# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/ps66uk/status/1032177208335450112 # Note: C2 direct link is added due to remark from #239 occe.com/image1/image/Panel/five/fre.php # Reference: https://twitter.com/malwrhunterteam/status/1032537769787183104 americaircairmakan.com botnet.americaircairmakan.com # Reference: https://twitter.com/FewAtoms/status/1033040103155871744 agodatex.ga http://185.185.40.152/jeff/five/fre.php # Reference: https://twitter.com/olihough86/status/1033055339359420417 polixservices.com # Reference: https://twitter.com/0xffff08000/status/1033054440306036737 embramedica.com.br/site/wp-content/plugnis/ipconfig/five/PvqDq929BSx_A_D_M1n_a.php # Reference: https://twitter.com/malware_traffic/status/1033003634001367042 yardng.com # Reference: https://twitter.com/pollo290987/status/1032998085503447041 rmsalf.com # Reference: https://twitter.com/olihough86/status/1031644479109963776 http://191.101.42.43/fdgd/five/PvqDq929BSx_A_D_M1n_a.php studemplo.com/admin/studemplo/Panel/five/PvqDq929BSx_A_D_M1n_a.php phcc-india.com typrat.club www.cem-hk.co # Reference: https://twitter.com/asset_island_/status/1031608741504933889 pldtdsll.net # Reference: https://twitter.com/0xffff08000/status/1031613343797207040 claudfx.win # Reference: https://twitter.com/pollo290987/status/1031544753505165312 http://191.101.42.43/fdgd/five/fre.php # Reference: https://twitter.com/James_inthe_box/status/1030579493910413312 acadaman.com dandoesinternet.com # Reference: https://twitter.com/James_inthe_box/status/1030487639688794115 kelvinarinze.ml scoverykingdom.gq # Reference: https://pastebin.com/UGm39pdU # Reference: https://pastebin.com/mgVvSRHi 002vt.tk/james/fre.php http://141.105.71.166/me/fre.php http://141.105.71.76/blz/fre.php http://151.80.162.219/marle/fre.php http://185.111.75.169/cart/disk/fre.php http://185.148.146.193/~agroinovate/zizisisi/Panel/five/fre.php http://185.206.144.81/lawi/fre.php http://185.24.233.254/donep/fre.php http://185.24.233.32/open/libs/fre.php http://185.24.233.46/dusx/busz/fre.php http://185.24.233.74/dusk/hond/fre.php http://185.24.233.79/baca/opio/fre.php http://185.24.233.80/pend/chan/fre.php http://188.215.229.41//GIS/fre.php http://191.101.42.43/fdgd/five/fre.php http://31.220.2.200/~hancockw/nok/five/fre.php http://31.220.2.200/~justicet/ag/five/fre.php http://5.206.226.99/juicy/fre.php http://80.211.102.126/deve/tide/fre.php http://84.38.132.105/oki/Panel/fre.php http://84.38.133.160/new/Panel/fre.php http://85.254.72.30/donbig/c1/fre.php http://89.187.86.7/~blackdia/new/mhoney/fre.php http://89.187.86.7/~blackdia/vic/bless/fre.php http://89.45.67.131/smg/fre.php http://89.45.67.145/emy/fre.php ace.alasrglobal.com/ace/Panel/five/fre.php ace.alasrglobal.com/skinny/Panel/five/fre.php ace.alasrglobal.com/wise/Panel/five/fre.php ackh.ir/gabi/five/fre.php ackh.ir/hamid/five/fre.php ackh.ir/papa/five/fre.php ackh.ir/sp/five/fre.php adrack.us/wp-content/uploads/five/fre.php ahmad52sell.cf/admin/five/fre.php alexamondwonderltd.com/freeBrow/fre.php alpacham.com/ndretr5478/fre.php anitoid.alasrglobal.com/austine/five/fre.php araslanow.net/js/Panel/five/fre.php araslanow.net/wipadmin/Panel/five/fre.php awele.duckdns.org:1717/zip/fre.php babasoft.ooo/fre.php bapican.com/image/admin/Panel/five/fre.php blackdiamondsco.ae/bossftown/fre.php blackdiamondsco.ae/rooney/fre.php blackdiamondsco.ae/wogor/fre.php blogsports.com.ng/cli/Panel/five/fre.php brighten2.alasrglobal.com/file/bell/five/fre.php brighten2.alasrglobal.com/file/tin/five/fre.php brighten2.alasrglobal.com/file/vas/five/fre.php brighten.alasrglobal.com/file/do/five/fre.php britlite.ga/fade/type/fre.php bsales.cf/bs/Panel/five/fre.php bsales.cf/ft/Panel/five/fre.php cityhotel.ge/believe/five/fre.php cityhotel.ge/focus/five/fre.php cityhotel.ge/rozay/five/fre.php colnoygums.com/freg/fre.php cytanets-com.cf/philip/panel/fre.php cytanets-com.cf/qwertyu/panel/fre.php dandoesinternet.com/cis1406/tutorial10/fre.php dandoesinternet.com/cis1407/fre.php dandoesinternet.com/mobile/ch1/fre.php devhaevents.us/2415452354/242424/fre.php dutch-tour-guide-marrakech.com/app/Panel/five/fre.php eastlandproduce.us/.well-known/acme-challenge/over/raw/fre.php eholes.viewyoursite.co.uk/LucianoLokiPanel/fre.php emakqroup.tk/obi/panel/fre.php emakqroup.tk/sim/panel/fre.php embramedica.com.br/site/wp-content/plugnis/fre.php emoticon.tk/hcode/kmaster/fre.php e-ne1.com/Hab-Lok/fre.php eurobike1.cf/obinna/fre.php familyhealths.ga/cdi-directory/five/fre.php fascine-cemdene.com/wp/wp-includes/js/js/five/fre.php fasterre.gq/hcode/bazon/fre.php fojidedar.com/bazz/fojide2/fre.php fojidedar.com/fojide/fre.php fojidedar.com/soft/amadin/fre.php fox-lighting.ga/poop/club/fre.php freecaps.ml/over/jump/fre.php fruitfulmonth.tk/raphael/fre.php geranntibankasi.com/getyoui980/jertyui989/fre.php haksenlimited.com/slim/fre.php hamon.ir/mate/five/fre.php highstarsino.cf/anyi/fre.php hkenngr.com/herty987/letry78/fre.php homeduderezort.com/includes/1010/fre.php homeduderezort.com/includes/gator/fre.php homeduderezort.com/includes/nas/fre.php homefieldtech.com/anu/five/fre.php homefieldtech.com/box/five/fre.php homefieldtech.com/juke/five/fre.php homefieldtech.com/mzx/five/fre.php homefieldtech.com/Obo/five/fre.php homefieldtech.com/uok/five/fre.php housded.cf/hcode/azuka/fre.php icannsorg.com/icann2/five/fre.php icannsorg.com/icann/five/fre.php incitecpivot-au.com/mertyui567/kertli879/fre.php inout-me.ml/fixx/sure/fre.php inquire.website/images/five/fre.php isnmainpasedal.com/amb/fre.php jamespanel.tk/cole/fre.php jamespanel.tk/low/five2/fre.php jamespanel.tk/odee/fre.php joxax.privatedocuments.site/jox/loki/fre.php jvl-jp.co/ser567/gotert/fre.php katherinajetter.com/vxzc/Panel/fre.php katherinajetter.com/xzcsadwqe23/fre.php khanapenaband.com/jon/fre.php lablocks.site/Panel/five/fre.php laloderkozam.com/laloder2/five/fre.php laloderkozam.com/laloder3/five/fre.php laloderkozam.com/laloder4/five/fre.php launchgrowthtoday.download/bobo22/Panel/five/fre.php launchgrowthtoday.download/choo/Panel/five/fre.php launchgrowthtoday.download/jamike/Panel/five/fre.php logsession.space/citycenter/fashion/trending/fre.php lovaniacreative.com/wp-admin/js/inc/Panel/five/fre.php madlovert.ml/swanky/wp-content/uploads/Panel/five/fre.php magic1.cf/gat/fre.php magic3.ml/gozie/fre.php marksky.org/medosky/fre.php msa-fit.gq/sql/Panel/five/fre.php mxchlp.com/team/wide/fre.php namesnetworks.com/blog/educational/fre.php nextlevelshop.info/woldpress/logistics/Panel/five/fre.php nextwaveconsulting.com.au/Cpanel/Panel/five/fre.php novachim.ro/plugins/editors/five/fre.php nutgetsloversplay.usa.cc/wp-content/themes/twentyfifteen/Panel/five/fre.php oajandassociates.com/images/oajand/Panel/five/fre.php officebase.website/js/five/fre.php ojoboplaza.club/Angel/Panel/five/fre.php ojoboplaza.club/Drama/Panel/five/fre.php ojoboplaza.club/Man/Panel/five/fre.php onlyadoonbit.com/asji/fre.php opercomex.co/billionaire/kendra/fre.php orkaden.com/wp-includes/Text/me/fre.php panelhq.cf/jr/five/fre.php panelhq.gq/airforce/five/fre.php panelhq.gq/chelsea/five/fre.php panelhq.gq/gold/five/fre.php panelhq.gq/stars/five/fre.php profirst.com.vn/aug777/five/fre.php profirst.com.vn/aug/five/fre.php ptads.ml/pide/seed/fre.php punjabjaogi.com/Panel/fre.php qureshioffice.alasrglobal.com/admin7/bgn/sfe/fre.php qureshioffice.alasrglobal.com/admin/xxx/zzz/fre.php qureshioffice.alasrglobal.com/sam1/xknf/kdlt/fre.php reachmy90s.com/includes/Panel/five/fre.php rozedaro.com/administrator/Panel/five/fre.php saintechelon.tk/fre.php sccoast.tk/logs/panel/fre.php sccoast.tk/phil/panel/fre.php schooolcode.download/uk8k/Panel/five/fre.php shaktiorkatimo.com/symboss/fre.php shinyei-co.gq/cade/dope/fre.php sinomagnetor3.cf/anyi/fre.php soolitaytangya.com/blessed/Panel/five/fre.php sternpid.ga/firm/fost/fre.php strcutform.com/vinye/Panel/five/fre.php strijdbladen.ga/donstan/five/fre.php swaz.hanirnail.net/five/fre.php szccf361.com/flinkas260/fre.php theonlygoodman.com/eig/fre.php theonlygoodman.com/nin/fre.php tondice.flu.cc/images./45skele/fre.php tondice.flu.cc/images./imgs01sg-/fre.php tradelink.qa/aug/five/fre.php tutorialdnsstep1.com/admin/fre.php tutorialdnsstep1.com/toturial/fre.php uzocloudservers.gq/jeff/five/fre.php veloceqlobal.net/rain/hope/fre.php victoralifts.com/wpss/fre.php wapsihonaylo.com/wapsi3/five/fre.php wapsihonaylo.com/wapsi4/five/fre.php wapsihonaylo.com/wapsi/five/fre.php wcegroups.com/done/hont/fre.php westiles.ga/lope/coop/fre.php wiglelamberfo.com/eme/fre.php constantialiquidators.com/freg/fre.php crownventureintl.com/wip-admin/Panel/five/fre.php gardensun.ru/daily/fre.php gardensun.ru/eca/fre.php mysticalreflections.life/web-content/web/upgrade/wp_obtain/log/Panel/five/fre.php netgateway.top/panel/fre.php scoverykingdom.gq/jeff/five/fre.php semaprin.info/mi/fre.php sierracontrol.ru/cmd11/fre.php sierracontrol.ru/vipu/fre.php woelpuu.com/hertuyi/teryio/fre.php woelpuu.com/terypp/youip/fre.php zealsale.com.np/file/Panel/five/fre.php xsftruss.ml/edunew/fre.php ymwsolutions.com/testfilez/fre.php nawck.ml mitch-portal.tk sintrol.cf sirmitch.ml # Reference: https://myonlinesecurity.co.uk/slightly-different-lokibot-delivery-via-embedded-ole-objects-in-rtf-word-doc/ kikehraeein.com/web-obtain/file/web/log/Panel/five/fre.php # Reference: https://twitter.com/DynamicAnalysis/status/1034488992987860995 apidava.tk # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html szccf361.com # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html 1113sophie.info 41230319.net cryptocoindigital.com kacakbahisfirmasi.com marryingmaldonado.com mywdn.com risu-nursery.com saurabh.online shiqiyingli.com sicknessfitness.com themonkeygrindervintage.com unsubchef.com win.link xn--vhq6e39ls7w.net zexpar.com # Reference: https://viriback.com/30-days-later-97-panels/ annamadums.ml/jazzy/PvqDq929BSx_A_D_M1n_a.php bellegin.ru/doncha10/pen.php bellegin.ru/don-cha11/pen.php bellegin.ru/oshok/pen.php bollingoes.ml/ngoes/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/blam/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/block/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/konvict/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/smith/five/PvqDq929BSx_A_D_M1n_a.php cadjetbums.ml/tbums/PvqDq929BSx_A_D_M1n_a.php domainsender.info/moon/five/PvqDq929BSx_A_D_M1n_a.php domainsender.info/sun/five/PvqDq929BSx_A_D_M1n_a.php dunysaki.ru/buch-x5/pen.php dunysaki.ru/doncha-2/pen.php dunysaki.ru/stephen/pen.php erintoba.info/bbbb/Panel/five/PvqDq929BSx_A_D_M1n_a.php eriousimen.ml/eriou/PvqDq929BSx_A_D_M1n_a.php finelets.ru/buch-x3/pen.php finelets.ru/buch-x4/pen.php finelets.ru/fankzu/pen.php gokuu.club/ckan/PvqDq929BSx_A_D_M1n_a.php gokuu.club/M/PvqDq929BSx_A_D_M1n_a.php joanread.ru/decap/pen.php joanread.ru/work-1/pen.php lidgeys.ru/buch-k/pen.php lidgeys.ru/buch-l/pen.php lidgeys.ru/buch-m/pen.php lidgeys.ru/buchX-1/pen.php lidgeys.ru/buch-x2/pen.php lidgeys.ru/eddy/pen.php papgon10.ru/davidm/pen.php papgon10.ru/don-12/pen.php papgon10.ru/don-one/pen.php papgon10.ru/kennyB-1/pen.php papgon10.ru/oshok-two/pen.php thousandan.ml/andan/PvqDq929BSx_A_D_M1n_a.php topreadz.ru/alexbe/pen.php topreadz.ru/doncha-3/pen.php topreadz.ru/willy-1/pen.php ultrainstinct.ru/file/exe/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/Dstan/Panel/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/hsp1/Panel/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/nesto/Panel/five/PvqDq929BSx_A_D_M1n_a.php uy-akwaibom.ru/vinho/Panel/five/PvqDq929BSx_A_D_M1n_a.php vailablity.ml/vaila/PvqDq929BSx_A_D_M1n_a.php viettrust-vn.net/samii/PvqDq929BSx_A_D_M1n_a.php vopspyder.website/home/five/PvqDq929BSx_A_D_M1n_a.php vopspyder.website/log/five/PvqDq929BSx_A_D_M1n_a.php wheelonexs.ml/wheel/PvqDq929BSx_A_D_M1n_a.php # Reference: https://github.com/stamparm/maltrail/pull/284#issuecomment-417861246 ajmanz.gq # Reference: https://twitter.com/DynamicAnalysis/status/1037472184636256256 theonlygoodman.com/fit/fre.php # Reference: https://twitter.com/nullcookies/status/1038235674565066757 crasemerzom.com # Reference: https://twitter.com/avman1995/status/1038285919219068928 http://99.198.127.106 blackdiamondsco.ae/test/fre.php # Reference: https://twitter.com/ViriBack/status/983011333506588672 # Reference: https://pastebin.com/nwWHHFe0 bartolini-system.net/loop/PvqDq929BSx_A_D_M1n_a.php logs.boxxta.website/ikol/five/PvqDq929BSx_A_D_M1n_a.php # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Hploki-6682476-0) bvasetro.com com-logninsauthorize.info grm-group.info healinggoodness.com losmejorescrm.com mechakawaii.com mytechnik-beratung.com ptt-test.com testci20170903033002.net thlg8.com vintageontheline.com # Reference: https://pastebin.com/bEqJKZfZ strutitinca.ro/ftp/fre.php zenshinonline.ru/amb/fre.php zenshinonline.ru/eka/fre.php zenshinonline.ru/file/fre.php # Reference: https://www.maltiverse.com/sample/1ea139164e3525a5a4f3feb333551a806852cca40e49698fbf65d49bd4f7c27c loggerkeys-hosting.xyz # Reference: https://www.maltiverse.com/sample/16d06c604487ad96b04f226827dc033d61c80b345a323faee5c9d4a0b2a108d0 tananaislanoidd.ga # Reference: http://cybercrime-tracker.net/index.php?search=Lokibot corelis.group zenshinonline.ru harltdoors.com devhaevents.us grace4good.cf theonlygoodman.com premierevents.co.zw # Reference: https://twitter.com/ViriBack/status/1046391838448537601 # Reference: https://pastebin.com/4QRaU8T7 geranntibankasi.com/slowkizzy567/kertyui456/PvqDq929BSx_A_D_M1n_a.php hkenngr.com/herty987/letry78/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/dertyu987/treyuo9809/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/lerty67/loivet56/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/mertyui567/kertli879/PvqDq929BSx_A_D_M1n_a.php insightthk.com/hermonth/jerk/PvqDq929BSx_A_D_M1n_a.php insightthk.com/loki2/PvqDq929BSx_A_D_M1n_a.php insightthk.com/loki3/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/gert67/teryu7/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/nwokorie45777/fertyuoui/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/sert67/tyuio98/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/sertyoup/latinoper90/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/slamp89/ketu56/PvqDq929BSx_A_D_M1n_a.php kaokao-twn.com/yerter/getyu/PvqDq929BSx_A_D_M1n_a.php karenandkarren.com/multi980/mertyui989/PvqDq929BSx_A_D_M1n_a.php kurarray.com/fertyuio/lopiytu/PvqDq929BSx_A_D_M1n_a.php kurarray.com/loptyuier/liouy56/PvqDq929BSx_A_D_M1n_a.php kurarray.com/loptyuio/lop0980/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/gertyu99/ertyu8/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/hertyuu89/menter67/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/kertyu767/jertyu657/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/loipter/teryuop999/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/cash2/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/kelle/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/money/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/tino/PvqDq929BSx_A_D_M1n_a.php oceanlinkmarrine.com/loki2/PvqDq929BSx_A_D_M1n_a.php oceanlinkmarrine.com/loki4/PvqDq929BSx_A_D_M1n_a.php oliverrbatlle.com/setyi98/etruo89/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/dertyuop345/teryup234/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/limitedmert/menter567/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/nertyoiu67/eartyuoiyue67/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/slamptiert5/fertyupw456/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/startboi89234/netwer675/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/betstyui789/erty6786/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/fishyoiu/fishtery77/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/sertyu45/teryu34/PvqDq929BSx_A_D_M1n_a.php redsseammgt.com/loki5/PvqDq929BSx_A_D_M1n_a.php rmsalf.com/hertioyu567/lertu789/PvqDq929BSx_A_D_M1n_a.php rmsalf.com/mentiyu98/letluy78/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/kogilop/yopuit77/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/shakamally/loipy67/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/lokily89/werty6789/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/smello/ertyop009/PvqDq929BSx_A_D_M1n_a.php dersertlord.xyz/loki4/PvqDq929BSx_A_D_M1n_a.php dersertlord.xyz/loki5/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/shunshuo/terrampeedar/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/serto99/jerty45/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/sertoiu/fertuiop/PvqDq929BSx_A_D_M1n_a.php slompbit.xyz/lopitre87/teryuio09/PvqDq929BSx_A_D_M1n_a.php slompbit.xyz/lopityrety/kerterty/PvqDq929BSx_A_D_M1n_a.php woelpuu.com/hertuyi/teryio/PvqDq929BSx_A_D_M1n_a.php woelpuu.com/terypp/youip/PvqDq929BSx_A_D_M1n_a.php # Reference: https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ oceanlinkmarrine.com/loki1/fre.php oceanlinkmarrine.com/loki2/fre.php oceanlinkmarrine.com/loki3/fre.php oceanlinkmarrine.com/loki4/fre.php oceanlinkmarrine.com/loki5/fre.php # Reference: https://twitter.com/avman1995/status/1046751735971282944 nisol.ga/chika/fre.php # Reference: https://pastebin.com/AasLyArF monochromestr.site/fbm/encode.php # Reference: https://twitter.com/avman1995/status/1052426452187185153 octone.igg.biz/chri1/cgi.php # Reference: https://app.any.run/tasks/4515e611-f351-436b-982a-72229c1a1853 hmcrogenics.com # Reference: https://twitter.com/dvk01uk/status/1097767868874264576 /LL0/200g-xz/cat.php # Reference: https://twitter.com/dvk01uk/status/1097357708246896640 /kston/link.php # Reference: https://twitter.com/Securityinbits/status/1090893221754884100 /scott/link.php # Reference: https://twitter.com/Racco42/status/1027476386808848384 maxthon.duckdns.org sockets.duckdns.org # Reference: https://twitter.com/ps66uk/status/1062658307507273733 /sgbbu2/cat.php # Reference: https://twitter.com/illegalFawn/status/1113086451233755136 alexiwobi.ga dandyla1.ga # Reference: https://twitter.com/luc4m/status/1103214408682139648 aurelio.xyz # Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1116638803475746816 camopionari.cf dankasa.tk olododo.tk sweetreuyh.tk underneat.gq yriuiuteuieu.gq # Reference: https://twitter.com/pancak3lullz/status/1121057197914509312 /cka2/cat.php # Reference: https://twitter.com/JAMESWT_MHT/status/1134360866550439936 /m/2/cat.php # Reference: https://twitter.com/JayTHL/status/1124325778685087745 /lmark/atz/link.php # Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a romelulukaku.tk/anyi/fre.php # Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920 liverfook.ml/tuneshi/fre.php # Reference: https://twitter.com/ViriBack/status/1134662952898965504 # Reference: https://pastebin.com/pkZ0TBnc beautynams.com begurtyut.info flmates.com hyoki-jp.top # Reference: http://tracker.viriback.com/ (# Lokibot) bridgecornenterprises.com doosantax.com unimasa.icu # Reference: https://www.virustotal.com/gui/ip-address/185.79.156.24/relations http://185.79.156.24 # Reference: https://twitter.com/P3pperP0tts/status/1135824585885196288 leorentacars.com # Reference: https://twitter.com/JAMESWT_MHT/status/1136248211654545408 gadujez.tk # Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/lethatch.se%2Fnelpa%2Ffive%2Ffre.php lethatch.se # Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/technosevregroup.com%2Fzxd%2Fpanel%2Ffre.php technosevregroup.com # Reference: https://github.com/runvirus/LokiPWS/blob/master/README.md offset7.com # Reference: https://twitter.com/James_inthe_box/status/1136674160862609408 execuitiveship.com # Reference: https://twitter.com/dvk01uk/status/1137999393158770688 exalumnosldea.cl # Reference: https://twitter.com/dms1899/status/1138742747773460482 mbh-co-uk.ml sas-agri.ml # Reference: https://twitter.com/dvk01uk/status/1138774057606926341 fantasticpipo.club # Reference: https://twitter.com/dvk01uk/status/1138775767171698690 ezigbo-mmadu.xyz # Reference: https://twitter.com/James_inthe_box/status/1138815213640114176 http://45.67.14.154 http://185.79.156.24 # Reference: https://twitter.com/dvk01uk/status/1139485923991785473 uehsjtsjksf.tk # Reference: https://twitter.com/dvk01uk/status/1139494526307975168 fraiser-campbell.ga # Reference: https://twitter.com/pancak3lullz/status/1139534936518594561 freecapes.com # Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568 /kas/4/cat.php # Reference: https://twitter.com/dvk01uk/status/1140936638148820995 sparkickwears.ga # Reference: https://twitter.com/blackorbird/status/1141557021000552448 fileshareing.tk # Reference: https://twitter.com/x42x5a/status/1141970343818665984 007akin.top # Reference: https://twitter.com/Racco42/status/1141969102753423360 bichchats.top # Reference: https://twitter.com/Racco42/status/1143810986920599553 saculcin.top # Reference: https://twitter.com/x42x5a/status/1143895404527988736 tqe2009.com # Reference: https://twitter.com/dvk01uk/status/1144811922715549696 lionelibrahimovich.tk # Reference: https://twitter.com/dvk01uk/status/1146410395357339649 ayakkokulari.com # Reference: https://twitter.com/killamjr/status/1147113714132275200 openningsoonming.zapto.org # Reference: https://twitter.com/_odisseus/status/988303327090937857 # Reference: https://app.any.run/tasks/20ed9962-0799-4f3b-bfbf-6dd77e5b9979/ i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd # Reference: https://twitter.com/smica83/status/1149194882231209985 mbixch.site # Reference: https://twitter.com/Racco42/status/1149662812722978816 aliiff.com villaviras.com # Reference: https://twitter.com/hexlax/status/1149768235434352645 automatia.in lestonline.ga taleohio.ga # Reference: https://twitter.com/Paladin3161/status/1149639116125921284 kitchenraja.com # Reference: https://twitter.com/hexlax/status/1150113306545467393 bioconscolors.com # Reference: https://twitter.com/James_inthe_box/status/1151156619733921792 wupx.ga # Reference: https://twitter.com/reecdeep/status/1151737917259354113 ysvina-vn.com # Reference: https://app.any.run/tasks/69193d3f-ffe6-4db8-ba64-b408caeffde0 hotkey--cn.com # Reference: https://twitter.com/coderippers/status/1152188547253846016 orientsdelivery.xyz # Reference: https://twitter.com/reecdeep/status/1145960074046791680 eko-colors-pl.com # Reference: https://twitter.com/IdoNaor1/status/1152892001844629505 abulutari.tk # Reference: https://twitter.com/reecdeep/status/1153195564852547585 # Reference: https://app.any.run/tasks/4574a922-fd08-4230-ac49-59315b0702d5/ matbin.com # Reference: https://twitter.com/blackorbird/status/1155781572718546944 sparkickwears.ga # Reference: https://twitter.com/James_inthe_box/status/1155945383048011777 pitr0s.com # Reference: https://twitter.com/reecdeep/status/1157201656397860865 hochom-tw.com # Reference: https://twitter.com/Racco42/status/1157215058319040512 maviiletisim-com.tk # Reference: https://twitter.com/Racco42/status/1158765032299270144 kusumgar.cf # Reference: https://twitter.com/reecdeep/status/1158984342108090369 monastaybags.com # Reference: https://twitter.com/reecdeep/status/1159008913691435008 hilbizworld.top # Reference: https://twitter.com/reecdeep/status/1159438247208075264 hotkey--cn.com # Reference: https://twitter.com/reecdeep/status/1159446926196183045 teslaghane.com # Reference: https://twitter.com/reecdeep/status/1159833486817034241 sovamegroup.com # Reference: https://twitter.com/Paladin3161/status/1159984272897216513 quecik.info # Reference: https://twitter.com/reecdeep/status/1161226121515544576 sportyclik.com # Reference: https://twitter.com/reecdeep/status/1161220049413246977 sun-clear.net # Reference: https://twitter.com/reecdeep/status/1164074211213807616 confirm3.pw # Reference: https://any.run/report/a234966b36ea3816665501b926ef6fe22f4e8ba90a80af0f66662c4cd4dba915/6a5e8f49-5529-4f67-a457-eab7a3f1635e scanchart-rny.com # Reference: https://any.run/report/49e77f3fa26d7427bc726783325c2729c666038e0c4546c87e5678adcadaa4a8/8c88a7b4-fac6-494f-aba2-142d845136a2 cbnid.net # Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329 clotiahs.info jiraiya.info zjvvymy.com # Reference: https://twitter.com/reecdeep/status/1169151595747127296 modcloudserver.eu # Reference: https://twitter.com/Mesiagh/status/1170048273366695936 # Reference: https://pastebin.com/kMXDsSNr 171.15.198.199:1443 # Reference: https://app.any.run/tasks/bf013836-f219-494b-a54b-e25c13a7a400/ ottappalam.com # Reference: https://www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html palikyu.ml # Reference: https://twitter.com/reecdeep/status/1173492999457841154 mapsi-shipping.xyz # Reference: https://twitter.com/dvk01uk/status/1173464780159508480 svmarketingindia.com # Reference: https://twitter.com/Racco42/status/1173547031979278336 clotiahs.info # Reference: https://app.any.run/tasks/84841357-56f4-4d71-9f7b-4e5dde21edf7/ nucsquaremall.ga # Reference: https://twitter.com/ninoseki/status/1175189790469189632 fatmazpharmc.com # Reference: https://app.any.run/tasks/6ecd4749-affb-4505-8b95-bd307a609be8/ handrass.co.rs/don/five/fre.php # Reference: https://any.run/report/397217271ce8684d24144b1eb612d6d45921573bb8cdd0e53fae1d44d2456a64/ff14e78f-0c45-45b0-b93e-8170121cc7de kaokao-twn.com # Reference: https://any.run/report/91628bad8c6b90dd333f850db85dcc2c313dbbccd84ecae45441b72c2a09603d/aba660a1-69bc-4f44-bc21-c962997baf13 barzaker1.tk # Reference: https://any.run/report/a2c93eb56dd983d63654dbbd82ee2967d1acb50f4fcd700ab3dfb7743fe64e9a/36fcc660-a97e-491f-9b05-af099620ac4c gruputsk.com # Reference: https://any.run/report/30e5e29f2e4e69e88032805b3cdfd8e86e48f6837a375f096263b86f9fe4de01/b5efffc2-b5b6-4e87-9958-4ab0e7c23db3 opercomex.co/php/webpanel/fre.php # Reference: https://any.run/report/c407bb7c069e983d20752c582476ab1606b4947724194f949ba90eefe9e05a24/9012e28b-9667-4070-9751-b3f2ef211d50 ponsse.site # Reference: https://any.run/report/050c206340ce8ea775797da9d55a250e488174d87d9529fb25db13a07168c471/8c33a2a5-51af-4547-bdb7-d5a3b93ea4c4 barzaker1.cf # Reference: https://any.run/report/1c0f62f0277289f74ffd1f03f5097f17a1e14494c4c612ed30aa2a9899759d3a/d4d20c0c-7aa3-449b-b365-8b2b9e243050 dtolnba.tk # Reference: https://any.run/report/78de464e43327ba4f9ef245c72e26b28e1fbd5175bccd15253fde852bd1eb61d/1a751b0b-e75f-4b67-829c-de5f1a86a932 megatradeinvestment.com # Reference: https://any.run/report/7e6b471d1fe43841b1c995df98e2feede05280d251f50fcf6b6f084ae902817a/9fd319fa-3e9d-4d15-8837-9b2d08fe6b8e 185.234.216.240/0x22/loki/fre.php # Reference: https://any.run/report/8897b096fa6661307bb3d2d97df155b2a4d673ee4e2e50ee37de23179a79afa6/e73a0ccf-14b0-4445-a00c-84076510d095 panelego018.info # Reference: https://any.run/report/7c7d40b6e024d074acb2aa9b21e60e5a2e132424cdd4f23432013cfadc368392/88ea1ed2-25ac-4786-86dc-a052020f6b2d 62.108.37.205/jeff/five/fre.php # Reference: https://any.run/report/af51d7d35c70e8572b1bf1bf7cac2f9c79da70920e972f5df338bd34b7908b51/17cb8efa-8ccb-4ccf-9e71-ca9cb30be138 jaobhaezrasam.com # Reference: https://any.run/report/da8cb79eb0b11f4c7e18890217c465afe508900d4d0fe029df10a08d7f50722e/28736ba8-2474-4fe3-9e7d-766ff32819f5 twosisterswine.com.au/admin/Panel/five/fre.php # Reference: https://any.run/report/856cfd8e4168c08f6382cc6a7a94f2812d40d09e4b5a17728f142c5bf1d7b892/76cc0b7e-1668-4fea-92db-47ce9f0e2d82 gracetime.tech # Reference: https://twitter.com/P3pperP0tts/status/1179292959172370433 onlygoodm.com # Reference: https://app.any.run/tasks/2bd648b0-c9cd-45a1-ac4b-3c253c2c01aa/ peaches19.com # Reference: https://twitter.com/Racco42/status/983258396664229888 ritsuninfra.in # Reference: https://twitter.com/smica83/status/1184381866243248128 cvnty.tk # Reference: https://twitter.com/hexlax/status/1184471439476441088 cvnty.cf ggvxt.ga mbfqg.cf mlzxvi.tk prxtz.gq prztz.ga qvukl.ga qvukl.gq qvukl.tk # Reference: https://app.any.run/tasks/9b5e5e7f-ac71-484e-8dad-0d0af3bfe73b/ atritei.icu # Reference: https://app.any.run/tasks/856e216f-c979-450a-a0b7-b9dbc6ab1361/ torresansrl-it.com # Reference: https://app.any.run/tasks/abd716d5-3267-4aec-b4e5-075b0f4ddf0a/ baiksan-kr.com # Reference: https://app.any.run/tasks/2c80bfce-a4a7-4024-b943-39d4fa8e0a01/ yanchenghengxin.com corpcougar.com # Reference: https://app.any.run/tasks/2c93099b-2751-41c4-a764-f8d66dcf727d/ kaburto.info # Reference: https://app.any.run/tasks/ff303a56-d3f6-4128-8876-1c91d4d7494e/ yanchenghengxin.com # Reference: https://app.any.run/tasks/f1e17f2a-00bc-4eeb-b5be-2d10c735ed9e/ tps-finlogistics.com # Reference: https://app.any.run/tasks/f09ecafa-3e69-4171-bd36-c415c5e5f0e0/ # Reference: https://twitter.com/P3pperP0tts/status/1185592600528637952 fueda.info # Reference: https://app.any.run/tasks/9eaf57e9-015a-4357-b0f8-fe30df9c9be7/ cvnty.tk # Reference: https://app.any.run/tasks/e1756c8b-3175-4232-a4ca-9818a8ac27e6/ john-donnelly.co.uk # Reference: https://app.any.run/tasks/3318e0f8-d5e7-4316-b748-b83cc506aaf9/ danagupal.com # Reference: https://app.any.run/tasks/69ce4ecc-f88e-4523-a568-6b6a79491855/ simantramart.net # Reference: https://twitter.com/James_inthe_box/status/1185191156168065024 nvent.icu # Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Trojan.Lokibot-7288215-1) arkhesol.info lapphuongshoe.com majidfathalibeygi.com novinsazvar.com orientsdelivery.xyz pliykies8.net suksez-ab.com versuvius.ru # Reference: https://twitter.com/P3pperP0tts/status/1186987811553067009 sylvaclouds.eu # Reference: https://twitter.com/Paladin3161/status/1187160642815291392 mikeservers.eu # Reference: https://pastebin.com/29uSdMAk atritei.icu dadatiles.com.au gracetime.tech jajar.ru modatie.gq nonomonojolipoiubtrewert.tk tahetah.ir # Reference: https://twitter.com/P3pperP0tts/status/1190724582359089152 kaburto.info # Reference: https://twitter.com/wwp96/status/1191009866720124928 conceriavictoria-it.com # Reference: https://twitter.com/wwp96/status/1191009400015802368 beautynams.com # Reference: https://twitter.com/James_inthe_box/status/1191325755084435457 allaige-global.com # Reference: https://twitter.com/wwp96/status/1191408876303896576 cyttec.de # Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Lokibot) http://104.168.248.212 http://178.159.7.9 http://185.189.112.158 http://185.79.156.15 http://185.79.156.24 http://37.120.146.126 http://45.67.14.181 http://51.68.128.171 http://94.100.28.214 http://23.95.228.37 http://5.252.192.117 007akin.top 013nat.net 2lcfo.com 4thave.co.uk 9th-way.tech abbasuit.top abifph.com acptw.icu adamsjef.top aerosport.tech aljust.website allstarbelts.com andalemexico.com apollocapitalp.com baiksan-kr.com baklaysinc.com bakrakhada.com bamastra.top beancart9.top beatfile3.top beautynams.com begurtyut.info bichchats.top bigshowinc.co.uk biocodax.com bluecornerblog.tk bosal.tech bp10.webhosting123.icu bridgecornenterprises.com broomingkingpoiuty.tk bteenerji.com buildingwiring.ir bylima.icu cbnid.net cleaf.ml clotiahs.info cnedriect.com cocshipmanagment.com confirm2.pw confirm3.pw coolking-tw.com corpcougar.com corpcougar.in cosmoi098.ga cosmoi098.ml cremeroloe.com crippoloiutustrope.tk cvnty.ga diplomatgroup.org doosantax.com ebslaradio.cl efore.info eko-colors-pl.com eko-logistics.com emiliano-sala.ga enchapa.info esplanademauritius.com execuitiveship.com exsimpetroleum.com extrememx.net exwelloilfleld.com ezigbo-mmadu.xyz famoosonutt.com fantasticpipo.club fileshareing.tk filmmagapp.ir flmates.com florence-malouda.ml florence-malouda.tk forexdispatch.info fredwi.top freecapes.com freecaps4.ml freewhcm.top frenchman.icu fueda.info gama247.beget.tech giftedhands-association.com gihf2.com goldenfashiondeeds.com gooinnhtrr.ml goriaya.com gregvictor.co.uk groz-toolz.com gtigtex.info habertjohnson.top halwaja.com higomanga.info hotblowup.com hpygol-acm.com hyoki-jp.top iiranair.com iranssp.ir ivandarina.top jayconnect.co.uk jbrightbuilders.sytes.net jhpipaa.com jonjoshelvey.gq jttomwest.top kaburto.info kachi.cf kalafyn10.tk kin3p.co.uk kitchenraja.com kratheinz.com lapphuongshoe.com ledomainedesalizees.com logfert.com lovingu1.top lronman4x4.com mairon-hk.com makopolos.com manchester-derby.ga manchesterderby.gq manchesterderby.tk maritlme-net.com matbin.com mbh-co-uk.ml mbta.com.ng mhydraulics.net mizunogolfbags.com modcloudserver.eu monastaybags.com morganans.co.uk newwoldassem.top nexmarket.ir nkegi.com oasisvillasmaurice.com ofoleteadms.icu oldendroff.com orientsdelivery.xyz palacegrades.com perigon-no.com pouruinhgtrewzip.tk qkinz.tech qoqip.com quelmax.com quurieun.top rasavision.ir razaacademy.info ritedi.icu rnuganbank.com rtjf.ga saliyumakan.club scm-hk.com season1.icu sghecc.com shakekur.top shalets23.com sherwoodpest.com sibarzz.xyz siiigroup.com slimcase247.se smarytie.ir smilesbyme.com smithtony.co.uk sparkickwears.ga spidook.bid spuerinirominfo.tk stedmanpharrna.com stephero7.ml sucalcin.top sun-clear.net sunvim.cf sylvaclouds.eu telcel.tech thaeed.ir thammyvienanthea.com tienaris.com tjfr.tk tmjchange.com tourscentralasian.com tqe2009.com tradesecretsgiveandtake.ca treatascholars.com trietrre.ml unimasa.icu uzocoms.eu vastinopulotiste.tk vbih.tk venresf.ml vibecore20.top vicomdistribucion.top villaviras.com vinaprio.com vteach.com.sg wieiland.com wilfred.top willhelmsen.com wohinqfood.com yuxinproteins.com # Reference: https://twitter.com/P3pperP0tts/status/1191999299061780480 http://151.80.3.78 # Reference: https://www.virustotal.com/gui/file/df3f26fa52e1d59ae86f3e4e3e0811ff0beb10f2588dcc5372130e93fc007908/behavior/Dr.Web%20vxCube arctech--vn.com # Reference: https://www.virustotal.com/gui/file/6979ee74e6d3dfcdaf0e146faa063d70659b56cfda034d46f6a611af58a71f70/behavior/Dr.Web%20vxCube beautynams.com # Reference: https://twitter.com/P3pperP0tts/status/1192710961641205760 http://51.81.26.73 # Reference: https://www.virustotal.com/gui/file/68a511a096b68f00f40d77b497122a0da58132ec86d565a7e314452fe18b8321/behavior/Dr.Web%20vxCube kenturkeymanians.org # Reference: https://twitter.com/P3pperP0tts/status/1192809962268962818 backbaymall.ga nucsquaremall.ga # Reference: https://www.group-ib.com/blog/fakesecurity chuxagama.com umbra-diego.com # Reference: https://twitter.com/P3pperP0tts/status/1193844698370236416 http://157.52.211.11 # Reference: https://twitter.com/wwp96/status/1193942503864651776 efore.info # Reference: https://app.any.run/tasks/205df181-d1c5-4315-80b2-5456b6bfeef2/ arctech--vn.com # Reference: https://twitter.com/wwp96/status/1194325495686586370 pointqrace.com # Reference: https://twitter.com/P3pperP0tts/status/1194590128129421313 http://37.187.207.221 # Reference: https://twitter.com/P3pperP0tts/status/1194761250078699520 nvent.icu # Reference: https://twitter.com/P3pperP0tts/status/1194979247124860929 http://51.75.33.88 # Reference: https://twitter.com/JayTHL/status/1194992844039229441 onllygoodam.com # Reference: https://twitter.com/James_inthe_box/status/982003272562044928 # Reference: https://app.any.run/tasks/0893ab89-f685-40ae-bddc-83699013c804/ hydeoutent.com # Reference: https://twitter.com/Racco42/status/1196407632598310918 s-plt.club s-top.xyz # Reference: https://twitter.com/wwp96/status/1196472338960793603 gelcursot.top # Reference: https://app.any.run/tasks/30e58965-3657-457d-8aba-cf857b1ae756/ junquam.com # Reference: https://app.any.run/tasks/1dc0b30d-1713-41f3-a0f0-a98240ba9824/ onllygoodam.com # Reference: https://app.any.run/tasks/60951b2e-aac7-46b6-be01-214e104282f2/ matbin.com # Reference: https://twitter.com/wwp96/status/1196877315726135296 s-top.xyz # Reference: https://twitter.com/wwp96/status/1196870261016059905 http://46.21.147.94 # Reference: https://www.fortinet.com/blog/threat-research/custom-packer-tool-frenchy.html # Reference: https://otx.alienvault.com/pulse/5dd565d5cd733b662f366526 alphastand.top alphastand.trade alphastand.win kbfvzoboss.bid sun-clear.net # Reference: https://twitter.com/P3pperP0tts/status/1197683883627700229 http://51.91.175.183 # Reference: https://twitter.com/JayTHL/status/1197922402828791808 findmypractice.org # Reference: https://pastebin.com/a3tLkeSU http://107.175.150.73 # Reference: https://app.any.run/tasks/2b37b818-369c-4c5c-a7af-fc7d20958920/ ray-den.xyz # Reference: https://www.virustotal.com/gui/file/6b6ff1efd1dd41901c9c23dfd6d03ff6c1f6d846bf8ac8002b3af61744426e11/detection lethatch.se # Reference: https://app.any.run/tasks/216903ba-ad00-4e4b-8606-d329e1e8772e/ arctech--vn.com # Reference: https://any.run/malware-trends/lokibot (Note: as seen on 2019-12-04) worldatdoor.in kitchenraja.in gsuitekh.com avertonbullk.com offsolo-gbb.tech 1justfy.pw l1n3n.site elettroveneta-it.com ddos.dnsnb8.net smtp.siqanalytical.com adonis-medicine.at # Reference: https://twitter.com/wwp96/status/1202265059784835072 chennaiequipment.com # Reference: https://pastebin.com/ghh2y3g3 kargozar1320.ir # Reference: https://twitter.com/wwp96/status/1203005552248397824 gblasta.pw # Reference: https://pastebin.com/7Ak2nP2T awba-groups.com indextechno.com pms-center.com # Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Trojan.LokiBot-7420275-1) betaflexllc.us beyondlogx.com kontrolreport.com oscontinental.online phoenixdevs.ir porno322.com protestlabsmovings.es secure-n2.top # Reference: https://pastebin.com/B6EDa5x0 jb-qroups.com logboxreports.top # Reference: https://twitter.com/HeavyMetalAdmin/status/1204108254588080128 woobwoo.cf # Reference: https://twitter.com/wwp96/status/1204430643800793088 woobwoo.ga # Reference: https://twitter.com/wwp96/status/1204789643138473985 s-pod.xyz # Reference: https://twitter.com/wwp96/status/1204805860129755141 kyant4.com # Reference: https://www.virustotal.com/gui/file/1e191a6f8c36095e7a3c06d70086d82886447dab7119f1adb84ee321700dd7eb/detection lkpswrd.cf # Reference: https://www.virustotal.com/gui/file/994744f9be120c63c7d5819f9b9bd3fb43e19efc59b95d0153aa64adf6cc8d6c/detection sentab.tk # Reference: https://www.virustotal.com/gui/file/b939020a31f8ef30fd78bbb487469c72f61a857f699b689628a332fbedbf9959/detection lkpswrd.ml # Reference: https://twitter.com/James_inthe_box/status/1206952335764795392 onlygoood.com # Reference: https://twitter.com/smica83/status/1209204228696227840 gcirsa.com # Reference: https://twitter.com/wwp96/status/1214568832016142337 gquare.gq # Reference: https://pastebin.com/Q6Sn446k roryaftamart.duckdns.org # Reference: https://twitter.com/wwp96/status/1214932312401600512 gquare.tk # Reference: https://twitter.com/wwp96/status/1214940445530345472 egobetter.xyz # Reference: https://app.any.run/tasks/90588195-450b-42b2-be93-65b97da7a2a0 gainflows.gq # Reference: https://twitter.com/Racco42/status/1215312968348467200 cypress-tw.com # Reference: https://twitter.com/Racco42/status/1215570689379524608 ptiihk.com # Reference: https://twitter.com/Racco42/status/1214124427602022400 zni1.com # Reference: https://twitter.com/P3pperP0tts/status/1215705099776987138 onlygoodem.com # Reference: https://app.any.run/tasks/73a7b555-6bef-4aae-98a2-2dc6a5df6fda/ tranpip.com # Reference: https://twitter.com/P3pperP0tts/status/1216852518640259073 noithathoanggia.net.vn # Reference: https://app.any.run/tasks/8d60b414-aed6-4dba-80ca-f3d1b2f7556e/ allenservice.ga # Reference: https://app.any.run/tasks/6d4f51ab-0149-4b7b-b43c-d55f7c7a046e/ tbt-sceitech.com # Reference: https://twitter.com/malware_traffic/status/1217858107289866240 himkon.ga # Reference: https://twitter.com/wwp96/status/1218227068896514051 afas-kr.com # Reference: https://app.any.run/tasks/aa120a9f-7889-492b-9695-2b9c32c7a5fe/ oaa-my.com # Reference: https://twitter.com/wwp96/status/1219361313735966721 agrabahd.ga # Reference: https://twitter.com/wwp96/status/1219363482031861760 mecharnise.ir # Reference: https://app.any.run/tasks/610b93f9-38f4-466f-a46e-f0dfbc750a1b/ chol.cc # Reference: https://app.any.run/tasks/891ac638-b067-42b0-bf51-6120998204a9/ # Reference: https://app.any.run/tasks/7efd4037-e819-4b05-9dc5-c0baadcc7bb6/ http://107.175.150.73/~giftioz # Reference: https://app.any.run/tasks/09a252ef-0ebb-4f48-b4a2-2261a44dd000/ sisenor.ml # Reference: https://app.any.run/tasks/79df932f-0f42-441e-9071-64ddd88c7529/ kuomlog.xyz # Reference: https://pastebin.com/DT3diCh7 didxbooks.com fiftint.com # Reference: https://app.any.run/tasks/a1af1cea-bf86-4702-b3a2-082c1d242f15/ http://193.142.59.89 # Reference: https://www.exposedbotnets.com/2018/02/kdotrakycomloki-bot-hosted-in-shinjiru.html kdotraky.com continentalrnovers.com # Reference: https://twitter.com/wwp96/status/1220414670290456576 martirill.ga /makave/sab.php # Reference: https://www.virustotal.com/gui/file/d794747343409784e81b7754901acda8e2d3f5182ab9addc66c6121bc55aabc7/detection teiup.xyz # Reference: https://app.any.run/tasks/d4acf26b-aced-48a9-8dec-aeccd602c109/ heartychern.com # Reference: https://www.virustotal.com/gui/file/8e68b6908534b24b52ba7a1d0ef445b9b2a8681a4d35fa9d5c4d447cf3efb300/detection akito.be # Reference: https://www.virustotal.com/gui/domain/alibabahugia.com/relations alibabahugia.com # Reference: https://www.virustotal.com/gui/domain/eferiwalabd.com/relations eferiwalabd.com # Reference: https://www.virustotal.com/gui/file/e1869921f052c6dc9387b18c6884191a2c637eb21cd638ed1b2e71b31cab7e0b/detection kheeda.com # Reference: https://www.virustotal.com/gui/domain/regalscoin.co/relations regalscoin.co # Reference: https://www.virustotal.com/gui/url/b27492bd716239fe2f17a20b4c60c24bb058b7b8023be0f5a5e78bde37ea7864/detection molmarsl.com # Reference: https://www.virustotal.com/gui/file/b509e105567fe4a14e31c96d71bdf2080df1d1737fe5b1928b2e5ad88add2b31/detection bodegaslopezmoernas.com # Reference: https://www.virustotal.com/gui/file/0dbbbc6aa0686ea19b55871f0ca0b9c722064683604c04e581c8498095f0cea9/detection jdandado.info # Reference: https://www.virustotal.com/gui/file/5ffa3eaa94c6a603d21525a72d56f23915279fbd755ac0fb24d04e9a2fdd26fe/detection jscmy.co # Reference: https://www.virustotal.com/gui/file/3fcbf0a0d8ab22f5762ebf4855165c1258b57462119eb5549e7b74edcc2ce1ad/detection omabradley.ru # Reference: https://www.virustotal.com/gui/file/eb0cc81ad318a7ee0d5aef0b51538178c5e590be837a2e81cb99bf89944547f3/detection getvision2020.net # Reference: https://twitter.com/wwp96/status/1221892381831766017 oaa-my.com # Reference: https://twitter.com/wwp96/status/1222244913309454337 nwababy.cf /chikincho/sab.php # Reference: https://twitter.com/wwp96/status/1222259928422932480 wakanduz.tk /sabali/sab.php # Reference: https://twitter.com/James_inthe_box/status/1222541809454202880 zeyadigital.com # Reference: https://twitter.com/wwp96/status/1222604774484430848 himkon.cf # Reference: https://twitter.com/wwp96/status/1222651453673787393 drop-box.top # Reference: https://twitter.com/Racco42/status/1222895330422706178 hanmha.com # Reference: https://www.virustotal.com/gui/ip-address/193.142.59.107/relations 193.142.59.107:80 # Reference: https://www.virustotal.com/gui/ip-address/89.249.65.212/relations 89.249.65.212:80 # Reference: https://twitter.com/wwp96/status/1223277675688669185 # Reference: https://app.any.run/tasks/f9f4c66f-7e96-4ded-909a-f2f799658400/ gpi-q.com # Reference: https://twitter.com/wwp96/status/1223283853395144704 everest--sh.com # Reference: https://twitter.com/wwp96/status/1223331321969348613 # Reference: https://twitter.com/wwp96/status/1224402400674447361 butland.cf ezilon.tk /igine/sab.php # Reference: https://pastebin.com/v5VKwUUR batlxt.org fiftint.com top-sso3.top # Reference: https://twitter.com/wwp96/status/1224395051486400513 kdi-kongsberg.com # Reference: https://twitter.com/wwp96/status/1224395809879470080 baural.tk nedoru3.ml # Reference: https://twitter.com/wwp96/status/1224397130175041536 unrrwa.org # Reference: https://twitter.com/wwp96/status/1224403562488389632 http://193.142.59.7 # Reference: https://twitter.com/wwp96/status/1224415503206244353 baurallc.ml gadingsllc.cf /vvd/sab.php # Reference: https://twitter.com/wwp96/status/1224414499983237120 plosss.com # Reference: https://twitter.com/wwp96/status/1224415881880621062 saclex.gq # Reference: https://pastebin.com/5VDXdhPA airlinecom.tk babanovex.cf babatnx.cf bagariwa.tk baurallc.ml butland.cf butland.gq championsdeal.cf champkit.tk gadinacom.ga gadinacom.gq gadinacom.tk gadinatr.cf gadinatr.gq gadinatr.tk gbajagbaja.cf gbajagbaja.gq gbajagbaja.tk januarytins.ml juannylift.cf kutuolog.cf kutuolog.ga kutuolog.gq kutuolog.ml kutuolog.tk lilninop.ga mamado.ml martirill.ga nwababy.cf onyenzoputa.cf onyenzoputa.ml onyenzoputa.tk precisiongmbh.tk ramdymoore.ml saffen.ml simportexx.tk simpotex.ml simpotex.tk sisenor.ml solouro.ga solouro.ml tocheckoru.cf udejimji.cf ugomma.gq ugougo.cf ukwunkea.ml unvacsth.gq unvacsth.ml unvacsth.tk uwachukwuu.cf uwachukwuu.ml vintaded.ga wakanduz.cf wakanduz.ga wakanduz.gq webergmbh.ml webergmbh.tk /chikala/sab.php /chikincho/sab.php /igine/sab.php /makave/sab.php /nzubedubai/sab.php /omega/sab.php /pope/sab.php /sabali/sab.php /sweet/sab.php /vvd/sab.php /zanku/sab.php # Reference: https://app.any.run/tasks/153c9ca2-38d7-46f8-a510-2d6d13fbde4e/ shgshgsndynationalindustrialandgoogledns.duckdns.org # Reference: https://app.any.run/tasks/4dc538c1-e78e-41fe-b17e-ed9da474ea3c/ cranetechllc.ml simpotex.ga # Reference: https://app.any.run/tasks/e61bbc8a-d35d-4316-8232-b7cfd7f14a22/ cokhiquangbien.com # Reference: https://twitter.com/wwp96/status/1224789442243723265 omabradley.ru # Reference: https://twitter.com/wwp96/status/1224786717883936775 growyourwealth.cf powerlinecom.ml /makave/sab.php # Reference: https://twitter.com/wwp96/status/1224781788033245191 trouserlanditd.com # Reference: https://twitter.com/K_N1kolenko/status/1225009464815902720 http://104.223.170.113 http://107.175.150.73 http://198.23.200.241 http://78.142.18.109 about.panjihidayat.web.id barential.cf batlxt.org cv.panjihidayat.web.id difapackperu.com everest--sh.com fiftint.com gpi-q.com growyourwealth.cf lkpswrd.tk mecharnise.ir mocdong.com.vn/gx/playbook/onelove/fre.php omabradley.ru petroindonesia.co.id skyoceanshippinq.com tecon.com.mx tickerqube.com trouserlanditd.com tungyu.cf u-knlt.com worldatdoor.in zeyadigital.com # Reference: https://twitter.com/Bl4ng3l/status/1224999049880899586 etoro-miners.com # Reference: https://twitter.com/wwp96/status/1225487541484302336 drkconstrucciones.com # Reference: https://twitter.com/K_N1kolenko/status/1225784278732214272 euromopy.tech mirrapl.com missingandfound.com.my yullifyne.ml /v-2/pin.php /makave/sab.php /vvd/sab.php /zanku/sab.php # Reference: https://twitter.com/wwp96/status/1226945238448713732 serv-node4.top # Reference: https://www.virustotal.com/gui/domain/ezzy-corp.com/relations ezzy-corp.com # Reference: https://twitter.com/wwp96/status/1227267903558496256 abumchukwugi.ga coretelin.ml # Reference: https://app.any.run/tasks/904abf72-63a7-4d8c-9be4-d25ca3872cbf/ http://192.3.183.226 # Reference: https://app.any.run/tasks/dce56dd7-e6b6-45e7-9845-9c1da2ac3cbd/ http://46.21.147.207 # Reference: https://twitter.com/K_N1kolenko/status/1227511439176458240 # Reference: https://twitter.com/K_N1kolenko/status/1227511407564001281 http://103.208.86.31 bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php bdsphatphat.com/.dtt/playbook/onelove/fre.php ijinwa.ml innoexpo.tech jfe-mineral-co.pw naelele.ga slnsa.trade telincore.tk telincorenw.gq transmarine.pw tungyu.cf /makave/sab.php /omega/sab.php /zanku/sab.php # Reference: https://twitter.com/K_N1kolenko/status/1227925694539337728 digi-sec.top ijinwa.gq telincore.gq matantalbenna.com/.legolass/fine/fre.php (# compromised site) /nzubedubai/sab.php # Reference: https://twitter.com/wwp96/status/1228000721494315008 beautynams.com # Reference: https://twitter.com/wwp96/status/1228360824676323328 dfsdfbdz.ml telincore.ml # Reference: https://twitter.com/wwp96/status/1228364048917565441 sogamco.com # Reference: https://twitter.com/wwp96/status/1228357214538170369 workherna.ga # Reference: https://twitter.com/wwp96/status/1228372948626690048 bantanmanta.cf loverineta.tk # Reference: https://twitter.com/reecdeep/status/1229403951675715586 powerlogs.top taximolinaperu.com # Reference: https://twitter.com/wwp96/status/1229438993584066562 cokhiquangbien.com # Reference: https://twitter.com/wwp96/status/1229438428598689792 kdi-kongsberg.com # Reference: https://twitter.com/wwp96/status/1229448871677485057 193.142.59.88:80 # Reference: https://twitter.com/wwp96/status/1229446037800181760 # Reference: https://twitter.com/_lockhum/status/1229477916234461184 46.21.147.206:80 /primseven/logs/omc.php # Reference: https://pastebin.com/WWcPxMMU http://paswordinc.xyz/new/fre.php http://www.dadatiles.com.au/ju/fre.php http://192.3.182.247/feblogs/logs/fre.php http://brokenbrains.xyz/James/fre.php http://185.126.201.167/~power13/.W0pohss134zCt/fre.php http://transwesemayra.top/Lokivo/Panel/fre.php http://taximolinaperu.com/fz/fre.php http://best-aluminum-co.ml/CORONACUREXXX/fre.php http://195.206.106.191/hoist3/logs/fre.php http://wesemayra.top/Lokivo/Panel/fre.php http://misiondeangeles.com/grace/five/fre.php http://94.100.18.11/plugman/logs/fre.php http://46.21.147.206/primseven/logs/fre.php http://thefieldagent.net/yo/Panel/five/fre.php http://193.142.59.109/primone/logs/fre.php http://131.153.22.150/primfour/logs/fre.php http://sariincofood.co.id/xx/Panel/fre.php http://mediagift.vn/.ki/playbook/onelove/fre.php http://masterteknoloji.com/.legolas/legolas/fine/fre.php http://mecharnise.ir/ca10/fre.php http://centrehotel.vn/oo/panel/fre.php http://www.tiltteexx.co/soft/julxx/fre.php http://pickupmylaundry.co.in/fonts/xfs/xch/fre.php http://tiltteexx.co/rokzee/kor2/fre.php http://176.57.70.28/angelo/Panel/five/fre.php http://getupandcboz.com/mine/fre.php http://www.biznetvgator.com/hyj/five/fre.php http://kceeruth.tk/kcee/fre.php http://www.matantalbenna.com/.legolass/fine/fre.php http://gassettgroup.com/1/fre,php http://netfliq.ml/binocular/fre.php http://promecco.com.tr/nel/five/fre.php http://sogamco.com/Work6/fre.php http://empresadeperu.com/bn/fre.php http://sogamco.com/Work4/fre.php http://141.105.71.35/sss/fre.php http://sogamco.com/Work5/fre.php http://thefieldagent.net/ys/Panel/five/fre.php http://portalcafecomnoticias.com.br/wp-includes/css/coco/fre.php http://gentleprlnce.com/CanDyCrUSHXXX/fre.php http://thefieldagent.net/loki/Panel/five/fre.php http://epperfums.com/dull/five/fre.php http://taximolinaperu.com/m/fre.php http://192.3.183.226/~feragamo/.legolas/fine/fre.php http://mawa2ef.com/core/five/fre.php http://mediagift.vn/.bc/playbook/onelove/fre.php http://blue-airship.com/empire/movement/kingz/fre.php http://academydea.com/includes/Panel/five/fre.php http://vlklz.xyz/A1/five/fre.php http://techcefacos.org/config/Panel/five/fre.php http://ayoobtextlie.com/cup/five/fre.php http://ayoobtextlie.com/craks/five/fre.php http://mckenzai-co.pw/Pablo/fre.php http://beerberv.com/OPAYREXING/fre.php http://portalcafecomnoticias.com.br/test/js/Panel/five/fre.php http://epperfums.com/dino/five/fre.php http://taximolinaperu.com/cg/fre.php http://193.142.59.88/primsix/logs/fre.php http://jfe-mineral-co.pw/Arinze/fre.php http://petroindonesia.co.id/xxx/xx/Panel/fre.php http://omabradley.ru/msn/Panel/fre.php http://omabradley.ru/easyph/Panel/fre.php http://corpcougar.com/zor/Panel/five/fre.php http://omabradley.ru/arewaphazzy/Panel/fre.php http://assemba.co.uk/bk2/Panel/five/fre.php http://fentlix.com/pl2y/fre.php http://isysu.net/zb_system/image/logo/good/fre.php http://transmarine.pw/Pablo/fre.php http://omabradley.ru/m16/Panel/fre.php http://myaline.com.pe/img/h/fre.php http://academydea.com/includes/pollux/Panel/five/fre.php http://uniquepierce.tech/pdot/support/rslt/fre.php http://transmarine.pw/Bobby/fre.php http://blue-airship.com/agutaz/direct/pushin/fre.php http://febspxi.xyz/P3/five/fre.php http://slnsa.trade/Work3/fre.php http://fentlix.com/onev/fre.php http://slnsa.trade/Work7/fre.php http://103.208.86.31/y/fre.php http://jfe-mineral-co.pw/Chukwuka/fre.php http://46.21.147.207/primeight/logs/fre.php http://sariincofood.co.id/no/Panel/fre.php http://184.164.142.217/primthree/logs/fre.php http://184.164.142.213/primtwo/logs/fre.php http://indiatoursntravels.in/cc/Panel/fre.php http://37.220.0.11/primone/logs/fre.php http://trailer.co.za/cg-wpi/Panel/five/fre.php http://5.152.210.188/primfour/logs/fre.php http://kimstar.com.vn/.tx/tx/playbook/onelove/fre.php http://slnsa.trade/Work5/fre.php http://innoexpo.tech/product/perf/Inc/fre.php http://131.153.22.142/rokstwo/logs/fre.php http://jfe-mineral-co.pw/Broken/fre.php http://198.23.200.241/~power13/.swoexizp/fre.php http://198.23.200.241/~power13/.firoxispz/fre.php http://klickus.com/okye/Panel/five/fre.php http://slnsa.trade/Work1/fre.php http://slnsa.trade/Work8/fre.php http://myaline.com.pe/nn/fre.php http://corpcougar.com/nedu/Panel/five/fre.php http://papelestecnicos.com.pe/vb/fre.php http://empresadeperu.com/ved/fre.php http://beerberv.com/SAMMYWAHALA/fre.php http://empresadeperu.com/vv/fre.php http://trailer.co.za/wp-cgi/Panel/five/fre.php http://klickus.com/gozie/Panel/five/fre.php http://klickus.com/cjay/Panel/five/fre.php http://185.56.137.99/primfive/logs/fre.php http://131.153.22.219/primsix/logs/fre.php http://adminfixpop3settings.com/vkay/five/fre.php http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/fre.php http://karmar.com.au/wp-admin/css/colors/coffee/fre.php http://borrdrillling.com/danb/five/fre.php http://omabradley.ru/agwo/Panel/fre.php http://forlinkserver.com//parl/id2244/fre.php http://mellle.com/ses/Panel/fre.php http://trouserlanditd.com/dark/five/fre.php http://emesterul.ro/css/ok/fre.php http://vlklz.xyz/Atoz/five/fre.php http://198.23.200.241/~power13/.pRciyzfi/fre.php http://centrehotel.vn/ss/Panel/fre.php http://vcntq.ga/Mercy/five/fre.php http://rlxivz.ga/SV3/five/fre.php http://193.142.59.96/africa/logs/fre.php http://198.23.200.241/~power13/.xoiaxozp/fre.php http://etoro-miners.com/bird/five/fre.php http://198.23.200.241/~power13/.sopawqo/fre.php http://bdsphatphat.com/.dtt/playbook/onelove/fre.php http://198.23.200.241/~power13/.gvuxosacy/fre.php http://indiatoursntravels.in/oo/Panel/fre.php http://107.175.150.73/~giftioz/.fkligxrzi/fre.php http://oasischandigarh.com/wp-admin/js/widgets/Panel/five/fre.php http://trailer.co.za/bin/Panel/five/fre.php http://febtrxp.xyz/P4/five/fre.php http://febvnxp.xyz/P4/five/fre.php http://198.23.200.241/~power13/.xwospaxi/fre.php http://xgkxc.xyz/P4/five/fre.php http://www.worldatdoor.in/panel2/Panel/five/fre.php http://liderazgocristoforo.org/n/fre.php http://198.23.200.241/~power13/.sixnrpq/fre.php http://hanmha.com/drunk/five/fre.php http://rlxivz.tk/SV2/five/fre.php http://198.23.200.241/~power13/.goxizmsxir/fre.php http://datedi.icu/hoist1/logs/fre.php http://mikeservers.eu/kings/five/fre.php http://104.223.170.113/Silkop/Panel/five/fre.php http://euromopy.tech/etty/black/download/fre.php http://borrdrillling.com/luckyadmin/five/fre.php http://expertisem.net/empire/movement/kingz/fre.php http://blastforcleaningservices.com/fonts/panel/fre.php http://etoro-miners.com/gate/five/fre.php http://mecharnise.ir/ca11/fre.php http://mkplogistics.co.id/oo/Panel/fre.php http://mkplogistics.co.id/aa/Panel/fre.php http://liderazgocristoforo.org/g/fre.php http://centrehotel.vn/cc/Panel/fre.php http://u-knlt.com/Bobby/fre.php http://missingandfound.com.my/kv/Panel/fre.php http://u-knlt.com/Pablo/fre.php http://trouserlanditd.com/dabs/five/fre.php http://everest--sh.com/coco/five/fre.php http://gpi-q.com/cake/five/fre.php http://trailer.co.za/wp-index/Panel/five/fre.php http://198.23.200.241/~power13/.zipxzios/fre.php http://tungyu.cf/CROWNEDPRINCE/fre.php http://esenciamaya.com/leo/five/fre.php http://saclex.gq/flabs/fre.php http://5.196.123.14/yg/Panel/fre.php http://omabradley.ru/smik/Panel/fre.php http://mirrapl.com/big/Panel/fre.php http://funerariapracadabandeira.com.br/include/Panel/five/fre.php http://printystore.com.pe/img/lop/fre.php http://printystore.com.pe/js/v/fre.php http://66.85.173.45/africa/logs/fre.php http://xlkz.xyz/P4/five/fre.php http://5.152.210.181/roksone/logs/fre.php http://103.70.137.123:82/five/fre.php http://noniwire7.website/Work4/fre.php http://107.175.150.73/~giftioz/.shptioixmaz/fre.php http://centrehotel.vn/oo/Panel/fre.php http://noniwire7.website/Work5/fre.php http://drkconstrucciones.com/v/fre.php http://trouserlanditd.com/didi/five/fre.php http://xigkxc.xyz/Atoz/five/fre.php http://193.142.59.7/hoist3/logs/fre.php http://missingandfound.com.my/mba/Panel/fre.php http://espoirpharmaceutical.com/includes/Panel/five/fre.php http://missingandfound.com.my/bb/Panel/fre.php http://terayu.tk/irkk/fre.php http://unrrwa.org/rich/Panel/fre.php http://hanmha.com/dope/five/fre.php http://precisiongmbh.cf/kboss/fre.php http://hanmha.com/duck/five/fre.php http://hanmha.com/divide/five/fre.php http://printystore.com.pe/img/hu/fre.php http://kdi-kongsberg.com/stan/Panel/fre.php http://217.64.114.179/africa/logs/fre.php http://hedsoni.com/jahbless/fre.php http://mediceldl.com/Broken/fre.php http://tickerqube.com/Loki2020/fre.php http://lethatch.se/nelpa/five/fre.php http://tresolutionsdr.com/CHK/five/fre.php http://missingandfound.com.my/urch/Panel/fre.php http://trailer.co.za/wp-adon/Panel/five/fre.php http://78.142.18.109/jaydee/logs/fre.php http://serviciotecnicoenlima.com/js/g/fre.php http://xecogioisg.com/go/playbook/onelove/fre.php http://gimhon.ml/kcyi/fre.php http://omabradley.ru/kiriko/Panel/fre.php http://difapackperu.com/n/fre.php http://tecon.com.mx/onye/five/fre.php http://198.23.200.241/~power13/.xjksapxiz/fre.php http://gpi-q.com/cup/five/fre.php http://sino-spriulina.com/demo1/Panel/fre.php http://aikchimhin.com/walterXXXX/fre.php http://trouserlanditd.com/data/five/fre.php http://107.175.150.73/~giftioz/.notoxo/fre.php http://mediceldl.com/David/fre.php http://everest--sh.com/cream/five/fre.php http://mediceldl.com/Bobby/fre.php http://duprcxoffshore.com/yaas/fre.php http://everest--sh.com/click/five/fre.php http://107.175.150.73/~giftioz/.fsabljkxioaxo/fre.php http://corpcougar.com/buggy/Panel/five/fre.php http://gpi-q.com/copy/five/fre.php http://mediceldl.com/Pablo/fre.php http://borrdrillling.com/lokiadmin/five/fre.php http://198.23.200.241/~power13/.xoiaspxo/fre.php http://cokhiquangbien.com/.jx/playbook/onelove/fre.php http://omabradley.ru/garuba/Panel/fre.php http://expertisem.net/agutaz/direct/pushin/fre.php http://193.142.59.107/africa/logs/fre.php http://cleaning-hygiene.com/kay/Panel/five/fre.php http://perfectelectricalsolution.com/css/bb/Panel/fre.php http://brokenskul.xyz/Bobby/fre.php http://gpi-q.com/craks/five/fre.php http://trouserlanditd.com/drug/five/fre.php http://trouserlanditd.com/draw/five/fre.php http://gpi-q.com/cutter/five/fre.php http://petroindonesia.co.id/xx/Panel/fre.php http://omabradley.ru/ekene/Panel/fre.php http://petroindonesia.co.id/admin/Panel/fre.php http://trailer.co.za/cgi/Panel/five/fre.php http://gpi-q.com/clean/five/fre.php http://everest--sh.com/cola/five/fre.php http://amotach-cn.com/DOTNETXXX/fre.php http://gpi-q.com/clap/five/fre.php http://uniformescorporativosperu.com/catalogopw/g/fre.php http://uniformescorporativosperu.com/imgdamas/faldas/j/fre.php http://ecoorganic.co/Work8/fre.php http://euromopy.tech/rosemond/backup/dataz/fre.php http://89.249.65.212/africa/logs/fre.php http://uwhfdsndcjdn.ml/chikafams/fre.php http://zeyadigital.com/etty/black/download/fre.php http://hanmha.com/deal/five/fre.php http://petroindonesia.co.id/ss/Panel/fre.php http://stampilam.ro/axe/five/fre.php http://securesharing.top/Lokivo/Panel/five/fre.php http://107.175.150.73/~giftioz/.vodojik/fre.php http://everest--sh.com/clock/five/fre.php http://aivazidis.gq/mad-ooo/fre.php http://grensena.tk/kboss/fre.php http://107.175.150.73/~giftioz/.myprolokip/fre.php http://drop-box.top/Lokivo/Panel/five/fre.php http://pipermode.com/agutaz/direct/pushin/fre.php http://defacci22.net/rosemond/backup/dataz/fre.php http://perfectelectricalsolution.com/mb/panel/fre.php http://sino-spriulina.com/demo/Panel/fre.php http://brokenskul.xyz/Broken/fre.php http://cleaning-hygiene.com/bab/Panel/five/fre.php http://ecoorganic.co/Work2/fre.php http://ecoorganic.co/Work4/fre.php http://aladebtrading.com/loki/Panel/fre.php http://sccslink.xyz/P5/five/fre.php http://ecoorganic.co/Work7/fre.php http://ecoorganic.co/Work1/fre.php http://somafe.dz/zmnko/five/fre.php http://corpcougar.com/bin/Panel/five/fre.php http://himkon.cf/kcyi/fre.php http://107.175.150.73/~giftioz/.ASlxkaDx8x/fre.php http://107.175.150.73/~giftioz/.xozizuxoze/fre.php http://institutdemathologie.fr/GO/ve/fre.php http://altoinfor.co/base/fre.php http://softtouchcollars.com/Loki/Panel/five/fre.php http://107.175.150.73/~giftioz/.suxozisxfi/fre.php http://104.223.170.113/dsikio/Panel/five/fre.php http://dongthanhcompany.vn/.ox/playbook/onelove/fre.php http://heartychern.com/deal/five/fre.php http://192.210.238.10/five/fre.php http://193.142.59.3/teejay/logs/fre.php http://perfectelectricalsolution.com/bb/Panel/fre.php http://kimstar.com.vn/.tx/playbook/onelove/fre.php http://193.142.59.98/africa/logs/fre.php http://xylanperu.com/op/fre.php http://petroindonesia.co.id/cgi-bin/cc/Panel/fre.php http://107.175.150.73/~giftioz/.ciiiiiiric/fre.php http://seguridadindustrialujan.com/hu/fre.php http://seguridadindustrialujan.com/jii/fre.php http://docupubfilesretrieve.com/sp/five/fre.php http://thaubenuocngam.com/go/playbook/onelove/fre.php http://buasang5sao.com/Panel/five/fre.php http://107.152.36.110/GhosTHunTerX/fre.php http://bollorre.pw/Work4/fre.php http://bollorre.pw/Work5/fre.php http://oaa-my.com/copy/five/fre.php http://xgkixc.xyz/Atoz/five/fre.php http://plosss.com/lok/Panel/fre.php http://molmarsl.com/leks/five/fre.php http://assemba.co.uk/mk/Panel/five/fre.php http://byedtronchgroup.yt/jik/Panel/five/fre.php http://192.210.238.10/emmy/fre.php http://iplusvietnam.com.vn/jo/playbook/onelove/fre.php http://xecogioisg.com/mx/playbook/onelove/fre.php http://bollorre.pw/Work6/fre.php http://tbt-sceitech.com/coco/five/fre.php http://107.175.150.73/~giftioz/.xotorsvi/fre.php http://sino-spriulina.com/Panel/fre.php http://107.175.150.73/~giftioz/.vorokimovi/fre.php http://107.175.150.73/~giftioz/.coterzio/fre.php http://sccslink.xyz/P4/five/fre.php http://uwhfdsndcjdn.tk/evawater/fre.php http://107.175.150.73/~giftioz/.dycosmxiz/fre.php http://about.panjihidayat.web.id/cc/Panel/fre.php http://193.142.59.89/africa/logs/fre.php http://asi1.ir/sch/five/fre.php http://protestlabsmovings.es/blender/Panel/five/fre.php http://w-tranz.club/game/luxx/fre.php http://rohockey.ro/wp-content/five/fre.php http://107.175.150.73/~giftioz/.fodoixz/fre.php http://chol.cc/Work2/fre.php http://chol.cc/Work1/fre.php http://107.175.150.73/~giftioz/.cotolier/fre.php http://107.175.150.73/~giftioz/.dsabkjczpxzo/fre.php http://107.175.150.73/~giftioz/.vogofis/fre.php http://snodrite.pw/tipe/hope/fre.php http://zoncline.club/stud/hace/fre.php http://fvrlink.online/P2/five/fre.php http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/fre.php http://ma.co.ir/huu/fre.php http://alwaysdelivery.xyz/five/fre.php http://www.traz.ir/erqzxewqrtyacxz/five/fre.php http://worldatdoor.in/lewis/Panel/five/fre.php http://107.175.150.73/~giftioz/.jorosin/fre.php http://superson-com.cc/Bobby/fre.php http://oaa-my.com/clean/five/fre.php http://deliveryexpressworld.xyz/five/fre.php http://sccslink.online/P3/five/fre.php http://govirtual.ga/targets/fre.php http://chol.cc/Work4/fre.php http://cleaning-hygiene.com/bin/Panel/five/fre.php http://apexsourcingltd.com/maka/emmy/fre.php http://107.175.150.73/~giftioz/.zozoas/fre.php http://vlkl.xyz/Atoz/five/fre.php http://107.175.150.73/~giftioz/.lokijisi/fre.php http://107.175.150.73/~giftioz/.kobovoih/fre.php http://fvrlink.xyz/P1/five/fre.php http://digi-sec.top/lokivo/Panel/five/fre.php http://deliciasdvally.com.pe/includes/gter/fre.php http://krompres.tk/loki/Panel/five/fre.php http://piscinasaguamarinha.com.br/moon/five/fre.php http://mecharnise.ir/ca3/fre.php http://penworkresearch.com/app/five/fre.php http://difapackperu.com/fg/fre.php http://brodam.ro/rtc/five/fre.php http://chol.cc/Work3/fre.php http://leakaryadeen.com/parl/id345/fre.php http://107.175.150.73/~giftioz/.ckyfdgxo/fre.php http://pehledinekam.com/amey/fre.php http://noithathoanggia.net.vn/jo/playbook/onelove/fre.php http://chol.cc/Work5/fre.php http://pur-ant.club/page/gain/fre.php http://107.175.150.73/~giftioz/.sfaojaxz/fre.php http://agrabahd.ga/locale/fre.php http://afas-kr.com/drug/five/fre.php http://cast-den.pw/cape/spot/fre.php http://107.175.150.73/~giftioz/.pojonv/fre.php http://about.panjihidayat.web.id/aa/Panel/fre.php http://ivad.com.vn/go/playbook/onelove/fre.php http://mocdong.com.vn/gx/playbook/onelove/fre.php http://omabradley.ru/china20/Panel/fre.php http://getvision2020.net/etty/black/download/fre.php http://ht-electric.dz/qatar/five/fre.php http://107.175.150.73/~giftioz/.zohohov/fre.php http://mecharnise.ir/ca6/fre.php http://noithathoanggia.net.vn/kk/playbook/onelove/fre.php http://nan5.ir/jty/fre.php http://southeasterncontractingco.com/jo/panel/five/fre.php http://178.17.170.6/five/fre.php http://107.175.150.73/~giftioz/.tororo/fre.php # Reference: https://app.any.run/tasks/ed92457b-1989-490b-86d6-80392502143f/ http://107.189.10.150/Pi2/ martiq.org # Reference: https://app.any.run/tasks/62e6801e-cabb-4cf7-af74-0cc2e9997080/ # Reference: https://www.virustotal.com/gui/ip-address/107.175.150.73/relations chnthreewealthsndy3andreinforcementagenc.duckdns.org http://107.175.150.73/~giftioz/ # Reference: https://app.any.run/tasks/32270993-012f-4ec8-a88f-119917767e7d/ epperfums.com # Reference: https://app.any.run/tasks/1376f2cb-7008-4840-9df3-a54be7c75fd1/ sndy2kungglobalinvestmentgooglednsaddres.duckdns.org # Reference: https://twitter.com/wwp96/status/1229809833521614849 brokenhead.xyz # Reference: https://twitter.com/wwp96/status/1230208744824410113 bdzdfsdf.gq # Reference: https://twitter.com/wwp96/status/1230209217015025666 fdjshe.tk # Reference: https://twitter.com/wwp96/status/1230213776521269249 shefdj.cf # Reference: https://twitter.com/wwp96/status/1230220429832445953 bdzdfsdf.cf # Reference: https://app.any.run/tasks/3b425f86-5b45-413b-82ce-94572bc89f77/ desertfox.ru # Reference: https://twitter.com/Bl4ng3l/status/1230429843118006273 zdwallcoveing.com # Reference: https://twitter.com/wwp96/status/1230546137427435520 matantalbenna.com/.legolass/fine/fre.php # Reference: https://app.any.run/tasks/9cfa85fa-ed4e-4629-a2bc-98aa095bbd29/ duclongetc.com # Reference: https://app.any.run/tasks/0579bdb6-a14f-458f-80c3-222c5c251cec/ atlasdecarqo.com # Reference: https://app.any.run/tasks/7890bc79-567c-403b-be23-19e52c91664f/ naourl.com # Reference: https://app.any.run/tasks/156ee10c-d61a-478e-b0b7-b8088ee4d0d1/ http://198.12.125.130/~axsonipc/ # Reference: https://twitter.com/wwp96/status/1232400592787693568 hergyi.com # Reference: https://twitter.com/wwp96/status/1232394253118115848 # Reference: https://app.any.run/tasks/4750d11b-76c7-46c8-820f-fe87e6159117/ febspxii.xyz # Reference: https://app.any.run/tasks/fef43720-c2c0-4305-8697-0b2637c44db9/ sisiinno.tech # Reference: https://app.any.run/tasks/08c78083-b2f6-4c61-90c7-6fc4c0291226/ vivalingard.gq vivalingard.cf # Reference: https://app.any.run/tasks/9fbcb0ae-61c8-42b0-8314-adf7202a8a45/ falcontension.tech # Reference: https://app.any.run/tasks/71fb5323-5556-4b24-90b3-c835d0d095a9/ missingandfound.com.my/prin/Panel/fre.php # Reference: https://app.any.run/tasks/be2aca26-f021-4a7c-8f9e-8a536549eafd/ blog.huangyang.cc/goziiu/ klickus.com/gozie/Panel/five/fre.php # Reference: https://app.any.run/tasks/6145a1fc-6bcf-42e5-b3bb-9d4830fb738b/ doqantekstil.com # Reference: https://app.any.run/tasks/d46ce8df-0f19-40c7-97bd-7ca23c6360a1/ http://107.175.150.73/~giftioz/ # Reference: https://app.any.run/tasks/1248ab72-b0de-4ebc-af9e-3b6f68a70d86/ epperfums.com # Reference: https://app.any.run/tasks/cc714b2d-7440-45c4-a70e-e25ad256dd27/ nileloqistics.com # Reference: https://any.run/report/7767c2ec0369f22b90a0edb03260057b834195b6a5d12d67fa26e28ac2e6933a/4c4433cd-e9c7-46bc-bebf-c88a90b36bff expertswebservices.com Reference: https://www.virustotal.com/gui/domain/aquavictus.hr/relations aquavictus.hr/img/panel/index.php aquavictus.hr/ap/Panel/index.php aquavictus.hr/mkk/Panel/five/fre.php # Reference: https://app.any.run/tasks/2cf293f3-2994-483d-adfe-7f5988288cae/ http://198.23.148.71 # Reference: https://twitter.com/K_N1kolenko/status/1234817078458290176 academydea.com/noni/Panel/five/fre.php imperiaskygarden.net/.wp-admini/wp-admini1/wp-admini2/fre.php lucianogroup.xyz sonqan-vn.com topuogodo.ga wesemayra.top # Reference: https://twitter.com/wwp96/status/1234946520329445378 kdhema.ga topuogodo.ml # Reference: https://app.any.run/tasks/58554586-a4b7-4586-b7b1-cc8f86f0caa8/ vnn-nv.com # Reference: https://app.any.run/tasks/40f44fdd-5eeb-41b1-98b3-bfc102ee0865/ altamonteorators.com/images/images/Panel/five/fre.php # Reference: https://app.any.run/tasks/6b80811c-c9f7-43c5-aab1-d4a1eb8cd54f/ tailuong.com.vn/.xxx/playbook/onelove/fre.php # Reference: https://app.any.run/tasks/9194de26-2044-405c-be7c-340e4da5dd83/ worldatdoor.in/lewis1/Panel/five/fre.php # Reference: https://app.any.run/tasks/eedcbfc1-89e0-49f4-8fa9-b7cbb9afc577/ gorillahikeafrica.com/wp-includes/images/img/five/fre.php # Reference: https://app.any.run/tasks/e2412cb7-33cc-4e57-87c2-44e8c79e7edd/ pmw-ch.com # Reference: https://www.virustotal.com/gui/file/4a0e276b4730abd7ee51cf8876d25cd3928321acbb39d6d5f0e2fa8138312e2d/behavior/Dr.Web%20vxCube topuogodo.cf drakum.ml # Reference: https://twitter.com/casual_malware/status/1235189716917645312 mmanueud.cf topuogodo.ga # Reference: https://twitter.com/wwp96/status/1234938182208278529 hockvvee.com # Reference: https://twitter.com/wwp96/status/1234567430900535297 lieshitextile.com # Reference: https://www.virustotal.com/gui/ip-address/91.215.169.70/relations pmw-ch.com vnn-nv.com cpf-th.com solefex.com # Reference: https://twitter.com/wwp96/status/1235248119354478595 vnn-nv.com # Reference: https://app.any.run/tasks/2cfba30b-91b9-4827-ba96-e3dfb4d71b9e/ http://193.142.59.22/jaydee/logs/fre.php # Reference: https://app.any.run/tasks/a6d64f54-c294-49eb-82e6-f952777d80bb/ http://107.175.150.73/~giftioz/.dxuz/fre.php # Generic (callback) paths # Reference: https://twitter.com/hexlax/status/1157657573790814208 # Reference: https://pastebin.com/LHJrNpnV # Reference: https://pastebin.com/wHV90Sc2 # Reference: https://twitter.com/P3pperP0tts/status/1185096874241548291 # Reference: https://twitter.com/P3pperP0tts/status/1185096537271164928 /0110/s/cat.php /0110/s/desk.php /092j/7/cat.php /092j/7/desk.php /0sc9/cat.php /l3y0/cat.php /200/zc-b/cat.php /200/zc-b/desk.php /2leek/cat.php /50-red/cat.php /500two/cat.php /52006/link.php /atz/link.php /ch/link.php /hol/1/cat.php /hol/1/desk.php /humb/1/cat.php /humb/1/desk.php /igine/sabali.php /jes/link.php /key/link.php /chri1/cgi.php /fbm/encode.php /ka22/cat.php /makave/sabali.php /st3ph/cat.php /umgo2/cat.php /sail/cat.php /seems/cat.php /slek-b/cat.php /vh/630/cat.php /vh/630/desk.php /3sx0z2.php /45_76_8.php /AklDq9M1n_a.php /BobBy929BSx_A_D_M1n_a.php /BobDq929BSx_A_D_M1n_a.php /ChiNa929BSx_A_D_M1n_a.php /CvqDq929BSx_A_D_M1n_a.php /DaqDq929BSx_A_D_M1n_a.php /EvqTq939BSx_B_D_D1p_a.php /IkeNn929BSx_A_D_M1n_a.php /KelDq929BSx_A_D_M1n_a.php /KelEc929BSx_A_D_M1n_a.php /KelEh929BSx_A_D_M1n_a.php /KenDq929BSx_A_D_M1n_a.php /Natyyx_A_D_M4n_a.php /NonYe929BSx_A_D_M1n_a.php /ObiNn929BSx_A_D_M1n_a.php /PceHq925BSx_L_B_M1n_a.php /PrCm98ArhvF_A_K_M2n_a.php /Pvq929sM1n_a.php /PvqDNINo_M1n_a.php /PvqDerereA_D_M1n_a.php /PvqDq929BSx_A_D_M1n_a.php /PvqDq92allin_a.php /PvqDq92nat1n_a.php /PvqDq9MAxxxoloa.php /PvqDq9ohhho_a.php /SliDq929BSx_A_D_M1n_a.php /SlqDq929BSx_A_D_M1n_a.php /SomAq929BSx_A_D_M1n_a.php /SsgDq929BSx_A_D_M1n_a.php /SsqDq929BSx_A_D_M1n_a.php /StaDq929BSx_A_D_M1n_a.php /StaRm929BSx_A_D_M1n_a.php /StaRq929BSx_A_D_M1n_a.php /TryNdie.php /Ttq929BSx_A_X_M11n_a.php /UpDated_X_T_N1q_a.php /VirGi929BSx_A_D_M1n_a.php /graceofgod-favour.php /okwy_A_D_server.php /panel_jee.php # Reference: https://twitter.com/wwp96/status/1235606545771175943 site-inspection.com # Reference: https://twitter.com/wwp96/status/1235976467215011841 fllxprint.com # Reference: https://twitter.com/wwp96/status/1236012534534213632 yal1am.com # Reference: https://twitter.com/wwp96/status/1236016958564372482 http://192.3.204.226 # Reference: https://twitter.com/wwp96/status/1236018276909690884 halloway.ru # Reference: https://app.any.run/tasks/461c4d7b-f11c-45eb-b5bf-7c0aefbfe24d/ damagedskull.xyz # Reference: https://app.any.run/tasks/faeeb41c-fe3a-4165-b65d-eba3d49bcfda/ # Reference: https://app.any.run/tasks/ebe2f251-79c3-403a-87c0-4882f0765e19/ posqit.net martiq.org didxbooks.com # Reference: https://app.any.run/tasks/e0296815-ebdf-43ce-87c3-22fabbaa4f07/ http://67.43.224.151 # Reference: https://pastebin.com/vMc4ATVq # Reference: https://app.any.run/tasks/58c77ed3-4d5a-4816-8422-bfcc0cf9bd12/ http://141.105.71.126 http://23.95.132.48 bibpap.com # Reference: https://twitter.com/wwp96/status/1237138658404294657 snxmrch.xyz # Reference: https://twitter.com/wwp96/status/1237141226350096386 fitrtefast.com # Reference: https://app.any.run/tasks/422168f9-9d03-49dc-827e-51ec179b296f/ onllygooodam.com # Reference: https://twitter.com/wwp96/status/1237808235689762818 fucksars.xyz # Reference: http://cybercrime-tracker.net/index.php?search=turasogutmas.com # Reference: https://app.any.run/tasks/b67fc2b1-2b6b-49f0-abb4-d2e94703bad9/ turasogutmas.com # Reference: https://twitter.com/JAMESWT_MHT/status/1238073558326292480 castrologs.xyz # Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0306-0313.html (# Win.Malware.Ursu-7610305-0) abizima.gq forza-lindelof.cf forza-lindelof.ga forza-maguire.cf forzalindelof.ml forzamaguire.ga forzamaguire.ml forzamaguire.tk global-solution.gq mabelis.cf nomnyz.cf nomnyz.ga radiomar.cf somaplast.cf somaplast.ga yanguz.cf # Reference: https://twitter.com/James_inthe_box/status/1239577931195662338 seacrafts.ru # Reference: https://app.any.run/tasks/5900bea3-b146-4982-94bb-023e082dfe13/ anoroc.ru # Reference: https://app.any.run/tasks/a94b863f-caec-4f26-ac3f-6ac55575456b/ cpf-th.com # Reference: https://app.any.run/tasks/15d7e6c5-0078-4d61-be32-af531fcb932b/ pyungz.org # Reference: https://app.any.run/tasks/fcee8e0c-120d-417a-96bb-489a5d5be106/ # Reference: https://app.any.run/tasks/3aca1800-6fc0-4c4a-a8f4-a9bd4b03169f/ # Reference: https://app.any.run/tasks/22e3ec37-4972-4ef1-aa53-e94c082cb7e4/ russchine2specialstdy2plumbingmaterialgh.duckdns.org http://23.95.132.48/~main/ # Reference: https://app.any.run/tasks/51111254-4c18-4627-bdd2-5216a4c85bab/ greenelectronicsandkitchen10apliancestdy.duckdns.org asia-maap.com # Reference: https://app.any.run/tasks/cd98661a-75f9-4900-8d02-59275e05e4a6/ # Reference: https://app.any.run/tasks/196ba7fa-9850-4c4f-9b9a-e19fc4c72b86/ castmart.ga # Reference: https://app.any.run/tasks/bfc65c50-f43c-41d7-8ba4-febf6ccc7eea/ byedtronchgroup.yt http://104.223.170.93/jore/Panel/five/fre.php # Reference: https://app.any.run/tasks/80cab2e3-1373-4479-a8e0-0f079ec5757e/ hgmatal.com # Reference: https://twitter.com/bit_dam/status/1242553127548735488 /1g7/pin.php # Reference: https://www.virustotal.com/gui/domain/fuly-lucky.com/relations fuly-lucky.com # Reference: https://www.virustotal.com/gui/file/564121a4958991dcbdd3cbd18ae899c960c2f633decb3dfff09ca0a9abc3338f/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/9e7bfbe18c5482f6967dfd30d79dd92679167ee400f9bd525737ee83842754c5/behavior/Dr.Web%20vxCube http://77.81.121.20/~kukddoco/ # Reference: https://twitter.com/K_N1kolenko/status/1235896986659889153 http://185.94.191.8 http://193.142.59.2 aliminksrl.cf assemba.co.uk/jpg/five/fre.php centrehotel.vn/wp-admin/user/cc/Panel/fre.php fitrtefast.com # Reference: https://twitter.com/JayTHL/status/1245781548776947717 parisgranhotels.ga # Reference: https://twitter.com/_lockhum/status/1239596021778448384 xpologistics.ga # Reference: https://pastebin.com/jd2T3CeC # Reference: https://www.virustotal.com/gui/ip-address/185.126.202.111/relations http://185.126.202.111 /.ku/sj'x.php # Reference: https://www.virustotal.com/gui/url/07e950cfaf51929eba8128986f4d2a704b6da6ee773a6826cd592d5dace13081/detection orderhrf.info # Reference: https://pastebin.com/zQD12eKq jinglejinglen.sytes.net # Reference: https://app.any.run/tasks/fc9b4808-e1ee-4c09-835d-512690fbba60/ brokenme.xyz # Reference: https://twitter.com/jcarndt/status/1250094793558036480 # Reference: https://app.any.run/tasks/854f4157-cb4c-4aa1-b1bc-ceea2e17b4fa/ http://198.23.200.239 stdy3frndgreencreamcostmeticsbabystored.duckdns.org # Reference: https://twitter.com/JayTHL/status/1253013042557849602 iranssp.ir # Reference: https://twitter.com/Bl4ng3l/status/1253681108304232455 alforcargo.com # Reference: https://twitter.com/DynamicAnalysis/status/1253740533186527234 15wsdychneswealthandmoduleorganisationcv.duckdns.org avertonbullk.com # Reference: https://twitter.com/Bl4ng3l/status/1254779727442665472 oneflextiank.com # Reference: https://twitter.com/jorgemieres/status/1254791348445515783 i-bss.com pyv.cl # Reference: https://twitter.com/James_inthe_box/status/1255496095586713606 nicecars.com.ar/mine/Panel/five/fre.php # Reference: https://www.virustotal.com/gui/domain/obimmaa.ir/relations obimmaa.ir # Reference: https://app.any.run/tasks/a7d1e0c4-3672-4b1e-a226-eeeae7f2eda7/ victorlascos.tech # Reference: https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/loki-info-stealer-propagates-through-lzh-files # Reference: https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/loki-delivered-as-cab-file-attachment # Reference: https://otx.alienvault.com/pulse/5eb18e3eefd6849508bbfbf4 # Reference: https://www.virustotal.com/gui/domain/retrak.co.ke/relations retrak.co.ke/psy/five/fre.php retrak.co.ke/wrdp/five/fre.php retrak.co.ke/wrdp4/five/fre.php # Reference: https://twitter.com/Racco42/status/1259780193142616065 evervisionicd.com vitecqroup.com # Reference: https://twitter.com/Bl4ng3l/status/1260481607200395264 beesco.net # Reference: https://twitter.com/malwrhunterteam/status/1260927561166553089 gllnar.com # Reference: https://app.any.run/tasks/948b2be1-45ec-4945-bc1b-e7c340b70053/ suckadick.website # Reference: https://twitter.com/malwrhunterteam/status/1261550904773402626 attlogistics-vn.com # Reference: https://twitter.com/James_inthe_box/status/1262383816724959233 abass.ir # Reference: https://twitter.com/James_inthe_box/status/1262742262968020994 # Reference: https://app.any.run/tasks/a03db040-fc61-416e-b178-61a8b15dddc8/ achbiz.xyz mecharnise.ir opilacorp-bd.com # Reference: https://twitter.com/reecdeep/status/1263123147517239297 shehig.com # Reference: http://tracker.viriback.com/dump.php (2020-02-29) # Reference: https://twitter.com/malwrhunterteam/status/1263421500142518279 maylnk.ml # Reference: https://twitter.com/ScarletSharkSec/status/1268202304995557378 1filesharing.ga # Reference: https://pastebin.com/FEP38DaR zangs.ga # Reference: https://pastebin.com/ZfiFFaaU b2bseller.ga medfinals.co.uk # Reference: https://app.any.run/tasks/325bf778-36b5-45c0-96ff-755f9cc0b1c1/ primalfoodsqroup.com # Reference: https://pastebin.com/4pZn49kK skullisland.gq # Reference: https://twitter.com/JCyberSec_/status/1272561016853991424 remote1.ga # Reference: https://twitter.com/malware_traffic/status/1272577932783947777 crogtrt.com # Reference: https://www.virustotal.com/gui/file/f5f343318832ad44e43a225a1b454d54ccbedfa4e6447c6467869b90c0e92e52/detection ' http://31.220.2.200 # Reference: https://www.virustotal.com/gui/file/d2857b888fbab6dc4e36c403e86f39fedee428ba5ed45b28b8f99e59fb93ff58/detection http://104.223.170.102 # Reference: https://twitter.com/JAMESWT_MHT/status/1275079040773189634 # Reference: https://app.any.run/tasks/212e514b-3f3d-4177-88ba-f242e081781d/ nnasout.com # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt http://193.142.59.169 apoxnew.com bchicct.com broken2.cf broken3.cf broken4.cf broken5.cf broken6.cf broken7.cf broken8.cf broken9.cf broken10.cf brokenservices.xyz bubuyayatoolslog.ir capital-sd.com clemglobal.com deloilte.com ducatl.com eocaenlogistics.com furnituresales.ir hazelmayclothing.com idehados.com.ar jastex.info just-in-timelog.com lapphoungshoes.com mahetechasia.com orangetoolzdemo.com orthopaedix.com.au psqdover.com rnarport.com sdgengtie.com skull247.cf skull3.ga skullisland.tk spqlobal.info taksamall.ir taruntextlies.com tehranfish.ir toyo-at-jp.info yaliapartotel.com ygsddl1.ml gorillahikeafrica.com/wp-includes/images/app/five/PvqDq929BSx_A_D_M1n_a.php gorillahikeafrica.com/wp-includes/images/img/five/PvqDq929BSx_A_D_M1n_a.php gorillahikeafrica.com/wp-includes/images/js/five/PvqDq929BSx_A_D_M1n_a.php irangoodshop.com/cd/PvqDq929BSx_A_D_M1n_a.php vancouverkitchencabinetrefinishing.com/five/fre.php vfsds.com/ark/fre.php wardia.com.pe/files/five/fre.php wardia.com.pe/wp-content/update/five/fre.php wardia.com.pe/wp-includes/files/five/fre.php # Reference: https://app.any.run/tasks/7c509e00-8424-4ffd-b5ee-7a8cc560a266/ argensudalimentaria.com.ar # Reference: https://pastebin.com/Hc73BzJT http://104.223.143.181 asatech.cf asatechw.gq asatechw.ml asatechw.tk emirate-net.me flexpak-th.com karachiwalla.com kranement.cf kranement.gq # Reference: https://www.virustotal.com/gui/file/d524ee4c7f70b45694218e309e9aaef64f96e812505c9c95891585555a195459/detection http://192.236.146.147 # Reference: https://app.any.run/tasks/d070ad67-c4e5-4c66-acda-c88a46885264/ beckhoff-th.com # Reference: https://app.any.run/tasks/dbb2312b-d7e1-468f-8956-9dfe6942e234/ reklaimapparel.com/wp-includes/ # Reference: https://app.any.run/tasks/c3ee77fd-bd3b-4ac8-a0fa-26cb0a8409f7/ http://195.69.140.147 # Reference: https://twitter.com/theDark3d/status/1288867976209469442 ckrlmay.ml # Reference: https://pastebin.com/iATkHK3K http://104.223.143.234 # Reference: https://pastebin.com/MUXDnknj joyn.com.pk # Reference: https://www.virustotal.com/gui/file/eeadaefc0f9331fbb9e1ceecf90667722dcae800a29c37413be37ff484daa61a/detection jetterweb.tech # Reference: https://www.virustotal.com/gui/file/23eb723f81c3f73aa38542436c30d9f1fe6a9bd26739b96438eb7a60b3f4b6c5/detection rbuaction.com # Reference: https://www.virustotal.com/gui/file/cc3053cb6f811fbef11211393b78e6e6fc49c05ba706a6daea440dab97db3736/detection goxer.club # Reference: https://securityliterate.com/analysis-of-lokibot-infostealer/ smallthingstress.sytes.net # Reference: https://twitter.com/ganeshnathan28/status/1297527613049712640 buildbd.org/slid/btc/Panel/five/PvqDq929BSx_A_D_M1n_a.php thernagictouch.com # Reference: https://twitter.com/ganeshnathan28/status/1297794454665953280 brokenbones.ml candestie.pw sieqwarteg.com # Reference: https://twitter.com/jstrosch/status/1298650225092034562 # Reference: https://www.virustotal.com/gui/file/e495e0e080d84256bbbd2b12d9ca05c4d1bcfcd623095ba87ec67f5abada017c/behavior alifmedical.shop # Reference: https://twitter.com/ganeshnathan28/status/1298656876800942087 sabzihome.com preprod.bridge2finance.com/xx/ petroindonesia.co.id optimavaluers.com # Reference: https://twitter.com/ganeshnathan28/status/1299024973026275329 joovy.ga # Reference: https://twitter.com/James_inthe_box/status/1014556042141679616 life-is-beautiful.in/inc/Panel/five/fre.php # Reference: https://twitter.com/JAMESWT_MHT/status/1300342452839161857 espaciointeriores.com.ar/espac/five/fre.php # Reference: https://pastebin.com/7LNRJB0c pvcfloorco.com # Reference: https://app.any.run/tasks/aa135b0a-6820-464a-9bb2-265eebc0ae06 # Reference: https://www.virustotal.com/gui/file/f3e4d77337c25f19d92971ac9386f5d0d22696d82f13cf28a7b3ab340e0c0295/behavior/VMRay mogawes.pw # Reference: https://app.any.run/tasks/e3801880-86d1-4828-bccf-634027c23a52/ remzclot.ga # Reference: https://otx.alienvault.com/pulse/5f522d7eaaaf821e26a2ba7c coltec.ga # Reference: https://twitter.com/VirITeXplorer/status/1305771835016044544 septxpm.xyz # Reference: https://otx.alienvault.com/pulse/5f60ae09c4538222cf48ad7c afcompresors.com # Reference: https://app.any.run/tasks/3e297077-5e3e-4f76-9b21-758e3efb15a7/ mflogistics-my.com # Reference: https://twitter.com/reecdeep/status/1313729438736146432 # Reference: https://app.any.run/tasks/86d35181-6dbf-412d-b965-f299882ea27e/ pklz.xyz # Reference: https://twitter.com/reecdeep/status/1315527072358576128 # Reference: https://app.any.run/tasks/25e32d38-6409-493f-a468-49f7c2696627/ # Reference: https://www.virustotal.com/gui/file/e4d4a263b17fa6e270bac22967c430a96671cc462862f15c9d5e917a32222118/detection xcpx.xyz # Reference: https://www.virustotal.com/gui/file/838a8c1b12270b248fd13d1f110998a79ee9442d19fb3f3562dfe734d7033367/detection http://104.223.143.132 # Reference: https://app.any.run/tasks/7e41dd5c-ac10-4032-81f5-034c985f26d6/ http://192.236.178.210 # Reference: https://www.virustotal.com/gui/file/0ddaa044ebe06ddc2b50948728a493bb027da4d42a7b15fa3a3361d590457fa7/detection theonlygoodman.com # Reference: https://www.virustotal.com/gui/file/580e2cee4eaf9102e25345a5d152f57a98b1d9299983d176575115ac6267f04e/detection venitronics.com/oo/Panel/fre.php # Reference: https://app.any.run/tasks/e7d8c2d3-81c8-4158-923e-66b9dc19484a/ magicview.ga # Reference: https://otx.alienvault.com/pulse/5f9023f897491403e533b1c0 amhercom-mx.com crestmart.ga kregmartlime.ga # Reference: https://otx.alienvault.com/pulse/5f9175733036fb104e24dd74 xvbt.ga # Reference: https://app.any.run/tasks/c607d61f-c52e-43ad-a2f3-737f29f26a75/ http://79.124.8.8/plesk-site-preview/heliopoliss.com/ # Reference: https://www.virustotal.com/gui/file/8ab355a4e825d4b233ce66f8e5f5b75b4c161cbb25f070f3355b6b15625dc784/detection # Reference: https://www.virustotal.com/gui/file/9fe21e1d604d54836584a3d8397e626200f3f4a533485bfb1922a46f7a4c0b96/detection # Reference: https://www.virustotal.com/gui/file/802b71bbcc620842158906bae965562bdaa4f5651529c3956dc2d6ac8ac6962a/detection smithandwollensky.com.tw/y1/Panel/fre.php smithandwollensky.com.tw/y2/Panel/fre.php smithandwollensky.com.tw/y3/Panel/fre.php # Reference: https://twitter.com/Racco42/status/1320715529754185730 # Reference: https://app.any.run/tasks/adc29078-5f0e-46e4-b9e3-819c37cc96fd/ olaplexs.com # Reference: https://twitter.com/d4rksystem/status/1321149663928614914 ckav.ru # Reference: https://app.any.run/tasks/a9efae2b-8245-496a-a52a-47f66ac1b094/ qataracfridgerepaire.com/templates/five/fre.php # Reference: https://twitter.com/James_inthe_box/status/1321453787576291328 pabloservices.ml # Reference: https://twitter.com/Racco42/status/1321596828765347841 # Reference: https://app.any.run/tasks/a51d3726-63d4-4d7e-ac67-e0bfb18f6afc/ vn-toupo.com # Reference: https://www.virustotal.com/gui/file/602c58e4deb0110c6b00d71231f12af54ee438c6a5e26ebda65021de6acaed32/behavior/C2AE mexicocomix.com # Reference: https://www.virustotal.com/gui/file/f4b7759a1a42ebd89a61ed697ca26661dff56719bbf254b7b1f400f3cf4487d1/detection brokensoul.cf # Reference: https://www.virustotal.com/gui/file/ed76de60fc812d7a8361a6b476f960ed8d3c07a6e1425d6c02c5d63e449cb0b3/detection pabloservices.ga # Reference: https://www.virustotal.com/gui/file/5ece83fb3098dfcfa2c8e9dbae44041364219db26d8a653dbb7b0a8223e04dc6/detection jagajaga-chichi.com # Reference: https://twitter.com/gorimpthon/status/1135854857682792448 epi.org.mk/css/vgn/ # Reference: https://www.virustotal.com/gui/file/76f44ea3c148283602e4dbd717f22ac95828b7e8e7677428f759c03cab0c8d49/detection nevomw.com # Reference: https://www.virustotal.com/gui/file/7c26db40707fee3b4f842feb653bad7e1dfa20cd05d8cdb944f0916d7de3453a/detection qqmailappupdate.ga # Reference: https://tria.ge/201112-l27a6ga2hj azzmtool.com kbfvzoboss.bid alphastand.trade alphastand.win alphastand.top # Reference: https://twitter.com/wwp96/status/1329978193932148736 drdoganaykurkcu.com myrilullimoti.blogspot.com # Reference: https://twitter.com/wwp96/status/1331061816466825217 # Reference: https://app.any.run/tasks/0aee4b8a-f366-4664-9064-c57f2464f9be/ alahlasi.com # Reference: https://www.virustotal.com/gui/file/f33cdff4f644b093d5781173c8de5df4d59f862c7b7744223b7190f4f385bdaa/detection blueriiver-eu.com # Reference: https://twitter.com/wwp96/status/1331050614520942597 drdoganaykurkcu.com # Reference: https://twitter.com/ffforward/status/1331239313036742658 # Reference: https://twitter.com/wwp96/status/1331415443375091714 alphastand.top alphastand.trade alphastand.win kbfvzoboss.bid legalpath.in/cc/Panel/fre.php # Reference: https://www.virustotal.com/gui/file/786bf0aa16596b06d3675c227f92bf8e0480c583b519b6b245933b46c268ecdd/detection propertymanagementmelbourne.biz # Reference: https://www.virustotal.com/gui/domain/x2z6c.xyz/relations # Reference: https://app.any.run/tasks/35acbab8-06d0-46d2-8f6f-3a1b198c24ae/ x2z6c.xyz # Reference: https://www.virustotal.com/gui/domain/quehenbergar.com/relations quehenbergar.com # Reference: https://www.virustotal.com/gui/file/af1a2e495c046c3b0e03d321c1f20c43198e2e8c88c41ab09a91ae80c5610137/community # Reference: https://urlhaus.abuse.ch/url/852301/ stdyshgshgnationalobjindustrialatstvar.ydns.eu # Reference: https://twitter.com/wwp96/status/1332138215877316608 tradesgroups.com # Reference: https://app.any.run/tasks/0fe6cd64-2924-4c30-9fd9-3fc06373293c/ endustrigm.eu # Reference: https://otx.alienvault.com/pulse/5fcb7771ab7af05588bf0f85 # Reference: https://app.any.run/tasks/823eff01-5489-4ae3-a364-aaab1cba7822/ # Reference: https://app.any.run/tasks/cd3ce9d3-e315-455e-84f7-de96cd1cb52c/ # Reference: https://app.any.run/tasks/ca5c5b8f-f927-481b-ba08-1226901a19d8/ greenwsdykegheedahatakankeadeshnaawsgma.ydns.eu digicon.com.mx hanmails.net thunlen.com webtex.ga # Reference: https://twitter.com/wwp96/status/1335697459452973057 x26zc.xyz # Reference: https://twitter.com/wwp96/status/1335698009515057160 # Reference: https://www.virustotal.com/gui/ip-address/104.168.146.103/relations http://104.168.146.103 /eXcessBLESSINGforTheBoy/ /MegAMOneyMenINTurkey/ # Reference: https://twitter.com/wwp96/status/1335698347051671553 # Reference: https://app.any.run/tasks/5bb59473-bef2-4392-9b65-00885ef59489/ http://45.134.225.18 # Reference: https://twitter.com/wwp96/status/1335698992768954373 # Reference: https://app.any.run/tasks/38bcb9fb-7377-4850-a0da-137748114e80/ retrak.co.ke/psy/five/fre.php # Reference: https://twitter.com/JAMESWT_MHT/status/1335857233792557056 benweve.com # Reference: https://twitter.com/wwp96/status/1336054621501071361 roycolemandds.com/royco/five/fre.php # Reference: https://twitter.com/wwp96/status/1336055936893509640 foremanindustrial.com # Reference: https://twitter.com/wwp96/status/1336342722131730432 # Reference: https://app.any.run/tasks/22cf8f61-87d2-4b93-b7a1-f0a674694f8c/ begadi.ga sndyantipiracydetectorganisationfsnfilm.ydns.eu # Reference: https://twitter.com/wwp96/status/1336339387085307904 # Reference: https://app.any.run/tasks/429f4ced-640a-4690-b6c3-87e2e2ce38c4/ http://185.239.242.219 # Reference: https://twitter.com/wwp96/status/1336338329235648514 # Reference: https://app.any.run/tasks/56e10048-ca4a-47fd-b009-7d6b8954d56f/ http://37.46.150.41 # Reference: https://twitter.com/wwp96/status/1336342967230062597 # Reference: https://app.any.run/tasks/3d21e672-ad77-4e06-a4c6-a49b22799f04/ ge0x.com # Reference: https://twitter.com/wwp96/status/1336487986519830533 clubulvacantei.ro # Reference: https://twitter.com/wwp96/status/1336838356316073987 # Reference: https://app.any.run/tasks/9bc031c5-cb69-4318-b51c-0c89033cc5b5/ http://198.44.96.231 /ZanGarOLLIngChiFAGbor/ # Reference: https://twitter.com/wwp96/status/1336832463868452870 # Reference: https://app.any.run/tasks/254603fe-3ca6-4de2-923d-eb841a889697/ forrastfoods.com # Reference: https://twitter.com/wwp96/status/1336831438315016193 # Reference: https://app.any.run/tasks/ca33f943-cb89-494c-950b-20ca747dc70e/ jessicaarnold.com # Reference: https://twitter.com/wwp96/status/1338467036037574657 balanceconmunity.com # Reference: https://twitter.com/wwp96/status/1338467507313782785 bms-itd.com # Reference: https://twitter.com/wwp96/status/1338465275142868993 asiacmolds.com # Reference: https://www.virustotal.com/gui/file/79c9d49f88ea4b408c8bfd88e0b60ffbd9f63dd6542eb54867b49cfb09933a8a/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/url/e29d5fc79b469f8028281e4a08ef2a3e372e9d5521509a6a36a52ba9b438c44f/details shgshgstdynationalobjindustrialatstftp.ydns.eu # Reference: https://twitter.com/wwp96/status/1338897248894275585 stdyantipiracydetectorganisationfstfbbc.ydns.eu # Reference: https://twitter.com/wwp96/status/1338885068601896960 cyber-access.co.uk # Reference: https://twitter.com/wwp96/status/1338893400750211074 cleo2solutions.com.au/wp212/five/fre.php # Reference: https://twitter.com/reecdeep/status/1339494112278573056 wsdychnesqudusisabadassniggainthewsbkw.ydns.eu # Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1211-1218.html (# Win.Dropper.LokiBot-9810026-0) # Reference: https://www.virustotal.com/gui/file/7134a18aa564b29298bc83a170ad8262264b18d788d5fcc104de189b1522deab/detection pionveriy.com resgisupdatex.com seeuaround.info techsupdate1.com # Reference: https://www.virustotal.com/gui/file/31d3b6f541ae1432070588b31f3e57ea088d96c19ca00780b7e3a5a9637f393e/detection microsoft23-uslive4.online # Reference: https://app.any.run/tasks/6122c973-3625-4a60-aef7-511ae9d1a248/ habibmentro.com # Reference: https://www.virustotal.com/gui/file/dcc94b0c8fdf6952bd3018d92c1264651d50aaa7911195bb6f9bc6b97618b191/detection http://185.206.215.56 # Reference: https://www.virustotal.com/gui/file/84bad84c6f92ba34b25d9a3164f1abc82986ddd901128eb5e71f60d23d063c32/detection http://79.124.8.6 # Reference: https://www.virustotal.com/gui/file/956741cfb963a29651abae4b0bee9185ad7688cdc0f97f2336c891daab84976e/detection gulshanti.com # Reference: https://www.virustotal.com/gui/file/89ca0ea25e05983099ae8221becde0d57c5528d85d6ab8fd944f7c941437d679/detection deqtmaysoor.com # Reference: https://www.virustotal.com/gui/file/81274d23515440feac07a591db64f946640ab3a4350bbfaa0d955ced83175fb0/detection taiwanmoid.com # Reference: https://www.virustotal.com/gui/file/02944dc72a15e92ec94c453c74c9564cb59ac7717dffcb25fa854a2e587fb737/detection worldpackmx.com # Reference: https://app.any.run/tasks/f22144f0-004d-4a55-845e-9cee9c776cef/ # Reference: https://www.virustotal.com/gui/domain/paciflxinc.com/community paciflxinc.com # Reference: https://twitter.com/reecdeep/status/1349635770060042240 # Reference: https://otx.alienvault.com/pulse/600184f383b1874288c3d81f # Reference: https://www.virustotal.com/gui/file/9213594d63646a5144de658badc6f9fd4ac15ce711bac1f115ccdf08d74c8add/detection blueriiver-eu.com lmpulsefashion.net shgshgwsdynationalws.dns.navy # Reference: https://twitter.com/reecdeep/status/1351181201382502402 # Reference: https://app.any.run/tasks/3cd52c62-e96c-465c-ae06-aec3059a8414/ # Reference: https://app.any.run/tasks/2f90556b-c4c6-4b1a-a6ce-f924fbb49be1/ becharnise.ir # Reference: https://www.virustotal.com/gui/domain/dcspm.xyz/community dcspm.xyz # Reference: https://www.virustotal.com/gui/domain/katikati1.ga/community katikati1.ga # Reference: https://www.virustotal.com/gui/domain/xz26c.xyz/community xz26c.xyz # Reference: https://www.virustotal.com/gui/domain/martinskrtel.gq/community martinskrtel.gq # Reference: https://www.virustotal.com/gui/domain/ovcslogs.ml/community ovcslogs.ml # Reference: https://www.virustotal.com/gui/domain/spmdc.xyz/community spmdc.xyz # Reference: https://www.virustotal.com/gui/domain/jumiliaintl.ml/community jumiliaintl.ml # Reference: https://www.virustotal.com/gui/domain/kox.juristi.info/community kox.juristi.info # Reference: https://www.virustotal.com/gui/domain/pkuz.xyz/community pkuz.xyz # Reference: https://www.virustotal.com/gui/domain/mnbp.tk/community mnbp.tk # Reference: https://www.virustotal.com/gui/domain/onlygodem.com/community onlygodem.com # Reference: https://www.virustotal.com/gui/domain/ge0x.com/community ge0x.com # Reference: https://www.virustotal.com/gui/domain/adobedocument.cf/community adobedocument.cf # Reference: https://www.virustotal.com/gui/domain/microsoft23-uslive4.online/community microsoft23-uslive4.online # Reference: https://www.virustotal.com/gui/domain/balanceconmunity.com/relations balanceconmunity.com # Reference: https://www.virustotal.com/gui/domain/asiacmolds.com/relations asiacmolds.com # Reference: https://www.virustotal.com/gui/domain/tuandat-vn.com/community tuandat-vn.com # Reference: https://app.any.run/tasks/9f65a096-38c7-4f88-b7f7-6ed925e70995/ zunlen.com # Reference: https://www.virustotal.com/gui/file/03cf03d1cb4fa502ef1992e2aad3f1f7f0d7fbf1f16839d87eaa04f330211bbe/detection http://104.223.170.100 # Reference: https://otx.alienvault.com/pulse/600abf719f1151b28321f55a # Reference: https://www.virustotal.com/gui/file/902097c3f3f47a39b7d661c3ee5736ce258ed3862a3740a71820b10cc2fcf939/detection # Reference: https://www.virustotal.com/gui/file/600e4f952ff54d9e5051b0b7b1a32a8a12c8efd6e08a87b9f67447d354853e91/detection # Reference: https://www.virustotal.com/gui/file/0363812a5fc968e7f43e83873dcf81915da64f4458ce84deb8906a31a1b7962b/detection mannaton.com papanwa.com wagisz.com # Reference: https://app.any.run/tasks/aae239db-83f1-4277-a29a-e1e9bacef997/ oct2.xyz # Reference: https://app.any.run/tasks/f224a884-cda3-48da-9aca-5e3361a6bbee/ pearl-energia-hu.ml # Reference: https://app.any.run/tasks/47bea1eb-f304-4820-a700-f14886b77741/ upbckwsdyfaruzevwskx.dns.army # Reference: https://app.any.run/tasks/47bea1eb-f304-4820-a700-f14886b77741/ zangaa.com # Reference: https://app.any.run/tasks/7c07b1d2-7595-48c6-b3eb-4e63dafd72a4/ # Reference: https://urlhaus.abuse.ch/url/986053/ # Reference: https://urlhaus.abuse.ch/url/980012/ # Reference: https://www.virustotal.com/gui/file/bf96d045cd9edd9519e2f4738ca03e73c409dd1a36b2cb70228bb6c7aaf53cc5/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/dfe044c12d3cd08182460432bc569811a9d657fc69d18549b7e66fcf1d16af2d/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/ip-address/103.99.1.173/relations mslogstdyinvestmstqw.dns.army mslogtsdyinvestmntsn.dns.army sndymsloginvestmntsn.dns.army mslogwsdyinvestmntws.dns.army # Reference: https://twitter.com/reecdeep/status/1357239822667177984 ragnaar.us # Reference: https://twitter.com/MSteve25/status/1357400557015695360 dstutoring.co.za/dstu/five/fre.php # Reference: https://twitter.com/reecdeep/status/1359083800337252353 sspmoct.xyz # Reference: https://twitter.com/whitehoodie4/status/1359427231907471361 # Reference: https://app.any.run/tasks/0ea99cf7-a982-4fd5-8fdb-8fb87bb91729/ # Reference: https://app.any.run/tasks/7cd630b8-aa8f-4b94-b825-b12e5ab8ab00/ http://51.195.53.221 # Reference: https://app.any.run/tasks/27248d81-0a85-4dea-8024-88a95d3b0f72/ atlasqrp.com # Reference: https://www.virustotal.com/gui/file/84262bd7245efd69020a3c4dadc42814d6450467c7f111326019ccbd5cb1a4c1/detection azmtool.us # Reference: https://www.virustotal.com/gui/file/96fc6262a2fc1c74b041cbf0189fe02225dd5b117a2d80dca53d665f34376d71/detection klimsourcinq.com # Reference: https://www.virustotal.com/gui/file/b2bb1dbe470290b55f3e236d70d497ada40c1436c61432924c4503f120e191a0/detection newcesarnex.com # Reference: https://app.any.run/tasks/9087025d-aeb9-4c0a-b5fb-0c6c01bdc161/ 3tril.com # Reference: https://twitter.com/wwp96/status/1364222356844130305 # Reference: https://app.any.run/tasks/1e40d1c0-441f-4f04-8c63-0b11b66a64be/ opdebeeck-vvorth.com # Reference: https://twitter.com/reecdeep/status/1364120441430892545 nitengystdylunatsthj.dns.army or-logistlcs.com # Reference: https://twitter.com/wwp96/status/1364617639595761667 # Reference: https://app.any.run/tasks/d84243a5-a811-4f9f-8f74-a4d1d62758f4/ ianmaclaod.com # Reference: https://twitter.com/wwp96/status/1364811956763455489 stdychnesquduslasisi.dns.army # Reference: https://twitter.com/wwp96/status/1364985123918200833 mndytheviejupcafgast.dns.army # Reference: https://otx.alienvault.com/pulse/603cd878f5c176eb44d16c62 fakeme.us notaires.ml # Reference: https://twitter.com/wwp96/status/1366423563067080708 # Reference: https://app.any.run/tasks/cb3e403c-8a4e-4e11-bd17-3998d52be8d3/ takr.xyz # Reference: https://twitter.com/wwp96/status/1366433733331595267 # Reference: https://app.any.run/tasks/52134e48-f8f9-4211-a5c0-de8221497f19/ nbnbstdynewagedevice.dns.army # Reference: https://twitter.com/wwp96/status/1366434054904684548 ritcophysiotherapy.com.au/hod/five/fre.php # Reference: https://twitter.com/wwp96/status/1366433733331595267 twocups.io/fonts/csm/twoc2/fre.php # Reference: https://twitter.com/luc4m/status/1366807263168499713 # Reference: https://www.virustotal.com/gui/file/25316976638e2904db2baa1dcaee6f5b2aa1745e268236545cb0bb353bdd3133/detection gilardoni-it.xyz # Reference: https://twitter.com/wwp96/status/1366833259167023112 sunwindz.in.net # Reference: https://twitter.com/wwp96/status/1366833336430325761 hiqhway39clothing.com # Reference: https://twitter.com/wwp96/status/1367333816461897728 # Reference: https://app.any.run/tasks/e49801eb-8626-452b-b053-b01ae8383661/ tsdytopretwoanimavin.dns.army turbinetechnlcs.com # Reference: https://www.virustotal.com/gui/file/17c2cd6cfad567f1a23bba2bba2ffa42127fc96a47b16ec712a6cfb861329d37/detection manioscinetools.ga # Reference: https://www.virustotal.com/gui/file/267d978525035bd0bea01078c5d2370e39eeb0580c644ea9ded109175ce99db2/detection stdyrusschine2ganmax.dns.army # Reference: https://twitter.com/pmmkowalczyk/status/1367513333629337604 ibgreenstdyfestivers.dns.army kungsb2stdygotmental.dns.army stdyrusschine2ganmax.dns.army # Reference: https://twitter.com/K_N1kolenko/status/1367777662341636097 http://142.11.210.173 eurasiacl--kr.com locandasolagna.xyz merivaara.xyz # Reference: https://twitter.com/K_N1kolenko/status/1367777709032677378 schroederindustries.cf sdworks-kh.com turbinetechnlcs.com # Reference: https://www.virustotal.com/gui/file/4c5927931366b44575743070f799c7f7b4ac67a248fd4551dcbd4cced53fd358/detection taker1.xyz # Reference: https://www.virustotal.com/gui/domain/gunrunners.com/detection gunrunners.com # Reference: https://twitter.com/wwp96/status/1369456626231607302 # Reference: https://app.any.run/tasks/1062df81-c0b5-4d74-8c68-9aca280a2578/ bremileintl.ga # Reference: https://twitter.com/wwp96/status/1369455636434591749 # Reference: https://app.any.run/tasks/095e3089-f42a-4a20-9071-054ccb5db7f0/ optimalwellengineering.com/hkd/five/fre.php # Reference: https://twitter.com/wwp96/status/1369452911193956353 # Reference: https://app.any.run/tasks/ba3afc27-b868-4873-b6d2-5167d570386a/ taker2.xyz # Reference: https://twitter.com/wwp96/status/1369685805057314817 # Reference: https://app.any.run/tasks/ca5905fd-4141-42af-b1d7-2375f4a9dbf0/ http://193.56.29.165 # Reference: https://twitter.com/wwp96/status/1369685649918398469 # Reference: https://app.any.run/tasks/1e8c8938-2f96-4e72-b1ea-6c865223e098/ eurasiacl--kr.com stdytopreoneenversrw.dns.army # Reference: https://twitter.com/wwp96/status/1369682990628999175 # Reference: https://app.any.run/tasks/b93ad205-66a9-4104-810b-7f6cf14d89da/ seafirst-kr.com theviestdyjupcafgsvb.dns.army # Reference: https://otx.alienvault.com/pulse/604b58f4d2a09cb827a9df55 astro--pacific.com # Reference: https://twitter.com/pmmkowalczyk/status/1370437460971360265 libo-cc.com # Reference: https://twitter.com/wwp96/status/1371823183347728385 # Reference: https://app.any.run/tasks/4cb0713d-41dc-4598-9883-e8cbddf4503f/ exchangebill.xyz # Reference: https://twitter.com/wwp96/status/1371824003392942094 # Reference: https://app.any.run/tasks/e9508d8c-38c7-41fe-951a-e8f78e502232/ http://87.251.79.157 # Reference: https://twitter.com/wwp96/status/1371823839278211073 doshlforex.com # Reference: https://twitter.com/wwp96/status/1372017516961280005 # Reference: https://app.any.run/tasks/520f4cc5-26fe-4af2-9a6c-e3cd0cd35ed8/ raptechenglneering.com # Reference: https://twitter.com/wwp96/status/1372015190036865026 # Reference: https://app.any.run/tasks/be4e8355-d827-4522-a2fc-b833a2757f1a/ kweend.com # Reference: https://twitter.com/wwp96/status/1372014489290350595 # Reference: https://app.any.run/tasks/d3e8c107-7139-4dac-928a-1f25f75d0e34/ btsuganda.net # Reference: https://twitter.com/wwp96/status/1372013239517773824 # Reference: https://app.any.run/tasks/6accddac-e53b-4f13-9abd-5effeeaacee5/ solumaticsac.com # Reference: https://twitter.com/wwp96/status/1372012705687732224 # Reference: https://app.any.run/tasks/c474020f-46e4-46ee-8f5a-b4585881f17f/ wonkwonschoolrp.hopto.org # Reference: https://twitter.com/wwp96/status/1372218390761377792 # Reference: https://app.any.run/tasks/4aac3803-55b7-4cba-9224-19cc193c42b2/ nakib.buet.ac.bd/ox/Panel/fre.php # Reference: https://twitter.com/wwp96/status/1372219685098389509 # Reference: https://app.any.run/tasks/f5088ddd-0c00-42d6-9405-533605623cf2/ papanwa.us # Reference: https://twitter.com/reecdeep/status/1372831122174963713 stdykungsb2talentwej.dns.army # Reference: https://twitter.com/wwp96/status/1374089580337623044 # Reference: https://app.any.run/tasks/4dd28dbf-a5d5-418b-a275-d0dbd65ed241/ splitwise.xyz # Reference: https://twitter.com/wwp96/status/1374087082503778308 # Reference: https://app.any.run/tasks/85549f57-5e33-425c-806a-f4141c414edc/ kencana-sakti.com # Reference: https://twitter.com/wwp96/status/1374086006589296646 # Reference: https://app.any.run/tasks/0b18d4be-7833-4ae4-a5df-6fb791c866a5/ http://203.159.80.87 # Reference: https://twitter.com/wwp96/status/1374085642309804039 # Reference: https://app.any.run/tasks/8f3c8422-e6ea-4738-9e47-c1e7b910e91d/ akhtargroup.xyz # Reference: https://twitter.com/pmmkowalczyk/status/1374317050320068610 # Reference: https://twitter.com/pmmkowalczyk/status/1374317051788021762 fauracia.biz moem-my.com transcorpoil.us nbnbnstdylionkistwcx.dns.army pmrimestdylimtstwork.dns.army rkkrstdygorgiousejds.dns.army stdyunitedkesokostxc.dns.army # Reference: https://twitter.com/wwp96/status/1376023882168156163 # Reference: https://app.any.run/tasks/99a8ed00-e4e4-44dc-bce6-451c00f47455/ camfil.xyz # Reference: https://twitter.com/wwp96/status/1376544786069458954 # Reference: https://app.any.run/tasks/2eb65481-a609-4cd3-a354-0f047fc93733/ baysankazan.biz rkkrstdygorgiousejtw.dns.army # Reference: https://twitter.com/jstrosch/status/1376561007477280775 chem.buet.ac.bd/ox/ # Reference: https://twitter.com/wwp96/status/1376721258004500483 interocean-my.com # Reference: https://www.virustotal.com/gui/file/07ec8aba1d41b1769e50c309d5a8a7f6a513c1d373f8e32bbc2fc766bfc66e04/detection gccorps.com # Reference: https://www.virustotal.com/gui/file/8e15f76149baa634caba6bcb021a5793f9b86c6290247d62a3f9628e5e147c7f/detection lucreneluxe.com # Reference: https://twitter.com/wwp96/status/1379440650689593345 # Reference: https://app.any.run/tasks/43f83b67-59ff-46db-b39f-03c8d1cc92c1/ transcorpoil.com # Reference: https://www.virustotal.com/gui/file/90264601dc078ff9628a36dcca7a4ca0c65c7c68315601f6688f2690847fdab7/detection amrp.tw # Reference: https://otx.alienvault.com/pulse/606ef1757caeabbc2d4aa847 laes12.com # Reference: https://twitter.com/malwrhunterteam/status/1381494190706659329 covid19vaccinations.hopto.org # Reference: https://www.virustotal.com/gui/file/7eacabe85e7c5d75c8505348c3729fb9b1a865674632cbe95bf2b3a23828a6b1/detection zkl-cz.com # Reference: https://twitter.com/wwp96/status/1382001625498271748 # Reference: https://app.any.run/tasks/a2fe837f-befc-4d24-bc8b-039e9f87316e/ eyecos.ga # Reference: https://twitter.com/reecdeep/status/1385500693591691264 meirback.co.uk nbnbnwsdyewagedevibc.dns.army # Reference: https://twitter.com/wwp96/status/1385604326530367491 # Reference: https://app.any.run/tasks/883bffbc-29bc-4f27-8cf3-fe6f73b7162a/ optimalwellengineering.com/f9wp/five/fre.php # Reference: https://twitter.com/wwp96/status/1385605815386714115 # Reference: https://app.any.run/tasks/e2579e8b-cab1-4fd7-a466-723ded7bf67e/ http://104.168.213.88 # Reference: https://twitter.com/wwp96/status/1385604849883140099 # Reference: https://app.any.run/tasks/2c20c9db-6556-4bc5-a719-af0e61b2060d/ http://104.168.140.79 # Reference: https://twitter.com/wwp96/status/1385599764713164803 # Reference: https://app.any.run/tasks/8b9e8a8d-f248-4738-a635-e79eed4e043f/ dlcswsdymedicalcenfw.dns.army qrnigroup.xyz # Reference: https://twitter.com/wwp96/status/1385600035832881157 # Reference: https://app.any.run/tasks/8960af00-15f7-4267-880f-b64acd48e8c5/ bncoporations.gq nmxwllwsdyminorawsbx.dns.army # Reference: https://twitter.com/wwp96/status/1385600469184172033 # Reference: https://app.any.run/tasks/9993aa16-9c9c-460e-b785-cb00c8bd1148/ issth.com wsdyblyblycomunicakh.dns.army # Reference: https://twitter.com/reecdeep/status/1386660777948598278 http://173.208.204.37 # Reference: https://twitter.com/jorgemieres/status/1386690315445211138 # Reference: https://twitter.com/jorgemieres/status/1386696255338917900 alhjchstdyfonlinstft.dns.army annyms2stdygeneratga.dns.army blyblystdycomunicafb.dns.army kungsb2stdytalengvs.dns.army stdydlcsmedicalcendc.dns.army stdykungcommunicathf.dns.army stdynmxwllminorabxst.dns.army stdyrusschine2opelkm.dns.army stdysara2entertastxc.dns.army stdysara3entertastkp.dns.army stdysuresbonescagemv.dns.army stdyunitedkesokohpst.dns.army stdyworkfinetrairest.dns.army # Reference: https://twitter.com/petrovic082/status/1388178799532126210 mdtudymicrosoftfstix.dns.army # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt ertfjgcjfkgkkgvkgkfdxcfc.cf # Reference: https://www.virustotal.com/gui/file/872bf451a298ebb966dc6b9703776b3e2c1066c7602245eb4e7a2ea0b81a3b27/detection gracebytry.tk # Reference: https://www.virustotal.com/gui/file/6244fb6343241ba1715ea8d107bca4e5697a385bd1c6f5aafbdd4c1d4604f4f5/detection hfhlagljsljtls.ml # Reference: https://www.virustotal.com/gui/file/ec346d91c9e79ce00a1d0a08f50547a6aa1114d2fec2d76495a1eb931acab9bc/detection tequakes.xyz # Reference: https://www.virustotal.com/gui/file/4d427a00778a6dead673e64606f3e1dcca673a024c2bf92ec93803ce0812f6bb/detection aflcargo-hk.com # Reference: https://www.virustotal.com/gui/file/fd5e9435f8d31ea16d0fbb723591451088d360f6096ef5823ddcae4bd4ba3a44/detection greenbazaar.xyz # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt # Reference: https://www.virustotal.com/gui/domain/ayioramaboli.com/detection ayioramaboli.com # Reference: https://www.virustotal.com/gui/file/2dfe18eed3b10ed896756e5c61d05b974368ef2b42eedb415c55b7ab6e43a9b7/detection learef.tk # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt # Reference: https://www.virustotal.com/gui/domain/mazeedkyabar.com/detection mazeedkyabar.com # Reference: https://www.virustotal.com/gui/file/d9b3d253203b2cb5216b1b69b1e8eea44910815ba569c17656f46790c9694571/detection livbayn.ml # Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt 042newpanel.tk 11n.nl 195482902.ga 22y456.com 36258560.com 365-team.org 3glytldqdo.xyz aarasid.com abachereku.bid abatii.web.id abchome.ml accesssinfo.site accountnumb.com ace3.legendsbotnet.live acsbaroda.com adimma.xyz admino.gq adrack.us agricomimpex.com ajibadatzalim.com ajmanz.gq albertoforwardings.us alexboolooobinna.info alhadin.nl aljesvin.com allstroyka.by alpacham.com americanbestseasfood.com americas-tsubaki-nakashima.com anchormarineqroup.com anguiillanet.com annamadums.ml antespan.com apbco-co-za.tk apllusbat.com appointedright.ru araphat.thewisemen.ml archive.linux-archive.org arispedservices.eu arneropa.com arnylco.ru askchyariwaraph.pw atlansexpress.com auscanforum.com autocomms.co.za avvalves-com.ml baidudownload.com balerji.cf balerji.ga balerji3.tk bandllnc.com bandroxoma.com baonlineinc.com barryfitnessgym.com bartolini-system.net baycord.ga bclm-es.info bearings1.eu beeder.club behinpaad.gdn berfipol.co.vu bestmomreviews.com betim.nut.cc betnet.usa.cc bisan.com.sa blackat-com.gq blaztech.us blentus.nut.cc blessing.werner-rnertz.com blocomplimited.biz bluebolts.pw blumetterflu.tk bnswoods.pw bobbyflakes.tk bobbywaysg.cf bollingoes.ml bosmax.ga bradlack12.ru braithwalte.co.uk bravest.beslermakarna.us bravest.navelr.com brixtrading.org brokenskull247.ru bsales.cf bustaguy.ml bynewcrest.ru cadjetbums.ml cafe-family-club.by camprai.com capitaltantrum.com capty.nut.cc catalogobrasil.net cavenaghi-it.com cbiraqi.com ccrushers.site changdeacorp.com cheapcarinsuranceways.info check-your-file.gq chelsoto.cf chenghudmfg.co chiddy.baxishop.ro chidodo.gq chilliseudp.tk chinaquanchenq.com chitasheesha.com chritlebrittle.tk chuloworks.org chyasktutorial.ml cillad.ga cilt-m.com.my citymoney.tk claeverbrooks.com claudfx.win clcb.flu.cc cng-europ.com coins.btcsfarm.com comatprojects.com compraventaeloro.com contrig.ga cooldark.ml copride.ml corelis.group coteserca.com.co crackjack.club cred0paper.com creeden.ml cronwtyres.com cultiva-es.co cyber-loki.gq cyberink.btcsfarm.com d4t.com.mx daconstructions-ksa.com daicoaero.ru damiano.modexcommunications.eu dandoesinternet.com darartcraft.com darlinculture.tk darlingtraders.tk darlinlove.xyz darlinmove.tk davuchi.eroea.com dcm2195.com dcproduct.ml ddclsmcc.eu dealinproces.com decemberrushing.us declog.eu defeatvillage.ml degea.ga deips.com deloilte.com densefox.ml deradprash.com derekmotionpictures.com deskverifycontent.com detini.nut.cc devhaevents.us diamond-fox.ru diferreirabarbershop.com.br dilinger.ga dixii.org dogged.cf domainsender.info donsnookie.club dos-bilz.ml download9.cf dragon-ballz.ru dreadtraders.tk dresson1.com dualpanels.biz dubzfile.tk dukhdardhis.com e-qreentech.com earlhome.gq eastcoastrest.com eastern1961-sg.com easyflexible.ru ebukagodsy.com ebzoet.gq:5090 egombia.xyz eketego.xyz ekhourkaintazar.com eleletieleleparthard.cf eleletieleleparthard.ga eleletieleleparthard.gq eliscoinc.com elppete.ir emakgroup.de embarasstor.com embramedica.com.br emeka.kenal-cn.com enerqyintl.com enerrpac.com enerst.thawaslobem.com enesadvert.ru erintoba.info eriousimen.ml erobinhood.com eroea.com estedoctorhair.com etc.ashcarsales.co.za euro-union-uk.com europharmaint.com eurotexifilati.com expenlid.ga extrainformativo.com.au eyota.com.sg falgahnim.com fashfunds.ml fashionstune.com father.kenal-cn.com fatoil.ga felix.thawaslobem.com fghnj.gq fidingonman.com file.kenal-cn.com filteroceans.club finixgroup.ga finixgroup.ml finixgroup.tk fintin.ml firscool.us firstfive.net flakehop.ga flockrib.ml floxblog.ru flsmidhtmaaggear.com forevergod2017.com formypeople.ml forrentinvegas.com forum.somedizzy.com fourrese.net frank.ge-com.us frankjoe.uzocoms.eu franklin.navelr.com fredricklanehsc.ga freshfund.in front.postmaster.services froshserv.com fullofdeals.tk gabtlc.com gamesarena.gdn gamestoredownload.download gartanfinanceltd.com gebbatrip.club geckoplumbing.com.au generaldope.ml georgepablo.ga geranntibankasi.com get-cryptostorm.com getupandcboz.com gidynamictiling.com.au glohard.ga godblessmedisyear4me.ml gokuu.club goodisgoodter.com goodman99.info goodtimegroup-tw.com govietbac.com grace4good.cf graceandjoyfamily.cf graced2.info graceisall.com grantis.us grantlopez.cf graviteocup.us greenchem.xyz greenfleld.com gsstationery.com.my gtowers.ga gtowers.ml gtrnusa.com guelphupholstery.com gulfclouds.site halimofset.com.tr hamagepine.ml hamon.ir hardigononne.com harltdoors.com hatsgood.co.uk henrikoffice.tk hiepphat.com.vn hilonguea.com hitech-mfg.cf hkenngr.com hotbloggerslab.usa.cc hriata.com hs-bc-grps.com hta.duckdns.org humsabkinz.info hushkush.net huverg.ru hydeoutent.com i042.mobi ibclinited.com ibexexpressint.com iclear.studentworkbook.pw ieuchanesz.co.uk igtckeep.com ijabosspanel.tk ijapersonal.ga ijelevine.ru ike.kenal-cn.com inciqsyuasa.com infodayclubhai.com ininox.com insightthk.com ipm-com.tk iprogyz.com irclass-org.ml irgkaz.me irukastella.tk isolve-id.com itgpll.com jahisable.com jalango.co.ke jamespanel2018.tk jaobhaezrasam.com jaygarish.com jayp.eu jdstaron.ga jelimold.com jeryterss.ga jhfjfiwjdnfnfwwa.ga jiren.ru jizzy.kenal-cn.com jlabcheminc.ru joe.kenal-cn.com jojohats.co.uk jollipa.net joshkelly.club jowakasuperlinksltd.com jukinem.ml jukinewnem.info jumangiback.com just-toboy.ga justasiamwithnoplea.ml justcj.info justloki.com justpick.pw jvl-jp.co kabelospy.ga kabospy.ml kadugoshtwah.com kahanigharlo.com kajlaraykaj.com kaokao-twn.com karmartec.com.au kasongogold.com katherinajetter.com kc.kenal-cn.com kc2zx.trade kdotraky.com keftylador.xyz kekene.cf kekene1.cf kelechideve.tk kelechienter.tk kelsandsons.info kenabee.in kennycarson.info kentex.pw kerlogers.tk kersterus.gq kikehraeein.com killz.pro kindomstar.com king.thawaslobem.com kings.jesseworld.eu kitnasedhasa.com klpra.com komputerowybank.pl kox.termofoc.gr koz.farmia.rs kurarray.com kz.thawaslobem.com labibread.info lahtiprecission.com lahtiprecission.ir lahtiprecission.ru lallahome2.ru lamid1.nut.cc landmarksand.ru lastlapsantos.info launchgrowthtoday.download launchgrowthtoday1.download lauzon-ent.com laykaruthunga.com lbtem.flu.cc leak-hub.com ledteroptyi.xyz lembe.flu.cc lenet.usa.cc leparadisdemarie.ca life-is-beautiful.in liftupmyhead.biz lights-craft.net liltem.flu.cc linkhome.ga lionltd.pw lipairfoods.com lisgroup.info littleindiadentist.com.sg lltagrain.com lnsect-net.com lockhome.ml lodestarlegal.com.au loggerkeys.us logs.fttrnas.com loki-business-gathering.gq loki-panels.cf loki-panels.tk loki5.info lokibotnet.ru lokibotnetpaneltwist.tk lokipanelhostingpanel.ga lokipanelhostingpanel.gq lokipanelhostingpanel.ml lolibes.nut.cc lopdent.club louloulisle.com luck1.ir luck2.ir lukaku4.gq mabnibatain.com mabuhaymarlne.com maduifeanyi.tk magic3.ml magic4.ml magii.club mahkotamaju.com mailsecuritysxyz.ru main.podcastim.net makeyourbrandz.com mamat-sa.com marcphillipsrugs.ml masgrop.gq massageseatssure.com mattlc.com maxesupport.com mclhk-net.com mdolk.ru mega25.ga megatradeinvestment.com mejeq.xyz messic.cf meta-mim.in metalhubadf.xyz metalurgicaruedams.me mi.kenal-cn.com michelle777.ru micol.date migtates.ga migtates.ml mindslaver.com mini-azs.com.ua minitex.nut.cc mirka-sg.com modcloudserver.eu modestclouds.eu modexcloudserver.cf modexintl.xyz mohamedghareeb.com molazporam.com molcarjo.com molinolatebaida.com mountaintopbuilders.com mountainviewproductions.ca ms12hinet.com mtene.nut.cc munachi.ru muztarelakop.com myapplicationsdownload.download mylokipanel.cf mylokipanel.ml mypnel.usa.cc naman-pn2.usa.cc napat.tk narcosblue.net neduneche.tk nemmarchending.info netpy.usa.cc networko.tk newconnect.duckdns.org:1717 newdawn18.com newhousepanel.info newstuart.com nikasaprobz.com niki-gmhb.com nl63.com nnpcaids.com.ng nomlist.ml nsdic.pp.ru nsogbu1.tk ntgas.ml nunuseasondoggy.cf nutbe.nut.cc nutbep8.nut.cc nutp7.nut.cc obatoolz.ir oceanclubsreloaded.us oceanlinkmarrine.com octaver.ga off335.info ogaces.ru oilwell.pw okilo.kenal-cn.com okungbowo.com oliverrbatlle.com oloshilogs.gq olufseni.cf omann.ir oneluvs.ru onlygoodman.com ontime52.com openworldgames.net optimumcash.net oputaobie.eu orderhrf.info ordheet.gq oredis.ma oshapra.com osspanels.info paadasala.com.au paclficinsight.com padyitoppon.ga pafindo.me pandemoniumsp.ml panelonetwothree.tk panels18.info parsleytire.bid paylesssignandprinters.ca pecfetc.com perfectjudge.com.ng perkasaloki.info petroneel.co petrowind.com.ph pf-pv.xyz phcc-india.com pierret.ml plasplupunion.com pldtdsll.net pmxmc.party poeppelmannn.com portlovers.usa.cc poweringinfluence.com prassqautor.in premierevents.co.zw premoldadoslopes.com.br primausaha.net propertymanagementmelbourne.biz publicspeaking.co.id pupetg.ml pvcfloorco.com qaza.pw qood-universe.com quantumegypt.com qzec.club ragasgki.gq rajas.cf rb-nitl.com redkantipur.com refractoriesexperiencesrl-it.com regdombe.com resensepas.com rettgive.org rextaeri.bid richkidinvestment.biz ritsuninfra.in rmsalf.com rockingworld.gq rostizadonaums.tk s116832.smrtp.ru s117238.smrtp.ru s117247.smrtp.ru s56569.smrtp.ru saeeaglesgroup.com safaricomfreemb.000webhostapp.com safemann.tk saftygroup.com sahakyanshn.com sahibokashma.com saintiment.us salesakapamu.pw saleschinak.us salesgroupmotive.ga salesxpert.ml salesxpert.xyz sanapetiope.com sandivartgallery.com sanpacsinergi.co.id sarana-sukses.com saresware.com satixxxx.xyz schlntek.com schwingsteterindia.com scoplit.ml scoth.ml scrolgraft.com secure-business.cf secured-panel-verification.cf seerwty.ru sefanivc.com segami.ga segami.ml semaprin.info sensimatino.us sertencee.xyz service-us.ml setlop.ml sexnyoga.com shamaldecorations.com shangde-intl.com shannon-be.com sharing-details.ml shiipco.com sicc-italia.cf sierracontrol.club sinfastener.com sinonem.tk sinowaychina.co sirndoe.ga sirndoe.tk sixpacksbnonye.eu siyaghasourccing.com skalesause.com skyflle.com slimpityio3.us slimteaversis.us slowidyter.us solution.org.ng sonahelton.ru soyasticks.club soyastik.club spacemc.com specsnarts.gr spectrocoinss.com starterpackproductions.ru startrightet.com startupnigeria.xyz stl-host.com strutitinca.ro studemplo.com suggesshop.com sunny-displays.com sunnynaturelstone.com supersaiyan.ru supplyexpert.ca support-office365.date sureserver.xyz suresinos1.cf surkeycn.com svit-zer.com sylvaclouds.eu szccf361.com t-bagnation.com taughtcom.ga tbmr.nut.cc tclokies.biz tcoolonline.mobi thammyvienanthea.com thawaslobem.com themutualbenefits.com theonlygoodman.com thewinningchild.ru thomsun.ml thorasgardstorm.com thousandan.ml ti-film.com ticmac.nut.cc timbb.usa.cc timbet.space timo.space tobecome.website tokimecltd.ru tokoyplast.com toplock.ml topstar-it.com tpended.xyz tractvin.ml transliop.com traucotravel.com trigvnarnandala-id.com triplealaw.co.ke tsq-hk.com tuhibtadaymol.com typingone.xyz typrat.club tywebbing.ml u0000171.cp.regruhosting.ru u0418693.cp.regruhosting.ru u0431828.cp.regruhosting.ru u0437697.cp.regruhosting.ru u0448593.cp.regruhosting.ru u0450198.cp.regruhosting.ru u0456259.cp.regruhosting.ru u0462189.cp.regruhosting.ru u0466390.cp.regruhosting.ru u0469399.cp.regruhosting.ru ujaas.ml ukaytrades.tk ukonlinejfk.ru ultrainstinct.ru umelo.ga umnalalobae.com umumi.xyz umunna.info unifarmex.net unseengrace.ru upgrademailboxsecurity.org urbanworldofgoodluck.cf userrlive.xyz ushamartin-in.cf utasarmsinc.ru vaiit.com vailablity.ml valtoboy.info vatanplastki.com veezer.club venitex.nut.cc verifygmailcom.com vicesman.ru vicesstudios.ru victoralifts.com vietjetair.cf viettrust-vn.net viparac.us viruscheckmake.cf vivadesssssswer.gq vividerenaz.com vopspyder.website vsp.com.mx vthingsure.gq vvdliv.cf vystah.com webapp-mpp2.com wegotakedistime.ru wellshyeng.com wenever.ru whipwack.com whoizzupp.com whoyouhelp.ru whytepolo.ru wildlifeworld.gq willaimsclarke.com willmoretraders.tk windjutsu.nl wisefile.ga wizzyalone.ga woelpuu.com workfromhomeplc.ru workitto.xyz worldwar5.ga wwment.ml xemontd.xyz xemontdsd.xyz yellatthemz.com yelogmahtma.com yemuraichahuruva.com yg.kenal-cn.com ymams.cf ymwsolutions.com younqone.com yourgrowthpartner.website yxzzone.info zartashakona.com zealtin.ml zedekus.com.ng zeesportvissen.be zenshinonline.ru zeromb.website zgtco.com zinnywendy.cf ziqrah.com ztkeco.com # Reference: https://www.virustotal.com/gui/ip-address/209.141.50.70/detection # Reference: https://gist.github.com/silence-is-best/852a1c7c7dcf29fdc8d5df73433e7676 http://209.141.50.70 # Reference: https://twitter.com/petrovic082/status/1390586387066507268 wsdykungcommunicatdf.dns.army # Reference: https://www.virustotal.com/gui/file/29fcdfdbb33bdc271397e33e9c9c8629810764fc3eb46e02824eb92ed6ad53e1/detection chnsndyglobalwealthandreinforcementagenc.duckdns.org # Reference: https://twitter.com/reecdeep/status/1395637836074864640 mbyi.xyz vnmbyi.xyz # Reference: https://www.virustotal.com/gui/file/b8934d2a6daca6a21badf97c95d9bcc2909fc74bb8fe1ff485c703e17df109b8/detection g2m2.xyz # Reference: https://www.virustotal.com/gui/file/e363615fe5237baf73271b1c71dfdb375917253f76932543910ce1f2838281fc/detection pkzz.xyz # Reference: https://www.virustotal.com/gui/file/20dcf7fad0dafd0771178477de1e48795d0380651e75bcf2e12f1e7eb0c8d5e8/detection msslrsa-motherson.com # Reference: https://www.virustotal.com/gui/file/85179df65f7b3dee099f8f91f5d1c207d66fbbfbb639d6853503ec16f9d96b39/detection saniceramics.com # Reference: https://twitter.com/TeamDreier/status/1399998905413144576 swissbully.gq # Reference: https://www.csis.dk/newsroom-blog-overview/2021/danskbank-spearphish-loki/ bhuddy.tk drongubuoy.duckdns.org flowadutz.cf gypkuts.gq nijawright.tk quintox.duckdns.org # Reference: https://app.any.run/tasks/7d6e3562-a2cc-4e0c-a187-478bd57745d1/ http://63.141.228.141 # Reference: https://app.any.run/tasks/94932b41-ca9d-4006-904a-d248ef4927de/ ctp1.xyz # Reference: https://twitter.com/reecdeep/status/1404695309599580161 # Reference: https://app.any.run/tasks/9bff6553-ceb7-40fe-abc7-d7da5cc2c895/ aft-forge-tw.com # Reference: https://twitter.com/FewAtoms/status/1407405344767283201 # Reference: https://twitter.com/James_inthe_box/status/1407406090627682304 maizefucanism.hopto.org # Reference: https://www.virustotal.com/gui/file/8a52b6f10097b3c5fd1ae397a5ddce9d11e58c654d590baf0d7de988dd9fc60b/detection # Reference: https://www.virustotal.com/gui/file/17dce1f7477b9519037952c6fb6f3b56e0b5afc9a82b7ccf2229d105c3e48c99/detection wilfredzaha.cf # Reference: https://twitter.com/wwp96/status/1410320860037238784 apponline97.ir # Reference: https://twitter.com/wwp96/status/1410325849581182977 # Reference: https://app.any.run/tasks/efdbaaae-0184-4041-ab39-d6d482d9b770/ pakilogs2020.xyz # Reference: https://twitter.com/wwp96/status/1410613354037534725 # Reference: https://app.any.run/tasks/4d434cbb-3c6b-47b8-9b17-2d8e5371f338/ brokenpipes.cf # Reference: https://twitter.com/wwp96/status/1410615305693319185 # Reference: https://app.any.run/tasks/139fc93a-399c-4f73-b52e-4684067b78c7/ http://192.236.193.138 # Reference: https://twitter.com/reecdeep/status/1410871093418659841 karinedocesesalgados.com.br/karin/five/fre.php # Reference: https://twitter.com/wwp96/status/1411207917953552384 domainaccountsupport.tk # Reference: https://twitter.com/wwp96/status/1411765432877568006 http://185.110.190.5 # Reference: https://otx.alienvault.com/pulse/60e446ef1832c2df83af7753 # Reference: https://www.virustotal.com/gui/file/2e212f21f7c0ecf0dc4dbba2916fb802de978780955fa68c936cb5059e3470bf/detection # Reference: https://www.virustotal.com/gui/file/494ac0275d68f3a9274b66b98166f163e61ab1d72a740a0822d2b209b3adbd15/detection elojomiradordelapaz.com.ar # Reference: https://twitter.com/pollo290987/status/1413428878786416642 # Reference: https://www.virustotal.com/gui/file/922135a10e85dde50c701490c1b71fa8c686becb0c8bbf020e64cd3b36927754/detection http://185.227.139.18 # Reference: https://www.virustotal.com/gui/file/418399f3a43e0194760d05e2ffd6a61bcde6d79bff4c016114f58fb4aa6e1b4f/detection judyhkde.ddns.net # Reference: https://www.virustotal.com/gui/file/d324d33233edf16f00bb4c9a06a14eee0ef15f8d90a3b9f62213e0ea9054312d/detection faski.nut.cc /b-slek-t/fred.php # Reference: https://www.virustotal.com/gui/file/49d9f64ca22cb1c7b3f8cdd75d06286f87d5abb736b7a0a8b0651df5620b0c66/detection # Reference: https://www.virustotal.com/gui/file/0f1d9f17d6380c6318f136f9f951922cffd80ba90fa8748ab88e6fd0b0b19ceb/detection http://101.99.84.46 /adams/book/fred.php /buc010/110/fred.php # Reference: https://twitter.com/reecdeep/status/1416024585271664641 bauxx.xyz # Reference: https://www.virustotal.com/gui/file/c8c3389034ebc85a51f95feec24db71e6d2183a709e0286a5bee51d14b5a0e1c/detection http://104.168.166.188 # Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-0716-0723.html (# Win.Dropper.LokiBot-9879411-0) googleforshares.publicvm.com judge2020.ddns.net omglunie.hopto.org sportsgroup-hk.com vuadaubepz15-29353.portmap.host whores.hopto.org # Reference: https://www.virustotal.com/gui/file/287b1ea666b7d71e8f499e4f216a352ca83dde8116ffde96ef97aee25406ea7c/detection lushbb.xyz # Reference: https://www.virustotal.com/gui/file/a9218232b7ccbcce51498e20b9f2a44f2802f051d646fac94ef5a2c54c212c50/detection moorim.xyz # Reference: https://www.virustotal.com/gui/file/ab99527876af2a4f02542bd2eda871142f23eedb4b344f3b227f87657bbf2104/detection minairinours.sytes.net # Reference: https://www.virustotal.com/gui/file/4dbbc0516c8a84ac523ab6d73991a4c608b99dd7339ca762a2a4b116e74a7609/detection oct1.xyz # Reference: https://www.virustotal.com/gui/file/6408f4bb3c9014fb9392ef59a53f449eb2389a9972b468a37c64c7083c80d1e0/detection kago.us/nwamama/five/fre.php # Reference: https://otx.alienvault.com/pulse/610299742f8bdb1aa56b2213 ccjjlogsx.com fossilcourt.com ikloki.xyz luoslasco.xyz manvim.co # Reference: https://otx.alienvault.com/pulse/6103eaf5501505929c284f01 apponline354.ir brokenethicalgod.tk luoslasco.xyz newblessings.gq sureflt.com zascocs.xyz # Reference: https://www.virustotal.com/gui/file/631b540d7f8c3741039ff4d346718ba6c44f2997e1f863a68d04ef43ffe64ec7/detection askenya.org # Reference: https://www.virustotal.com/gui/file/b92592d97954817dffb8d067b1c28d26dfc75b213e8b7bfcefbd559f21a14c75/detection kdhema.tk mmanueud.gq /newman/sab.php # Reference: https://twitter.com/peterkruse/status/1424975188073066513 express-gus52.duckdns.org moneyrepresentpairme.live myprofitmethods3.com pakke-postnord.web.app poseidon99.ddns.net # Reference: https://twitter.com/reecdeep/status/1442774670701379586 lokich.xyz # Reference: https://twitter.com/pr0xylife/status/1445686399064166400 # Reference: https://www.virustotal.com/gui/file/be9101f039f916ca626a4570cf36f1d251ee563e57507a9aadb6c4342bee6afc/detection checkvim.com # Reference: https://twitter.com/reecdeep/status/1447503618031202304 farmanat.ro # Reference: https://www.virustotal.com/gui/file/7ea5f5d1f96eb486c8fd9293d8bb390656e4fb60caebeae993e9a911b9378009/detection bobbyelectronics.xyz # Reference: https://twitter.com/dodo_sec/status/1455724475857649664 gervenez.xyz # Reference: https://www.virustotal.com/gui/file/0eff36fe3a003611e22d5609ff009c12e4f4c8aefd4d908570885889d53ccb12/detection secure01-redirect.net # Reference: https://twitter.com/reecdeep/status/1460514950745579521 gridnetworks.xyz # Reference: https://www.virustotal.com/gui/file/6edc1de4c35d3f5768b4ff27a5b76655e4d83979ac3cc756275563b9d1bf111c/detection panlad.com # Reference: https://www.virustotal.com/gui/file/68fc45a82df9a4260e3de70a73eed09f47e9a3fb0ca74d8d3c85d6579a7fa0be/detection http://66.29.151.252 /~nextimageblog/picture.php # Reference: https://www.virustotal.com/gui/file/df59bc80a105bcc98613c3ce0b6635f69359a99ba44865db21d46a3fb8cbfff7/detection umuloki.xyz # Reference: https://twitter.com/pr0xylife/status/1465395868597690368 74f26d34ffff049368a6cff8812f86ee.gq # Reference: https://www.virustotal.com/gui/file/caaa9c3c18c70d0fa3ce8eeb331098923c5d66c85852d61ff35e44ef3717d552/detection http://37.0.10.190 # Reference: https://www.virustotal.com/gui/file/828962bfc3cc29b54adf64d9a15c9a9865abac09bc571eec47d8e2c7bab095ec/detection http://185.94.191.80 # Reference: https://twitter.com/pr0xylife/status/1468505451167891461 http://63.250.34.171 # Reference: https://www.virustotal.com/gui/file/6f5c922b9dbe3cef8c06050203055e646d49c3e976ef93c02c54264ad9739064/detection hdmibonquet.ir # Reference: https://otx.alienvault.com/pulse/61b09f75365e2857bc72c057 aboasu.xyz lokaxz.xyz # Reference: https://www.virustotal.com/gui/file/54c84f8fad62a58d7e3490bb6e702fd85aa5bb10bdb7569fbc03689b791603a7/detection vietphatjsc.xyz # Reference: https://www.virustotal.com/gui/file/57421d815fd6a060ccd61b682db92d7b9a116e7ffe68272c490577be0e3956c4/detection fruityx.tk # Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b # Reference: https://www.virustotal.com/gui/file/75e5171c975ae001bf82ab53fe026b4dba7f9008b0bb037b4628e3375ff6abe7/detection usuthucoal.co.za # Reference: https://www.virustotal.com/gui/file/6e8669e029cced959869d6634d6943b37bb16cf3e6cc5829ff230f09778659e5/detection moneyfinders.xyz # Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html (# Win.Dropper.Lokibot-9899536-1) freakybros.ml jesicastreetdesign.com zoicstudios.info # Reference: https://twitter.com/pr0xylife/status/1451463572639436820 http://63.250.40.204 # Reference: https://www.virustotal.com/gui/file/2a7064ef86916204f66da8f701a5ba979b0ea97a6a9ee4c6b955527a3cd4af21/detection peakledz.xyz samsung-tv.tk # Reference: https://twitter.com/pr0xylife/status/1480494355177779202 mangeruio.ir # Reference: https://twitter.com/reecdeep/status/1481994048500084744 # Reference: https://www.virustotal.com/gui/file/f167842e13628e375ee9746f7351d1042cdb77e475d382a35c34fc462a869c72/detection slimpackage.com # Reference: https://twitter.com/pr0xylife/status/1483100182829019144 mainlandtoisland.ml # Reference: https://twitter.com/pr0xylife/status/1483140652263215105 mainlandtoisland.ga # Reference: https://www.virustotal.com/gui/ip-address/13.68.141.149/relations # Reference: https://www.virustotal.com/gui/file/67f2ac673104bb3b17acde4dc66186d0481c142c9683db3e20c3eceb03b61baf/detection capgosit.gq domynuts.ga gobonamud.gq nesofirenit.gq # Reference: https://www.virustotal.com/gui/file/eb6ba1886a60c4948b45d9acc048187acdf8b941c9259f478eacedf519260035/detection lospwix.duckdns.org # Reference: https://www.virustotal.com/gui/file/80bc22eb094a019c29b891722be26c152adcebd3e3b95d85ef004ac4dfbb35cd/detection akiwinds.duckdns.org # Reference: https://www.virustotal.com/gui/file/f861b22de2dce92e689b895e8b862fe51bfab56cf466db8d1ea7513682cd3c36/behavior/VirusTotal%20ZenBox noithatcombo.com.vn # Reference: https://www.virustotal.com/gui/file/c27e339893d3e5fc1e61e73ffafac8a7bcf76813a92f91ecfa38535210d6c7a7/detection s442136.smrtp.ru # Reference: https://twitter.com/pmmkowalczyk/status/1485588602893570049 jxcnx.xyz # Reference: https://twitter.com/reecdeep/status/1485979072933117952 http://62.197.136.186 # Reference: https://www.virustotal.com/gui/file/e326648386211c2f9b5b582c24ca5b108897af4a9637285b6e8b8cbc0e8d8d37/detection http://167.71.40.10 # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_31.01.2022.txt http://178.128.244.245 # Reference: https://www.virustotal.com/gui/file/29fc755c18229a2b6e0f5af5ccc41f59b7858ff91c8317dfea10cf8faf70d842/detection # Reference: https://www.virustotal.com/gui/file/25cbea94201df54fb7ac7c44d4f02e4ac5ae4501a0a12d811e42142f9fa16e26/detection http://192.3.121.131 windowssecuritycheck.gdn /Pony_THlhRcvvCv31.bin # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_02.02.2022.txt http://128.199.46.58 # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_04.02.2022.txt s446272.smrtp.ru # Reference: https://www.virustotal.com/gui/file/c4c1b199cf84e8aaa835220f5fc34e8f05981c0f3e79ee6def29858780a7ed1b/detection # Reference: https://www.virustotal.com/gui/file/68f3c6392d7796a95c120279edc9506fc547c994d89a004bfc07e96ec8f9636b/detection # Reference: https://www.virustotal.com/gui/file/68101164b5882ebdec2a42f16e24d90c67412e8f41ef07ab9a32c34d94b104c2/detection smloki.xyz /cs/u/cooz.php /cs/u/fufu.php # Reference: https://github.com/stamparm/maltrail/edit/master/trails/static/malware/lokibot.txt 250b48d798957fbf33b77ae8a74a45ca.ml asiaoil.bar # Reference: https://www.virustotal.com/gui/file/0b99b8d927c0b4686744bb7fec2ca9feb75ab5d2e9e28e8e666d54fbc6118917/detection nextlevlcourier.com # Reference: http://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html (# Win.Dropper.Lokibot-9938416-1) # Reference: https://www.virustotal.com/gui/file/05df89435977607add23c46692b555deae3478a61d7da0f614f13ea86d1be337/detection kkeyvenus.ru # Reference: https://www.virustotal.com/gui/file/bb8e5543df945a55653a320f95ac3f81a8b266ca788fa800139c61a1d5c88549/detection http://164.90.194.235 # Reference: https://twitter.com/reecdeep/status/1494262764042338309 # Reference: https://www.virustotal.com/gui/file/e88b0371276205e7ca3a6cf7f45de7c1c2114e63f573796119580d3919b57430/detection 250b48d798957fbf33b77ae8a74a45ca.cf # Reference: https://www.virustotal.com/gui/file/073aef37b9c2c323073a2880725ff8e123342f47a7c8a805f4815f65c0406b1a/detection peak-tv.tk # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_22.02.2022.txt dieselloil.buzz # Reference: https://twitter.com/reecdeep/status/1499668276149948416 hstfurnaces.net # Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_08.03.2022.txt qtd8gcdoplav737wretjqmaiy.gq # Reference: https://www.virustotal.com/gui/file/f5d8fad28929c9f531235be0f36a22daf051206bbde4a97a9955891615ada166/detection vlascx.xyz # Reference: https://www.virustotal.com/gui/file/ee2440922354d6be2dce4ab27274ae2cc2108d8dde37837a739a7e2a36e317d5/detection ui3opgrowthproton.sytes.net /polfhkgsgh/ # Reference: https://twitter.com/cluster25_io/status/1502241981875040258 # Reference: https://www.virustotal.com/gui/file/e0fb87e9ad0d063d8627006f57bf3a75fdd2ee4f4dcd4ff7933b8a6a3a41eab4/detection qtd8gcdoplav737wretjqmaiy.cf # Reference: https://twitter.com/jstrosch/status/1502294984082530308 # Reference: https://www.virustotal.com/gui/file/0eecd143d84fde7775035d32a7b7cfdce6a909f5aee9908b93d8d4a942da44a0/detection sudais.com.pk # Reference: https://twitter.com/tosscoinwitcher/status/1505784120927932418 # Reference: https://app.any.run/tasks/ce9f5b6d-2274-41ea-a882-0dc11e95c911/ chrisupdated.xyz # Reference: https://www.virustotal.com/gui/file/69f9cffe5e803f964ffa8cd28190fe2f580408c13aceceeb4d6fa40a70a967a8/detection plxnva67001gs6gljacjpqudhatjqf.gq # Reference: https://www.virustotal.com/gui/file/0405c940e93ba13527c87b6a80aeac058734fa4ce0c9a594774d696eca07b28e/detection furnaceshst.net # Reference: https://www.virustotal.com/gui/file/f4989c44ae69ec60a1b824ec91a6c30e8382968a1c57acf7c0ecd036e02c2597/detection http://212.192.241.50 # Reference: https://www.virustotal.com/gui/file/c9b9a12acd65513eca14c391f93caa3b54afc4865a6dec15f870e2324bd46094/detection bulenikgroup.com # Reference: https://www.virustotal.com/gui/file/c5d7da05bec838aeede4b87a83064eadd85dbfe4eb886ee631b63a66d2d845d5/detection gaviscon.tk # Reference: https://www.virustotal.com/gui/file/017547419287e895a76b91cddf21a84c9f21a2086cead44a224cbd8ad0cc8db8/detection sempersim.su # Reference: https://www.virustotal.com/gui/file/0018299b30892d405f7e9bcab955a3ec9c5494b0ae42a003d805351b0e3bed99/detection snuniform.com # Reference: https://otx.alienvault.com/pulse/613751e2a4ce99633a3977de # Reference: https://www.virustotal.com/gui/ip-address/46.173.214.209/relations http://46.173.214.209 # Reference: https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html (# Win.Dropper.LokiBot-9949439-0) kzi.ddns.net pxv.ddns.net qbz.ddns.net phprat.wm01.to # Reference: https://www.virustotal.com/gui/file/0c5657913772f1b6183f55c3da5a44b905b5a27599140c6c265fb8abfa2210e6/detection hyatqfuh9olahvxf.gq # Reference: https://twitter.com/reecdeep/status/1531196537497391105 giskia.xyz # Reference: https://www.virustotal.com/gui/file/9b44c677587d3cbd6eeb546e50011fbeb5e7e5ed5768d25858be6da683ba5bde/detection plxnva67001gs6gljacjpqudhatjqf.ml # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Lokibot/Lokibot-%2029062022 http://198.187.30.47 # Reference: https://www.virustotal.com/gui/file/b725e73edec2f3fcaca92038ddcaffd70a8209b5e86d503e70053e336975b58c/detection http://85.202.169.172 # Reference: https://www.virustotal.com/gui/file/00a29990bde1f816a68e2c1a61370c851f0f4a603e12a2455400effe6d6edd52/detection http://45.133.1.45 # Reference: https://www.virustotal.com/gui/file/50df0cf773a17c1cf9f8daacd24a9665e8f443a1efa986b61f235ca58bb738c6/detection http://185.102.170.20 # Reference: https://www.virustotal.com/gui/file/10f2804ab00ab8bdaca0ae1c36787d0620859dc31df47583990f2caacd45cc9e/detection blinkcard.co.vu # Reference: https://www.virustotal.com/gui/file/525873f7c7a8cfd76719ad589667e853fe31b78ee2e79fc4730e36297e27176f/detection azomoney.ddns.net # Reference: https://twitter.com/reecdeep/status/1546464045083103232 lasloki.us # Reference: https://tracker.viriback.com/dump.php (2022-07-11) http://104.148.41.58 http://104.148.41.60 http://104.168.220.122 http://104.223.143.150 http://104.223.143.21 http://104.223.170.13 http://104.223.170.68 http://137.184.73.79 http://137.74.86.140 http://142.11.195.130 http://156.96.128.246 http://156.96.47.5 http://157.52.211.137 http://157.52.211.247 http://158.69.39.138 http://185.100.87.134 http://185.141.25.227 http://185.208.182.56 http://185.243.215.191 http://185.243.215.88 http://192.119.86.105 http://192.119.97.23 http://192.236.161.205 http://192.236.176.109 http://192.236.179.167 http://193.142.59.105 http://193.56.28.124 http://194.85.248.167 http://195.133.40.71 http://195.154.23.200 http://198.44.96.228 http://2.56.57.48 http://203.159.80.151 http://203.159.80.209 http://203.159.80.29 http://208.70.248.230 http://217.64.114.181 http://23.254.215.137 http://2lcfo.com http://31.210.20.58 http://31.210.20.71 http://31.210.21.236 http://37.0.10.225 http://45.142.202.11 http://45.95.168.158 http://46.183.221.234 http://46.183.221.237 http://46.21.147.175 http://49.12.47.176 http://5.152.210.166 http://66.85.157.122 http://84.38.130.67 http://89.43.107.198 http://94.100.18.81 27802482-46-20180725142719.webstarterz.com 74f26d34ffff049368a6cff8812f86ee.cf 74f26d34ffff049368a6cff8812f86ee.ml 7thstreetmotelmildura.com.au abiz-solutoins.com abrokenskull.tk absogain.ir acmanets.com acpanode-sg.com act-tokodenko-jp.cc ad4teg.com adminserver.xyz aerocorpevionics.com aesseal-my.com agbisiulokompko.sytes.net ageacci.ml airmanselectiontest.com alexandreguillemain.com alhajikudi.com alutach.com ameropa.gq ameropa.tk amit4uservices.aits.ooo anatoli1.ga aradhana.faith arinzeproducts.xyz arkt.xyz arku.xyz athansie.com atimewiththeskull.ga audiosv.com avatar.ps aws--vn.com axislearning.org azme-contractors.com b7team.com babaseoa.com bambamli.com banboocnc.com barotechf.ml bashan.to basungaintl.gq batdongsangiacatloi.vn baybaytolie.com bbelectronics.xyz beheshtsoft.com benera.xyz birn.xyz blackstone.com.pk blemblem.us blesblochem.com blorehost.in bmaudio.com.vn bnbrokenhead.cf bobbyservices.cf bobbyservices.tk bobydomain.com boeschboddenspies.com bombetong.vn bouquetltd.xyz bouxwe.ml brandbuckit.ml brasch-adolf.xyz brightlookoptic.xyz brokenbones.cf brokenethicalgod.cf brokenethicalgod.ga brokenheart.xyz brokenislegion.cf brokenislegion.ml brokenislegion.tk brokenpipes.ga brokenservices.cf brokenservices.gq brokenservices.tk brokenskull.cf brokensoul.ga brokensoul.gq brokentools.xyz byorn.us cambridgelodge.com.au cantlemedical.com cbicbc.com cfdprivateme9082.serveirc.com chelitos.com.ve chosunshippinq.com ciberipan.com ckjdx.xyz codezonelab.com coegroupco.com colbaservices.ml colorlux.ro comercializadoranino.com conmklopc.sytes.net consuminero.com.co coolgirlsnation.com crazyhost.xyz crazzzycrab.com d-hub.pw davidmorgann.com ddhhd.xyz dewi.cf dewi.tk dewii.ga dewli.cf dewli.tk dfdprivateme9082.gotdns.ch dhlglobalexpress.shop digamx.com doanlee.com drsmarinegroup.com druseidt.ml dsifoe.ml dulfix.com duncaamaechi.com dunlopmill.org duro-tw.com dyjcgvdfgdzgzdzzf.gq easydriverservice.com ecoad.in edarah.com.eg edificiosafico.com.ar egobiakita.xyz eightelegance.com.br einihutintl.gq eloquentcs.com engelsmah0mes.com englee-sg.com eoci.ml eocie.cf eocie.gq erdesqs.com everydaywegrind.ga everydaywegrind.gq everydaywegrind.ml everydaywegrind.tk excommercial.com eyesonvaughan.ca febspxiii.xyz fedon-it.com ferreraembroideryandprinting.com fesmed-inst.com finacafe.net firnabulking.com fitydent.com fleximexi.ir flinstonees.us flokii.us freestone.co.in fucheun.com fuscon.ga fuscon.gq future--seafood.com gaoshengfuruiture.com gbbrg45g.gb.net geeccaships.ga ghadtanter.ml ghadtanter.tk gjsd.xyz globalresults.cf goodservices.co.vu gsppower.xyz hatchlogics.ml hcsnursing.com hettichlab.cf hfktichen.com hikmahmuliautama.co.id hoist.cloudns.asia homemakerandcompanionservices.com homex.az ibmcloud.tk iii-asiacarqo.com impac.vn inductotherrnindia.com intco.tk interplasts-uae.com irimox.com itrad3r.com jackmoynehan.com javadijudo.com jlk-comercial.com jlpack.email kaleemimamig.com kazlcomposite.com kboyud.com kerenzohar.co.il kibossuqar.com kibossuqarmen.com kill3rr.com kingrashford.xyz kjxd.xyz klinklan.us koreanbeautyexpert.com kovachevpress.com kunu-kunu.com kushikushi.us laptopcudanang.vn leedproje.com.tr lewukwu.to lightloog.ddns.net linkk-my.com lkpswrd.ga logboxreport.top logspot.pw lokvrtz.ml lokvrtz.tk luatthienminhlong.com.vn lugaribeiro.com.br luxdele.com luxlogics.ml luzongrace.to maderasperuanas.com.pe mafivaz.biz maiithaiii.com mail.jithiadaproperties.com maisadour.co mamado.tk mamvurafarm.co.zw manaman.xyz marianne.tk mcrnsw.com.au mekamaka.com microdots.in milonga-a-promotora.pt minimini.us mito--cn.com miwoodworkingservices.com mjlog-vn.com mobitechgroup.com monndigroup.com morilloart.com mrchtr.xyz mxrz.xyz myinsidertraveltips.com mymakporo.com myramauritius.com myutyrhb.gb.net nanohes.com napco.xyz naturepack.cc nayablabs.com ncdongyanq.com nedskytrex.xyz nemcatacoateatro.org netease-163mail-com.gq netsolcomputers.in newnailssystem.com newrokshipping.com nganyin-my.com nightmarefile.ga niskioglasi.rs nl5329.ir nl9970.ir now-release.tk nsfaktor.com obostreet.com octvt.xyz office365-account-verify.tk ogidoil.us oilproduce.xyz okpana.com omegamarinagroup.com onlygodam.com optimize-apiv2.barantum.com oziltestfw.ml pablofile.ga pablofile.ml pandrol.gq pardicshini.com parsegitim.com pfstechexpo.com phanphucland.com phiheatings.ir piavee.com pkez.xyz pkhz.xyz pkxz.xyz plugman1.ga plugman1.ml pnkp.co.id postmasterupdate.gq powerbankbless.xyz premacorceb.com prometall-cm.com prosperman.us pswrdlk.cf pualofficelogs.xyz puppuslog.xyz purelogsnet.ir purinex.co.id pyaiki.ml qlaston.net qreenmaple.com quitricks.com rabbleserlokclogin.com radiomandeep.com rapidations.ml rastaturin.gallery rayvvin.cc refloxty.com reiangkor.com rejgroups.com remote1.cf rfsfju.xyz rhinestone.cc rinnai-th.com rip-tion.icu rnalema.com rologopoulos.cf roscontinental.online rostovafile.cf rostovafile.ga rostovafile.gq rsesteel.xyz rudemath.com sabmilagawait.com sallysellmore.com samsungs10.com.ar sanibath.com saptarangtrust.com sascihomes.com sbqlobalfoods.com sbsinstitute.co.in serviciotecnicoenperu.com shalewa.ml shiftbd.com shophousesunshine.com shyh-tw.com sieqwarteggroups.com sieqwartegtotolet.com siircharrhaha.com siniormaintl.ml sirjoramo.club skscarsrjn.in skullisland.ml skyfors.ru skynetgroupp.com slimfile.cf sokoltech.ir sonicradius.cf spiceperfect.org spunkyiopkslookup.ddns.net sso-belsat.top sterline.lt studenhances.com supergeorgia.ge superson-com.ml t-mk.me taka.casa taker0120.xyz taker3.xyz takoons.com tayladanismanlik.com tech-vopsire.ro techarnise.ru techfonet.com tepevizyon.com.tr thecentury.edu.vn thesunsettrocadero.com tkanilux.com.ua totalleecase.xyz troickoe22.ru truantinmobiliaria.com.ar tuqianq.com tvmii.xyz underdog1.xyz underdog2.xyz unitedplantations.xyz uzoma.ru vancouverindustrialpainting.com vihaiha.com vikinproducts.com vimnam.co warrtegg.com webserverboxservices.com wendoun.com win-post.pw world--hand.com xc45.xyz xcipx.xyz xcoct.xyz xcpxv.xyz xianikol.com xpmsept.xyz xrt4tr.com yachtservicegroup.cf ygsddl1.cf ygsddl1.tk yoffc.com ytho.com.vn zarnaftdiar.ir # Reference: https://www.virustotal.com/gui/file/598ffadc1fd20bae7b3f21e16827a4fb89c3796bd828060b7f7c00a0e4d355ad/detection http://66.29.145.162 # Reference: https://www.virustotal.com/gui/file/96af90397e66be7bb5d0f9da9e8f3bfec4adc7effa74f1e82e687980551e574f/detection tixfilmz.tk # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-29%20Lokibot%20IOCs vmopahtqdf84hfvsqepalcbcch63gdyvah.ml # Reference: https://twitter.com/kienbigmummy/status/1556860942956515328 # Reference: https://twitter.com/kienbigmummy/status/1556860946819465216 wwwhxxpswwwhxxpwww.myftp.biz # Reference: https://twitter.com/BushidoToken/status/1557671002653528064 # Reference: https://app.any.run/tasks/4a6ad037-b352-45e8-a084-1beae435eade/ khaurl.com # Reference: https://twitter.com/reecdeep/status/1557729983648260099 # Reference: https://www.virustotal.com/gui/file/2d0fb58b442846dc7d6ec46b19ea8e2819c429929e69e95137b7e282f83a6032/detection tixfilmz.ga # Reference: https://www.virustotal.com/gui/file/fadcfd2f990a0f871a1834723d403a0598faf9f06ca75465c58b69d81342c08f/detection http://208.67.105.161 # Reference: https://www.virustotal.com/gui/file/00064ab13de50919fd7a194903538834e1f2c40486741d8a54574d7f2a9afa60/detection http://208.67.105.162 # Reference: https://www.virustotal.com/gui/file/0627647ce2d12185c2e2f16c21497c3f232132c55d7ebcaba6f440448ff065c7/detection http://162.213.249.190 # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-30%20Lokibot%20IOCs # Reference: https://www.virustotal.com/gui/ip-address/64.44.102.23/relations # Reference: https://www.virustotal.com/gui/file/027ea94c8071a809bdface54b89f793e9c8471a6883f86d5c47093d1cb6c539d/detection # Reference: https://www.virustotal.com/gui/file/e1d02c4389b28487e005d29b5ee0aa8d2f7b73036a1ba35864e739db6df107ab/detection microsoft-webpage-auth.ml office-webpage-auth.ml # Reference: https://www.virustotal.com/gui/file/65fccd78398e413832c53a4b0341b87a3f374c8fcfb183cc45301a2f671c0c43/detection xhvbzueifhdbjdfywete4y8va.cf # Reference: https://twitter.com/pollo290987/status/1572239659119575040 # Reference: https://www.virustotal.com/gui/file/107b6b206140ed200f6440f30077c53ed7db2447c04cde954c52437962ea0fcb/detection http://162.0.223.13 /?liARodoeAoISHzlzjUctUnGGtWs # Reference: https://www.virustotal.com/gui/file/08fe3480b9cc914a39f16ffb08eac254eb75d7b4628b1b94b3c4d9bc370b9509/detection fastlink042.com # Reference: https://www.virustotal.com/gui/file/acca1aa7ac7fcf62d818158d0ca536b1bcad2083c67146ff7a1fd1c205c5b2ec/detection aboutblank.in ezeegonaigbo.in # Reference: https://www.virustotal.com/gui/file/3ad292ab37e9e518d9d0ecab0cc469dd9d7fe4f1fc553ffc9eafa9afba79e586/detection lokiz.org # Reference: https://www.virustotal.com/gui/file/9d3a6225b5afb12815d37e34f88cf8d33d366c401bb53ae23a75599361e33bde/detection darls.us # Reference: https://www.virustotal.com/gui/file/eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c/detection iklok.us # Reference: https://www.virustotal.com/gui/file/51571264ea17f6eb11267797cfd17a462c408580ecbfd10587dd8f848a79e15f/detection lazarovs.tk # Reference: https://www.virustotal.com/gui/file/0aa1e3120a445947f6130eaff1bf585fd9b460ede841456b35427ad2d4cecb76/detection assaggip.tk # Reference: https://twitter.com/pollo290987/status/1579485245178798080 # Reference: https://www.virustotal.com/gui/file/c7d3f84ddd6664a2a50c9cfd3f66c03016dd5264f775a119272f8a78875b4b94/detection julypc.ga # Reference: https://www.virustotal.com/gui/file/290b9cd7f795ed30712637f8e6f7779412260c6f7ac70c70615d2e4a92960e0a/detection ekens.us /JOY/homee.php # Reference: https://www.virustotal.com/gui/file/1976995a7a0c4a23e2ea1f6a8c3d902c02969cf1e1363c1e426ae6335dcece60/detection http://192.64.118.167 # Reference: https://www.virustotal.com/gui/file/123f0434ed8e6d0697642b11bfb143c7e2c78b4f2f7890232e90e5b1b33fde99/detection roslet.com # Reference: https://www.virustotal.com/gui/file/043335bf23315d98ac9bb02410eebb6bd451440c7fe1fe73e12fb80d8cd70cf2/detection gfxtra.us # Reference: https://www.virustotal.com/gui/file/b6414f29e6a15ad46af0137506063f692213228b583df5e291e4a8cb0ebca1db/detection julypc.ml # Reference: https://www.virustotal.com/gui/file/0c15596656afd3dc5b000766495f12c2aa88b498253aee871a2b9d4b2e5c5858/detection http://171.22.30.147 # Reference: https://www.virustotal.com/gui/file/0f7fad28f333d50d2fdd8004839e9d421b053694d9be0622af1e5e6e7bfd49b5/detection indrageet.top # Reference: https://www.virustotal.com/gui/file/148b48cf29eb65a944967040a7380ba7a2f41a8c34c2e7cf37e9a07f42c8dca0/detection lomboster.top # Reference: https://www.virustotal.com/gui/file/0f7fad28f333d50d2fdd8004839e9d421b053694d9be0622af1e5e6e7bfd49b5/detection indrageet.top # Reference: https://www.virustotal.com/gui/file/078023d375daed4c5cd65c8518fad6a7780ff8d8750c2008c33e4118850ba894/detection http://103.232.54.143 # Reference: https://www.virustotal.com/gui/file/2cb755b44a07942f62c8e695520b7a2e23811430111527ba3c54eaf6cfeac013/detection http://171.22.30.164 # Reference: https://www.virustotal.com/gui/file/123886464f55b7e5dbb297e437c1569e4521c839a6b2ee643f09e28444ad4424/detection zynova.hawklogger.repl.co # Reference: https://www.virustotal.com/gui/file/431b77e98ebe13cce86d413a73ef77c01aca5b758c66d27837ee9a557d4402f3/detection efvsx.cf # Reference: https://www.virustotal.com/gui/file/aefe5754459fbae160dc381c09ec8d3ad5484f527a1ea9accdb01b2d8f4c45e7/detection http://212.87.204.204 # Reference: https://twitter.com/suyog41/status/1629053362653077505 http://185.246.220.85 # Reference: https://twitter.com/kienbigmummy/status/1632038253443575811 # Reference: https://www.virustotal.com/gui/file/cb87ec5825659ec1919ac6ffdec4b88e4336c0be420c726ceab1917689fdd161/detection # Reference: https://www.virustotal.com/gui/file/97ceffc6a9462c025e344a0b709c3470ff551a914cce1ed209e4ddd63b734182/detection http://185.246.220.60 # Reference: https://unit42.paloaltonetworks.com/lokibot-spike-analysis/ # Reference: https://www.virustotal.com/gui/file/1b574a66c84924886daec4841e1b107258e019aaf6f336329ae8fae7cbd52a34/detection efvsx.gq # Reference: https://tracker.viriback.com/dump.php (2023-03-15) http://142.11.211.144 http://185.246.220.212 http://194.49.94.97 http://23.254.128.166 http://45.139.105.181 allfamax.com assaggip.gq binatbless.me cands.tel cantebo.buzz dopilnram.cf dopilnram.ml dopilnram.tk efvsx.ga efvsx.ml efvsx.tk eleronixzkt.cf hghfe.tk lazarovs.ga s603740.smrtp.ru s604983.smrtp.ru s607323.smrtp.ru sedesadre.gq segoremlolgv.ml teleportstation.tk telexmint.me tompsup.me # Reference: https://www.virustotal.com/gui/file/4518a9d2fc6df7a7968445f7400b95f67ebad90b9bd0ac00220510778f15ef76/detection http://185.10.68.163 # Reference: https://www.virustotal.com/gui/file/069c5cef3137864269c1b8e7e7c4674b2a5fe17cc0310e69b4e1403ea620a51f/detection http://157.245.36.27 # Reference: https://blog.talosintelligence.com/threat-roundup-0421-0428-2/ (# Win.Dropper.LokiBot-9997784-0) # Reference: https://www.virustotal.com/gui/ip-address/69.61.56.73/relations # Reference: https://www.virustotal.com/gui/file/bc0c8696fe49f30edb39ac7c4bce2fa9d48d714298b8b06e883d162752092c34/detection 5673.co.pl abc-xyz-1.waw.pl abc-xyz-2.waw.pl abc-xyz-3.waw.pl abc-xyz-4.waw.pl abc-xyz-5.waw.pl abc-xyz-6.waw.pl abc-xyz-7.waw.pl abc-xyz-8.waw.pl ad-aaaa.bid ad-aaab.bid ad-aaac.bid ad-aaae.bid ad-aaaf.bid ad-aaag.bid ad-aaah.bid ad-aaai.bid ad-aaaj.bid ad-aaak.bid ad-aaam.bid ad-aaan.bid ad-aaao.bid ad-dec1.bid ad-dec10.bid ad-dec11.bid ad-dec12.bid ad-dec13.bid ad-dec14.bid ad-dec15.bid ad-dec16.bid ad-dec17.bid ad-dec18.bid ad-dec19.bid ad-dec2.bid ad-dec20.bid ad-dec21.bid ad-dec22.bid ad-dec23.bid ad-dec24.bid ad-dec25.bid ad-dec26.bid ad-dec27.bid ad-dec28.bid ad-dec29.bid ad-dec3.bid ad-dec30.bid ad-dec31.bid ad-dec32.bid ad-dec33.bid ad-dec34.bid ad-dec4.bid ad-dec5.bid ad-dec6.bid ad-dec7.bid ad-dec8.bid ad-dec9.bid ad-decimal.co.pl ad-jan1.bid ad-jan1.co.pl ad-jan10.bid ad-jan11.bid ad-jan12.bid ad-jan13.bid ad-jan14.bid ad-jan15.bid ad-jan16.bid ad-jan17.bid ad-jan18.bid ad-jan19.bid ad-jan2.bid ad-jan2.co.pl ad-jan20.bid ad-jan21.bid ad-jan22.bid ad-jan23.bid ad-jan24.bid ad-jan25.bid ad-jan26.bid ad-jan27.bid ad-jan28.bid ad-jan29.bid ad-jan3.bid ad-jan30.bid ad-jan31.bid ad-jan32.bid ad-jan33.bid ad-jan34.bid ad-jan35.bid ad-jan36.bid ad-jan37.bid ad-jan38.bid ad-jan39.bid ad-jan4.bid ad-jan40.bid ad-jan41.bid ad-jan42.bid ad-jan43.bid ad-jan44.bid ad-jan45.bid ad-jan46.bid ad-jan47.bid ad-jan48.bid ad-jan49.bid ad-jan5.bid ad-jan5.co.pl ad-jan50.bid ad-jan51.bid ad-jan52.bid ad-jan53.bid ad-jan54.bid ad-jan55.bid ad-jan56.bid ad-jan57.bid ad-jan58.bid ad-jan59.bid ad-jan6.bid ad-jan60.bid ad-jan61.bid ad-jan62.bid ad-jan63.bid ad-jan64.bid ad-jan65.bid ad-jan66.bid ad-jan67.bid ad-jan68.bid ad-jan69.bid ad-jan7.bid ad-jan70.bid ad-jan71.bid ad-jan72.bid ad-jan73.bid ad-jan74.bid ad-jan8.bid ad-jan9.bid ad-nov1.bid ad-nov10.bid ad-nov11.bid ad-nov12.bid ad-nov13.bid ad-nov14.bid ad-nov15.bid ad-nov17.bid ad-nov18.bid ad-nov19.bid ad-nov2.bid ad-nov20.bid ad-nov21.bid ad-nov22.bid ad-nov23.bid ad-nov24.bid ad-nov25.bid ad-nov26.bid ad-nov27.bid ad-nov28.bid ad-nov29.bid ad-nov3.bid ad-nov30.bid ad-nov31.bid ad-nov32.bid ad-nov33.bid ad-nov34.bid ad-nov4.bid ad-nov5.bid ad-nov6.bid ad-nov7.bid ad-nov8.bid ad-nov9.bid ad-oct12.bid ad-oct13.bid ad-oct14.bid ad-oct15.bid ad-oct17.bid ad-oct18.bid ad-oct19.bid ad-oct20.bid ad-oct21.bid ad-oct22.bid ad-oct23.bid ad-oct24.bid ad-oct25.bid ad-oct26.bid ad-oct27.bid ad-oct28.bid ad-oct29.bid ad-oct30.bid ad-oct31.bid ad1track.host adjan100.bid adjan101.bid adjan102.bid adjan102.co.pl adjan103.bid adjan104.co.pl adjan105.co.pl adjan108.bid adjan109.bid adjan110.bid adjan111.bid adjan111.co.pl adjan113.bid adjan114.bid adjan115.bid adjan116.bid adjan117.bid adjan118.bid adjan119.bid adjan91.bid adjan92.bid adjan93.bid adjan94.bid adjan95.bid adjan96.bid adjan97.bid adjan98.bid adjan99.bid adownload9.club adsr2.one adtrack1.club adtrack2.club adtrack6.bid adtrack7.bid adtracker1.club anizan47.bid anizanads.bid anizanbid.bid anizandownland.bid anizanek.bid anizanfile9.bid anizanpromo.bid anizanxml.bid apiowl.waw.pl apiowl1.waw.pl atrack3.bid atrack4.bid atrack5.bid atrack6.bid axtrack1.bid axtrack2.bid axtrack3.bid axtrack4.bid axtrack5.bid axtrack6.bid big7download.club bluedot171.bid bluedot175.bid bluedot177.bid bluedot178.bid bluedot179.bid bluedot180.bid bluedot181.bid bluedot184.bid bluedot231.bid bluedot232.bid bluedot233.bid bluedot234.bid bluedot235.bid bluedot236.bid bluedot237.bid bluedot238.bid bluedownload2.com buba104.bid buba105.bid buba106.bid buba107.bid bziumdownload.bid cxdl30.bid cxdl31.bid dec-1.co.pl dec-10.co.pl dec-11.co.pl dec-3.co.pl dec-4.co.pl dec-5.co.pl downlaod1.co.pl downlaod4.co.pl downloadcom.club downloadio.club downloadux.club downloadux736.club downloadux736.cyou downloadux736.xyz downloadxd.club downloadzoom.club easydownload1.club easydownload2.club easydownload3.club easydownload4.club easydownload5.club ebook-center1.bid fuzzydownload1.club fuzzydownload2.club getdownloadcom.club idown765.club infile1.bid infile3.bid isfile01.bid isfile02.bid isfile03.bid isfile04.bid isfile35.bid isfile36.bid isfile37.bid isfile89.bid isfile90.bid isfile92.bid isfile93.bid isfile94.bid iso-download.co.pl jxxdownload938.site jxxdownload939.site jxxdownload940.site jxxdownload941.site livedomain827.site livedomain828.site livedomain829.site livedomain830.site livedomain831.site mac-versions.club nxtrack1.bid nxtrack2.bid nxtrack3.bid nxtrack4.bid nxtrack5.bid nxtrack6.bid nxtrack7.bid nxtrack8.bid nxtrack9.bid pdown176.club pdown177.club pdown178.club pdownload109.bid pdownload489.bid pdownload545.bid pdownload635.bid pdownload637.bid pdownload639.bid pinkfile39.site pinkfile40.site pinkfile41.site pinkydown1.club pinkydown2.club pinkydown3.club pinkydown4.club pinkydown5.club poyrezbunker.xyz premiumappsforfree.com privatedownload256.club privatedownload257.club privatedownload258.club privatedownload389.casa privatedownload389.cyou privatedownload389.fun privatedownload389.icu privatedownload389.monster privatedownload389.site privatedownload389.space privatedownload389.website privatedownload389.work privdl125.bid privdl188.bid privdl210.bid privdl219.bid privdl241.bid privdl386.bid privdl398.bid privdl486.bid privdl540.bid privdl591.bid privoffer427.bid privoffer429.bid privoffer430.bid privoffer437.bid privoffer445.bid privoffer447.bid rdownloadcom.club rxdownload31.bid rxdownload33.bid rxfile48.bid rxfile49.bid rxfile50.bid rxfile51.bid rxfile52.bid rxfile53.bid software32dl.club step1.waw.pl vidtechblack.club vidtechblue.club vidtechgreen.club vidtechpink.club vidtechred.club vidtechwhite.club vidtechyellow.club zxtrack1.bid zxtrack2.bid zxtrack3.bid zxtrack4.bid zxtrack5.bid zxtrack6.bid zxtrack8.bid zxtrack9.bid # Reference: https://www.virustotal.com/gui/file/e9179d5b024e8d1d72b2338377afdcce5b33bd2272eeb19b2b136d5d8baeded7/detection http://104.156.227.195 # Reference: https://www.virustotal.com/gui/file/03eeb75cca16039018b144a1d6a00d26e7f6e06970ff2bb3d1644ee884573676/detection centos10.com # Reference: https://www.virustotal.com/gui/file/fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5/detection http://185.252.179.165 # Reference: https://threatfox.abuse.ch/ioc/1143971/ http://87.121.47.132 # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ http://103.139.44.52 http://103.156.90.111 http://103.167.85.164 http://103.219.154.200 http://107.175.218.32 http://137.74.157.83 http://138.68.56.139 http://141.98.6.162 http://146.19.233.219 http://146.190.157.174 http://159.89.118.162 http://161.35.102.56 http://172.93.181.75 http://179.43.149.50 http://185.162.10.145 http://185.165.31.194 http://192.3.121.203 http://193.42.32.209 http://194.180.48.58 http://194.55.224.15 http://194.55.224.16 http://194.55.224.9 http://195.133.19.4 http://195.154.34.135 http://198.98.54.161 http://2.59.254.19 http://212.192.246.61 http://216.128.145.196 http://23.239.31.197 http://31.220.40.22 http://37.0.11.227 http://37.139.128.94 http://45.133.174.204 http://45.155.165.70 http://46.21.147.34 http://62.108.40.64 http://63.250.44.84 http://64.227.48.212 http://68.183.13.128 http://79.110.48.215 http://79.110.49.21 http://79.110.62.142 http://79.110.62.42 http://80.208.226.98 http://80.209.231.24 http://85.31.46.190 http://85.31.46.94 http://91.223.82.29 http://93.188.165.64 http://94.131.105.161 http://95.164.23.2 http://95.179.142.132 ab-services.ma abjkad.com aboyus.buzz africa.jithiadaproperties.com aguxobi.buzz arabdocx.buzz asbogadajuli.tk assaggip.cf assaggip.ga assaggip.ml bencus.buzz blacklifestyle.net bobby1.xyz bobibad.co.vu cherubm.site chilok.us chykolands.buzz chykosky.xyz civcxs.xyz climatte.uz darkeyes.co.vu debs.jithiadaproperties.com dlokis.xyz dopilnram.ga dopilnram.gq drinz.us ebelk.us ekens.top eleronixzkt.ga eleronixzkt.gq eleronixzkt.ml eleronixzkt.tk esrmho.com eventovirtualbdb.com filcoco.xyz fufux.xyz gensis-advpg.com gopliu.com gorbachetuts.buzz gorbat.xyz hghfe.cf hmsd.us holinamet.us honghuat.co.vu hyatqfuh9olahvxf.ga impexawards.com internetstores.co.vu itop.so julypc.gq julypc.tk kene.us kossa.xyz lazarovs.cf lazarovs.ml lightgear.co.vu litepad.co.vu login-mail-server.s3rv.me logs1.co.vu mainpage-auth.ml maylnk.gq nice-can.cf ornivska.cf parpee.com payypal.info penairs.ml pgixx.xyz phoenixcreation.in predictindia.co qsbtankers.com qtd8gcdoplav737wretjqmaiy.tk recoverydatahdd.com rnileniaexpress.com s492410.smrtp.ru s505413.smrtp.ru s509040.smrtp.ru s519403.smrtp.ru s519460.smrtp.ru s520723.smrtp.ru satrading.us sedesadre.cf sedesadre.ga sedesadre.ml sedesadre.tk segoremlolgv.cf segoremlolgv.ga segoremlolgv.gq segoremlolgv.tk skbloki.us somontoz.xyz spec.ir stardoors.com.br teleportstation.gq tetiquila.me tixfilmz.cf tixfilmz.gq tixfilmz.ml tjfr.ga ttloki.us uipmcenter.net umulok.us unitedcourierparcel.com walinstitute.com wexno.us xpznl.click ziuxte.online # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-08-15) http://194.55.224.10 edulinkr.com # Reference: https://threatfox.abuse.ch/ioc/1150478/ http://194.55.224.11 # Reference: https://www.virustotal.com/gui/file/b2b6b2635d7a21a6dbce62811b4614d26160fc156fa74592efa7cfb24ffa8b80/detection # Reference: https://www.virustotal.com/gui/file/21675edce1fdabfee96407ac2683bcad0064c3117ef14a4333e564be6adf0539/detection vertebromed.md/temp/ # Reference: https://threatfox.abuse.ch/ioc/1152270/ http://163.123.143.202 http://163.123.143.204 http://163.123.143.215 http://163.123.143.216 http://163.123.143.217 # Reference: https://www.virustotal.com/gui/file/ace4774810376e5dd8bf3131c3dad03ae2c7d1d95a2edea39de42fec95a1cb19/detection backupleads24.sytes.net # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-05) http://141.98.6.249 141.98.6.249:8383 megared.buzz oracover.buzz pelsotin.buzz chandler.megared.buzz enterprisetyubeacam.webhop.me fiorentcamcycle.redirectme.net fresh1.oracover.buzz menufreith.sytes.net # Reference: https://twitter.com/smica83/status/1700079386542645452 # Reference: https://www.virustotal.com/gui/file/e1333b612da8a0435c3e071f057db334c9fec56bd93b51bf0dbfe323eb5045ac/detection 0x0.mitnyik.hu # Reference: https://www.virustotal.com/gui/file/09eb9bffa073b0941732477cafb795d902811282e67208c0dc8544cdc5dd17c2/detection 141.98.6.249:8383 # Reference: https://www.virustotal.com/gui/file/c35a6ebdca67922ec242d49395daebe8295a2508a6557a19e05ee75bef455702/detection 141.98.6.249:6798 141.98.6.249:6868 /hfsdofsugfugsfsjrhfgeygsfs/zsdufhaisudgfszkdfasegvfjffteaskgdfygaosergaksugsyefrgskr/ /hfsdofsugfugsfsjrhfgeygsfs/ /zsdufhaisudgfszkdfasegvfjffteaskgdfygaosergaksugsyefrgskr/ # Reference: https://www.virustotal.com/gui/file/7b460ff8aca9bf842d4935a0d818a0311b675cccf76da964a8ff50443872387b/detection 141.98.6.249:7563 /sfbfghzg/ # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-11) 141.98.6.249:8177 141.98.6.249:8287 141.98.6.249:8623 141.98.6.249:8947 fengpower.buzz solariseng.icu china.fengpower.buzz collins.solariseng.icu # Reference: https://threatfox.abuse.ch/ioc/1163108/ tiscali.buzz sirr.tiscali.buzz # Reference: https://threatfox.abuse.ch/ioc/1163614/ meyervanderwalt.top moore.meyervanderwalt.top # Reference: https://threatfox.abuse.ch/ioc/1163853/ oilrig.sbs official.oilrig.sbs # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-20) http://45.61.169.32 areen.top caesarsgroup.top chinacarbonfiber.buzz ebnsina.top edtagproducts.buzz hncelectric.cf midlandpaper.icu shunfengpower.buzz simcoes.top evil2.simcoes.top fresh1.edtagproducts.buzz fresh2.shunfengpower.buzz kelly.chinacarbonfiber.buzz mous.midlandpaper.icu ugopounds.caesarsgroup.top zang2.areen.top zsin2.ebnsina.top # Reference: https://threatfox.abuse.ch/ioc/1165822/ http://185.216.71.207 # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-25) http://45.77.76.224 aerostarmodel.buzz aluminprodu.top andrebadi.top dhabigroup.top entracollc.top ironoreprod.top pearlgroup.icu topendpower.top alimatata.topendpower.top china.dhabigroup.top collins.ironoreprod.top evil22.aerostarmodel.buzz ffice.aluminprodu.top investor.entracollc.top office.aluminprodu.top sirr2.pearlgroup.icu zsin1.andrebadi.top # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-09-29) spencerstuartllc.top fresh1.ironoreprod.top kelly.spencerstuartllc.top # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-10-10) moodelstore.tel # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-10-16) http://45.12.253.69 45.12.253.69:8168 ftvproclad.top villar.ftvproclad.top # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-10-19) bagsrad.com blueyonderllc.top dolphinair.top ebnsina.top kalnet.top ransomproducts.top 305.ebnsina.top 305friend.caesarsgroup.top blessedjay.dolphinair.top davinci.kalnet.top evil22.dhabigroup.top ify.ironoreprod.top jay.ransomproducts.top link.blueyonderllc.top nab.blueyonderllc.top uche.blueyonderllc.top ugopounds.ironoreprod.top jinodoplacecam.viewdns.net # Reference: https://www.virustotal.com/gui/file/56d16f65b67c4b1ff6e09e36489d507838b92e3ecd8aab44ccbb00e280f933b0/detection almashreaq.top zang1.almashreaq.top # Reference: https://www.virustotal.com/gui/file/97359e9ad711f7cf6faab9eba12037eb496f480ea9a1fdf47559ed8d392df766/detection # Reference: https://www.virustotal.com/gui/file/0e272e91122b2f7abb9888f6336bbdbd01d5492c30f2e0d88742edca1efd9535/detection indexed.duckdns.org # Reference: https://www.virustotal.com/gui/file/c648f85cfb4717429d6c53d6106e2cab940cd43a677be5ac6606984d7dc8d713/detection endeenduque.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.lokipws/ (# 2023-11-18) acutbank.com miners-gold.com swiftguaranteedb.com/dftyh/lokinew/fre.php /lokinew/fre.php # Reference: https://threatfox.abuse.ch/ioc/1204213/ homoeo4u.com/john/Panel/fre.php # Reference: https://threatfox.abuse.ch/ioc/1205079/ topendpower.top prime.topendpower.top # Reference: https://www.virustotal.com/gui/file/f680717659c07ce65766cacf5a108186e38565e91bb0e40e36b07780bb7eb1a3/detection http://217.12.206.218 # Reference: https://www.virustotal.com/gui/file/cf209f1477fa2db39423e1be03acadbcca31029b1c2a19ce2efadda8c099dc6c/detection dcqapz.shop /pws/fre.php # Reference: https://twitter.com/banthisguy9349/status/1736680539770212673 # Reference: https://www.virustotal.com/gui/ip-address/103.215.221.168/relations # Reference: https://www.virustotal.com/gui/ip-address/104.237.252.65/relations bfdlcloud.lol cfgd.in deutsche-aktivierung.ir deutsche-registrierung.ir kwk-identificatie.ir # Reference: https://twitter.com/Gi7w0rm/status/1737981565076967749 mail.newearth-superfoods.com view.nuvaringsideffectslawsuit.com # Reference: https://www.virustotal.com/gui/file/ce6acf3fe7ca9978fcb0183042d1f210cc3003b4a9f8e349c3afe093c954aece/detection saldanha.top # Reference: https://threatfox.abuse.ch/ioc/1233881/ http://139.99.153.82 # Reference: https://www.virustotal.com/gui/file/04b2a609d7908200a05433067de41dbca4d0e930341fa3798b2ccd588111f150/detection novlkyy.shop # Reference: https://www.virustotal.com/gui/ip-address/104.21.46.100/relations # Reference: https://www.virustotal.com/gui/file/7eb68960a6b79e0705d3ca8d54744d29a8744442ea6f232d961558cb1e31a561/detection spencerstuartllc.top roof.spencerstuartllc.top # Reference: https://www.virustotal.com/gui/file/235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3/detection abixmaly.duckdns.org # Reference: https://twitter.com/SarlackLab/status/1751751414752104682 rocheholding.top # Reference: https://www.virustotal.com/gui/file/1e4e8faeba1b1fa5520145bab6d7bb950a4362b4ff3821cbd900f9cc4e7da434/detection http://192.236.162.234 # Reference: https://www.virustotal.com/gui/file/59cfa4ba3c3cec94d4dd4f7cd606e58155f8258c7e5cf001ec29e08183ffc9cf/detection xmail.cfd # Reference: https://www.virustotal.com/gui/file/ebf157f127c5ad505509b7e45474a31d31478d2cf7d4f2a2eb71100b4e9ae96d/detection http://91.92.252.146 91.92.252.146:8002 # Reference: https://www.virustotal.com/gui/file/bbf84fd4fa7ad546805057b6e9a81840260da7655753b45e5d22d860a9d4a0a1/detection 91.92.252.146:8003 # Reference: https://www.virustotal.com/gui/file/ccb8ee71522dcf347b894d126205b7468a18a52f528d23ca86ffbf7357d80587/detection 91.92.252.146:8004 # Reference: https://www.virustotal.com/gui/file/7da9f6c9248f27db228764714777d3584c24eb6c69561b9353050cfe5eb528fa/detection 91.92.252.146:9006 # Reference: https://www.virustotal.com/gui/file/5d453be2591655ea7a303c3549afc86e759a769a5aa9e75855193a2153dbea25/detection 91.92.252.146:8008 # Reference: https://www.virustotal.com/gui/file/366c3e4f90b97f849ae44a2d0f6c6d78b9dab71582e3fbeca225180b39d589b3/detection mauricioclopatofsky.tel # Reference: https://www.virustotal.com/gui/ip-address/64.32.6.209/relations # Reference: https://www.virustotal.com/gui/file/cc335f43842672e7c0a010d69d9bcc6586f1f8237388a294359ed518690d88ed/detection # Reference: https://www.virustotal.com/gui/file/e619acb52d03adec96ae4e467a3b398a9fae20bc53e351c856b229152418343e/detection chase.dns04.com ebanbrown.dynamic-dns.net micosoftoutlook.dns04.com microsoft-01.dynamic-dns.net microsoft-live.zzux.com microsoft.ddns.us microsoftoffice.ns01.us microsoftoutlook.ddns.info microsoftoutlook.dynamic-dns.net microsoftoutlook.dynamicdns.org.uk microsoftpro.dns-report.com microsoftservice.ddns.mobi microsoftservice.dns-report.com microsoftservice.dynamic-dns.net microsoftsoftwareupdate.dynamicdns.org.uk microsoftupdate.dns-report.com microsoftupdate.dynamicdns.org.uk microsoftword.dynamicdns.org.uk offcie-live.zzux.com outlook-live.zzux.com outlookupdate.dynamicdns.org.uk unionspares.25u.com webzz.vicp.cc # Reference: https://www.virustotal.com/gui/file/b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f/detection meridianresourcellc.top # Reference: https://www.virustotal.com/gui/file/320b460785e3f8155ef2b11652493843d293b893a713b66e6d2cb5770e77f5c7/detection # Reference: https://www.virustotal.com/gui/file/bf0db2eda1cc6923349fc6510a00d443e0f1fe3618acc9d46aefc2392c02aeda/detection yiikm.xyz # Reference: https://threatfox.abuse.ch/ioc/1255676/ http://24.199.107.111 # Reference: https://www.virustotal.com/gui/file/7e5bb28ff3ef1590d7b9cb07abd4639c1db273c7a646d4b0ea6774b5e30f54e5/detection # Reference: https://www.virustotal.com/gui/file/4989f0bfd201ba820a8ee658ca5cc3c89812bc7540d7ce3bf22e48b7873a0306/detection http://94.156.67.130 /page/doszx.scr # Reference: https://www.virustotal.com/gui/file/dfb5006b16d8cbcfec9a219b6a1085bf985b7d8c4c19b1a249527ae69d90f659/detection 213.183.58.15:4886 wetransfiles.duckdns.org # Generic /~dasdas/ff.php /~hgyf/?search= /~wpdemo/file.php /.halo/rsd.php /.isuoxiso/w.php /.op/cr.php/ /.tcsogb/ /.tcsogb/gi'v.php /.tcsogb/vc.php /.well-known/pki-validation/w.php /etc/main/l09/ /high/sumy/ltd.php /ibiki/gate.php /logs/omc.php /luck/ag.php /22/2/cgi.php /mor/f/cgi.php /32.php/0qzhfol01ljuv /32.php/209hwrriygnfo /32.php/2fhjw7eqie0rj /32.php/3bi7icv31dccw /32.php/3iwdp1vnotsv8 /32.php/3ljazguigmmjv /32.php/3v16bri6suxpx /32.php/5l0znna7ab6dl /32.php/5mGrB9x77E21g /32.php/5mgrb9x77e21g /32.php/6mr5c1qfwrz4o /32.php/6we0yznidcg3l /32.php/8400chmgujese /32.php/NHNmTUOdS6fzz /32.php/S4wFP8QBww9Tp /32.php/a1nqk98ewcwx2 /32.php/aujmyigbl7jhg /32.php/bmnwlq62x3dhz /32.php/clsdqrhiilvb5 /32.php/cuubrzldzttbs /32.php/cviu8nooolcrf /32.php/deuz9gruoehin /32.php/doglqlrii1o27 /32.php/fhaq3ugei7ni8 /32.php/fn1tojtmzu3td /32.php/fw2pm7fnrpmci /32.php/fxsbyx1k4utzs /32.php/gfdfin96yb4pf /32.php/gi4ujrts3jtjm /32.php/gsoxa3yq3p8ih /32.php/hgp9nhkiide7r /32.php/hgvmlp0umvswm /32.php/hsspki8plzu2g /32.php/hvjgjl5jkemrq /32.php/jyucisqpqtrra /32.php/kfgvwugxlydxb /32.php/kh0lz55275rih /32.php/kmb4f28c3jzi6 /32.php/l6j4kh5oogtj5 /32.php/ly0xuvgkjma3b /32.php/ngbv5izqdfzrl /32.php/nhnmtuods6fzz /32.php/npqcl6elqb1mw /32.php/ntbxo1knhre3c /32.php/nuldton9sbn3g /32.php/o0zzsfefa0s9k /32.php/ocgtdefq2swdx /32.php/pwdpseliromqv /32.php/pxqvbj1ory8md /32.php/pydakox9ety5y /32.php/qb0gq2gklyuou /32.php/qmluucoah0bzk /32.php/qqojjujm8byet /32.php/qyozifpk5owce /32.php/s396ka3xazwy1 /32.php/s4wfp8qbww9tp /32.php/s7zr5v1fxi3rb /32.php/sczbkxcqzqyvr /32.php/tavywqro1iiy4 /32.php/tfqt7rifxpw3w /32.php/tv9f9towml3dq /32.php/uo2q8e3iznlpa /32.php/vkuep8jt3rhq5 /32.php/w2gf0zvk0cv5n /32.php/wkdb8tpicodoq /32.php/xqqt9mzag0t6v /32.php/yjfku88zv6lc0 /dsaicosaicasdi.php/bI7xvNbnxScDp /dsaicosaicasdi.php/nGBv5iZqdfzrl /gugufdre.php/NHNmTUOdS6fzz /k.php/0qzhfol01ljuv /k.php/1ffrfnkqx9s48 /k.php/209hwrrIygNFO /k.php/209hwrriygnfo /k.php/2l5ke2lif96yu /k.php/3bZQklG6hGLlX /k.php/3bzqklg6hgllx /k.php/3ljazguigmmjv /k.php/5fdronm5pxizh /k.php/5l0znna7ab6dl /k.php/6we0yznidcg3l /k.php/7MPTLmOD4nAsj /k.php/7mptlmod4nasj /k.php/8F1Wz9GpS2l8W /k.php/93fzgk5iipsgc /k.php/9n12ima5kra6y /k.php/a7QhUqOAwuKQ2 /k.php/a7qhuqoawukq2 /k.php/aghiinzrvufqi /k.php/AIbQb9SX9TP4Q /k.php/arzt1yuf26ojv /k.php/dbepepyej6qjn /k.php/gfdfin96yb4pf /k.php/hhq0lrvuyhpmx /k.php/hsspki8plzu2g /k.php/kh0lz55275rih /k.php/kmb4f28c3jzi6 /k.php/l8icssgxcvazg /k.php/la2mtqe7mrzvc /k.php/llzttkhskaaaf /k.php/ly0xuvgkjma3b /k.php/mvm4bzptu0i2s /k.php/o3d3eiu7cutlh /k.php/oawlc954mcfko /k.php/om5h4e8yrj8g3 /k.php/oud6quwaq00qx /k.php/psdpyp0ignd7t /k.php/pxqvbj1ory8md /k.php/qmluucoah0bzk /k.php/qqdv4aft6ob1s /k.php/qqzri6xmlsi34 /k.php/rhtktwvhgvgvs /k.php/s30hiblgfgkiy /k.php/sczbkxcqzqyvr /k.php/sqriw2va3rnpz /k.php/t9pxt9pd0nqm9 /k.php/tavywqro1iiy4 /k.php/tfqt7rifxpw3w /k.php/tqlqrv9lpokau /k.php/udyg1fhnl70rt /k.php/vfUK4zeelBmNW /k.php/whb9azuvv5wzb /k.php/wkdb8tpicodoq /k.php/wlmbsvczvslos /k.php/xrjgppvqgibin /k.php/yefjbphgqgdjo /p.php/3bzqklg6hgllx /p.php/3g7lxZzzM12qa /p.php/6LCNCuwTJZMVe /p.php/7MPTLmOD4nAsj /p.php/8efelx93dnlc9 /p.php/FgbebrOHmwbrQ /p.php/Gs8nhPqptLJln /p.php/S7zr5v1fXI3Rb /p.php/TABGAUKhpT2hu /p.php/UjL7jh4u2t3CH /p.php/a7qhuqoawukq2 /p.php/arzt1yuf26ojv /p.php/dT1AczPg2GOit /p.php/jpmhpg6nc7cut /p.php/lJ606117cGKwY /p.php/nslswzmawjww1 /p.php/oawlc954mcfko /p.php/qmluucoah0bzk /p.php/qqdv4aft6ob1s /p.php/vtjfumjc5kr48 /p.php/xifaarhhnhtoa /S7zr5v1fXI3Rb /bI7xvNbnxScDp /t/e/cos.php /$01/5l/h/site.php /$01/b1/c/site.ph /$01/t7/x/site.php /$01/zC/f/site.php /iH/cy/l/site.php /iH/da/!/site.php /amb/0/site.php /b0/t8/site.php /bu/!!/site.php /m/2/site.php /ne3/h/site.php /r!/e/site.php /t70/H/site.php /vp-/9/site.php /liv-01/pin.php /slice/pin.php /3i030/pin.php /3yt00/pin.php /qd-7lv1/pin.php /tyi/pin.php /m0ham/pin.php /mmc/300/pin.php /non/z/pin.php /morx/1/cgi.php /rozay/pin.php /chikincho/fina.php /makave/fina.php /monyman/gate.php /newman/fina.php /omega/fina.php /vvd/fina.php /zanku/fina.php /zmzmz/file.php /zszszs/file.php /fre.php /Lokii_Panel.zip /oy1vwB10bvfF3 /receipmt/regasm.exe /m0ha/0/pin.php /bo22/1/pin.php /dsaicosaicasdi.php /gugufdre.php /koko/mm.php /uu/koko/mm.php /Loki%20builder.exe /Lokii_Panel.zip