https://twitter.com/avman1995/status/1052426452187185153

octone.igg.biz/chri1/cgi.php

# Reference: https://app.any.run/tasks/4515e611-f351-436b-982a-72229c1a1853

hmcrogenics.com

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

/LL0/200g-xz/cat.php

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

/kston/link.php

# Reference: https://twitter.com/Securityinbits/status/1090893221754884100

/scott/link.php

# Reference: https://twitter.com/Racco42/status/1027476386808848384

maxthon.duckdns.org
sockets.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1062658307507273733

/sgbbu2/cat.php

# Reference: https://twitter.com/illegalFawn/status/1113086451233755136

alexiwobi.ga
dandyla1.ga

# Reference: https://twitter.com/luc4m/status/1103214408682139648

aurelio.xyz

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1116638803475746816

camopionari.cf
dankasa.tk
olododo.tk
sweetreuyh.tk
underneat.gq
yriuiuteuieu.gq

# Reference: https://twitter.com/pancak3lullz/status/1121057197914509312

/cka2/cat.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1134360866550439936

/m/2/cat.php

# Reference: https://twitter.com/JayTHL/status/1124325778685087745

/lmark/atz/link.php

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk/anyi/fre.php

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml/tuneshi/fre.php

# Reference: https://twitter.com/ViriBack/status/1134662952898965504
# Reference: https://pastebin.com/pkZ0TBnc

beautynams.com
begurtyut.info
flmates.com
hyoki-jp.top

# Reference: http://tracker.viriback.com/ (# Lokibot)

bridgecornenterprises.com
doosantax.com
unimasa.icu

# Reference: https://www.virustotal.com/gui/ip-address/185.79.156.24/relations

http://185.79.156.24

# Reference: https://twitter.com/P3pperP0tts/status/1135824585885196288

leorentacars.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1136248211654545408

gadujez.tk

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/lethatch.se%2Fnelpa%2Ffive%2Ffre.php

lethatch.se

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/technosevregroup.com%2Fzxd%2Fpanel%2Ffre.php

technosevregroup.com

# Reference: https://github.com/runvirus/LokiPWS/blob/master/README.md

offset7.com

# Reference: https://twitter.com/James_inthe_box/status/1136674160862609408

execuitiveship.com

# Reference: https://twitter.com/dvk01uk/status/1137999393158770688

exalumnosldea.cl

# Reference: https://twitter.com/dms1899/status/1138742747773460482

mbh-co-uk.ml
sas-agri.ml

# Reference: https://twitter.com/dvk01uk/status/1138774057606926341

fantasticpipo.club

# Reference: https://twitter.com/dvk01uk/status/1138775767171698690

ezigbo-mmadu.xyz

# Reference: https://twitter.com/James_inthe_box/status/1138815213640114176

http://45.67.14.154
http://185.79.156.24

# Reference: https://twitter.com/dvk01uk/status/1139485923991785473

uehsjtsjksf.tk

# Reference: https://twitter.com/dvk01uk/status/1139494526307975168

fraiser-campbell.ga

# Reference: https://twitter.com/pancak3lullz/status/1139534936518594561

freecapes.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568

/kas/4/cat.php

# Reference: https://twitter.com/dvk01uk/status/1140936638148820995

sparkickwears.ga

# Reference: https://twitter.com/blackorbird/status/1141557021000552448

fileshareing.tk

# Reference: https://twitter.com/x42x5a/status/1141970343818665984

007akin.top

# Reference: https://twitter.com/Racco42/status/1141969102753423360

bichchats.top

# Reference: https://twitter.com/Racco42/status/1143810986920599553

saculcin.top

# Reference: https://twitter.com/x42x5a/status/1143895404527988736

tqe2009.com

# Reference: https://twitter.com/dvk01uk/status/1144811922715549696

lionelibrahimovich.tk

# Reference: https://twitter.com/dvk01uk/status/1146410395357339649

ayakkokulari.com

# Reference: https://twitter.com/killamjr/status/1147113714132275200

openningsoonming.zapto.org

# Reference: https://twitter.com/_odisseus/status/988303327090937857
# Reference: https://app.any.run/tasks/20ed9962-0799-4f3b-bfbf-6dd77e5b9979/

i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd

# Reference: https://twitter.com/smica83/status/1149194882231209985

mbixch.site

# Reference: https://twitter.com/Racco42/status/1149662812722978816

aliiff.com
villaviras.com

# Reference: https://twitter.com/hexlax/status/1149768235434352645

automatia.in
lestonline.ga
taleohio.ga

# Reference: https://twitter.com/Paladin3161/status/1149639116125921284

kitchenraja.com

# Reference: https://twitter.com/hexlax/status/1150113306545467393

bioconscolors.com

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

wupx.ga

# Reference: https://twitter.com/reecdeep/status/1151737917259354113

ysvina-vn.com

# Reference: https://app.any.run/tasks/69193d3f-ffe6-4db8-ba64-b408caeffde0

hotkey--cn.com

# Reference: https://twitter.com/coderippers/status/1152188547253846016

orientsdelivery.xyz

# Reference: https://twitter.com/reecdeep/status/1145960074046791680

eko-colors-pl.com

# Reference: https://twitter.com/IdoNaor1/status/1152892001844629505

abulutari.tk

# Reference: https://twitter.com/reecdeep/status/1153195564852547585
# Reference: https://app.any.run/tasks/4574a922-fd08-4230-ac49-59315b0702d5/

matbin.com

# Reference: https://twitter.com/blackorbird/status/1155781572718546944

sparkickwears.ga

# Reference: https://twitter.com/James_inthe_box/status/1155945383048011777

pitr0s.com

# Reference: https://twitter.com/reecdeep/status/1157201656397860865

hochom-tw.com

# Reference: https://twitter.com/Racco42/status/1157215058319040512

maviiletisim-com.tk

# Reference: https://twitter.com/Racco42/status/1158765032299270144

kusumgar.cf

# Reference: https://twitter.com/reecdeep/status/1158984342108090369

monastaybags.com

# Reference: https://twitter.com/reecdeep/status/1159008913691435008

hilbizworld.top

# Reference: https://twitter.com/reecdeep/status/1159438247208075264

hotkey--cn.com

# Reference: https://twitter.com/reecdeep/status/1159446926196183045

teslaghane.com

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

sovamegroup.com

# Reference: https://twitter.com/Paladin3161/status/1159984272897216513

quecik.info

# Reference: https://twitter.com/reecdeep/status/1161226121515544576

sportyclik.com

# Reference: https://twitter.com/reecdeep/status/1161220049413246977

sun-clear.net

# Reference: https://twitter.com/reecdeep/status/1164074211213807616

confirm3.pw

# Generic (callback) paths
# Reference: https://twitter.com/hexlax/status/1157657573790814208
# Reference: https://pastebin.com/LHJrNpnV
# Reference: https://pastebin.com/wHV90Sc2
# Reference: https://twitter.com/P3pperP0tts/status/1185096874241548291
# Reference: https://twitter.com/P3pperP0tts/status/1185096537271164928

/0110/s/cat.php
/0110/s/desk.php
/092j/7/cat.php
/092j/7/desk.php
/0sc9/cat.php
/l3y0/cat.php
/200/zc-b/cat.php
/200/zc-b/desk.php
/2leek/cat.php
/50-red/cat.php
/500two/cat.php
/52006/link.php
/atz/link.php
/ch/link.php
/hol/1/cat.php
/hol/1/desk.php
/humb/1/cat.php
/humb/1/desk.php
/igine/sabali.php
/jes/link.php
/key/link.php
/chri1/cgi.php
/fbm/encode.php
/ka22/cat.php
/makave/sabali.php
/st3ph/cat.php
/umgo2/cat.php
/sail/cat.php
/seems/cat.php
/slek-b/cat.php
/vh/630/cat.php
/vh/630/desk.php
/fre.php
/3sx0z2.php
/45_76_8.php
/AklDq9M1n_a.php
/BobBy929BSx_A_D_M1n_a.php
/BobDq929BSx_A_D_M1n_a.php
/ChiNa929BSx_A_D_M1n_a.php
/CvqDq929BSx_A_D_M1n_a.php
/DaqDq929BSx_A_D_M1n_a.php
/EvqTq939BSx_B_D_D1p_a.php
/IkeNn929BSx_A_D_M1n_a.php
/KelDq929BSx_A_D_M1n_a.php
/KelEc929BSx_A_D_M1n_a.php
/KelEh929BSx_A_D_M1n_a.php
/KenDq929BSx_A_D_M1n_a.php
/Natyyx_A_D_M4n_a.php
/NonYe929BSx_A_D_M1n_a.php
/ObiNn929BSx_A_D_M1n_a.php
/PceHq925BSx_L_B_M1n_a.php
/PrCm98ArhvF_A_K_M2n_a.php
/Pvq929sM1n_a.php
/PvqDNINo_M1n_a.php
/PvqDerereA_D_M1n_a.php
/PvqDq929BSx_A_D_M1n_a.php
/PvqDq92allin_a.php
/PvqDq92nat1n_a.php
/PvqDq9MAxxxoloa.php
/PvqDq9ohhho_a.php
/SliDq929BSx_A_D_M1n_a.php
/SlqDq929BSx_A_D_M1n_a.php
/SomAq929BSx_A_D_M1n_a.php
/SsgDq929BSx_A_D_M1n_a.php
/SsqDq929BSx_A_D_M1n_a.php
/StaDq929BSx_A_D_M1n_a.php
/StaRm929BSx_A_D_M1n_a.php
/StaRq929BSx_A_D_M1n_a.php
/TryNdie.php
/Ttq929BSx_A_X_M11n_a.php
/UpDated_X_T_N1q_a.php
/VirGi929BSx_A_D_M1n_a.php
/graceofgod-favour.php
/okwy_A_D_server.php
/panel_jee.php
/pen.php

# Reference: https://any.run/report/a234966b36ea3816665501b926ef6fe22f4e8ba90a80af0f66662c4cd4dba915/6a5e8f49-5529-4f67-a457-eab7a3f1635e

scanchart-rny.com

# Reference: https://any.run/report/49e77f3fa26d7427bc726783325c2729c666038e0c4546c87e5678adcadaa4a8/8c88a7b4-fac6-494f-aba2-142d845136a2

cbnid.net

# Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329

clotiahs.info
jiraiya.info
zjvvymy.com

# Reference: https://twitter.com/reecdeep/status/1169151595747127296

modcloudserver.eu

# Reference: https://twitter.com/Mesiagh/status/1170048273366695936
# Reference: https://pastebin.com/kMXDsSNr

171.15.198.199:1443

# Reference: https://app.any.run/tasks/bf013836-f219-494b-a54b-e25c13a7a400/

ottappalam.com

# Reference: https://www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html

palikyu.ml

# Reference: https://twitter.com/reecdeep/status/1173492999457841154

mapsi-shipping.xyz

# Reference: https://twitter.com/dvk01uk/status/1173464780159508480

svmarketingindia.com

# Reference: https://twitter.com/Racco42/status/1173547031979278336

clotiahs.info

# Reference: https://app.any.run/tasks/84841357-56f4-4d71-9f7b-4e5dde21edf7/

nucsquaremall.ga
http://nucsquaremall.ga/~zadmin/lmark/ch/link.php

# Reference: https://twitter.com/ninoseki/status/1175189790469189632

fatmazpharmc.com

# Reference: https://app.any.run/tasks/6ecd4749-affb-4505-8b95-bd307a609be8/

handrass.co.rs/don/five/fre.php

# Reference: https://any.run/report/397217271ce8684d24144b1eb612d6d45921573bb8cdd0e53fae1d44d2456a64/ff14e78f-0c45-45b0-b93e-8170121cc7de

kaokao-twn.com

# Reference: https://any.run/report/91628bad8c6b90dd333f850db85dcc2c313dbbccd84ecae45441b72c2a09603d/aba660a1-69bc-4f44-bc21-c962997baf13

barzaker1.tk

# Reference: https://any.run/report/a2c93eb56dd983d63654dbbd82ee2967d1acb50f4fcd700ab3dfb7743fe64e9a/36fcc660-a97e-491f-9b05-af099620ac4c

gruputsk.com

# Reference: https://any.run/report/30e5e29f2e4e69e88032805b3cdfd8e86e48f6837a375f096263b86f9fe4de01/b5efffc2-b5b6-4e87-9958-4ab0e7c23db3

opercomex.co/php/webpanel/fre.php

# Reference: https://any.run/report/c407bb7c069e983d20752c582476ab1606b4947724194f949ba90eefe9e05a24/9012e28b-9667-4070-9751-b3f2ef211d50

ponsse.site

# Reference: https://any.run/report/050c206340ce8ea775797da9d55a250e488174d87d9529fb25db13a07168c471/8c33a2a5-51af-4547-bdb7-d5a3b93ea4c4

barzaker1.cf

# Reference: https://any.run/report/1c0f62f0277289f74ffd1f03f5097f17a1e14494c4c612ed30aa2a9899759d3a/d4d20c0c-7aa3-449b-b365-8b2b9e243050

dtolnba.tk

# Reference: https://any.run/report/78de464e43327ba4f9ef245c72e26b28e1fbd5175bccd15253fde852bd1eb61d/1a751b0b-e75f-4b67-829c-de5f1a86a932

megatradeinvestment.com

# Reference: https://any.run/report/7e6b471d1fe43841b1c995df98e2feede05280d251f50fcf6b6f084ae902817a/9fd319fa-3e9d-4d15-8837-9b2d08fe6b8e

185.234.216.240/0x22/loki/fre.php

# Reference: https://any.run/report/8897b096fa6661307bb3d2d97df155b2a4d673ee4e2e50ee37de23179a79afa6/e73a0ccf-14b0-4445-a00c-84076510d095

panelego018.info

# Reference: https://any.run/report/7c7d40b6e024d074acb2aa9b21e60e5a2e132424cdd4f23432013cfadc368392/88ea1ed2-25ac-4786-86dc-a052020f6b2d

62.108.37.205/jeff/five/fre.php

# Reference: https://any.run/report/af51d7d35c70e8572b1bf1bf7cac2f9c79da70920e972f5df338bd34b7908b51/17cb8efa-8ccb-4ccf-9e71-ca9cb30be138

jaobhaezrasam.com

# Reference: https://any.run/report/da8cb79eb0b11f4c7e18890217c465afe508900d4d0fe029df10a08d7f50722e/28736ba8-2474-4fe3-9e7d-766ff32819f5

twosisterswine.com.au/admin/Panel/five/fre.php

# Reference: https://any.run/report/856cfd8e4168c08f6382cc6a7a94f2812d40d09e4b5a17728f142c5bf1d7b892/76cc0b7e-1668-4fea-92db-47ce9f0e2d82

gracetime.tech

# Reference: https://twitter.com/P3pperP0tts/status/1179292959172370433

onlygoodm.com

# Reference: https://app.any.run/tasks/2bd648b0-c9cd-45a1-ac4b-3c253c2c01aa/

peaches19.com

# Reference: https://twitter.com/Racco42/status/983258396664229888

ritsuninfra.in

# Reference: https://twitter.com/smica83/status/1184381866243248128

cvnty.tk

# Reference: https://twitter.com/hexlax/status/1184471439476441088

cvnty.cf
ggvxt.ga
mbfqg.cf
mlzxvi.tk
prxtz.gq
prztz.ga
qvukl.ga
qvukl.gq
qvukl.tk

# Reference: https://app.any.run/tasks/9b5e5e7f-ac71-484e-8dad-0d0af3bfe73b/

atritei.icu

# Reference: https://app.any.run/tasks/856e216f-c979-450a-a0b7-b9dbc6ab1361/

torresansrl-it.com

# Reference: https://app.any.run/tasks/abd716d5-3267-4aec-b4e5-075b0f4ddf0a/

baiksan-kr.com

# Reference: https://app.any.run/tasks/2c80bfce-a4a7-4024-b943-39d4fa8e0a01/

yanchenghengxin.com
corpcougar.com

# Reference: https://app.any.run/tasks/2c93099b-2751-41c4-a764-f8d66dcf727d/

kaburto.info

# Reference: https://app.any.run/tasks/ff303a56-d3f6-4128-8876-1c91d4d7494e/

yanchenghengxin.com

# Reference: https://app.any.run/tasks/f1e17f2a-00bc-4eeb-b5be-2d10c735ed9e/

tps-finlogistics.com

# Reference: https://app.any.run/tasks/f09ecafa-3e69-4171-bd36-c415c5e5f0e0/
# Reference: https://twitter.com/P3pperP0tts/status/1185592600528637952

fueda.info

# Reference: https://app.any.run/tasks/9eaf57e9-015a-4357-b0f8-fe30df9c9be7/

cvnty.tk

# Reference: https://app.any.run/tasks/e1756c8b-3175-4232-a4ca-9818a8ac27e6/

john-donnelly.co.uk

# Reference: https://app.any.run/tasks/3318e0f8-d5e7-4316-b748-b83cc506aaf9/

danagupal.com

# Reference: https://app.any.run/tasks/69ce4ecc-f88e-4523-a568-6b6a79491855/

simantramart.net

# Reference: https://twitter.com/James_inthe_box/status/1185191156168065024

nvent.icu

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Trojan.Lokibot-7288215-1)

arkhesol.info
lapphuongshoe.com
majidfathalibeygi.com
novinsazvar.com
orientsdelivery.xyz
pliykies8.net
suksez-ab.com
versuvius.ru

# Reference: https://twitter.com/P3pperP0tts/status/1186987811553067009

sylvaclouds.eu

# Reference: https://twitter.com/Paladin3161/status/1187160642815291392

mikeservers.eu

# Reference: https://pastebin.com/29uSdMAk

atritei.icu
dadatiles.com.au
gracetime.tech
jajar.ru
modatie.gq
nonomonojolipoiubtrewert.tk
tahetah.ir

# Reference: https://twitter.com/P3pperP0tts/status/1190724582359089152

kaburto.info

# Reference: https://twitter.com/wwp96/status/1191009866720124928

conceriavictoria-it.com

# Reference: https://twitter.com/wwp96/status/1191009400015802368

beautynams.com

# Reference: https://twitter.com/James_inthe_box/status/1191325755084435457

allaige-global.com

# Reference: https://twitter.com/wwp96/status/1191408876303896576

cyttec.de

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Lokibot)

http://104.168.248.212
http://178.159.7.9
http://185.189.112.158
http://185.79.156.15
http://185.79.156.24
http://37.120.146.126
http://45.67.14.181
http://51.68.128.171
http://94.100.28.214
http://23.95.228.37
http://5.252.192.117
007akin.top
013nat.net
2lcfo.com
4thave.co.uk
9th-way.tech
abbasuit.top
abifph.com
acptw.icu
adamsjef.top
aerosport.tech
aljust.website
allstarbelts.com
andalemexico.com
apollocapitalp.com
baiksan-kr.com
baklaysinc.com
bakrakhada.com
bamastra.top
beancart9.top
beatfile3.top
beautynams.com
begurtyut.info
bichchats.top
bigshowinc.co.uk
biocodax.com
bluecornerblog.tk
bosal.tech
bp10.webhosting123.icu
bridgecornenterprises.com
broomingkingpoiuty.tk
bteenerji.com
buildingwiring.ir
bylima.icu
cbnid.net
cleaf.ml
clotiahs.info
cnedriect.com
cocshipmanagment.com
confirm2.pw
confirm3.pw
coolking-tw.com
corpcougar.com
corpcougar.in
cosmoi098.ga
cosmoi098.ml
cremeroloe.com
crippoloiutustrope.tk
cvnty.ga
diplomatgroup.org
doosantax.com
ebslaradio.cl
efore.info
eko-colors-pl.com
eko-logistics.com
emiliano-sala.ga
enchapa.info
epi.org.mk
esplanademauritius.com
execuitiveship.com
exsimpetroleum.com
extrememx.net
exwelloilfleld.com
ezigbo-mmadu.xyz
famoosonutt.com
fantasticpipo.club
fileshareing.tk
filmmagapp.ir
flmates.com
florence-malouda.ml
florence-malouda.tk
forexdispatch.info
fredwi.top
freecapes.com
freecaps4.ml
freewhcm.top
frenchman.icu
fueda.info
gama247.beget.tech
giftedhands-association.com
gihf2.com
goldenfashiondeeds.com
gooinnhtrr.ml
goriaya.com
gregvictor.co.uk
groz-toolz.com
gtigtex.info
habertjohnson.top
halwaja.com
higomanga.info
hotblowup.com
hpygol-acm.com
hyoki-jp.top
iiranair.com
iranssp.ir
ivandarina.top
jayconnect.co.uk
jbrightbuilders.sytes.net
jhpipaa.com
jonjoshelvey.gq
jttomwest.top
kaburto.info
kachi.cf
kalafyn10.tk
kin3p.co.uk
kitchenraja.com
kratheinz.com
lapphuongshoe.com
ledomainedesalizees.com
logfert.com
lovingu1.top
lronman4x4.com
mairon-hk.com
makopolos.com
manchester-derby.ga
manchesterderby.gq
manchesterderby.tk
maritlme-net.com
matbin.com
mbh-co-uk.ml
mbta.com.ng
mhydraulics.net
mizunogolfbags.com
modcloudserver.eu
monastaybags.com
morganans.co.uk
newwoldassem.top
nexmarket.ir
nkegi.com
oasisvillasmaurice.com
ofoleteadms.icu
oldendroff.com
orientsdelivery.xyz
palacegrades.com
perigon-no.com
pouruinhgtrewzip.tk
qkinz.tech
qoqip.com
quelmax.com
quurieun.top
rasavision.ir
razaacademy.info
ritedi.icu
rnuganbank.com
rtjf.ga
saliyumakan.club
scm-hk.com
season1.icu
sghecc.com
shakekur.top
shalets23.com
sherwoodpest.com
sibarzz.xyz
siiigroup.com
slimcase247.se
smarytie.ir
smilesbyme.com
smithtony.co.uk
sparkickwears.ga
spidook.bid
spuerinirominfo.tk
stedmanpharrna.com
stephero7.ml
sucalcin.top
sun-clear.net
sunvim.cf
sylvaclouds.eu
telcel.tech
thaeed.ir
thammyvienanthea.com
tienaris.com
tjfr.tk
tmjchange.com
tourscentralasian.com
tqe2009.com
tradesecretsgiveandtake.ca
treatascholars.com
trietrre.ml
unimasa.icu
uzocoms.eu
vastinopulotiste.tk
vbih.tk
venresf.ml
vibecore20.top
vicomdistribucion.top
villaviras.com
vinaprio.com
vteach.com.sg
wieiland.com
wilfred.top
willhelmsen.com
wohinqfood.com
yuxinproteins.com

# Reference: https://twitter.com/P3pperP0tts/status/1191999299061780480

http://151.80.3.78

# Reference: https://www.virustotal.com/gui/file/df3f26fa52e1d59ae86f3e4e3e0811ff0beb10f2588dcc5372130e93fc007908/behavior/Dr.Web%20vxCube

arctech--vn.com

# Reference: https://www.virustotal.com/gui/file/6979ee74e6d3dfcdaf0e146faa063d70659b56cfda034d46f6a611af58a71f70/behavior/Dr.Web%20vxCube

beautynams.com

# Reference: https://twitter.com/P3pperP0tts/status/1192710961641205760

http://51.81.26.73

# Reference: https://www.virustotal.com/gui/file/68a511a096b68f00f40d77b497122a0da58132ec86d565a7e314452fe18b8321/behavior/Dr.Web%20vxCube

kenturkeymanians.org

# Reference: https://twitter.com/P3pperP0tts/status/1192809962268962818

backbaymall.ga
nucsquaremall.ga

# Reference: https://www.group-ib.com/blog/fakesecurity

chuxagama.com
umbra-diego.com

# Reference: https://twitter.com/P3pperP0tts/status/1193844698370236416

http://157.52.211.11

# Reference: https://twitter.com/wwp96/status/1193942503864651776

efore.info

# Reference: https://app.any.run/tasks/205df181-d1c5-4315-80b2-5456b6bfeef2/

arctech--vn.com

# Reference: https://twitter.com/wwp96/status/1194325495686586370

pointqrace.com

# Reference: https://twitter.com/P3pperP0tts/status/1194590128129421313

http://37.187.207.221

# Reference: https://twitter.com/P3pperP0tts/status/1194761250078699520

nvent.icu

# Reference: https://twitter.com/P3pperP0tts/status/1194979247124860929

http://51.75.33.88

# Reference: https://twitter.com/JayTHL/status/1194992844039229441

onllygoodam.com

# Reference: https://twitter.com/James_inthe_box/status/982003272562044928
# Reference: https://app.any.run/tasks/0893ab89-f685-40ae-bddc-83699013c804/

hydeoutent.com

# Reference: https://twitter.com/Racco42/status/1196407632598310918

s-plt.club
s-top.xyz

# Reference: https://twitter.com/wwp96/status/1196472338960793603

gelcursot.top

# Reference: https://app.any.run/tasks/30e58965-3657-457d-8aba-cf857b1ae756/

junquam.com

# Reference: https://app.any.run/tasks/1dc0b30d-1713-41f3-a0f0-a98240ba9824/

onllygoodam.com

# Reference: https://app.any.run/tasks/60951b2e-aac7-46b6-be01-214e104282f2/

matbin.com

# Reference: https://twitter.com/wwp96/status/1196877315726135296

s-top.xyz

# Reference: https://twitter.com/wwp96/status/1196870261016059905

http://46.21.147.94

# Reference: https://www.fortinet.com/blog/threat-research/custom-packer-tool-frenchy.html
# Reference: https://otx.alienvault.com/pulse/5dd565d5cd733b662f366526

alphastand.top
alphastand.trade
alphastand.win
kbfvzoboss.bid
sun-clear.net

# Reference: https://twitter.com/P3pperP0tts/status/1197683883627700229

http://51.91.175.183

# Reference: https://twitter.com/JayTHL/status/1197922402828791808

findmypractice.org

# Reference: https://pastebin.com/a3tLkeSU

http://107.175.150.73

# Reference: https://app.any.run/tasks/2b37b818-369c-4c5c-a7af-fc7d20958920/

ray-den.xyz

# Reference: https://www.virustotal.com/gui/file/6b6ff1efd1dd41901c9c23dfd6d03ff6c1f6d846bf8ac8002b3af61744426e11/detection

lethatch.se

# Reference: https://app.any.run/tasks/216903ba-ad00-4e4b-8606-d329e1e8772e/

arctech--vn.com

# Reference: https://any.run/malware-trends/lokibot (Note: as seen on 2019-12-04)

worldatdoor.in
kitchenraja.in
gsuitekh.com
avertonbullk.com
offsolo-gbb.tech
1justfy.pw
l1n3n.site
elettroveneta-it.com
ddos.dnsnb8.net
smtp.siqanalytical.com
adonis-medicine.at

# Reference: https://twitter.com/wwp96/status/1202265059784835072

chennaiequipment.com

# Reference: https://pastebin.com/ghh2y3g3

kargozar1320.ir

# Reference: https://twitter.com/wwp96/status/1203005552248397824

gblasta.pw

# Reference: https://pastebin.com/7Ak2nP2T

awba-groups.com
indextechno.com
pms-center.com

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Trojan.LokiBot-7420275-1)

betaflexllc.us
beyondlogx.com
kontrolreport.com
oscontinental.online
phoenixdevs.ir
porno322.com
protestlabsmovings.es
secure-n2.top

# Reference: https://pastebin.com/B6EDa5x0

jb-qroups.com
logboxreports.top

# Reference: https://twitter.com/HeavyMetalAdmin/status/1204108254588080128

woobwoo.cf

# Reference: https://twitter.com/wwp96/status/1204430643800793088

woobwoo.ga

# Reference: https://twitter.com/wwp96/status/1204789643138473985

s-pod.xyz

# Reference: https://twitter.com/wwp96/status/1204805860129755141

kyant4.com

# Reference: https://www.virustotal.com/gui/file/1e191a6f8c36095e7a3c06d70086d82886447dab7119f1adb84ee321700dd7eb/detection

lkpswrd.cf

# Reference: https://www.virustotal.com/gui/file/994744f9be120c63c7d5819f9b9bd3fb43e19efc59b95d0153aa64adf6cc8d6c/detection

sentab.tk

# Reference: https://www.virustotal.com/gui/file/b939020a31f8ef30fd78bbb487469c72f61a857f699b689628a332fbedbf9959/detection

lkpswrd.ml

# Reference: https://twitter.com/James_inthe_box/status/1206952335764795392

onlygoood.com

# Reference: https://twitter.com/smica83/status/1209204228696227840

gcirsa.com

# Reference: https://twitter.com/wwp96/status/1214568832016142337

gquare.gq

# Reference: https://pastebin.com/Q6Sn446k

roryaftamart.duckdns.org

# Reference: https://twitter.com/wwp96/status/1214932312401600512

gquare.tk

# Reference: https://twitter.com/wwp96/status/1214940445530345472

egobetter.xyz

# Reference: https://app.any.run/tasks/90588195-450b-42b2-be93-65b97da7a2a0

gainflows.gq

# Reference: https://twitter.com/Racco42/status/1215312968348467200

cypress-tw.com

# Reference: https://twitter.com/Racco42/status/1215570689379524608

ptiihk.com

# Reference: https://twitter.com/Racco42/status/1214124427602022400

zni1.com

# Reference: https://twitter.com/P3pperP0tts/status/1215705099776987138

onlygoodem.com

# Reference: https://app.any.run/tasks/73a7b555-6bef-4aae-98a2-2dc6a5df6fda/

tranpip.com

# Reference: https://twitter.com/P3pperP0tts/status/1216852518640259073

noithathoanggia.net.vn

# Reference: https://app.any.run/tasks/8d60b414-aed6-4dba-80ca-f3d1b2f7556e/

allenservice.ga

# Reference: https://app.any.run/tasks/6d4f51ab-0149-4b7b-b43c-d55f7c7a046e/

tbt-sceitech.com

# Reference: https://twitter.com/malware_traffic/status/1217858107289866240

himkon.ga

# Reference: https://twitter.com/wwp96/status/1218227068896514051

afas-kr.com

# Reference: https://app.any.run/tasks/aa120a9f-7889-492b-9695-2b9c32c7a5fe/

oaa-my.com

# Reference: https://twitter.com/wwp96/status/1219361313735966721

agrabahd.ga

# Reference: https://twitter.com/wwp96/status/1219363482031861760

mecharnise.ir

# Reference: https://app.any.run/tasks/610b93f9-38f4-466f-a46e-f0dfbc750a1b/

chol.cc

# Reference: https://app.any.run/tasks/891ac638-b067-42b0-bf51-6120998204a9/
# Reference: https://app.any.run/tasks/7efd4037-e819-4b05-9dc5-c0baadcc7bb6/

http://107.175.150.73/~giftioz

# Reference: https://app.any.run/tasks/09a252ef-0ebb-4f48-b4a2-2261a44dd000/

sisenor.ml

# Reference: https://app.any.run/tasks/79df932f-0f42-441e-9071-64ddd88c7529/

kuomlog.xyz

# Reference: https://pastebin.com/DT3diCh7

didxbooks.com
fiftint.com

# Reference: https://app.any.run/tasks/a1af1cea-bf86-4702-b3a2-082c1d242f15/

http://193.142.59.89

# Reference: https://www.exposedbotnets.com/2018/02/kdotrakycomloki-bot-hosted-in-shinjiru.html

kdotraky.com
continentalrnovers.com

# Reference: https://twitter.com/wwp96/status/1220414670290456576

martirill.ga
/makave/sab.php

# Reference: https://www.virustotal.com/gui/file/d794747343409784e81b7754901acda8e2d3f5182ab9addc66c6121bc55aabc7/detection

teiup.xyz

# Reference: https://app.any.run/tasks/d4acf26b-aced-48a9-8dec-aeccd602c109/

heartychern.com

# Reference: https://www.virustotal.com/gui/file/8e68b6908534b24b52ba7a1d0ef445b9b2a8681a4d35fa9d5c4d447cf3efb300/detection

akito.be

# Reference: https://www.virustotal.com/gui/domain/alibabahugia.com/relations

alibabahugia.com

# Reference: https://www.virustotal.com/gui/domain/eferiwalabd.com/relations

eferiwalabd.com

# Reference: https://www.virustotal.com/gui/file/e1869921f052c6dc9387b18c6884191a2c637eb21cd638ed1b2e71b31cab7e0b/detection

kheeda.com

# Reference: https://www.virustotal.com/gui/domain/regalscoin.co/relations

regalscoin.co

# Reference: https://www.virustotal.com/gui/url/b27492bd716239fe2f17a20b4c60c24bb058b7b8023be0f5a5e78bde37ea7864/detection

molmarsl.com

# Reference: https://www.virustotal.com/gui/file/b509e105567fe4a14e31c96d71bdf2080df1d1737fe5b1928b2e5ad88add2b31/detection

bodegaslopezmoernas.com

# Reference: https://www.virustotal.com/gui/file/0dbbbc6aa0686ea19b55871f0ca0b9c722064683604c04e581c8498095f0cea9/detection

jdandado.info

# Reference: https://www.virustotal.com/gui/file/5ffa3eaa94c6a603d21525a72d56f23915279fbd755ac0fb24d04e9a2fdd26fe/detection

jscmy.co

# Reference: https://www.virustotal.com/gui/file/3fcbf0a0d8ab22f5762ebf4855165c1258b57462119eb5549e7b74edcc2ce1ad/detection

omabradley.ru

# Reference: https://www.virustotal.com/gui/file/eb0cc81ad318a7ee0d5aef0b51538178c5e590be837a2e81cb99bf89944547f3/detection

getvision2020.net

# Reference: https://twitter.com/wwp96/status/1221892381831766017

oaa-my.com