# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ps66uk/status/1032177208335450112
# Note: C2 direct link is added due to remark from #239

occe.com/image1/image/Panel/five/fre.php

# Reference: https://twitter.com/malwrhunterteam/status/1032537769787183104

americaircairmakan.com
botnet.americaircairmakan.com

# Reference: https://twitter.com/FewAtoms/status/1033040103155871744

agodatex.ga
http://185.185.40.152/jeff/five/fre.php

# Reference: https://twitter.com/olihough86/status/1033055339359420417

polixservices.com

# Reference: https://twitter.com/0xffff08000/status/1033054440306036737
 
embramedica.com.br/site/wp-content/plugnis/ipconfig/five/PvqDq929BSx_A_D_M1n_a.php
 
# Reference: https://twitter.com/malware_traffic/status/1033003634001367042
 
yardng.com
 
# Reference: https://twitter.com/pollo290987/status/1032998085503447041
 
rmsalf.com

# Reference: https://twitter.com/olihough86/status/1031644479109963776

http://191.101.42.43/fdgd/five/PvqDq929BSx_A_D_M1n_a.php
studemplo.com/admin/studemplo/Panel/five/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com
typrat.club
www.cem-hk.co

# Reference: https://twitter.com/asset_island_/status/1031608741504933889

pldtdsll.net

# Reference: https://twitter.com/0xffff08000/status/1031613343797207040

claudfx.win

# Reference: https://twitter.com/pollo290987/status/1031544753505165312

http://191.101.42.43/fdgd/five/fre.php

# Reference: https://twitter.com/James_inthe_box/status/1030579493910413312

acadaman.com
dandoesinternet.com

# Reference: https://twitter.com/James_inthe_box/status/1030487639688794115

kelvinarinze.ml
scoverykingdom.gq

# Reference: https://pastebin.com/UGm39pdU
# Reference: https://pastebin.com/mgVvSRHi

002vt.tk/james/fre.php
http://141.105.71.166/me/fre.php
http://141.105.71.76/blz/fre.php
http://151.80.162.219/marle/fre.php
http://185.111.75.169/cart/disk/fre.php
http://185.148.146.193/~agroinovate/zizisisi/Panel/five/fre.php
http://185.206.144.81/lawi/fre.php
http://185.24.233.254/donep/fre.php
http://185.24.233.32/open/libs/fre.php
http://185.24.233.46/dusx/busz/fre.php
http://185.24.233.74/dusk/hond/fre.php
http://185.24.233.79/baca/opio/fre.php
http://185.24.233.80/pend/chan/fre.php
http://188.215.229.41//GIS/fre.php
http://191.101.42.43/fdgd/five/fre.php
http://31.220.2.200/~hancockw/nok/five/fre.php
http://31.220.2.200/~justicet/ag/five/fre.php
http://5.206.226.99/juicy/fre.php
http://80.211.102.126/deve/tide/fre.php
http://84.38.132.105/oki/Panel/fre.php
http://84.38.133.160/new/Panel/fre.php
http://85.254.72.30/donbig/c1/fre.php
http://89.187.86.7/~blackdia/new/mhoney/fre.php
http://89.187.86.7/~blackdia/vic/bless/fre.php
http://89.45.67.131/smg/fre.php
http://89.45.67.145/emy/fre.php
ace.alasrglobal.com/ace/Panel/five/fre.php
ace.alasrglobal.com/skinny/Panel/five/fre.php
ace.alasrglobal.com/wise/Panel/five/fre.php
ackh.ir/gabi/five/fre.php
ackh.ir/hamid/five/fre.php
ackh.ir/papa/five/fre.php
ackh.ir/sp/five/fre.php
adrack.us/wp-content/uploads/five/fre.php
ahmad52sell.cf/admin/five/fre.php
alexamondwonderltd.com/freeBrow/fre.php
alpacham.com/ndretr5478/fre.php
anitoid.alasrglobal.com/austine/five/fre.php
araslanow.net/js/Panel/five/fre.php
araslanow.net/wipadmin/Panel/five/fre.php
awele.duckdns.org:1717/zip/fre.php
babasoft.ooo/fre.php
bapican.com/image/admin/Panel/five/fre.php
blackdiamondsco.ae/bossftown/fre.php
blackdiamondsco.ae/rooney/fre.php
blackdiamondsco.ae/wogor/fre.php
blogsports.com.ng/cli/Panel/five/fre.php
brighten2.alasrglobal.com/file/bell/five/fre.php
brighten2.alasrglobal.com/file/tin/five/fre.php
brighten2.alasrglobal.com/file/vas/five/fre.php
brighten.alasrglobal.com/file/do/five/fre.php
britlite.ga/fade/type/fre.php
bsales.cf/bs/Panel/five/fre.php
bsales.cf/ft/Panel/five/fre.php
cityhotel.ge/believe/five/fre.php
cityhotel.ge/focus/five/fre.php
cityhotel.ge/rozay/five/fre.php
colnoygums.com/freg/fre.php
cytanets-com.cf/philip/panel/fre.php
cytanets-com.cf/qwertyu/panel/fre.php
dandoesinternet.com/cis1406/tutorial10/fre.php
dandoesinternet.com/cis1407/fre.php
dandoesinternet.com/mobile/ch1/fre.php
devhaevents.us/2415452354/242424/fre.php
dutch-tour-guide-marrakech.com/app/Panel/five/fre.php
eastlandproduce.us/.well-known/acme-challenge/over/raw/fre.php
eholes.viewyoursite.co.uk/LucianoLokiPanel/fre.php
emakqroup.tk/obi/panel/fre.php
emakqroup.tk/sim/panel/fre.php
embramedica.com.br/site/wp-content/plugnis/fre.php
emoticon.tk/hcode/kmaster/fre.php
e-ne1.com/Hab-Lok/fre.php
eurobike1.cf/obinna/fre.php
familyhealths.ga/cdi-directory/five/fre.php
fascine-cemdene.com/wp/wp-includes/js/js/five/fre.php
fasterre.gq/hcode/bazon/fre.php
fojidedar.com/bazz/fojide2/fre.php
fojidedar.com/fojide/fre.php
fojidedar.com/soft/amadin/fre.php
fox-lighting.ga/poop/club/fre.php
freecaps.ml/over/jump/fre.php
fruitfulmonth.tk/raphael/fre.php
geranntibankasi.com/getyoui980/jertyui989/fre.php
haksenlimited.com/slim/fre.php
hamon.ir/mate/five/fre.php
highstarsino.cf/anyi/fre.php
hkenngr.com/herty987/letry78/fre.php
homeduderezort.com/includes/1010/fre.php
homeduderezort.com/includes/gator/fre.php
homeduderezort.com/includes/nas/fre.php
homefieldtech.com/anu/five/fre.php
homefieldtech.com/box/five/fre.php
homefieldtech.com/juke/five/fre.php
homefieldtech.com/mzx/five/fre.php
homefieldtech.com/Obo/five/fre.php
homefieldtech.com/uok/five/fre.php
housded.cf/hcode/azuka/fre.php
icannsorg.com/icann2/five/fre.php
icannsorg.com/icann/five/fre.php
incitecpivot-au.com/mertyui567/kertli879/fre.php
inout-me.ml/fixx/sure/fre.php
inquire.website/images/five/fre.php
isnmainpasedal.com/amb/fre.php
jamespanel.tk/cole/fre.php
jamespanel.tk/low/five2/fre.php
jamespanel.tk/odee/fre.php
joxax.privatedocuments.site/jox/loki/fre.php
jvl-jp.co/ser567/gotert/fre.php
katherinajetter.com/vxzc/Panel/fre.php
katherinajetter.com/xzcsadwqe23/fre.php
khanapenaband.com/jon/fre.php
lablocks.site/Panel/five/fre.php
laloderkozam.com/laloder2/five/fre.php
laloderkozam.com/laloder3/five/fre.php
laloderkozam.com/laloder4/five/fre.php
launchgrowthtoday.download/bobo22/Panel/five/fre.php
launchgrowthtoday.download/choo/Panel/five/fre.php
launchgrowthtoday.download/jamike/Panel/five/fre.php
logsession.space/citycenter/fashion/trending/fre.php
lovaniacreative.com/wp-admin/js/inc/Panel/five/fre.php
madlovert.ml/swanky/wp-content/uploads/Panel/five/fre.php
magic1.cf/gat/fre.php
magic3.ml/gozie/fre.php
marksky.org/medosky/fre.php
msa-fit.gq/sql/Panel/five/fre.php
mxchlp.com/team/wide/fre.php
namesnetworks.com/blog/educational/fre.php
nextlevelshop.info/woldpress/logistics/Panel/five/fre.php
nextwaveconsulting.com.au/Cpanel/Panel/five/fre.php
novachim.ro/plugins/editors/five/fre.php
nutgetsloversplay.usa.cc/wp-content/themes/twentyfifteen/Panel/five/fre.php
oajandassociates.com/images/oajand/Panel/five/fre.php
officebase.website/js/five/fre.php
ojoboplaza.club/Angel/Panel/five/fre.php
ojoboplaza.club/Drama/Panel/five/fre.php
ojoboplaza.club/Man/Panel/five/fre.php
onlyadoonbit.com/asji/fre.php
opercomex.co/billionaire/kendra/fre.php
orkaden.com/wp-includes/Text/me/fre.php
panelhq.cf/jr/five/fre.php
panelhq.gq/airforce/five/fre.php
panelhq.gq/chelsea/five/fre.php
panelhq.gq/gold/five/fre.php
panelhq.gq/stars/five/fre.php
profirst.com.vn/aug777/five/fre.php
profirst.com.vn/aug/five/fre.php
ptads.ml/pide/seed/fre.php
punjabjaogi.com/Panel/fre.php
qureshioffice.alasrglobal.com/admin7/bgn/sfe/fre.php
qureshioffice.alasrglobal.com/admin/xxx/zzz/fre.php
qureshioffice.alasrglobal.com/sam1/xknf/kdlt/fre.php
reachmy90s.com/includes/Panel/five/fre.php
rozedaro.com/administrator/Panel/five/fre.php
saintechelon.tk/fre.php
sccoast.tk/logs/panel/fre.php
sccoast.tk/phil/panel/fre.php
schooolcode.download/uk8k/Panel/five/fre.php
shaktiorkatimo.com/symboss/fre.php
shinyei-co.gq/cade/dope/fre.php
sinomagnetor3.cf/anyi/fre.php
soolitaytangya.com/blessed/Panel/five/fre.php
sternpid.ga/firm/fost/fre.php
strcutform.com/vinye/Panel/five/fre.php
strijdbladen.ga/donstan/five/fre.php
swaz.hanirnail.net/five/fre.php
szccf361.com/flinkas260/fre.php
theonlygoodman.com/eig/fre.php
theonlygoodman.com/nin/fre.php
tondice.flu.cc/images./45skele/fre.php
tondice.flu.cc/images./imgs01sg-/fre.php
tradelink.qa/aug/five/fre.php
tutorialdnsstep1.com/admin/fre.php
tutorialdnsstep1.com/toturial/fre.php
uzocloudservers.gq/jeff/five/fre.php
veloceqlobal.net/rain/hope/fre.php
victoralifts.com/wpss/fre.php
wapsihonaylo.com/wapsi3/five/fre.php
wapsihonaylo.com/wapsi4/five/fre.php
wapsihonaylo.com/wapsi/five/fre.php
wcegroups.com/done/hont/fre.php
westiles.ga/lope/coop/fre.php
wiglelamberfo.com/eme/fre.php
constantialiquidators.com/freg/fre.php
crownventureintl.com/wip-admin/Panel/five/fre.php
gardensun.ru/daily/fre.php
gardensun.ru/eca/fre.php
mysticalreflections.life/web-content/web/upgrade/wp_obtain/log/Panel/five/fre.php
netgateway.top/panel/fre.php
scoverykingdom.gq/jeff/five/fre.php
semaprin.info/mi/fre.php
sierracontrol.ru/cmd11/fre.php
sierracontrol.ru/vipu/fre.php
woelpuu.com/hertuyi/teryio/fre.php
woelpuu.com/terypp/youip/fre.php
zealsale.com.np/file/Panel/five/fre.php
xsftruss.ml/edunew/fre.php
ymwsolutions.com/testfilez/fre.php
nawck.ml
mitch-portal.tk
sintrol.cf
sirmitch.ml

# Reference: https://myonlinesecurity.co.uk/slightly-different-lokibot-delivery-via-embedded-ole-objects-in-rtf-word-doc/

kikehraeein.com/web-obtain/file/web/log/Panel/five/fre.php

# Reference: https://twitter.com/DynamicAnalysis/status/1034488992987860995

apidava.tk

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html

szccf361.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

1113sophie.info
41230319.net
cryptocoindigital.com
kacakbahisfirmasi.com
marryingmaldonado.com
mywdn.com
risu-nursery.com
saurabh.online
shiqiyingli.com
sicknessfitness.com
themonkeygrindervintage.com
unsubchef.com
win.link
xn--vhq6e39ls7w.net
zexpar.com

# Reference: https://viriback.com/30-days-later-97-panels/

annamadums.ml/jazzy/PvqDq929BSx_A_D_M1n_a.php
bellegin.ru/doncha10/pen.php
bellegin.ru/don-cha11/pen.php
bellegin.ru/oshok/pen.php
bollingoes.ml/ngoes/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/blam/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/block/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/konvict/five/PvqDq929BSx_A_D_M1n_a.php
braithwalte.co.uk/smith/five/PvqDq929BSx_A_D_M1n_a.php
cadjetbums.ml/tbums/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/moon/five/PvqDq929BSx_A_D_M1n_a.php
domainsender.info/sun/five/PvqDq929BSx_A_D_M1n_a.php
dunysaki.ru/buch-x5/pen.php
dunysaki.ru/doncha-2/pen.php
dunysaki.ru/stephen/pen.php
erintoba.info/bbbb/Panel/five/PvqDq929BSx_A_D_M1n_a.php
eriousimen.ml/eriou/PvqDq929BSx_A_D_M1n_a.php
finelets.ru/buch-x3/pen.php
finelets.ru/buch-x4/pen.php
finelets.ru/fankzu/pen.php
gokuu.club/ckan/PvqDq929BSx_A_D_M1n_a.php
gokuu.club/M/PvqDq929BSx_A_D_M1n_a.php
joanread.ru/decap/pen.php
joanread.ru/work-1/pen.php
lidgeys.ru/buch-k/pen.php
lidgeys.ru/buch-l/pen.php
lidgeys.ru/buch-m/pen.php
lidgeys.ru/buchX-1/pen.php
lidgeys.ru/buch-x2/pen.php
lidgeys.ru/eddy/pen.php
papgon10.ru/davidm/pen.php
papgon10.ru/don-12/pen.php
papgon10.ru/don-one/pen.php
papgon10.ru/kennyB-1/pen.php
papgon10.ru/oshok-two/pen.php
thousandan.ml/andan/PvqDq929BSx_A_D_M1n_a.php
topreadz.ru/alexbe/pen.php
topreadz.ru/doncha-3/pen.php
topreadz.ru/willy-1/pen.php
ultrainstinct.ru/file/exe/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/Dstan/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/hsp1/Panel/five/PvqDq929BSx_A_D_M1n_a.php
unifarmex.net/nesto/Panel/five/PvqDq929BSx_A_D_M1n_a.php
uy-akwaibom.ru/vinho/Panel/five/PvqDq929BSx_A_D_M1n_a.php
vailablity.ml/vaila/PvqDq929BSx_A_D_M1n_a.php
viettrust-vn.net/samii/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/home/five/PvqDq929BSx_A_D_M1n_a.php
vopspyder.website/log/five/PvqDq929BSx_A_D_M1n_a.php
wheelonexs.ml/wheel/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://github.com/stamparm/maltrail/pull/284#issuecomment-417861246

ajmanz.gq

# Reference: https://twitter.com/DynamicAnalysis/status/1037472184636256256

theonlygoodman.com/fit/fre.php

# Reference: https://twitter.com/nullcookies/status/1038235674565066757

crasemerzom.com

# Reference: https://twitter.com/avman1995/status/1038285919219068928

http://99.198.127.106
blackdiamondsco.ae/test/fre.php

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

bartolini-system.net/loop/PvqDq929BSx_A_D_M1n_a.php
logs.boxxta.website/ikol/five/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Hploki-6682476-0)

bvasetro.com
com-logninsauthorize.info
grm-group.info
healinggoodness.com
losmejorescrm.com
mechakawaii.com
mytechnik-beratung.com
ptt-test.com
testci20170903033002.net
thlg8.com
vintageontheline.com

# Reference: https://pastebin.com/bEqJKZfZ

strutitinca.ro/ftp/fre.php
zenshinonline.ru/amb/fre.php
zenshinonline.ru/eka/fre.php
zenshinonline.ru/file/fre.php

# Reference: https://www.maltiverse.com/sample/1ea139164e3525a5a4f3feb333551a806852cca40e49698fbf65d49bd4f7c27c

loggerkeys-hosting.xyz

# Reference: https://www.maltiverse.com/sample/16d06c604487ad96b04f226827dc033d61c80b345a323faee5c9d4a0b2a108d0

tananaislanoidd.ga

# Reference: http://cybercrime-tracker.net/index.php?search=Lokibot

corelis.group
zenshinonline.ru
harltdoors.com
devhaevents.us
grace4good.cf
theonlygoodman.com
premierevents.co.zw

# Reference: https://twitter.com/ViriBack/status/1046391838448537601
# Reference: https://pastebin.com/4QRaU8T7

geranntibankasi.com/slowkizzy567/kertyui456/PvqDq929BSx_A_D_M1n_a.php
hkenngr.com/herty987/letry78/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/dertyu987/treyuo9809/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/lerty67/loivet56/PvqDq929BSx_A_D_M1n_a.php
incitecpivot-au.com/mertyui567/kertli879/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/hermonth/jerk/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki2/PvqDq929BSx_A_D_M1n_a.php
insightthk.com/loki3/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/gert67/teryu7/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/nwokorie45777/fertyuoui/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sert67/tyuio98/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/sertyoup/latinoper90/PvqDq929BSx_A_D_M1n_a.php
jvl-jp.co/slamp89/ketu56/PvqDq929BSx_A_D_M1n_a.php
kaokao-twn.com/yerter/getyu/PvqDq929BSx_A_D_M1n_a.php
karenandkarren.com/multi980/mertyui989/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/fertyuio/lopiytu/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuier/liouy56/PvqDq929BSx_A_D_M1n_a.php
kurarray.com/loptyuio/lop0980/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/gertyu99/ertyu8/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/hertyuu89/menter67/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/kertyu767/jertyu657/PvqDq929BSx_A_D_M1n_a.php
ledteroptyi.xyz/loipter/teryuop999/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/cash2/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/kelle/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/money/PvqDq929BSx_A_D_M1n_a.php
lltagrain.com/tino/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki2/PvqDq929BSx_A_D_M1n_a.php
oceanlinkmarrine.com/loki4/PvqDq929BSx_A_D_M1n_a.php
oliverrbatlle.com/setyi98/etruo89/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/dertyuop345/teryup234/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/limitedmert/menter567/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/nertyoiu67/eartyuoiyue67/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/slamptiert5/fertyupw456/PvqDq929BSx_A_D_M1n_a.php
phcc-india.com/startboi89234/netwer675/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/betstyui789/erty6786/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/fishyoiu/fishtery77/PvqDq929BSx_A_D_M1n_a.php
pldtdsll.net/sertyu45/teryu34/PvqDq929BSx_A_D_M1n_a.php
redsseammgt.com/loki5/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/hertioyu567/lertu789/PvqDq929BSx_A_D_M1n_a.php
rmsalf.com/mentiyu98/letluy78/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/kogilop/yopuit77/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shakamally/loipy67/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/lokily89/werty6789/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/smello/ertyop009/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki4/PvqDq929BSx_A_D_M1n_a.php
dersertlord.xyz/loki5/PvqDq929BSx_A_D_M1n_a.php
sertencee.xyz/shunshuo/terrampeedar/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/serto99/jerty45/PvqDq929BSx_A_D_M1n_a.php
siyaghasourccing.com/sertoiu/fertuiop/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopitre87/teryuio09/PvqDq929BSx_A_D_M1n_a.php
slompbit.xyz/lopityrety/kerterty/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/hertuyi/teryio/PvqDq929BSx_A_D_M1n_a.php
woelpuu.com/terypp/youip/PvqDq929BSx_A_D_M1n_a.php

# Reference: https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/

oceanlinkmarrine.com/loki1/fre.php
oceanlinkmarrine.com/loki2/fre.php
oceanlinkmarrine.com/loki3/fre.php
oceanlinkmarrine.com/loki4/fre.php
oceanlinkmarrine.com/loki5/fre.php

# Reference: https://twitter.com/avman1995/status/1046751735971282944

nisol.ga/chika/fre.php

# Reference: https://pastebin.com/AasLyArF

monochromestr.site/fbm/encode.php

# Reference: https://twitter.com/avman1995/status/1052426452187185153

octone.igg.biz/chri1/cgi.php

# Reference: https://app.any.run/tasks/4515e611-f351-436b-982a-72229c1a1853

hmcrogenics.com

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

/LL0/200g-xz/cat.php

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

/kston/link.php

# Reference: https://twitter.com/Securityinbits/status/1090893221754884100

/scott/link.php

# Reference: https://twitter.com/Racco42/status/1027476386808848384

maxthon.duckdns.org
sockets.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1062658307507273733

/sgbbu2/cat.php

# Reference: https://twitter.com/illegalFawn/status/1113086451233755136

alexiwobi.ga
dandyla1.ga

# Reference: https://twitter.com/luc4m/status/1103214408682139648

aurelio.xyz

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1116638803475746816

camopionari.cf
dankasa.tk
olododo.tk
sweetreuyh.tk
underneat.gq
yriuiuteuieu.gq

# Reference: https://twitter.com/pancak3lullz/status/1121057197914509312

/cka2/cat.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1134360866550439936

/m/2/cat.php

# Reference: https://twitter.com/JayTHL/status/1124325778685087745

/lmark/atz/link.php

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk/anyi/fre.php

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml/tuneshi/fre.php

# Reference: https://twitter.com/ViriBack/status/1134662952898965504
# Reference: https://pastebin.com/pkZ0TBnc

beautynams.com
begurtyut.info
flmates.com
hyoki-jp.top

# Reference: http://tracker.viriback.com/ (# Lokibot)

bridgecornenterprises.com
doosantax.com
unimasa.icu

# Reference: https://www.virustotal.com/gui/ip-address/185.79.156.24/relations

http://185.79.156.24

# Reference: https://twitter.com/P3pperP0tts/status/1135824585885196288

leorentacars.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1136248211654545408

gadujez.tk

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/lethatch.se%2Fnelpa%2Ffive%2Ffre.php

lethatch.se

# Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/technosevregroup.com%2Fzxd%2Fpanel%2Ffre.php

technosevregroup.com

# Reference: https://github.com/runvirus/LokiPWS/blob/master/README.md

offset7.com

# Reference: https://twitter.com/James_inthe_box/status/1136674160862609408

execuitiveship.com

# Reference: https://twitter.com/dvk01uk/status/1137999393158770688

exalumnosldea.cl

# Reference: https://twitter.com/dms1899/status/1138742747773460482

mbh-co-uk.ml
sas-agri.ml

# Reference: https://twitter.com/dvk01uk/status/1138774057606926341

fantasticpipo.club

# Reference: https://twitter.com/dvk01uk/status/1138775767171698690

ezigbo-mmadu.xyz

# Reference: https://twitter.com/James_inthe_box/status/1138815213640114176

http://45.67.14.154
http://185.79.156.24

# Reference: https://twitter.com/dvk01uk/status/1139485923991785473

uehsjtsjksf.tk

# Reference: https://twitter.com/dvk01uk/status/1139494526307975168

fraiser-campbell.ga

# Reference: https://twitter.com/pancak3lullz/status/1139534936518594561

freecapes.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568

/kas/4/cat.php

# Reference: https://twitter.com/dvk01uk/status/1140936638148820995

sparkickwears.ga

# Generic (callback) paths

/chri1/cgi.php
/fbm/encode.php
/PvqDq929BSx_A_D_M1n_a.php
/fre.php
/pen.php