# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/ps66uk/status/1032177208335450112 # Note: C2 direct link is added due to remark from #239 occe.com/image1/image/Panel/five/fre.php # Reference: https://twitter.com/malwrhunterteam/status/1032537769787183104 americaircairmakan.com botnet.americaircairmakan.com # Reference: https://twitter.com/FewAtoms/status/1033040103155871744 agodatex.ga http://185.185.40.152/jeff/five/fre.php # Reference: https://twitter.com/olihough86/status/1033055339359420417 polixservices.com # Reference: https://twitter.com/0xffff08000/status/1033054440306036737 embramedica.com.br/site/wp-content/plugnis/ipconfig/five/PvqDq929BSx_A_D_M1n_a.php # Reference: https://twitter.com/malware_traffic/status/1033003634001367042 yardng.com # Reference: https://twitter.com/pollo290987/status/1032998085503447041 rmsalf.com # Reference: https://twitter.com/olihough86/status/1031644479109963776 http://191.101.42.43/fdgd/five/PvqDq929BSx_A_D_M1n_a.php studemplo.com/admin/studemplo/Panel/five/PvqDq929BSx_A_D_M1n_a.php phcc-india.com typrat.club www.cem-hk.co # Reference: https://twitter.com/asset_island_/status/1031608741504933889 pldtdsll.net # Reference: https://twitter.com/0xffff08000/status/1031613343797207040 claudfx.win # Reference: https://twitter.com/pollo290987/status/1031544753505165312 http://191.101.42.43/fdgd/five/fre.php # Reference: https://twitter.com/James_inthe_box/status/1030579493910413312 acadaman.com dandoesinternet.com # Reference: https://twitter.com/James_inthe_box/status/1030487639688794115 kelvinarinze.ml scoverykingdom.gq # Reference: https://pastebin.com/UGm39pdU # Reference: https://pastebin.com/mgVvSRHi 002vt.tk/james/fre.php http://141.105.71.166/me/fre.php http://141.105.71.76/blz/fre.php http://151.80.162.219/marle/fre.php http://185.111.75.169/cart/disk/fre.php http://185.148.146.193/~agroinovate/zizisisi/Panel/five/fre.php http://185.206.144.81/lawi/fre.php http://185.24.233.254/donep/fre.php http://185.24.233.32/open/libs/fre.php http://185.24.233.46/dusx/busz/fre.php http://185.24.233.74/dusk/hond/fre.php http://185.24.233.79/baca/opio/fre.php http://185.24.233.80/pend/chan/fre.php http://188.215.229.41//GIS/fre.php http://191.101.42.43/fdgd/five/fre.php http://31.220.2.200/~hancockw/nok/five/fre.php http://31.220.2.200/~justicet/ag/five/fre.php http://5.206.226.99/juicy/fre.php http://80.211.102.126/deve/tide/fre.php http://84.38.132.105/oki/Panel/fre.php http://84.38.133.160/new/Panel/fre.php http://85.254.72.30/donbig/c1/fre.php http://89.187.86.7/~blackdia/new/mhoney/fre.php http://89.187.86.7/~blackdia/vic/bless/fre.php http://89.45.67.131/smg/fre.php http://89.45.67.145/emy/fre.php ace.alasrglobal.com/ace/Panel/five/fre.php ace.alasrglobal.com/skinny/Panel/five/fre.php ace.alasrglobal.com/wise/Panel/five/fre.php ackh.ir/gabi/five/fre.php ackh.ir/hamid/five/fre.php ackh.ir/papa/five/fre.php ackh.ir/sp/five/fre.php adrack.us/wp-content/uploads/five/fre.php ahmad52sell.cf/admin/five/fre.php alexamondwonderltd.com/freeBrow/fre.php alpacham.com/ndretr5478/fre.php anitoid.alasrglobal.com/austine/five/fre.php araslanow.net/js/Panel/five/fre.php araslanow.net/wipadmin/Panel/five/fre.php awele.duckdns.org:1717/zip/fre.php babasoft.ooo/fre.php bapican.com/image/admin/Panel/five/fre.php blackdiamondsco.ae/bossftown/fre.php blackdiamondsco.ae/rooney/fre.php blackdiamondsco.ae/wogor/fre.php blogsports.com.ng/cli/Panel/five/fre.php brighten2.alasrglobal.com/file/bell/five/fre.php brighten2.alasrglobal.com/file/tin/five/fre.php brighten2.alasrglobal.com/file/vas/five/fre.php brighten.alasrglobal.com/file/do/five/fre.php britlite.ga/fade/type/fre.php bsales.cf/bs/Panel/five/fre.php bsales.cf/ft/Panel/five/fre.php cityhotel.ge/believe/five/fre.php cityhotel.ge/focus/five/fre.php cityhotel.ge/rozay/five/fre.php colnoygums.com/freg/fre.php cytanets-com.cf/philip/panel/fre.php cytanets-com.cf/qwertyu/panel/fre.php dandoesinternet.com/cis1406/tutorial10/fre.php dandoesinternet.com/cis1407/fre.php dandoesinternet.com/mobile/ch1/fre.php devhaevents.us/2415452354/242424/fre.php dutch-tour-guide-marrakech.com/app/Panel/five/fre.php eastlandproduce.us/.well-known/acme-challenge/over/raw/fre.php eholes.viewyoursite.co.uk/LucianoLokiPanel/fre.php emakqroup.tk/obi/panel/fre.php emakqroup.tk/sim/panel/fre.php embramedica.com.br/site/wp-content/plugnis/fre.php emoticon.tk/hcode/kmaster/fre.php e-ne1.com/Hab-Lok/fre.php eurobike1.cf/obinna/fre.php familyhealths.ga/cdi-directory/five/fre.php fascine-cemdene.com/wp/wp-includes/js/js/five/fre.php fasterre.gq/hcode/bazon/fre.php fojidedar.com/bazz/fojide2/fre.php fojidedar.com/fojide/fre.php fojidedar.com/soft/amadin/fre.php fox-lighting.ga/poop/club/fre.php freecaps.ml/over/jump/fre.php fruitfulmonth.tk/raphael/fre.php geranntibankasi.com/getyoui980/jertyui989/fre.php haksenlimited.com/slim/fre.php hamon.ir/mate/five/fre.php highstarsino.cf/anyi/fre.php hkenngr.com/herty987/letry78/fre.php homeduderezort.com/includes/1010/fre.php homeduderezort.com/includes/gator/fre.php homeduderezort.com/includes/nas/fre.php homefieldtech.com/anu/five/fre.php homefieldtech.com/box/five/fre.php homefieldtech.com/juke/five/fre.php homefieldtech.com/mzx/five/fre.php homefieldtech.com/Obo/five/fre.php homefieldtech.com/uok/five/fre.php housded.cf/hcode/azuka/fre.php icannsorg.com/icann2/five/fre.php icannsorg.com/icann/five/fre.php incitecpivot-au.com/mertyui567/kertli879/fre.php inout-me.ml/fixx/sure/fre.php inquire.website/images/five/fre.php isnmainpasedal.com/amb/fre.php jamespanel.tk/cole/fre.php jamespanel.tk/low/five2/fre.php jamespanel.tk/odee/fre.php joxax.privatedocuments.site/jox/loki/fre.php jvl-jp.co/ser567/gotert/fre.php katherinajetter.com/vxzc/Panel/fre.php katherinajetter.com/xzcsadwqe23/fre.php khanapenaband.com/jon/fre.php lablocks.site/Panel/five/fre.php laloderkozam.com/laloder2/five/fre.php laloderkozam.com/laloder3/five/fre.php laloderkozam.com/laloder4/five/fre.php launchgrowthtoday.download/bobo22/Panel/five/fre.php launchgrowthtoday.download/choo/Panel/five/fre.php launchgrowthtoday.download/jamike/Panel/five/fre.php logsession.space/citycenter/fashion/trending/fre.php lovaniacreative.com/wp-admin/js/inc/Panel/five/fre.php madlovert.ml/swanky/wp-content/uploads/Panel/five/fre.php magic1.cf/gat/fre.php magic3.ml/gozie/fre.php marksky.org/medosky/fre.php msa-fit.gq/sql/Panel/five/fre.php mxchlp.com/team/wide/fre.php namesnetworks.com/blog/educational/fre.php nextlevelshop.info/woldpress/logistics/Panel/five/fre.php nextwaveconsulting.com.au/Cpanel/Panel/five/fre.php novachim.ro/plugins/editors/five/fre.php nutgetsloversplay.usa.cc/wp-content/themes/twentyfifteen/Panel/five/fre.php oajandassociates.com/images/oajand/Panel/five/fre.php officebase.website/js/five/fre.php ojoboplaza.club/Angel/Panel/five/fre.php ojoboplaza.club/Drama/Panel/five/fre.php ojoboplaza.club/Man/Panel/five/fre.php onlyadoonbit.com/asji/fre.php opercomex.co/billionaire/kendra/fre.php orkaden.com/wp-includes/Text/me/fre.php panelhq.cf/jr/five/fre.php panelhq.gq/airforce/five/fre.php panelhq.gq/chelsea/five/fre.php panelhq.gq/gold/five/fre.php panelhq.gq/stars/five/fre.php profirst.com.vn/aug777/five/fre.php profirst.com.vn/aug/five/fre.php ptads.ml/pide/seed/fre.php punjabjaogi.com/Panel/fre.php qureshioffice.alasrglobal.com/admin7/bgn/sfe/fre.php qureshioffice.alasrglobal.com/admin/xxx/zzz/fre.php qureshioffice.alasrglobal.com/sam1/xknf/kdlt/fre.php reachmy90s.com/includes/Panel/five/fre.php rozedaro.com/administrator/Panel/five/fre.php saintechelon.tk/fre.php sccoast.tk/logs/panel/fre.php sccoast.tk/phil/panel/fre.php schooolcode.download/uk8k/Panel/five/fre.php shaktiorkatimo.com/symboss/fre.php shinyei-co.gq/cade/dope/fre.php sinomagnetor3.cf/anyi/fre.php soolitaytangya.com/blessed/Panel/five/fre.php sternpid.ga/firm/fost/fre.php strcutform.com/vinye/Panel/five/fre.php strijdbladen.ga/donstan/five/fre.php swaz.hanirnail.net/five/fre.php szccf361.com/flinkas260/fre.php theonlygoodman.com/eig/fre.php theonlygoodman.com/nin/fre.php tondice.flu.cc/images./45skele/fre.php tondice.flu.cc/images./imgs01sg-/fre.php tradelink.qa/aug/five/fre.php tutorialdnsstep1.com/admin/fre.php tutorialdnsstep1.com/toturial/fre.php uzocloudservers.gq/jeff/five/fre.php veloceqlobal.net/rain/hope/fre.php victoralifts.com/wpss/fre.php wapsihonaylo.com/wapsi3/five/fre.php wapsihonaylo.com/wapsi4/five/fre.php wapsihonaylo.com/wapsi/five/fre.php wcegroups.com/done/hont/fre.php westiles.ga/lope/coop/fre.php wiglelamberfo.com/eme/fre.php constantialiquidators.com/freg/fre.php crownventureintl.com/wip-admin/Panel/five/fre.php gardensun.ru/daily/fre.php gardensun.ru/eca/fre.php mysticalreflections.life/web-content/web/upgrade/wp_obtain/log/Panel/five/fre.php netgateway.top/panel/fre.php scoverykingdom.gq/jeff/five/fre.php semaprin.info/mi/fre.php sierracontrol.ru/cmd11/fre.php sierracontrol.ru/vipu/fre.php woelpuu.com/hertuyi/teryio/fre.php woelpuu.com/terypp/youip/fre.php zealsale.com.np/file/Panel/five/fre.php xsftruss.ml/edunew/fre.php ymwsolutions.com/testfilez/fre.php nawck.ml mitch-portal.tk sintrol.cf sirmitch.ml # Reference: https://myonlinesecurity.co.uk/slightly-different-lokibot-delivery-via-embedded-ole-objects-in-rtf-word-doc/ kikehraeein.com/web-obtain/file/web/log/Panel/five/fre.php # Reference: https://twitter.com/DynamicAnalysis/status/1034488992987860995 apidava.tk # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html szccf361.com # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html 1113sophie.info 41230319.net cryptocoindigital.com kacakbahisfirmasi.com marryingmaldonado.com mywdn.com risu-nursery.com saurabh.online shiqiyingli.com sicknessfitness.com themonkeygrindervintage.com unsubchef.com win.link xn--vhq6e39ls7w.net zexpar.com # Reference: https://viriback.com/30-days-later-97-panels/ annamadums.ml/jazzy/PvqDq929BSx_A_D_M1n_a.php bellegin.ru/doncha10/pen.php bellegin.ru/don-cha11/pen.php bellegin.ru/oshok/pen.php bollingoes.ml/ngoes/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/blam/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/block/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/konvict/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/smith/five/PvqDq929BSx_A_D_M1n_a.php cadjetbums.ml/tbums/PvqDq929BSx_A_D_M1n_a.php domainsender.info/moon/five/PvqDq929BSx_A_D_M1n_a.php domainsender.info/sun/five/PvqDq929BSx_A_D_M1n_a.php dunysaki.ru/buch-x5/pen.php dunysaki.ru/doncha-2/pen.php dunysaki.ru/stephen/pen.php erintoba.info/bbbb/Panel/five/PvqDq929BSx_A_D_M1n_a.php eriousimen.ml/eriou/PvqDq929BSx_A_D_M1n_a.php finelets.ru/buch-x3/pen.php finelets.ru/buch-x4/pen.php finelets.ru/fankzu/pen.php gokuu.club/ckan/PvqDq929BSx_A_D_M1n_a.php gokuu.club/M/PvqDq929BSx_A_D_M1n_a.php joanread.ru/decap/pen.php joanread.ru/work-1/pen.php lidgeys.ru/buch-k/pen.php lidgeys.ru/buch-l/pen.php lidgeys.ru/buch-m/pen.php lidgeys.ru/buchX-1/pen.php lidgeys.ru/buch-x2/pen.php lidgeys.ru/eddy/pen.php papgon10.ru/davidm/pen.php papgon10.ru/don-12/pen.php papgon10.ru/don-one/pen.php papgon10.ru/kennyB-1/pen.php papgon10.ru/oshok-two/pen.php thousandan.ml/andan/PvqDq929BSx_A_D_M1n_a.php topreadz.ru/alexbe/pen.php topreadz.ru/doncha-3/pen.php topreadz.ru/willy-1/pen.php ultrainstinct.ru/file/exe/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/Dstan/Panel/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/hsp1/Panel/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/nesto/Panel/five/PvqDq929BSx_A_D_M1n_a.php uy-akwaibom.ru/vinho/Panel/five/PvqDq929BSx_A_D_M1n_a.php vailablity.ml/vaila/PvqDq929BSx_A_D_M1n_a.php viettrust-vn.net/samii/PvqDq929BSx_A_D_M1n_a.php vopspyder.website/home/five/PvqDq929BSx_A_D_M1n_a.php vopspyder.website/log/five/PvqDq929BSx_A_D_M1n_a.php wheelonexs.ml/wheel/PvqDq929BSx_A_D_M1n_a.php # Reference: https://github.com/stamparm/maltrail/pull/284#issuecomment-417861246 ajmanz.gq # Reference: https://twitter.com/DynamicAnalysis/status/1037472184636256256 theonlygoodman.com/fit/fre.php # Reference: https://twitter.com/nullcookies/status/1038235674565066757 crasemerzom.com # Reference: https://twitter.com/avman1995/status/1038285919219068928 http://99.198.127.106 blackdiamondsco.ae/test/fre.php # Reference: https://twitter.com/ViriBack/status/983011333506588672 # Reference: https://pastebin.com/nwWHHFe0 bartolini-system.net/loop/PvqDq929BSx_A_D_M1n_a.php logs.boxxta.website/ikol/five/PvqDq929BSx_A_D_M1n_a.php # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Hploki-6682476-0) bvasetro.com com-logninsauthorize.info grm-group.info healinggoodness.com losmejorescrm.com mechakawaii.com mytechnik-beratung.com ptt-test.com testci20170903033002.net thlg8.com vintageontheline.com # Reference: https://pastebin.com/bEqJKZfZ strutitinca.ro/ftp/fre.php zenshinonline.ru/amb/fre.php zenshinonline.ru/eka/fre.php zenshinonline.ru/file/fre.php # Reference: https://www.maltiverse.com/sample/1ea139164e3525a5a4f3feb333551a806852cca40e49698fbf65d49bd4f7c27c loggerkeys-hosting.xyz # Reference: https://www.maltiverse.com/sample/16d06c604487ad96b04f226827dc033d61c80b345a323faee5c9d4a0b2a108d0 tananaislanoidd.ga # Reference: http://cybercrime-tracker.net/index.php?search=Lokibot corelis.group zenshinonline.ru harltdoors.com devhaevents.us grace4good.cf theonlygoodman.com premierevents.co.zw # Reference: https://twitter.com/ViriBack/status/1046391838448537601 # Reference: https://pastebin.com/4QRaU8T7 geranntibankasi.com/slowkizzy567/kertyui456/PvqDq929BSx_A_D_M1n_a.php hkenngr.com/herty987/letry78/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/dertyu987/treyuo9809/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/lerty67/loivet56/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/mertyui567/kertli879/PvqDq929BSx_A_D_M1n_a.php insightthk.com/hermonth/jerk/PvqDq929BSx_A_D_M1n_a.php insightthk.com/loki2/PvqDq929BSx_A_D_M1n_a.php insightthk.com/loki3/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/gert67/teryu7/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/nwokorie45777/fertyuoui/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/sert67/tyuio98/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/sertyoup/latinoper90/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/slamp89/ketu56/PvqDq929BSx_A_D_M1n_a.php kaokao-twn.com/yerter/getyu/PvqDq929BSx_A_D_M1n_a.php karenandkarren.com/multi980/mertyui989/PvqDq929BSx_A_D_M1n_a.php kurarray.com/fertyuio/lopiytu/PvqDq929BSx_A_D_M1n_a.php kurarray.com/loptyuier/liouy56/PvqDq929BSx_A_D_M1n_a.php kurarray.com/loptyuio/lop0980/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/gertyu99/ertyu8/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/hertyuu89/menter67/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/kertyu767/jertyu657/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/loipter/teryuop999/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/cash2/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/kelle/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/money/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/tino/PvqDq929BSx_A_D_M1n_a.php oceanlinkmarrine.com/loki2/PvqDq929BSx_A_D_M1n_a.php oceanlinkmarrine.com/loki4/PvqDq929BSx_A_D_M1n_a.php oliverrbatlle.com/setyi98/etruo89/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/dertyuop345/teryup234/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/limitedmert/menter567/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/nertyoiu67/eartyuoiyue67/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/slamptiert5/fertyupw456/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/startboi89234/netwer675/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/betstyui789/erty6786/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/fishyoiu/fishtery77/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/sertyu45/teryu34/PvqDq929BSx_A_D_M1n_a.php redsseammgt.com/loki5/PvqDq929BSx_A_D_M1n_a.php rmsalf.com/hertioyu567/lertu789/PvqDq929BSx_A_D_M1n_a.php rmsalf.com/mentiyu98/letluy78/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/kogilop/yopuit77/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/shakamally/loipy67/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/lokily89/werty6789/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/smello/ertyop009/PvqDq929BSx_A_D_M1n_a.php dersertlord.xyz/loki4/PvqDq929BSx_A_D_M1n_a.php dersertlord.xyz/loki5/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/shunshuo/terrampeedar/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/serto99/jerty45/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/sertoiu/fertuiop/PvqDq929BSx_A_D_M1n_a.php slompbit.xyz/lopitre87/teryuio09/PvqDq929BSx_A_D_M1n_a.php slompbit.xyz/lopityrety/kerterty/PvqDq929BSx_A_D_M1n_a.php woelpuu.com/hertuyi/teryio/PvqDq929BSx_A_D_M1n_a.php woelpuu.com/terypp/youip/PvqDq929BSx_A_D_M1n_a.php # Reference: https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ oceanlinkmarrine.com/loki1/fre.php oceanlinkmarrine.com/loki2/fre.php oceanlinkmarrine.com/loki3/fre.php oceanlinkmarrine.com/loki4/fre.php oceanlinkmarrine.com/loki5/fre.php # Reference: https://twitter.com/avman1995/status/1046751735971282944 nisol.ga/chika/fre.php # Reference: https://pastebin.com/AasLyArF monochromestr.site/fbm/encode.php # Reference: https://twitter.com/avman1995/status/1052426452187185153 octone.igg.biz/chri1/cgi.php # Reference: https://app.any.run/tasks/4515e611-f351-436b-982a-72229c1a1853 hmcrogenics.com # Reference: https://twitter.com/dvk01uk/status/1097767868874264576 /LL0/200g-xz/cat.php # Reference: https://twitter.com/dvk01uk/status/1097357708246896640 /kston/link.php # Reference: https://twitter.com/Securityinbits/status/1090893221754884100 /scott/link.php # Reference: https://twitter.com/Racco42/status/1027476386808848384 maxthon.duckdns.org sockets.duckdns.org # Reference: https://twitter.com/ps66uk/status/1062658307507273733 /sgbbu2/cat.php # Reference: https://twitter.com/illegalFawn/status/1113086451233755136 alexiwobi.ga dandyla1.ga # Reference: https://twitter.com/luc4m/status/1103214408682139648 aurelio.xyz # Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1116638803475746816 camopionari.cf dankasa.tk olododo.tk sweetreuyh.tk underneat.gq yriuiuteuieu.gq # Reference: https://twitter.com/pancak3lullz/status/1121057197914509312 /cka2/cat.php # Reference: https://twitter.com/JAMESWT_MHT/status/1134360866550439936 /m/2/cat.php # Reference: https://twitter.com/JayTHL/status/1124325778685087745 /lmark/atz/link.php # Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a romelulukaku.tk/anyi/fre.php # Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920 liverfook.ml/tuneshi/fre.php # Reference: https://twitter.com/ViriBack/status/1134662952898965504 # Reference: https://pastebin.com/pkZ0TBnc beautynams.com begurtyut.info flmates.com hyoki-jp.top # Reference: http://tracker.viriback.com/ (# Lokibot) bridgecornenterprises.com doosantax.com unimasa.icu # Reference: https://www.virustotal.com/gui/ip-address/185.79.156.24/relations http://185.79.156.24 # Reference: https://twitter.com/P3pperP0tts/status/1135824585885196288 leorentacars.com # Reference: https://twitter.com/JAMESWT_MHT/status/1136248211654545408 gadujez.tk # Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/lethatch.se%2Fnelpa%2Ffive%2Ffre.php lethatch.se # Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/technosevregroup.com%2Fzxd%2Fpanel%2Ffre.php technosevregroup.com # Reference: https://github.com/runvirus/LokiPWS/blob/master/README.md offset7.com # Reference: https://twitter.com/James_inthe_box/status/1136674160862609408 execuitiveship.com # Reference: https://twitter.com/dvk01uk/status/1137999393158770688 exalumnosldea.cl # Reference: https://twitter.com/dms1899/status/1138742747773460482 mbh-co-uk.ml sas-agri.ml # Reference: https://twitter.com/dvk01uk/status/1138774057606926341 fantasticpipo.club # Reference: https://twitter.com/dvk01uk/status/1138775767171698690 ezigbo-mmadu.xyz # Reference: https://twitter.com/James_inthe_box/status/1138815213640114176 http://45.67.14.154 http://185.79.156.24 # Reference: https://twitter.com/dvk01uk/status/1139485923991785473 uehsjtsjksf.tk # Reference: https://twitter.com/dvk01uk/status/1139494526307975168 fraiser-campbell.ga # Reference: https://twitter.com/pancak3lullz/status/1139534936518594561 freecapes.com # Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568 /kas/4/cat.php # Reference: https://twitter.com/dvk01uk/status/1140936638148820995 sparkickwears.ga # Reference: https://twitter.com/blackorbird/status/1141557021000552448 fileshareing.tk # Reference: https://twitter.com/x42x5a/status/1141970343818665984 007akin.top # Reference: https://twitter.com/Racco42/status/1141969102753423360 bichchats.top # Reference: https://twitter.com/Racco42/status/1143810986920599553 saculcin.top # Reference: https://twitter.com/x42x5a/status/1143895404527988736 tqe2009.com # Reference: https://twitter.com/dvk01uk/status/1144811922715549696 lionelibrahimovich.tk # Reference: https://twitter.com/dvk01uk/status/1146410395357339649 ayakkokulari.com # Reference: https://twitter.com/killamjr/status/1147113714132275200 openningsoonming.zapto.org # Reference: https://twitter.com/_odisseus/status/988303327090937857 # Reference: https://app.any.run/tasks/20ed9962-0799-4f3b-bfbf-6dd77e5b9979/ i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd # Reference: https://twitter.com/smica83/status/1149194882231209985 mbixch.site # Reference: https://twitter.com/Racco42/status/1149662812722978816 aliiff.com villaviras.com # Reference: https://twitter.com/hexlax/status/1149768235434352645 automatia.in lestonline.ga taleohio.ga # Reference: https://twitter.com/Paladin3161/status/1149639116125921284 kitchenraja.com # Reference: https://twitter.com/hexlax/status/1150113306545467393 bioconscolors.com # Reference: https://twitter.com/James_inthe_box/status/1151156619733921792 wupx.ga # Reference: https://twitter.com/reecdeep/status/1151737917259354113 ysvina-vn.com # Reference: https://app.any.run/tasks/69193d3f-ffe6-4db8-ba64-b408caeffde0 hotkey--cn.com # Reference: https://twitter.com/coderippers/status/1152188547253846016 orientsdelivery.xyz # Reference: https://twitter.com/reecdeep/status/1145960074046791680 eko-colors-pl.com # Reference: https://twitter.com/IdoNaor1/status/1152892001844629505 abulutari.tk # Reference: https://twitter.com/reecdeep/status/1153195564852547585 # Reference: https://app.any.run/tasks/4574a922-fd08-4230-ac49-59315b0702d5/ matbin.com # Reference: https://twitter.com/blackorbird/status/1155781572718546944 sparkickwears.ga # Reference: https://twitter.com/James_inthe_box/status/1155945383048011777 pitr0s.com # Reference: https://twitter.com/reecdeep/status/1157201656397860865 hochom-tw.com # Reference: https://twitter.com/Racco42/status/1157215058319040512 maviiletisim-com.tk # Reference: https://twitter.com/Racco42/status/1158765032299270144 kusumgar.cf # Reference: https://twitter.com/reecdeep/status/1158984342108090369 monastaybags.com # Reference: https://twitter.com/reecdeep/status/1159008913691435008 hilbizworld.top # Reference: https://twitter.com/reecdeep/status/1159438247208075264 hotkey--cn.com # Reference: https://twitter.com/reecdeep/status/1159446926196183045 teslaghane.com # Reference: https://twitter.com/reecdeep/status/1159833486817034241 sovamegroup.com # Reference: https://twitter.com/Paladin3161/status/1159984272897216513 quecik.info # Reference: https://twitter.com/reecdeep/status/1161226121515544576 sportyclik.com # Reference: https://twitter.com/reecdeep/status/1161220049413246977 sun-clear.net # Reference: https://twitter.com/reecdeep/status/1164074211213807616 confirm3.pw # Reference: https://any.run/report/a234966b36ea3816665501b926ef6fe22f4e8ba90a80af0f66662c4cd4dba915/6a5e8f49-5529-4f67-a457-eab7a3f1635e scanchart-rny.com # Reference: https://any.run/report/49e77f3fa26d7427bc726783325c2729c666038e0c4546c87e5678adcadaa4a8/8c88a7b4-fac6-494f-aba2-142d845136a2 cbnid.net # Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329 clotiahs.info jiraiya.info zjvvymy.com # Reference: https://twitter.com/reecdeep/status/1169151595747127296 modcloudserver.eu # Reference: https://twitter.com/Mesiagh/status/1170048273366695936 # Reference: https://pastebin.com/kMXDsSNr 171.15.198.199:1443 # Reference: https://app.any.run/tasks/bf013836-f219-494b-a54b-e25c13a7a400/ ottappalam.com # Reference: https://www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html palikyu.ml # Reference: https://twitter.com/reecdeep/status/1173492999457841154 mapsi-shipping.xyz # Reference: https://twitter.com/dvk01uk/status/1173464780159508480 svmarketingindia.com # Reference: https://twitter.com/Racco42/status/1173547031979278336 clotiahs.info # Reference: https://app.any.run/tasks/84841357-56f4-4d71-9f7b-4e5dde21edf7/ nucsquaremall.ga http://nucsquaremall.ga/~zadmin/lmark/ch/link.php # Reference: https://twitter.com/ninoseki/status/1175189790469189632 fatmazpharmc.com # Reference: https://app.any.run/tasks/6ecd4749-affb-4505-8b95-bd307a609be8/ handrass.co.rs/don/five/fre.php # Reference: https://any.run/report/397217271ce8684d24144b1eb612d6d45921573bb8cdd0e53fae1d44d2456a64/ff14e78f-0c45-45b0-b93e-8170121cc7de kaokao-twn.com # Reference: https://any.run/report/91628bad8c6b90dd333f850db85dcc2c313dbbccd84ecae45441b72c2a09603d/aba660a1-69bc-4f44-bc21-c962997baf13 barzaker1.tk # Reference: https://any.run/report/a2c93eb56dd983d63654dbbd82ee2967d1acb50f4fcd700ab3dfb7743fe64e9a/36fcc660-a97e-491f-9b05-af099620ac4c gruputsk.com # Reference: https://any.run/report/30e5e29f2e4e69e88032805b3cdfd8e86e48f6837a375f096263b86f9fe4de01/b5efffc2-b5b6-4e87-9958-4ab0e7c23db3 opercomex.co/php/webpanel/fre.php # Reference: https://any.run/report/c407bb7c069e983d20752c582476ab1606b4947724194f949ba90eefe9e05a24/9012e28b-9667-4070-9751-b3f2ef211d50 ponsse.site # Reference: https://any.run/report/050c206340ce8ea775797da9d55a250e488174d87d9529fb25db13a07168c471/8c33a2a5-51af-4547-bdb7-d5a3b93ea4c4 barzaker1.cf # Reference: https://any.run/report/1c0f62f0277289f74ffd1f03f5097f17a1e14494c4c612ed30aa2a9899759d3a/d4d20c0c-7aa3-449b-b365-8b2b9e243050 dtolnba.tk # Reference: https://any.run/report/78de464e43327ba4f9ef245c72e26b28e1fbd5175bccd15253fde852bd1eb61d/1a751b0b-e75f-4b67-829c-de5f1a86a932 megatradeinvestment.com # Reference: https://any.run/report/7e6b471d1fe43841b1c995df98e2feede05280d251f50fcf6b6f084ae902817a/9fd319fa-3e9d-4d15-8837-9b2d08fe6b8e 185.234.216.240/0x22/loki/fre.php # Reference: https://any.run/report/8897b096fa6661307bb3d2d97df155b2a4d673ee4e2e50ee37de23179a79afa6/e73a0ccf-14b0-4445-a00c-84076510d095 panelego018.info # Reference: https://any.run/report/7c7d40b6e024d074acb2aa9b21e60e5a2e132424cdd4f23432013cfadc368392/88ea1ed2-25ac-4786-86dc-a052020f6b2d 62.108.37.205/jeff/five/fre.php # Reference: https://any.run/report/af51d7d35c70e8572b1bf1bf7cac2f9c79da70920e972f5df338bd34b7908b51/17cb8efa-8ccb-4ccf-9e71-ca9cb30be138 jaobhaezrasam.com # Reference: https://any.run/report/da8cb79eb0b11f4c7e18890217c465afe508900d4d0fe029df10a08d7f50722e/28736ba8-2474-4fe3-9e7d-766ff32819f5 twosisterswine.com.au/admin/Panel/five/fre.php # Reference: https://any.run/report/856cfd8e4168c08f6382cc6a7a94f2812d40d09e4b5a17728f142c5bf1d7b892/76cc0b7e-1668-4fea-92db-47ce9f0e2d82 gracetime.tech # Reference: https://twitter.com/P3pperP0tts/status/1179292959172370433 onlygoodm.com # Reference: https://app.any.run/tasks/2bd648b0-c9cd-45a1-ac4b-3c253c2c01aa/ peaches19.com # Reference: https://twitter.com/Racco42/status/983258396664229888 ritsuninfra.in # Reference: https://twitter.com/smica83/status/1184381866243248128 cvnty.tk # Reference: https://twitter.com/hexlax/status/1184471439476441088 cvnty.cf ggvxt.ga mbfqg.cf mlzxvi.tk prxtz.gq prztz.ga qvukl.ga qvukl.gq qvukl.tk # Reference: https://app.any.run/tasks/9b5e5e7f-ac71-484e-8dad-0d0af3bfe73b/ atritei.icu # Reference: https://app.any.run/tasks/856e216f-c979-450a-a0b7-b9dbc6ab1361/ torresansrl-it.com # Reference: https://app.any.run/tasks/abd716d5-3267-4aec-b4e5-075b0f4ddf0a/ baiksan-kr.com # Reference: https://app.any.run/tasks/2c80bfce-a4a7-4024-b943-39d4fa8e0a01/ yanchenghengxin.com corpcougar.com # Reference: https://app.any.run/tasks/2c93099b-2751-41c4-a764-f8d66dcf727d/ kaburto.info # Reference: https://app.any.run/tasks/ff303a56-d3f6-4128-8876-1c91d4d7494e/ yanchenghengxin.com # Reference: https://app.any.run/tasks/f1e17f2a-00bc-4eeb-b5be-2d10c735ed9e/ tps-finlogistics.com # Reference: https://app.any.run/tasks/f09ecafa-3e69-4171-bd36-c415c5e5f0e0/ # Reference: https://twitter.com/P3pperP0tts/status/1185592600528637952 fueda.info # Reference: https://app.any.run/tasks/9eaf57e9-015a-4357-b0f8-fe30df9c9be7/ cvnty.tk # Reference: https://app.any.run/tasks/e1756c8b-3175-4232-a4ca-9818a8ac27e6/ john-donnelly.co.uk # Reference: https://app.any.run/tasks/3318e0f8-d5e7-4316-b748-b83cc506aaf9/ danagupal.com # Reference: https://app.any.run/tasks/69ce4ecc-f88e-4523-a568-6b6a79491855/ simantramart.net # Reference: https://twitter.com/James_inthe_box/status/1185191156168065024 nvent.icu # Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Trojan.Lokibot-7288215-1) arkhesol.info lapphuongshoe.com majidfathalibeygi.com novinsazvar.com orientsdelivery.xyz pliykies8.net suksez-ab.com versuvius.ru # Reference: https://twitter.com/P3pperP0tts/status/1186987811553067009 sylvaclouds.eu # Reference: https://twitter.com/Paladin3161/status/1187160642815291392 mikeservers.eu # Reference: https://pastebin.com/29uSdMAk atritei.icu dadatiles.com.au gracetime.tech jajar.ru modatie.gq nonomonojolipoiubtrewert.tk tahetah.ir # Reference: https://twitter.com/P3pperP0tts/status/1190724582359089152 kaburto.info # Reference: https://twitter.com/wwp96/status/1191009866720124928 conceriavictoria-it.com # Reference: https://twitter.com/wwp96/status/1191009400015802368 beautynams.com # Reference: https://twitter.com/James_inthe_box/status/1191325755084435457 allaige-global.com # Reference: https://twitter.com/wwp96/status/1191408876303896576 cyttec.de # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Lokibot) http://104.168.248.212 http://178.159.7.9 http://185.189.112.158 http://185.79.156.15 http://185.79.156.24 http://37.120.146.126 http://45.67.14.181 http://51.68.128.171 http://94.100.28.214 http://23.95.228.37 http://5.252.192.117 007akin.top 013nat.net 2lcfo.com 4thave.co.uk 9th-way.tech abbasuit.top abifph.com acptw.icu adamsjef.top aerosport.tech aljust.website allstarbelts.com andalemexico.com apollocapitalp.com baiksan-kr.com baklaysinc.com bakrakhada.com bamastra.top beancart9.top beatfile3.top beautynams.com begurtyut.info bichchats.top bigshowinc.co.uk biocodax.com bluecornerblog.tk bosal.tech bp10.webhosting123.icu bridgecornenterprises.com broomingkingpoiuty.tk bteenerji.com buildingwiring.ir bylima.icu cbnid.net cleaf.ml clotiahs.info cnedriect.com cocshipmanagment.com confirm2.pw confirm3.pw coolking-tw.com corpcougar.com corpcougar.in cosmoi098.ga cosmoi098.ml cremeroloe.com crippoloiutustrope.tk cvnty.ga diplomatgroup.org doosantax.com ebslaradio.cl efore.info eko-colors-pl.com eko-logistics.com emiliano-sala.ga enchapa.info epi.org.mk esplanademauritius.com execuitiveship.com exsimpetroleum.com extrememx.net exwelloilfleld.com ezigbo-mmadu.xyz famoosonutt.com fantasticpipo.club fileshareing.tk filmmagapp.ir flmates.com florence-malouda.ml florence-malouda.tk forexdispatch.info fredwi.top freecapes.com freecaps4.ml freewhcm.top frenchman.icu fueda.info gama247.beget.tech giftedhands-association.com gihf2.com goldenfashiondeeds.com gooinnhtrr.ml goriaya.com gregvictor.co.uk groz-toolz.com gtigtex.info habertjohnson.top halwaja.com higomanga.info hotblowup.com hpygol-acm.com hyoki-jp.top iiranair.com iranssp.ir ivandarina.top jayconnect.co.uk jbrightbuilders.sytes.net jhpipaa.com jonjoshelvey.gq jttomwest.top kaburto.info kachi.cf kalafyn10.tk kin3p.co.uk kitchenraja.com kratheinz.com lapphuongshoe.com ledomainedesalizees.com logfert.com lovingu1.top lronman4x4.com mairon-hk.com makopolos.com manchester-derby.ga manchesterderby.gq manchesterderby.tk maritlme-net.com matbin.com mbh-co-uk.ml mbta.com.ng mhydraulics.net mizunogolfbags.com modcloudserver.eu monastaybags.com morganans.co.uk newwoldassem.top nexmarket.ir nkegi.com oasisvillasmaurice.com ofoleteadms.icu oldendroff.com orientsdelivery.xyz palacegrades.com perigon-no.com pouruinhgtrewzip.tk qkinz.tech qoqip.com quelmax.com quurieun.top rasavision.ir razaacademy.info ritedi.icu rnuganbank.com rtjf.ga saliyumakan.club scm-hk.com season1.icu sghecc.com shakekur.top shalets23.com sherwoodpest.com sibarzz.xyz siiigroup.com slimcase247.se smarytie.ir smilesbyme.com smithtony.co.uk sparkickwears.ga spidook.bid spuerinirominfo.tk stedmanpharrna.com stephero7.ml sucalcin.top sun-clear.net sunvim.cf sylvaclouds.eu telcel.tech thaeed.ir thammyvienanthea.com tienaris.com tjfr.tk tmjchange.com tourscentralasian.com tqe2009.com tradesecretsgiveandtake.ca treatascholars.com trietrre.ml unimasa.icu uzocoms.eu vastinopulotiste.tk vbih.tk venresf.ml vibecore20.top vicomdistribucion.top villaviras.com vinaprio.com vteach.com.sg wieiland.com wilfred.top willhelmsen.com wohinqfood.com yuxinproteins.com # Reference: https://twitter.com/P3pperP0tts/status/1191999299061780480 http://151.80.3.78 # Reference: https://www.virustotal.com/gui/file/df3f26fa52e1d59ae86f3e4e3e0811ff0beb10f2588dcc5372130e93fc007908/behavior/Dr.Web%20vxCube arctech--vn.com # Reference: https://www.virustotal.com/gui/file/6979ee74e6d3dfcdaf0e146faa063d70659b56cfda034d46f6a611af58a71f70/behavior/Dr.Web%20vxCube beautynams.com # Reference: https://twitter.com/P3pperP0tts/status/1192710961641205760 http://51.81.26.73 # Reference: https://www.virustotal.com/gui/file/68a511a096b68f00f40d77b497122a0da58132ec86d565a7e314452fe18b8321/behavior/Dr.Web%20vxCube kenturkeymanians.org # Reference: https://twitter.com/P3pperP0tts/status/1192809962268962818 backbaymall.ga nucsquaremall.ga # Reference: https://www.group-ib.com/blog/fakesecurity chuxagama.com umbra-diego.com # Reference: https://twitter.com/P3pperP0tts/status/1193844698370236416 http://157.52.211.11 # Reference: https://twitter.com/wwp96/status/1193942503864651776 efore.info # Reference: https://app.any.run/tasks/205df181-d1c5-4315-80b2-5456b6bfeef2/ arctech--vn.com # Reference: https://twitter.com/wwp96/status/1194325495686586370 pointqrace.com # Reference: https://twitter.com/P3pperP0tts/status/1194590128129421313 http://37.187.207.221 # Reference: https://twitter.com/P3pperP0tts/status/1194761250078699520 nvent.icu # Reference: https://twitter.com/P3pperP0tts/status/1194979247124860929 http://51.75.33.88 # Reference: https://twitter.com/JayTHL/status/1194992844039229441 onllygoodam.com # Reference: https://twitter.com/James_inthe_box/status/982003272562044928 # Reference: https://app.any.run/tasks/0893ab89-f685-40ae-bddc-83699013c804/ hydeoutent.com # Reference: https://twitter.com/Racco42/status/1196407632598310918 s-plt.club s-top.xyz # Reference: https://twitter.com/wwp96/status/1196472338960793603 gelcursot.top # Reference: https://app.any.run/tasks/30e58965-3657-457d-8aba-cf857b1ae756/ junquam.com # Reference: https://app.any.run/tasks/1dc0b30d-1713-41f3-a0f0-a98240ba9824/ onllygoodam.com # Reference: https://app.any.run/tasks/60951b2e-aac7-46b6-be01-214e104282f2/ matbin.com # Reference: https://twitter.com/wwp96/status/1196877315726135296 s-top.xyz # Reference: https://twitter.com/wwp96/status/1196870261016059905 http://46.21.147.94 # Reference: https://www.fortinet.com/blog/threat-research/custom-packer-tool-frenchy.html # Reference: https://otx.alienvault.com/pulse/5dd565d5cd733b662f366526 alphastand.top alphastand.trade alphastand.win kbfvzoboss.bid sun-clear.net # Reference: https://twitter.com/P3pperP0tts/status/1197683883627700229 http://51.91.175.183 # Reference: https://twitter.com/JayTHL/status/1197922402828791808 findmypractice.org # Reference: https://pastebin.com/a3tLkeSU http://107.175.150.73 # Reference: https://app.any.run/tasks/2b37b818-369c-4c5c-a7af-fc7d20958920/ ray-den.xyz # Reference: https://www.virustotal.com/gui/file/6b6ff1efd1dd41901c9c23dfd6d03ff6c1f6d846bf8ac8002b3af61744426e11/detection lethatch.se # Reference: https://app.any.run/tasks/216903ba-ad00-4e4b-8606-d329e1e8772e/ arctech--vn.com # Reference: https://any.run/malware-trends/lokibot (Note: as seen on 2019-12-04) worldatdoor.in kitchenraja.in gsuitekh.com avertonbullk.com offsolo-gbb.tech 1justfy.pw l1n3n.site elettroveneta-it.com ddos.dnsnb8.net smtp.siqanalytical.com adonis-medicine.at # Reference: https://twitter.com/wwp96/status/1202265059784835072 chennaiequipment.com # Reference: https://pastebin.com/ghh2y3g3 kargozar1320.ir # Reference: https://twitter.com/wwp96/status/1203005552248397824 gblasta.pw # Reference: https://pastebin.com/7Ak2nP2T awba-groups.com indextechno.com pms-center.com # Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Trojan.LokiBot-7420275-1) betaflexllc.us beyondlogx.com kontrolreport.com oscontinental.online phoenixdevs.ir porno322.com protestlabsmovings.es secure-n2.top # Reference: https://pastebin.com/B6EDa5x0 jb-qroups.com logboxreports.top # Reference: https://twitter.com/HeavyMetalAdmin/status/1204108254588080128 woobwoo.cf # Reference: https://twitter.com/wwp96/status/1204430643800793088 woobwoo.ga # Reference: https://twitter.com/wwp96/status/1204789643138473985 s-pod.xyz # Reference: https://twitter.com/wwp96/status/1204805860129755141 kyant4.com # Reference: https://www.virustotal.com/gui/file/1e191a6f8c36095e7a3c06d70086d82886447dab7119f1adb84ee321700dd7eb/detection lkpswrd.cf # Reference: https://www.virustotal.com/gui/file/994744f9be120c63c7d5819f9b9bd3fb43e19efc59b95d0153aa64adf6cc8d6c/detection sentab.tk # Reference: https://www.virustotal.com/gui/file/b939020a31f8ef30fd78bbb487469c72f61a857f699b689628a332fbedbf9959/detection lkpswrd.ml # Reference: https://twitter.com/James_inthe_box/status/1206952335764795392 onlygoood.com # Reference: https://twitter.com/smica83/status/1209204228696227840 gcirsa.com # Reference: https://twitter.com/wwp96/status/1214568832016142337 gquare.gq # Reference: https://pastebin.com/Q6Sn446k roryaftamart.duckdns.org # Reference: https://twitter.com/wwp96/status/1214932312401600512 gquare.tk # Reference: https://twitter.com/wwp96/status/1214940445530345472 egobetter.xyz # Reference: https://app.any.run/tasks/90588195-450b-42b2-be93-65b97da7a2a0 gainflows.gq # Reference: https://twitter.com/Racco42/status/1215312968348467200 cypress-tw.com # Reference: https://twitter.com/Racco42/status/1215570689379524608 ptiihk.com # Reference: https://twitter.com/Racco42/status/1214124427602022400 zni1.com # Reference: https://twitter.com/P3pperP0tts/status/1215705099776987138 onlygoodem.com # Reference: https://app.any.run/tasks/73a7b555-6bef-4aae-98a2-2dc6a5df6fda/ tranpip.com # Reference: https://twitter.com/P3pperP0tts/status/1216852518640259073 noithathoanggia.net.vn # Reference: https://app.any.run/tasks/8d60b414-aed6-4dba-80ca-f3d1b2f7556e/ allenservice.ga # Reference: https://app.any.run/tasks/6d4f51ab-0149-4b7b-b43c-d55f7c7a046e/ tbt-sceitech.com # Reference: https://twitter.com/malware_traffic/status/1217858107289866240 himkon.ga # Reference: https://twitter.com/wwp96/status/1218227068896514051 afas-kr.com # Reference: https://app.any.run/tasks/aa120a9f-7889-492b-9695-2b9c32c7a5fe/ oaa-my.com # Reference: https://twitter.com/wwp96/status/1219361313735966721 agrabahd.ga # Reference: https://twitter.com/wwp96/status/1219363482031861760 mecharnise.ir # Reference: https://app.any.run/tasks/610b93f9-38f4-466f-a46e-f0dfbc750a1b/ chol.cc # Reference: https://app.any.run/tasks/891ac638-b067-42b0-bf51-6120998204a9/ # Reference: https://app.any.run/tasks/7efd4037-e819-4b05-9dc5-c0baadcc7bb6/ http://107.175.150.73/~giftioz # Reference: https://app.any.run/tasks/09a252ef-0ebb-4f48-b4a2-2261a44dd000/ sisenor.ml # Reference: https://app.any.run/tasks/79df932f-0f42-441e-9071-64ddd88c7529/ kuomlog.xyz # Reference: https://pastebin.com/DT3diCh7 didxbooks.com fiftint.com # Reference: https://app.any.run/tasks/a1af1cea-bf86-4702-b3a2-082c1d242f15/ http://193.142.59.89 # Reference: https://www.exposedbotnets.com/2018/02/kdotrakycomloki-bot-hosted-in-shinjiru.html kdotraky.com continentalrnovers.com # Reference: https://twitter.com/wwp96/status/1220414670290456576 martirill.ga /makave/sab.php # Reference: https://www.virustotal.com/gui/file/d794747343409784e81b7754901acda8e2d3f5182ab9addc66c6121bc55aabc7/detection teiup.xyz # Reference: https://app.any.run/tasks/d4acf26b-aced-48a9-8dec-aeccd602c109/ heartychern.com # Reference: https://www.virustotal.com/gui/file/8e68b6908534b24b52ba7a1d0ef445b9b2a8681a4d35fa9d5c4d447cf3efb300/detection akito.be # Reference: https://www.virustotal.com/gui/domain/alibabahugia.com/relations alibabahugia.com # Reference: https://www.virustotal.com/gui/domain/eferiwalabd.com/relations eferiwalabd.com # Reference: https://www.virustotal.com/gui/file/e1869921f052c6dc9387b18c6884191a2c637eb21cd638ed1b2e71b31cab7e0b/detection kheeda.com # Reference: https://www.virustotal.com/gui/domain/regalscoin.co/relations regalscoin.co # Reference: https://www.virustotal.com/gui/url/b27492bd716239fe2f17a20b4c60c24bb058b7b8023be0f5a5e78bde37ea7864/detection molmarsl.com # Reference: https://www.virustotal.com/gui/file/b509e105567fe4a14e31c96d71bdf2080df1d1737fe5b1928b2e5ad88add2b31/detection bodegaslopezmoernas.com # Reference: https://www.virustotal.com/gui/file/0dbbbc6aa0686ea19b55871f0ca0b9c722064683604c04e581c8498095f0cea9/detection jdandado.info # Reference: https://www.virustotal.com/gui/file/5ffa3eaa94c6a603d21525a72d56f23915279fbd755ac0fb24d04e9a2fdd26fe/detection jscmy.co # Reference: https://www.virustotal.com/gui/file/3fcbf0a0d8ab22f5762ebf4855165c1258b57462119eb5549e7b74edcc2ce1ad/detection omabradley.ru # Reference: https://www.virustotal.com/gui/file/eb0cc81ad318a7ee0d5aef0b51538178c5e590be837a2e81cb99bf89944547f3/detection getvision2020.net # Reference: https://twitter.com/wwp96/status/1221892381831766017 oaa-my.com # Reference: https://twitter.com/wwp96/status/1222244913309454337 nwababy.cf /chikincho/sab.php # Reference: https://twitter.com/wwp96/status/1222259928422932480 wakanduz.tk /sabali/sab.php # Reference: https://twitter.com/James_inthe_box/status/1222541809454202880 zeyadigital.com # Reference: https://twitter.com/wwp96/status/1222604774484430848 himkon.cf # Reference: https://twitter.com/wwp96/status/1222651453673787393 drop-box.top # Reference: https://twitter.com/Racco42/status/1222895330422706178 hanmha.com # Reference: https://www.virustotal.com/gui/ip-address/193.142.59.107/relations 193.142.59.107:80 # Reference: https://www.virustotal.com/gui/ip-address/89.249.65.212/relations 89.249.65.212:80 # Reference: https://twitter.com/wwp96/status/1223277675688669185 # Reference: https://app.any.run/tasks/f9f4c66f-7e96-4ded-909a-f2f799658400/ gpi-q.com # Reference: https://twitter.com/wwp96/status/1223283853395144704 everest--sh.com # Reference: https://twitter.com/wwp96/status/1223331321969348613 # Reference: https://twitter.com/wwp96/status/1224402400674447361 butland.cf ezilon.tk /igine/sab.php # Reference: https://pastebin.com/v5VKwUUR batlxt.org fiftint.com top-sso3.top # Reference: https://twitter.com/wwp96/status/1224395051486400513 kdi-kongsberg.com # Reference: https://twitter.com/wwp96/status/1224395809879470080 baural.tk nedoru3.ml # Reference: https://twitter.com/wwp96/status/1224397130175041536 unrrwa.org # Reference: https://twitter.com/wwp96/status/1224403562488389632 http://193.142.59.7 # Reference: https://twitter.com/wwp96/status/1224415503206244353 baurallc.ml gadingsllc.cf /vvd/sab.php # Reference: https://twitter.com/wwp96/status/1224414499983237120 plosss.com # Reference: https://twitter.com/wwp96/status/1224415881880621062 saclex.gq # Reference: https://pastebin.com/5VDXdhPA airlinecom.tk babanovex.cf babatnx.cf bagariwa.tk baurallc.ml butland.cf butland.gq championsdeal.cf champkit.tk gadinacom.ga gadinacom.gq gadinacom.tk gadinatr.cf gadinatr.gq gadinatr.tk gbajagbaja.cf gbajagbaja.gq gbajagbaja.tk januarytins.ml juannylift.cf kutuolog.cf kutuolog.ga kutuolog.gq kutuolog.ml kutuolog.tk lilninop.ga mamado.ml martirill.ga nwababy.cf onyenzoputa.cf onyenzoputa.ml onyenzoputa.tk precisiongmbh.tk ramdymoore.ml saffen.ml simportexx.tk simpotex.ml simpotex.tk sisenor.ml solouro.ga solouro.ml tocheckoru.cf udejimji.cf ugomma.gq ugougo.cf ukwunkea.ml unvacsth.gq unvacsth.ml unvacsth.tk uwachukwuu.cf uwachukwuu.ml vintaded.ga wakanduz.cf wakanduz.ga wakanduz.gq webergmbh.ml webergmbh.tk /chikala/sab.php /chikincho/sab.php /igine/sab.php /makave/sab.php /nzubedubai/sab.php /omega/sab.php /pope/sab.php /sabali/sab.php /sweet/sab.php /vvd/sab.php /zanku/sab.php # Reference: https://app.any.run/tasks/153c9ca2-38d7-46f8-a510-2d6d13fbde4e/ shgshgsndynationalindustrialandgoogledns.duckdns.org # Reference: https://app.any.run/tasks/4dc538c1-e78e-41fe-b17e-ed9da474ea3c/ cranetechllc.ml simpotex.ga # Reference: https://app.any.run/tasks/e61bbc8a-d35d-4316-8232-b7cfd7f14a22/ cokhiquangbien.com # Reference: https://twitter.com/wwp96/status/1224789442243723265 omabradley.ru # Reference: https://twitter.com/wwp96/status/1224786717883936775 growyourwealth.cf powerlinecom.ml /makave/sab.php # Reference: https://twitter.com/wwp96/status/1224781788033245191 trouserlanditd.com # Reference: https://twitter.com/K_N1kolenko/status/1225009464815902720 http://104.223.170.113 http://107.175.150.73 http://198.23.200.241 http://78.142.18.109 about.panjihidayat.web.id barential.cf batlxt.org cv.panjihidayat.web.id difapackperu.com everest--sh.com fiftint.com gpi-q.com growyourwealth.cf lkpswrd.tk mecharnise.ir mocdong.com.vn/gx/playbook/onelove/fre.php omabradley.ru petroindonesia.co.id skyoceanshippinq.com tecon.com.mx tickerqube.com trouserlanditd.com tungyu.cf u-knlt.com worldatdoor.in zeyadigital.com # Reference: https://twitter.com/Bl4ng3l/status/1224999049880899586 etoro-miners.com # Reference: https://twitter.com/wwp96/status/1225487541484302336 drkconstrucciones.com # Reference: https://twitter.com/K_N1kolenko/status/1225784278732214272 euromopy.tech mirrapl.com missingandfound.com.my yullifyne.ml /v-2/pin.php /makave/sab.php /vvd/sab.php /zanku/sab.php # Reference: https://twitter.com/wwp96/status/1226945238448713732 serv-node4.top # Reference: https://www.virustotal.com/gui/domain/ezzy-corp.com/relations ezzy-corp.com # Reference: https://twitter.com/wwp96/status/1227267903558496256 abumchukwugi.ga coretelin.ml # Reference: https://app.any.run/tasks/904abf72-63a7-4d8c-9be4-d25ca3872cbf/ http://192.3.183.226 # Reference: https://app.any.run/tasks/dce56dd7-e6b6-45e7-9845-9c1da2ac3cbd/ http://46.21.147.207 # Reference: https://twitter.com/K_N1kolenko/status/1227511439176458240 # Reference: https://twitter.com/K_N1kolenko/status/1227511407564001281 http://103.208.86.31 bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php bdsphatphat.com/.dtt/playbook/onelove/fre.php ijinwa.ml innoexpo.tech jfe-mineral-co.pw naelele.ga slnsa.trade telincore.tk telincorenw.gq transmarine.pw tungyu.cf /makave/sab.php /omega/sab.php /zanku/sab.php # Reference: https://twitter.com/K_N1kolenko/status/1227925694539337728 digi-sec.top ijinwa.gq telincore.gq matantalbenna.com/.legolass/fine/fre.php (# compromised site) /nzubedubai/sab.php # Reference: https://twitter.com/wwp96/status/1228000721494315008 beautynams.com # Reference: https://twitter.com/wwp96/status/1228360824676323328 dfsdfbdz.ml telincore.ml # Reference: https://twitter.com/wwp96/status/1228364048917565441 sogamco.com # Reference: https://twitter.com/wwp96/status/1228357214538170369 workherna.ga # Reference: https://twitter.com/wwp96/status/1228372948626690048 bantanmanta.cf loverineta.tk # Reference: https://twitter.com/reecdeep/status/1229403951675715586 powerlogs.top taximolinaperu.com # Reference: https://twitter.com/wwp96/status/1229438993584066562 cokhiquangbien.com # Reference: https://twitter.com/wwp96/status/1229438428598689792 kdi-kongsberg.com # Reference: https://twitter.com/wwp96/status/1229448871677485057 193.142.59.88:80 # Reference: https://twitter.com/wwp96/status/1229446037800181760 # Reference: https://twitter.com/_lockhum/status/1229477916234461184 46.21.147.206:80 /primseven/logs/omc.php # Reference: https://pastebin.com/WWcPxMMU http://paswordinc.xyz/new/fre.php http://www.dadatiles.com.au/ju/fre.php http://192.3.182.247/feblogs/logs/fre.php http://brokenbrains.xyz/James/fre.php http://185.126.201.167/~power13/.W0pohss134zCt/fre.php http://transwesemayra.top/Lokivo/Panel/fre.php http://taximolinaperu.com/fz/fre.php http://best-aluminum-co.ml/CORONACUREXXX/fre.php http://195.206.106.191/hoist3/logs/fre.php http://wesemayra.top/Lokivo/Panel/fre.php http://misiondeangeles.com/grace/five/fre.php http://94.100.18.11/plugman/logs/fre.php http://46.21.147.206/primseven/logs/fre.php http://thefieldagent.net/yo/Panel/five/fre.php http://193.142.59.109/primone/logs/fre.php http://131.153.22.150/primfour/logs/fre.php http://sariincofood.co.id/xx/Panel/fre.php http://mediagift.vn/.ki/playbook/onelove/fre.php http://masterteknoloji.com/.legolas/legolas/fine/fre.php http://mecharnise.ir/ca10/fre.php http://centrehotel.vn/oo/panel/fre.php http://www.tiltteexx.co/soft/julxx/fre.php http://pickupmylaundry.co.in/fonts/xfs/xch/fre.php http://tiltteexx.co/rokzee/kor2/fre.php http://176.57.70.28/angelo/Panel/five/fre.php http://getupandcboz.com/mine/fre.php http://www.biznetvgator.com/hyj/five/fre.php http://kceeruth.tk/kcee/fre.php http://www.matantalbenna.com/.legolass/fine/fre.php http://gassettgroup.com/1/fre,php http://netfliq.ml/binocular/fre.php http://promecco.com.tr/nel/five/fre.php http://sogamco.com/Work6/fre.php http://empresadeperu.com/bn/fre.php http://sogamco.com/Work4/fre.php http://141.105.71.35/sss/fre.php http://sogamco.com/Work5/fre.php http://thefieldagent.net/ys/Panel/five/fre.php http://portalcafecomnoticias.com.br/wp-includes/css/coco/fre.php http://gentleprlnce.com/CanDyCrUSHXXX/fre.php http://thefieldagent.net/loki/Panel/five/fre.php http://epperfums.com/dull/five/fre.php http://taximolinaperu.com/m/fre.php http://192.3.183.226/~feragamo/.legolas/fine/fre.php http://mawa2ef.com/core/five/fre.php http://mediagift.vn/.bc/playbook/onelove/fre.php http://blue-airship.com/empire/movement/kingz/fre.php http://academydea.com/includes/Panel/five/fre.php http://vlklz.xyz/A1/five/fre.php http://techcefacos.org/config/Panel/five/fre.php http://ayoobtextlie.com/cup/five/fre.php http://ayoobtextlie.com/craks/five/fre.php http://mckenzai-co.pw/Pablo/fre.php http://beerberv.com/OPAYREXING/fre.php http://portalcafecomnoticias.com.br/test/js/Panel/five/fre.php http://epperfums.com/dino/five/fre.php http://taximolinaperu.com/cg/fre.php http://193.142.59.88/primsix/logs/fre.php http://jfe-mineral-co.pw/Arinze/fre.php http://petroindonesia.co.id/xxx/xx/Panel/fre.php http://omabradley.ru/msn/Panel/fre.php http://omabradley.ru/easyph/Panel/fre.php http://corpcougar.com/zor/Panel/five/fre.php http://omabradley.ru/arewaphazzy/Panel/fre.php http://assemba.co.uk/bk2/Panel/five/fre.php http://fentlix.com/pl2y/fre.php http://isysu.net/zb_system/image/logo/good/fre.php http://transmarine.pw/Pablo/fre.php http://omabradley.ru/m16/Panel/fre.php http://myaline.com.pe/img/h/fre.php http://academydea.com/includes/pollux/Panel/five/fre.php http://uniquepierce.tech/pdot/support/rslt/fre.php http://transmarine.pw/Bobby/fre.php http://blue-airship.com/agutaz/direct/pushin/fre.php http://febspxi.xyz/P3/five/fre.php http://slnsa.trade/Work3/fre.php http://fentlix.com/onev/fre.php http://slnsa.trade/Work7/fre.php http://103.208.86.31/y/fre.php http://jfe-mineral-co.pw/Chukwuka/fre.php http://46.21.147.207/primeight/logs/fre.php http://sariincofood.co.id/no/Panel/fre.php http://184.164.142.217/primthree/logs/fre.php http://184.164.142.213/primtwo/logs/fre.php http://indiatoursntravels.in/cc/Panel/fre.php http://37.220.0.11/primone/logs/fre.php http://trailer.co.za/cg-wpi/Panel/five/fre.php http://5.152.210.188/primfour/logs/fre.php http://kimstar.com.vn/.tx/tx/playbook/onelove/fre.php http://slnsa.trade/Work5/fre.php http://innoexpo.tech/product/perf/Inc/fre.php http://131.153.22.142/rokstwo/logs/fre.php http://jfe-mineral-co.pw/Broken/fre.php http://198.23.200.241/~power13/.swoexizp/fre.php http://198.23.200.241/~power13/.firoxispz/fre.php http://klickus.com/okye/Panel/five/fre.php http://slnsa.trade/Work1/fre.php http://slnsa.trade/Work8/fre.php http://myaline.com.pe/nn/fre.php http://corpcougar.com/nedu/Panel/five/fre.php http://papelestecnicos.com.pe/vb/fre.php http://empresadeperu.com/ved/fre.php http://beerberv.com/SAMMYWAHALA/fre.php http://empresadeperu.com/vv/fre.php http://trailer.co.za/wp-cgi/Panel/five/fre.php http://klickus.com/gozie/Panel/five/fre.php http://klickus.com/cjay/Panel/five/fre.php http://185.56.137.99/primfive/logs/fre.php http://131.153.22.219/primsix/logs/fre.php http://adminfixpop3settings.com/vkay/five/fre.php http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php http://karmar.com.au/wp-admin/css/colors/coffee/fre.php http://borrdrillling.com/danb/five/fre.php http://omabradley.ru/agwo/Panel/fre.php http://forlinkserver.com//parl/id2244/fre.php http://mellle.com/ses/Panel/fre.php http://trouserlanditd.com/dark/five/fre.php http://emesterul.ro/css/ok/fre.php http://vlklz.xyz/Atoz/five/fre.php http://198.23.200.241/~power13/.pRciyzfi/fre.php http://centrehotel.vn/ss/Panel/fre.php http://vcntq.ga/Mercy/five/fre.php http://rlxivz.ga/SV3/five/fre.php http://193.142.59.96/africa/logs/fre.php http://198.23.200.241/~power13/.xoiaxozp/fre.php http://etoro-miners.com/bird/five/fre.php http://198.23.200.241/~power13/.sopawqo/fre.php http://bdsphatphat.com/.dtt/playbook/onelove/fre.php http://198.23.200.241/~power13/.gvuxosacy/fre.php http://indiatoursntravels.in/oo/Panel/fre.php http://107.175.150.73/~giftioz/.fkligxrzi/fre.php http://oasischandigarh.com/wp-admin/js/widgets/Panel/five/fre.php http://trailer.co.za/bin/Panel/five/fre.php http://febtrxp.xyz/P4/five/fre.php http://febvnxp.xyz/P4/five/fre.php http://198.23.200.241/~power13/.xwospaxi/fre.php http://xgkxc.xyz/P4/five/fre.php http://www.worldatdoor.in/panel2/Panel/five/fre.php http://liderazgocristoforo.org/n/fre.php http://198.23.200.241/~power13/.sixnrpq/fre.php http://hanmha.com/drunk/five/fre.php http://rlxivz.tk/SV2/five/fre.php http://198.23.200.241/~power13/.goxizmsxir/fre.php http://datedi.icu/hoist1/logs/fre.php http://mikeservers.eu/kings/five/fre.php http://104.223.170.113/Silkop/Panel/five/fre.php http://euromopy.tech/etty/black/download/fre.php http://borrdrillling.com/luckyadmin/five/fre.php http://expertisem.net/empire/movement/kingz/fre.php http://blastforcleaningservices.com/fonts/panel/fre.php http://etoro-miners.com/gate/five/fre.php http://mecharnise.ir/ca11/fre.php http://mkplogistics.co.id/oo/Panel/fre.php http://mkplogistics.co.id/aa/Panel/fre.php http://liderazgocristoforo.org/g/fre.php http://centrehotel.vn/cc/Panel/fre.php http://u-knlt.com/Bobby/fre.php http://missingandfound.com.my/kv/Panel/fre.php http://u-knlt.com/Pablo/fre.php http://trouserlanditd.com/dabs/five/fre.php http://everest--sh.com/coco/five/fre.php http://gpi-q.com/cake/five/fre.php http://trailer.co.za/wp-index/Panel/five/fre.php http://198.23.200.241/~power13/.zipxzios/fre.php http://tungyu.cf/CROWNEDPRINCE/fre.php http://esenciamaya.com/leo/five/fre.php http://saclex.gq/flabs/fre.php http://5.196.123.14/yg/Panel/fre.php http://omabradley.ru/smik/Panel/fre.php http://mirrapl.com/big/Panel/fre.php http://funerariapracadabandeira.com.br/include/Panel/five/fre.php http://printystore.com.pe/img/lop/fre.php http://printystore.com.pe/js/v/fre.php http://66.85.173.45/africa/logs/fre.php http://xlkz.xyz/P4/five/fre.php http://5.152.210.181/roksone/logs/fre.php http://103.70.137.123:82/five/fre.php http://noniwire7.website/Work4/fre.php http://107.175.150.73/~giftioz/.shptioixmaz/fre.php http://centrehotel.vn/oo/Panel/fre.php http://noniwire7.website/Work5/fre.php http://drkconstrucciones.com/v/fre.php http://trouserlanditd.com/didi/five/fre.php http://xigkxc.xyz/Atoz/five/fre.php http://193.142.59.7/hoist3/logs/fre.php http://missingandfound.com.my/mba/Panel/fre.php http://espoirpharmaceutical.com/includes/Panel/five/fre.php http://missingandfound.com.my/bb/Panel/fre.php http://terayu.tk/irkk/fre.php http://unrrwa.org/rich/Panel/fre.php http://hanmha.com/dope/five/fre.php http://precisiongmbh.cf/kboss/fre.php http://hanmha.com/duck/five/fre.php http://hanmha.com/divide/five/fre.php http://printystore.com.pe/img/hu/fre.php http://kdi-kongsberg.com/stan/Panel/fre.php http://217.64.114.179/africa/logs/fre.php http://hedsoni.com/jahbless/fre.php http://mediceldl.com/Broken/fre.php http://tickerqube.com/Loki2020/fre.php http://lethatch.se/nelpa/five/fre.php http://tresolutionsdr.com/CHK/five/fre.php http://missingandfound.com.my/urch/Panel/fre.php http://trailer.co.za/wp-adon/Panel/five/fre.php http://78.142.18.109/jaydee/logs/fre.php http://serviciotecnicoenlima.com/js/g/fre.php http://xecogioisg.com/go/playbook/onelove/fre.php http://gimhon.ml/kcyi/fre.php http://omabradley.ru/kiriko/Panel/fre.php http://difapackperu.com/n/fre.php http://tecon.com.mx/onye/five/fre.php http://198.23.200.241/~power13/.xjksapxiz/fre.php http://gpi-q.com/cup/five/fre.php http://sino-spriulina.com/demo1/Panel/fre.php http://aikchimhin.com/walterXXXX/fre.php http://trouserlanditd.com/data/five/fre.php http://107.175.150.73/~giftioz/.notoxo/fre.php http://mediceldl.com/David/fre.php http://everest--sh.com/cream/five/fre.php http://mediceldl.com/Bobby/fre.php http://duprcxoffshore.com/yaas/fre.php http://everest--sh.com/click/five/fre.php http://107.175.150.73/~giftioz/.fsabljkxioaxo/fre.php http://corpcougar.com/buggy/Panel/five/fre.php http://gpi-q.com/copy/five/fre.php http://mediceldl.com/Pablo/fre.php http://borrdrillling.com/lokiadmin/five/fre.php http://198.23.200.241/~power13/.xoiaspxo/fre.php http://cokhiquangbien.com/.jx/playbook/onelove/fre.php http://omabradley.ru/garuba/Panel/fre.php http://expertisem.net/agutaz/direct/pushin/fre.php http://193.142.59.107/africa/logs/fre.php http://cleaning-hygiene.com/kay/Panel/five/fre.php http://perfectelectricalsolution.com/css/bb/Panel/fre.php http://brokenskul.xyz/Bobby/fre.php http://gpi-q.com/craks/five/fre.php http://trouserlanditd.com/drug/five/fre.php http://trouserlanditd.com/draw/five/fre.php http://gpi-q.com/cutter/five/fre.php http://petroindonesia.co.id/xx/Panel/fre.php http://omabradley.ru/ekene/Panel/fre.php http://petroindonesia.co.id/admin/Panel/fre.php http://trailer.co.za/cgi/Panel/five/fre.php http://gpi-q.com/clean/five/fre.php http://everest--sh.com/cola/five/fre.php http://amotach-cn.com/DOTNETXXX/fre.php http://gpi-q.com/clap/five/fre.php http://uniformescorporativosperu.com/catalogopw/g/fre.php http://uniformescorporativosperu.com/imgdamas/faldas/j/fre.php http://ecoorganic.co/Work8/fre.php http://euromopy.tech/rosemond/backup/dataz/fre.php http://89.249.65.212/africa/logs/fre.php http://uwhfdsndcjdn.ml/chikafams/fre.php http://zeyadigital.com/etty/black/download/fre.php http://hanmha.com/deal/five/fre.php http://petroindonesia.co.id/ss/Panel/fre.php http://stampilam.ro/axe/five/fre.php http://securesharing.top/Lokivo/Panel/five/fre.php http://107.175.150.73/~giftioz/.vodojik/fre.php http://everest--sh.com/clock/five/fre.php http://aivazidis.gq/mad-ooo/fre.php http://grensena.tk/kboss/fre.php http://107.175.150.73/~giftioz/.myprolokip/fre.php http://drop-box.top/Lokivo/Panel/five/fre.php http://pipermode.com/agutaz/direct/pushin/fre.php http://defacci22.net/rosemond/backup/dataz/fre.php http://perfectelectricalsolution.com/mb/panel/fre.php http://sino-spriulina.com/demo/Panel/fre.php http://brokenskul.xyz/Broken/fre.php http://cleaning-hygiene.com/bab/Panel/five/fre.php http://ecoorganic.co/Work2/fre.php http://ecoorganic.co/Work4/fre.php http://aladebtrading.com/loki/Panel/fre.php http://sccslink.xyz/P5/five/fre.php http://ecoorganic.co/Work7/fre.php http://ecoorganic.co/Work1/fre.php http://somafe.dz/zmnko/five/fre.php http://corpcougar.com/bin/Panel/five/fre.php http://himkon.cf/kcyi/fre.php http://107.175.150.73/~giftioz/.ASlxkaDx8x/fre.php http://107.175.150.73/~giftioz/.xozizuxoze/fre.php http://institutdemathologie.fr/GO/ve/fre.php http://altoinfor.co/base/fre.php http://softtouchcollars.com/Loki/Panel/five/fre.php http://107.175.150.73/~giftioz/.suxozisxfi/fre.php http://104.223.170.113/dsikio/Panel/five/fre.php http://dongthanhcompany.vn/.ox/playbook/onelove/fre.php http://heartychern.com/deal/five/fre.php http://192.210.238.10/five/fre.php http://193.142.59.3/teejay/logs/fre.php http://perfectelectricalsolution.com/bb/Panel/fre.php http://kimstar.com.vn/.tx/playbook/onelove/fre.php http://193.142.59.98/africa/logs/fre.php http://xylanperu.com/op/fre.php http://petroindonesia.co.id/cgi-bin/cc/Panel/fre.php http://107.175.150.73/~giftioz/.ciiiiiiric/fre.php http://seguridadindustrialujan.com/hu/fre.php http://seguridadindustrialujan.com/jii/fre.php http://docupubfilesretrieve.com/sp/five/fre.php http://thaubenuocngam.com/go/playbook/onelove/fre.php http://buasang5sao.com/Panel/five/fre.php http://107.152.36.110/GhosTHunTerX/fre.php http://bollorre.pw/Work4/fre.php http://bollorre.pw/Work5/fre.php http://oaa-my.com/copy/five/fre.php http://xgkixc.xyz/Atoz/five/fre.php http://plosss.com/lok/Panel/fre.php http://molmarsl.com/leks/five/fre.php http://assemba.co.uk/mk/Panel/five/fre.php http://byedtronchgroup.yt/jik/Panel/five/fre.php http://192.210.238.10/emmy/fre.php http://iplusvietnam.com.vn/jo/playbook/onelove/fre.php http://xecogioisg.com/mx/playbook/onelove/fre.php http://bollorre.pw/Work6/fre.php http://tbt-sceitech.com/coco/five/fre.php http://107.175.150.73/~giftioz/.xotorsvi/fre.php http://sino-spriulina.com/Panel/fre.php http://107.175.150.73/~giftioz/.vorokimovi/fre.php http://107.175.150.73/~giftioz/.coterzio/fre.php http://sccslink.xyz/P4/five/fre.php http://uwhfdsndcjdn.tk/evawater/fre.php http://107.175.150.73/~giftioz/.dycosmxiz/fre.php http://about.panjihidayat.web.id/cc/Panel/fre.php http://193.142.59.89/africa/logs/fre.php http://asi1.ir/sch/five/fre.php http://protestlabsmovings.es/blender/Panel/five/fre.php http://w-tranz.club/game/luxx/fre.php http://rohockey.ro/wp-content/five/fre.php http://107.175.150.73/~giftioz/.fodoixz/fre.php http://chol.cc/Work2/fre.php http://chol.cc/Work1/fre.php http://107.175.150.73/~giftioz/.cotolier/fre.php http://107.175.150.73/~giftioz/.dsabkjczpxzo/fre.php http://107.175.150.73/~giftioz/.vogofis/fre.php http://snodrite.pw/tipe/hope/fre.php http://zoncline.club/stud/hace/fre.php http://fvrlink.online/P2/five/fre.php http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/fre.php http://ma.co.ir/huu/fre.php http://alwaysdelivery.xyz/five/fre.php http://www.traz.ir/erqzxewqrtyacxz/five/fre.php http://worldatdoor.in/lewis/Panel/five/fre.php http://107.175.150.73/~giftioz/.jorosin/fre.php http://superson-com.cc/Bobby/fre.php http://oaa-my.com/clean/five/fre.php http://deliveryexpressworld.xyz/five/fre.php http://sccslink.online/P3/five/fre.php http://govirtual.ga/targets/fre.php http://chol.cc/Work4/fre.php http://cleaning-hygiene.com/bin/Panel/five/fre.php http://apexsourcingltd.com/maka/emmy/fre.php http://107.175.150.73/~giftioz/.zozoas/fre.php http://vlkl.xyz/Atoz/five/fre.php http://107.175.150.73/~giftioz/.lokijisi/fre.php http://107.175.150.73/~giftioz/.kobovoih/fre.php http://fvrlink.xyz/P1/five/fre.php http://digi-sec.top/lokivo/Panel/five/fre.php http://deliciasdvally.com.pe/includes/gter/fre.php http://krompres.tk/loki/Panel/five/fre.php http://piscinasaguamarinha.com.br/moon/five/fre.php http://mecharnise.ir/ca3/fre.php http://penworkresearch.com/app/five/fre.php http://difapackperu.com/fg/fre.php http://brodam.ro/rtc/five/fre.php http://chol.cc/Work3/fre.php http://leakaryadeen.com/parl/id345/fre.php http://107.175.150.73/~giftioz/.ckyfdgxo/fre.php http://pehledinekam.com/amey/fre.php http://noithathoanggia.net.vn/jo/playbook/onelove/fre.php http://chol.cc/Work5/fre.php http://pur-ant.club/page/gain/fre.php http://107.175.150.73/~giftioz/.sfaojaxz/fre.php http://agrabahd.ga/locale/fre.php http://afas-kr.com/drug/five/fre.php http://cast-den.pw/cape/spot/fre.php http://107.175.150.73/~giftioz/.pojonv/fre.php http://about.panjihidayat.web.id/aa/Panel/fre.php http://ivad.com.vn/go/playbook/onelove/fre.php http://mocdong.com.vn/gx/playbook/onelove/fre.php http://omabradley.ru/china20/Panel/fre.php http://getvision2020.net/etty/black/download/fre.php http://ht-electric.dz/qatar/five/fre.php http://107.175.150.73/~giftioz/.zohohov/fre.php http://mecharnise.ir/ca6/fre.php http://noithathoanggia.net.vn/kk/playbook/onelove/fre.php http://nan5.ir/jty/fre.php http://southeasterncontractingco.com/jo/panel/five/fre.php http://178.17.170.6/five/fre.php http://107.175.150.73/~giftioz/.tororo/fre.php # Reference: https://app.any.run/tasks/ed92457b-1989-490b-86d6-80392502143f/ http://107.189.10.150/Pi2/ martiq.org # Reference: https://app.any.run/tasks/62e6801e-cabb-4cf7-af74-0cc2e9997080/ # Reference: https://www.virustotal.com/gui/ip-address/107.175.150.73/relations chnthreewealthsndy3andreinforcementagenc.duckdns.org http://107.175.150.73/~giftioz/ # Reference: https://app.any.run/tasks/32270993-012f-4ec8-a88f-119917767e7d/ epperfums.com # Reference: https://app.any.run/tasks/1376f2cb-7008-4840-9df3-a54be7c75fd1/ sndy2kungglobalinvestmentgooglednsaddres.duckdns.org # Reference: https://twitter.com/wwp96/status/1229809833521614849 brokenhead.xyz # Reference: https://twitter.com/wwp96/status/1230208744824410113 bdzdfsdf.gq # Reference: https://twitter.com/wwp96/status/1230209217015025666 fdjshe.tk # Reference: https://twitter.com/wwp96/status/1230213776521269249 shefdj.cf # Reference: https://twitter.com/wwp96/status/1230220429832445953 bdzdfsdf.cf # Reference: https://app.any.run/tasks/3b425f86-5b45-413b-82ce-94572bc89f77/ desertfox.ru # Reference: https://twitter.com/Bl4ng3l/status/1230429843118006273 zdwallcoveing.com # Reference: https://twitter.com/wwp96/status/1230546137427435520 matantalbenna.com/.legolass/fine/fre.php # Reference: https://app.any.run/tasks/9cfa85fa-ed4e-4629-a2bc-98aa095bbd29/ duclongetc.com # Reference: https://app.any.run/tasks/0579bdb6-a14f-458f-80c3-222c5c251cec/ atlasdecarqo.com # Reference: https://app.any.run/tasks/7890bc79-567c-403b-be23-19e52c91664f/ naourl.com # Reference: https://app.any.run/tasks/156ee10c-d61a-478e-b0b7-b8088ee4d0d1/ http://198.12.125.130/~axsonipc/ # Reference: https://twitter.com/wwp96/status/1232400592787693568 hergyi.com # Reference: https://twitter.com/wwp96/status/1232394253118115848 # Reference: https://app.any.run/tasks/4750d11b-76c7-46c8-820f-fe87e6159117/ febspxii.xyz # Reference: https://app.any.run/tasks/fef43720-c2c0-4305-8697-0b2637c44db9/ sisiinno.tech # Reference: https://app.any.run/tasks/08c78083-b2f6-4c61-90c7-6fc4c0291226/ vivalingard.gq vivalingard.cf # Reference: https://app.any.run/tasks/9fbcb0ae-61c8-42b0-8314-adf7202a8a45/ falcontension.tech # Reference: https://app.any.run/tasks/71fb5323-5556-4b24-90b3-c835d0d095a9/ missingandfound.com.my/prin/Panel/fre.php # Reference: https://app.any.run/tasks/be2aca26-f021-4a7c-8f9e-8a536549eafd/ blog.huangyang.cc/goziiu/ klickus.com/gozie/Panel/five/fre.php # Reference: https://app.any.run/tasks/6145a1fc-6bcf-42e5-b3bb-9d4830fb738b/ doqantekstil.com # Reference: https://app.any.run/tasks/d46ce8df-0f19-40c7-97bd-7ca23c6360a1/ http://107.175.150.73/~giftioz/ # Reference: https://app.any.run/tasks/1248ab72-b0de-4ebc-af9e-3b6f68a70d86/ epperfums.com # Reference: https://app.any.run/tasks/cc714b2d-7440-45c4-a70e-e25ad256dd27/ nileloqistics.com # Reference: https://any.run/report/7767c2ec0369f22b90a0edb03260057b834195b6a5d12d67fa26e28ac2e6933a/4c4433cd-e9c7-46bc-bebf-c88a90b36bff expertswebservices.com Reference: https://www.virustotal.com/gui/domain/aquavictus.hr/relations aquavictus.hr # Reference: https://app.any.run/tasks/2cf293f3-2994-483d-adfe-7f5988288cae/ http://198.23.148.71 # Reference: https://twitter.com/K_N1kolenko/status/1234817078458290176 academydea.com/noni/Panel/five/fre.php imperiaskygarden.net/.wp-admini/wp-admini1/wp-admini2/fre.php lucianogroup.xyz sonqan-vn.com topuogodo.ga wesemayra.top # Reference: https://twitter.com/wwp96/status/1234946520329445378 kdhema.ga topuogodo.ml # Reference: https://app.any.run/tasks/58554586-a4b7-4586-b7b1-cc8f86f0caa8/ vnn-nv.com # Reference: https://app.any.run/tasks/40f44fdd-5eeb-41b1-98b3-bfc102ee0865/ altamonteorators.com/images/images/Panel/five/fre.php # Reference: https://app.any.run/tasks/6b80811c-c9f7-43c5-aab1-d4a1eb8cd54f/ tailuong.com.vn/.xxx/playbook/onelove/fre.php # Reference: https://app.any.run/tasks/9194de26-2044-405c-be7c-340e4da5dd83/ worldatdoor.in/lewis1/Panel/five/fre.php # Reference: https://app.any.run/tasks/eedcbfc1-89e0-49f4-8fa9-b7cbb9afc577/ gorillahikeafrica.com/wp-includes/images/img/five/fre.php # Reference: https://app.any.run/tasks/e2412cb7-33cc-4e57-87c2-44e8c79e7edd/ pmw-ch.com # Reference: https://www.virustotal.com/gui/file/4a0e276b4730abd7ee51cf8876d25cd3928321acbb39d6d5f0e2fa8138312e2d/behavior/Dr.Web%20vxCube topuogodo.cf drakum.ml # Reference: https://twitter.com/casual_malware/status/1235189716917645312 mmanueud.cf topuogodo.ga # Reference: https://twitter.com/wwp96/status/1234938182208278529 hockvvee.com # Reference: https://twitter.com/wwp96/status/1234567430900535297 lieshitextile.com # Reference: https://www.virustotal.com/gui/ip-address/91.215.169.70/relations pmw-ch.com vnn-nv.com cpf-th.com solefex.com # Reference: https://twitter.com/wwp96/status/1235248119354478595 vnn-nv.com # Reference: https://app.any.run/tasks/2cfba30b-91b9-4827-ba96-e3dfb4d71b9e/ http://193.142.59.22/jaydee/logs/fre.php # Reference: https://app.any.run/tasks/a6d64f54-c294-49eb-82e6-f952777d80bb/ http://107.175.150.73/~giftioz/.dxuz/fre.php # Generic (callback) paths # Reference: https://twitter.com/hexlax/status/1157657573790814208 # Reference: https://pastebin.com/LHJrNpnV # Reference: https://pastebin.com/wHV90Sc2 # Reference: https://twitter.com/P3pperP0tts/status/1185096874241548291 # Reference: https://twitter.com/P3pperP0tts/status/1185096537271164928 /0110/s/cat.php /0110/s/desk.php /092j/7/cat.php /092j/7/desk.php /0sc9/cat.php /l3y0/cat.php /200/zc-b/cat.php /200/zc-b/desk.php /2leek/cat.php /50-red/cat.php /500two/cat.php /52006/link.php /atz/link.php /ch/link.php /hol/1/cat.php /hol/1/desk.php /humb/1/cat.php /humb/1/desk.php /igine/sabali.php /jes/link.php /key/link.php /chri1/cgi.php /fbm/encode.php /ka22/cat.php /makave/sabali.php /st3ph/cat.php /umgo2/cat.php /sail/cat.php /seems/cat.php /slek-b/cat.php /vh/630/cat.php /vh/630/desk.php /fre.php /3sx0z2.php /45_76_8.php /AklDq9M1n_a.php /BobBy929BSx_A_D_M1n_a.php /BobDq929BSx_A_D_M1n_a.php /ChiNa929BSx_A_D_M1n_a.php /CvqDq929BSx_A_D_M1n_a.php /DaqDq929BSx_A_D_M1n_a.php /EvqTq939BSx_B_D_D1p_a.php /IkeNn929BSx_A_D_M1n_a.php /KelDq929BSx_A_D_M1n_a.php /KelEc929BSx_A_D_M1n_a.php /KelEh929BSx_A_D_M1n_a.php /KenDq929BSx_A_D_M1n_a.php /Natyyx_A_D_M4n_a.php /NonYe929BSx_A_D_M1n_a.php /ObiNn929BSx_A_D_M1n_a.php /PceHq925BSx_L_B_M1n_a.php /PrCm98ArhvF_A_K_M2n_a.php /Pvq929sM1n_a.php /PvqDNINo_M1n_a.php /PvqDerereA_D_M1n_a.php /PvqDq929BSx_A_D_M1n_a.php /PvqDq92allin_a.php /PvqDq92nat1n_a.php /PvqDq9MAxxxoloa.php /PvqDq9ohhho_a.php /SliDq929BSx_A_D_M1n_a.php /SlqDq929BSx_A_D_M1n_a.php /SomAq929BSx_A_D_M1n_a.php /SsgDq929BSx_A_D_M1n_a.php /SsqDq929BSx_A_D_M1n_a.php /StaDq929BSx_A_D_M1n_a.php /StaRm929BSx_A_D_M1n_a.php /StaRq929BSx_A_D_M1n_a.php /TryNdie.php /Ttq929BSx_A_X_M11n_a.php /UpDated_X_T_N1q_a.php /VirGi929BSx_A_D_M1n_a.php /graceofgod-favour.php /okwy_A_D_server.php /panel_jee.php # Reference: https://twitter.com/wwp96/status/1235606545771175943 site-inspection.com # Reference: https://twitter.com/wwp96/status/1235976467215011841 fllxprint.com # Reference: https://twitter.com/wwp96/status/1236012534534213632 yal1am.com # Reference: https://twitter.com/wwp96/status/1236016958564372482 http://192.3.204.226 # Reference: https://twitter.com/wwp96/status/1236018276909690884 halloway.ru # Reference: https://app.any.run/tasks/461c4d7b-f11c-45eb-b5bf-7c0aefbfe24d/ damagedskull.xyz # Reference: https://app.any.run/tasks/faeeb41c-fe3a-4165-b65d-eba3d49bcfda/ # Reference: https://app.any.run/tasks/ebe2f251-79c3-403a-87c0-4882f0765e19/ posqit.net martiq.org didxbooks.com # Reference: https://app.any.run/tasks/e0296815-ebdf-43ce-87c3-22fabbaa4f07/ http://67.43.224.151 # Reference: https://pastebin.com/vMc4ATVq http://141.105.71.126 http://23.95.132.48 bibpap.com # Reference: https://twitter.com/wwp96/status/1237138658404294657 snxmrch.xyz # Reference: https://twitter.com/wwp96/status/1237141226350096386 fitrtefast.com # Reference: https://app.any.run/tasks/422168f9-9d03-49dc-827e-51ec179b296f/ onllygooodam.com # Reference: https://twitter.com/wwp96/status/1237808235689762818 fucksars.xyz # Reference: http://cybercrime-tracker.net/index.php?search=turasogutmas.com # Reference: https://app.any.run/tasks/b67fc2b1-2b6b-49f0-abb4-d2e94703bad9/ turasogutmas.com # Reference: https://twitter.com/JAMESWT_MHT/status/1238073558326292480 castrologs.xyz # Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0306-0313.html (# Win.Malware.Ursu-7610305-0) abizima.gq forza-lindelof.cf forza-lindelof.ga forza-maguire.cf forzalindelof.ml forzamaguire.ga forzamaguire.ml forzamaguire.tk global-solution.gq mabelis.cf nomnyz.cf nomnyz.ga radiomar.cf somaplast.cf somaplast.ga yanguz.cf # Reference: https://twitter.com/James_inthe_box/status/1239577931195662338 seacrafts.ru # Reference: https://app.any.run/tasks/5900bea3-b146-4982-94bb-023e082dfe13/ anoroc.ru # Reference: https://app.any.run/tasks/a94b863f-caec-4f26-ac3f-6ac55575456b/ cpf-th.com # Reference: https://app.any.run/tasks/15d7e6c5-0078-4d61-be32-af531fcb932b/ pyungz.org # Reference: https://app.any.run/tasks/fcee8e0c-120d-417a-96bb-489a5d5be106/ # Reference: https://app.any.run/tasks/3aca1800-6fc0-4c4a-a8f4-a9bd4b03169f/ # Reference: https://app.any.run/tasks/22e3ec37-4972-4ef1-aa53-e94c082cb7e4/ russchine2specialstdy2plumbingmaterialgh.duckdns.org http://23.95.132.48/~main/ # Reference: https://app.any.run/tasks/51111254-4c18-4627-bdd2-5216a4c85bab/ greenelectronicsandkitchen10apliancestdy.duckdns.org asia-maap.com # Reference: https://app.any.run/tasks/cd98661a-75f9-4900-8d02-59275e05e4a6/ # Reference: https://app.any.run/tasks/196ba7fa-9850-4c4f-9b9a-e19fc4c72b86/ castmart.ga # Reference: https://app.any.run/tasks/bfc65c50-f43c-41d7-8ba4-febf6ccc7eea/ byedtronchgroup.yt http://104.223.170.93/jore/Panel/five/fre.php # Reference: https://app.any.run/tasks/80cab2e3-1373-4479-a8e0-0f079ec5757e/ hgmatal.com # Reference: https://twitter.com/bit_dam/status/1242553127548735488 /1g7/pin.php # Reference: https://www.virustotal.com/gui/domain/fuly-lucky.com/relations fuly-lucky.com # Reference: http://tracker.viriback.com/dump.php (2020-02-29) /.halo/rsd.php /.isuoxiso/w.php /.well-known/pki-validation/w.php /high/sumy/ltd.php /logs/omc.php /luck/ag.php /$01/5l/h/site.php /$01/b1/c/site.ph /$01/t7/x/site.php /$01/zC/f/site.php /iH/cy/l/site.php /iH/da/!/site.php /amb/0/site.php /b0/t8/site.php /bu/!!/site.php /m/2/site.php /ne3/h/site.php /r!/e/site.php /t70/H/site.php /vp-/9/site.php /liv-01/pin.php /slice/pin.php /3yt00/pin.php /chikincho/fina.php /makave/fina.php /newman/fina.php /omega/fina.php /vvd/fina.php /zanku/fina.php