# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/threat-insight/post/gootkit-banking-trojan-jumps-channel

swysocki77.com
gorski83.com
ostrowski87.com
jasinski2015.com
olszewski78.com
pozheeshebudem.com
freforevermailtes.com
nidermidertom.com
ecuremailbestfree.com
securewebgooglesite.com
robertpouslen12494.pw
robertpouslen1234524.com
update-service7825t28.com
domolor.com
babosikimne.com
babosikidai.com
vaillantsawer.com
proballansmen.com
reputamadrell.com
lastrizariano.com
rokobarokkino.com
artipreambulo.com
trequablaster.com
pretriquestro.com
rebellintosto.com
mellicianactr.com
abc.doitgraphic.org
updatebase.bid
shop.lifexcellence.org

# Reference: http://www.broadanalysis.com/2017/03/13/rig-exploit-kit-via-eitest-delivers-gootkit-banking-malware-2/

duplanty.top

# Reference: https://www.cert-pa.it/news?id=10536

sph.expoartshop.com

# Reference: https://twitter.com/James_inthe_box/status/1102904911212101634

vancouverislandprocessor.com

# Reference: https://twitter.com/James_inthe_box/status/914111090425917440
# Reference: https://pastebin.com/T2ryBWdZ

/rpersist4/

# Reference: https://twitter.com/JAMESWT_MHT/status/1113395985043079169
# Reference: https://sugitamuchi.hatenablog.com/entry/2019/04/13/224350 (JP-lang)

/loadercrypt_823EF8A810513A4071485C36DDAD4CC3.php

# Reference: https://www.joesandbox.com/analysis/117861/0/pdf

/crypt0DD1D2637FDB71097213D70B94E86930.php

# Reference: https://twitter.com/VK_Intel/status/1006545151823613952

ftps.layermag.com
lab.aplusstatus.com
0.turkcedusunturkcekonus.com

# Reference: https://twitter.com/malware_traffic/status/767852827200761856

apsoo3k2i.ahgsuy3829.top

# Reference: https://twitter.com/Racco42/status/1063412662623760385

ppp.picchio-intl.com
ricci.bikescout24.fr

# Reference: https://twitter.com/BroadAnalysis/status/815211105664565248

cedar.igrooveweb.com
salsx.sedtinterrighthe.top

# Reference: https://twitter.com/BroadAnalysis/status/788400179091214336

acc.arabicdessert.co
kd67.prmhohzsl.top

# Reference: https://twitter.com/BroadAnalysis/status/782996903025844224

b6l2op.dxzvkr.top

# Reference: https://twitter.com/malware_traffic/status/766412267063607296

dmqxmz.lowashemterle.top

# Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/

ami.sigaingegneria.com
erre.effe-erre.es
filuetrama.top
martatov.top

# Reference: https://twitter.com/reecdeep/status/1130497379411595266

fila.heathercrowe.ca
koohy.top

# Reference: https://app.any.run/tasks/77932db7-ffb1-409a-9b28-9cf6c8e70c1c/

fila.su170.org

# Reference: https://twitter.com/reecdeep/status/1136950470696681473

it.goodvibeskicking.com
tru.cheersportacademy.com

# Reference: https://twitter.com/reecdeep/status/1139063611681325056

kohe.even-air.com
ove.resourceny.net

# Reference: https://twitter.com/reecdeep/status/1139436492152102912

box.therusticsandbox.com

# Reference: https://twitter.com/James_inthe_box/status/1141326136212766720

checkcacheonline.com

# Reference: https://twitter.com/abuse_ch/status/1141330445663113218

onlinecachecheck.com

# Reference: https://www.cert-pa.it/notizie/campagna-gootkit-tramite-jasperloader-verso-pubbliche-amministrazioni/

fattura.directionalforcedrive.com
majorleaguepub.com
calc.1407cty13pec.com
koh.191northfront.com
karysmarie.me
otnhmtkwnz.top

# Reference: https://twitter.com/reecdeep/status/1153248954911514625

me.karysmarie.me

# Reference: https://twitter.com/reecdeep/status/1156085593148932097

koh.corkysfreshwater.com
lucky.bayonetbreakers.com

# Reference: https://twitter.com/reecdeep/status/1156866545651474432

drive.deescreationstore.com
kope.deessolutionsdemo.com

# Reference: https://twitter.com/reecdeep/status/1159353959271845888

me.woodlandsareareview.com

# Reference: https://twitter.com/reecdeep/status/1159349342144253954

drive.gstroop4822.org
free.deescreationstore.com

# Reference: https://twitter.com/reecdeep/status/1158754365559193602

me.kaleighrose.me
otnhmdmwnz.top

# Reference: https://twitter.com/reecdeep/status/1158751070425763840

soft.photosbydee.com

# Reference: https://twitter.com/peterkruse/status/1158761928736628736

bill.newsrental.net
help.skofirm.org
zgzimdqwnj.top

# Reference: https://twitter.com/reecdeep/status/1156866545651474432

drive.deescreationstore.com
kope.deessolutionsdemo.com

# Reference: https://twitter.com/reecdeep/status/1164503528271990784

hop.hopedaleweb.com
web.tilmonday.com
wws.no-shirt-no-shoes.com

# Reference: https://twitter.com/reecdeep/status/1164508719742423044

hop.hopedaleweb.com
zgzimdkwod.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1164511396849160193

web.cfmontessori.com
wws.dbimages.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1169549992345985025

wow.doorattendants.com
me.jmitchelldayton.com
web.speakingofhome.com
pro.prosperitybookkeeping.net

# Reference: https://twitter.com/reecdeep/status/1171022723587420162

ser.jonnalbandian.com
wws.christinedavies.biz
vps.healinglightwithin.com
it.its1ofakind.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1172515470202871808

ser.jonnalbandian.com
wws.christinedavies.biz
you.cypressstakeyouth.com
adp.mjmentertainment.com

# Reference: https://twitter.com/MBThreatIntel/status/1174471949059125248

adp.reevesandcompany.com
beta.madeintaylors.com
picturecrafting.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1175128962919542785

guipicturecrafting.site

# Reference: https://twitter.com/reecdeep/status/1176407972249001984

wws.breebrasil.com
wws.guidemyhunt.com

# Reference: https://twitter.com/reecdeep/status/1176414815033679873

web.speakingofhome.com
pro.prosperitybookkeeping.net

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Malware.Gootkit-7333291-0)

cibariefoodconsulting.com
hymnsontap.com
its1ofakind.net
jmitchelldayton.com
kaleighrose.me
karysmarie.me
kkillihhy.top
mjmentertainment.com
otnhmdmwnz.top
picturecrafting.site
reevesandcompany.com
simplebutmatters.com
thebellamyfamily.me
ttbuilders.com
woodlandsareareview.com

# Reference: https://twitter.com/deepspacesc/status/1133755269836693506

capfaregreem.eu

# Reference: https://any.run/malware-trends/goodkit (Note: as seen on 2019-12-04)

web.speakingofhome.com
home.ktxhome.com
home.hopedaybook.com
beta.madeintaylors.com

# Reference: https://app.any.run/tasks/18e0b136-bfa9-4837-8ea7-5ee4a6a732e9/

kasdima.top

# Reference: https://twitter.com/0xCARNAGE/status/1246485252903702528
# Reference: https://app.any.run/tasks/137d26a0-a94a-414b-a953-711647b4093b/

medicinecomplete.com

# Reference: https://twitter.com/ffforward/status/1326144202997166084
# Reference: https://twitter.com/ffforward/status/1326144205106909185
# Reference: https://tria.ge/201110-shdmh4swv6/
# Reference: https://bazaar.abuse.ch/sample/416215d488021e257a7a0552efd53ca8e80b6d066135cbf94dab5b898612c6e7/
# Reference: https://www.virustotal.com/gui/file/30c57c642bb1fc530f6a22718c8eec2b6a6834b2165168a7567c4cee4d298037/detection
# Reference: https://www.virustotal.com/gui/file/35fd40cd3529e9b39b363bba62990949468f3a97ebb7e30e0f7629a64ae3c1d3/detection

chaabattent.com
kerymarynicegross.com
kladrykroptur.com
kvaladrigrosdrom.top
madregobilsg.com
pillygreamstronh.com

# Reference: https://securelist.com/gootkit-the-cautious-trojan/102731/
# Reference: https://otx.alienvault.com/pulse/60be30837c3f13bb72131f36

kerymarynicegross.top
kvaladrigrosdrom.top
lbegardingstorque.com
pillygreamstronh.com
scellapreambulus.top

# Reference: https://www.virustotal.com/gui/ip-address/185.130.104.179/relations
# Reference: https://www.virustotal.com/gui/file/89450d2a60569fb344706de0f1d2105dfb60cfec7118f8d517a2ad0022697fad/detection

admovinseth.com
insourcehawaii.com
vinsethteas.com
dp.insourcehawaii.com
lps.admovinseth.com
xrp.vinsethteas.com

# Reference: https://www.virustotal.com/gui/file/1d0030552e6ff56b7d5469c869af95f0e315888568c00ff2c85da6ba6efa9d4c/detection

195.22.26.252:8080
195.22.26.252:6969
195.22.26.253:6969
ere5453.com
vip.ere5453.com

# Reference: https://twitter.com/GootLoaderSites/status/1514211046629814272

kepw.org
korsakovmusic.com

# Reference: https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
# Reference: https://otx.alienvault.com/pulse/6278f9624d491d800adf4944

jp.imonitorsoft.com/test.php?hjkiofilihyl=
junk-bros.com/test.php?hjkiofilihyl=
kakiosk.adsparkdev.com/test.php?hjkiofilihyl=
/test.php?hjkiofilihyl=

# Reference: https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
# Reference: https://otx.alienvault.com/pulse/62e3c4e56e6b1aff022c72ff

http://89.238.185.13

# Reference: https://tria.ge/220802-qrqatsfcf5/behavioral1

/test.php?xkiutrbcfgqble=

# Reference: https://tria.ge/220802-xhw6cabcgr/behavioral1

/test.php?wiliidivzlonkb=

# Reference: https://tria.ge/220728-tgsvrahbb3/behavioral1

/test.php?rgfufxdpdybaw=

# Reference: https://tria.ge/220728-msbmaaehf6/behavioral1

/test.php?pmfvhcbyovwmpdyx=

# Reference: https://twitter.com/AvastThreatLabs/status/1561685383368286210

frerecapucinbenin.org/search.php
giuseppedeluigi.com/search.php
kettlebellgie.be/search.php

# Reference: https://www.virustotal.com/gui/file/acf7ed3990f94b5c55dfb66537b8ec8ffc8b44855f6107934e750377d1831fb0/detection

195.22.26.253:8080
195.22.26.254:8080

# Reference: https://www.virustotal.com/gui/file/7b376ed4e818dd70ec3c07b366da439cc194694186abacc535708f090f1affbc/detection

193.166.255.171:8080
23.253.46.64:6969

# Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/

http://5.8.18.159
http://5.8.18.7
138.197.222.36:443
1c-kursy.online/download.php
1fc-muelheim.de/download.php
5esaison.ch/download.php
7x3.jp/download.php
8659design.se/download.php
aaa-studios.de/download.php
aadesignstudio.it/download.php
aandjaudhali.com/download.php
abbazia.hu/download.php
abdmedia.online/download.php
abe.bethmcmillian.com/download.php
aboveandbeyondmovers.com/download.php
abt.hu/download.php
academics360.valaprime.com.ng/download.php
acc.odrtechinc.com/download.php
accessi.altaroma.it/download.php
acil.m-g-n.me/download.php
acuicultura.ihcantabria.com/download.php
adamolam.co.il/download.php
adamsarhan.com/download.php
aderbuild.com.au/download.php
adila.sabluxgroup.com/download.php
admisiones.ipac.edu.ec/download.php
adolphi-stiftung.de/download.php
adriaticdeluxeapartments.com/download.php
aerotechcaps.com/xmlrpc.php
afschools.vermilion.com/download.php
agent.seektobe.com.au/download.php
ahp-microsite.knockmedia.dev/download.php
aidemy.net/download.php
aikido-secrets.co.il/download.php
airtechsystem.co.jp/download.php
akademos.com.ar/download.php
aktoto.eu/download.php
al-hazam.com/download.php
alabuscnc.com/download.php
alarmz.co/download.php
alaynabowman.com/content.php
albertoferreira.art.br/download.php
alethium.com/download.php
alexeasytechnology.co.za/download.php
alfabets.pl/download.php
almazova.space/download.php
alpharealestate.amaseon.com/download.php
alsalamatryon.com/download.php
alteronreit.com/download.php
alumbramento.com.br/download.php
amatosport.pl/content.php
amatus.office.thexroadz.com/content.php
ambersdogwise.nl/content.php
amg.rmutk.ac.th/content.php
amthanhthongbao.com/content.php
ancrages.ca/content.php
anee.ee/content.php
annett.ca/content.php
anphatedu.com/content.php
antbee-corp.demodemo.link/content.php
antoun.com.au/content.php
api-help.100px.com/content.php
apostocatering.gr/content.php
app.ykasandbox.com/content.php
apparences-magazine.be/content.php
apuestagolf.com/content.php
ar-d.jp/content.php
architectuur.webdesignbrabant.net/content.php
armin.mls-test.ch/content.php
art.barakaconsultants.com/content.php
artidesign.studio/content.php
artisanvinegar.co.uk/content.php
asi-instruments.com/content.php
askyadoc.org/content.php
atelierceline.fr/content.php
atlantacreditrepair.info/content.php
atopicschool.co.il/content.php
augustynbaran.pl/content.php
autocars-sapporo.com/content.php
avada2.ladygym.ro/content.php
avindustry.org/content.php
avls.com.ph/content.php
avocadobar.mls-test.ch/content.php
azitgroup.com.au/content.php
backlogworld.demodemo.link/content.php
bagat24.de/content.php
baltimorecreditrepair.info/content.php
bams.co/content.php
bannisterministry.org/content.php
baohomnay365.com/content.php
barwyszkla.pl/content.php
bassanglersofmichigan.com/content.php
bbqaddicts.fr/content.php
bctambore.com.br/content.php
bddlandscaping.com/content.php
beachfront.demodemo.link/content.php
beauty.audreylyllian.com.br/content.php
bellevue-tourtour.com/content.php
benettonrugby.it/content.php
benlloc.es/content.php
bergenadvokatene.no/news.php
bestervergleich24.de/news.php
beta.voxpublica.no/news.php
bevdev.freshcreative.com.au/news.php
bfa.csrcpall.com/news.php
bfasa.co.za/news.php
bialpro.pl/news.php
bigbobspizza.com/news.php
bildwein.pieroth.de/news.php
biosage-saudrune.fr/news.php
biozek.com/xmlrpc.php
birbeslenme.com/news.php
biyuu.net/news.php
blakwaveproductions.com/news.php
blessed-trinity-parish.org/news.php
blog.annelie-voyage.com/news.php
blog.atelierceline.fr/news.php
blog.cerebelum.net/news.php
blog.defouw.org/news.php
blog.denelan.com/news.php
blog.france-langue.fr/news.php
blog.progamma.com/news.php
blog.wo365.com/news.php
bluefrontmagnetics.com/news.php
bna.tframe.de/news.php
bng-old.theapsgroup.scot/news.php
boyarskymurphy.com/news.php
cpbrandindia.com/xmlrpc.php
dogsfun.net/download.php
dolphins.needeepindesign.com.au/download.php
dozecomunicacao.com.br/download.php
dpiadmin.dpipreview.nl/download.php
drammensadvokatene.no/download.php
drewhuddleston.com/download.php
drguentert.mls-test.ch/download.php
drift.rayna-web.fr/download.php
druczki.pl/download.php
duinbehoud.nl/download.php
dwe.amaseon.com/download.php
easiestbatteryrepair.com/download.php
ecomuseodellegrigne.it/download.php
eigoboo.bulog.jp/download.php
eiradio.com/download.php
elektrykstaszow.pl/download.php
elmartecnologia.com.br/download.php
emailbuilder.a6uat.co.uk/download.php
embroiderybadge.rfstaging.co.uk/download.php
encompassproperties.com/download.php
energiemc2.com/download.php
erdalcengiz.com/go.php
esmmprev.dev.interstrand.com/download.php
espacoememoria.org/download.php
estarque.com.br/download.php
ets2.gr/download.php
eucontab.com.br/go.php
euskaljakintza.com/go.php
existeraboutdeplume.fr/go.php
expoteam.ro/go.php
eyu.net/go.php
fafa.ysdong.top/go.php
fahrschulethomas.com/go.php
farbenspiel-trier.de/go.php
farwestlandscape.net/go.php
fas.wyb.ac.lk/go.php
ffsimv.gr/go.php
fincompara.co/xmlrpc.php
firmenakademie.com/go.php
fisika.uad.ac.id/go.php
foblesproject.pl/go.php
formacion.energy-minus.es/go.php
freeintalk.co/go.php
freeintalk.com/go.php
freudeundheilung.de/go.php
fysiotherapie-panken.nl/go.php
gabycampo.com.ar/go.php
gasperinieps.it/go.php
gazette.cercledeyoga.fr/go.php
gebruederbild.com/go.php
gehrels.info/go.php
gghengineers.com/go.php
ggse.us/go.php
ghandchifamily.com/go.php
ghostapp.co.uk/go.php
ghostheads.gbgrid.com/go.php
giccmedical.com/go.php
glaudio.com.au/go.php
glendonlee.com/go.php
gremlin.net/go.php
gullkorndesign.com/go.php
gullkorndesign.de/go.php
gutenberg.marketing-flash.dd/go.php
gutenberg.marketing-flash.de/go.php
hadleymothersclub.org/go.php
hair-med-krakow.pl/go.php
hair-med.com.pl/go.php
ilpiccolocampo.it/blog.php
imago-dp.com/blog.php
inerino.co.za
jonathanbartz.com/test.php
karbonaudit.cf/test.php
kwagalafoundation.nl/test.php
lacocinadefrabisa.lavozdegalicia.es/test.php
lakelandartassociation.org/test.php
lakeside-fishandchips.com/test.php
lenovob2bportal.com/test.php
lesriceysimports.com/test.php
lha.co.ke/test.php
livesports.co/test.php
moussokouma.de/xmlrpc.php
my-game.biz
pillardeploymentretreat.com/xmlrpc.php
satoyamasafu.com/content.php
secora.cl/content.php
setman.es/content.php
seyhanaluminyum.com/content.php
sheffieldcoronarysociety.org.uk/content.php
sicherheitsingenieure-huber.de/content.php
sicilyin.com/content.php
silpa.co.in/xmlrpc.php
slimdiet.eu/content.php
smartcontracts.nl/content.php
spyadviser.com/content.php
srdemolition.com/content.php
studio-lapinternet.fr/content.php
szipe.org/faq.php
talentree.fi/xmlrpc.php
tavernelentrepot.be/faq.php
thediarytours.com/faq.php
thekyhomeinspector.org/faq.php
tillit-hjarta.se/faq.php
tvsguides.com/xmlrpc.php
twoviewsmovies.com/faq.php
vacanzenelmediterraneo.com/faq.php
valentinhenning.de/faq.php
vasktextil.com/faq.php
vecctor.lazyls.co/faq.php
verlaghausundmarkt.de/faq.php
villa-rosenrausch.de/faq.php
vojens-trailerudlejning.dk/faq.php
vrouwenversierentips.org/faq.php
waffen-seilz.de/faq.php
webdesignbrabant.net/faq.php
werbefirma.hamburg/faq.php
whitepanama-films.com/faq.php
wiccinigeria.org/faq.php
wild-confetti.com/faq.php
wonderfulegypttours.com/faq.php
worpswede-blog.de/faq.php
wtcomms.co.uk/faq.php
wyndemeredesigns.jonfarrell.io/faq.php
xaderbuild.com.au/download.php
yec.edu.mm/xmlrpc.php
yvesrobert-decoration.com/faq.php
za-co-za.co.za
zen-altitude.fr/faq.php
zhongguotese.net/faq.php
/tmp_it22/test_zip2/loader_zip.js

# Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2023-09-20)

gutesherz.or/go.php
heartwoodproperties.com/blog.php
heike.teofilius.de/blog.php
heldenfutter.de/blog.php
ikhwarn.com/blog.php
ikwilvanmijnpoloaf.nl/blog.php
ilovealtona.org/blog.php
images.cjp.mx/blog.php
imas.uk.com/blog.php
informatyczny.expert/blog.php

# Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2023-10-22)

herbert-strohmaier.de/blog.php
heuberg-einrichtungen.de/blog.php
hockeycorner.net/blog.php
hoco-moebel.de/blog.php
hologramy-kolekcjonerskie.pl/blog.php
hslawcorp.com/blog.php
ibirtm.pl/blog.php
imago-int.eu/blog.php
inprojexautomotive.com/blog.php
insource.nz/blog.phheatherwoodpta.org/blog.php
inspiration4fitness.de/blog.php
ippm.dk/blog.php
iprommark.com.ua/blog.php
iuic.de/blog.php
jacksworkspace.com/blog.php
johnryan.ie/blog.php
jphilippeau.com/blog.php
junkwize.passionstaging.co.uk/blog.php
jvasky.com/blog.php
kalendarze.merkuriusz.pl/blog.php
kantarellstigen1.se/blog.php
kapsalonbrand.nl/blog.php
karlshamnsfotoklubb.se/blog.php
kavoshpos.com/comments.php
keltek.co.uk/comments.php
kendalwills.co.uk/comments.php
kform.innan.net/comments.php
kiezradler.de/comments.php
kiub.cosavostra.com/comments.php
kizys.net/comments.php
korelyakov.com/comments.php
kr.newyork-english.edu/comments.php
kraftyadvantagemarketing.com/comments.php
krippenfreunde-schnaittenbach.de/comments.php
kristiansandadvokatene.no/comments.php
kuckste.de/comments.php
kwiatkifranciszka.edu.pl/comments.php
laboratoriocitrico.com/comments.php
legalny.com.pl/comments.php
lepanam.com/comments.php
lewispublishing.org/comments.php
limbus-holding.de/comments.php
local.silly-beer.com/comments.php
manfredfohringer.de/comments.php
manfredritschard.com/comments.php
markadsrad.ru.is/comments.php
marketdriven.chevronmarcom.com/comments.php
marketstrategiesmgmt.com/comments.php
maxguenter.de/comments.php
mcnazamecku.net.scms.sq1.io/docs.php
mdsbio-tech.com/docs.php
media-accelerator.it/docs.php
meekoppelen.klimaatadaptatie.nl/docs.php
mein.miteinander.reisen/docs.php
members.bonusbomber.com/docs.php
mercedes5pluss.no/docs.php
metagaming.tv/docs.php
metodabls.pl/docs.php
midwayfun.client.dev.rocketeffect.com/docs.php
mindfully.vn/docs.php
mirabilismusic.net/docs.php
mirazbakery.com/docs.php
mitgliederbereich.frederik-malsy.com/docs.php
mittnyahem.com/docs.php
mkbwindows.co.uk/docs.php
modatrends.nl/docs.php
moeve-schmelz.de/docs.php
mooreinsure.net/docs.php
motociclistagiapponese.com/docs.php
movingtonewzealand.org/docs.php
mps.rfstaging.co.uk/docs.php
mvz-ansbach.de/docs.php
my.freeintalk.com/docs.php
mycom.global/docs.php
myhealthspin.com/docs.php
myinternetchapel.org/docs.php
myoldcountryhouse.com/docs.php
myuoh.org/docs.php
mywinthropcondo.com/docs.php
nado.ca/docs.php
naniwa-ginzaaward.hisaki-design.com/docs.php
natrumax.com.vn/docs.php
nattivos.com/docs.php
nbconstructor.com/docs.php
nblandgroup.com/docs.php
nebo-trk.com/docs.php
netherlands.qolsys.com/docs.php
new.clovercars.net/docs.php
new.scratch-build.com/docs.php
newireluck2.com/docs.php
newperspectivellc.com/docs.php
news.soxo.bet/docs.php
nextgenlead.org/docs.phpp
nhakhoablossom.vn/docs.php
nicholasoflondon.co.uk/docs.php
ninapodiatry.co.uk/docs.php
no.sexydate.world/docs.php
nocknock.io/docs.php
nordics.qolsys.com/docs.php
northshoregreencare.co.nz/docs.php
nortproperties.se/docs.php
np.lostsoulsuk.com/docs.php
nsdayan.com/docs.php
oaklanddental.org/news.php
obrecht.agentenpreview.com/docs.php
obrobkacieplna.com/docs.php
obsessive.business/docs.php
ocatio.co.uk/docs.php
occhio.com.au/docs.php
oceanprezentow.pl/docs.php
odal.codeium.dev/news.php
ogaki-asobanight.com/news.php
okidok.se/news.php
oldtimertreffen-rethem.de/news.php
ondrejklicpera.cz/news.php
orangeprint.pl/news.php
orsomedia.cosavostra.com/news.php
ouchi-work-mei.com/news.php
pacoprian.es/news.php
palitaliawines.com/news.php
pandr.pandroutsourcing.com/news.php
parafianieboczowy.pl/news.php
paragonprinting.co.uk/news.php
parencyivf.com/news.php
parentpipelineproject.org/news.php
pasta-mania.it/news.php
path4hosts.com/news.php
pax-anders.de/news.php
pecatonicabeer.com/news.php
penzion-bawaria.cz/news.php
pepelu-staging.01staging.site/news.php
pitt.com.br/news.php
pokojechancza.pl/news.php
portugal.qolsys.com/news.php
powerthruconsulting.com/news.php
quangcaolcd.com/save.php
quote.keydesignwebsites.com/save.php
racingclub-saintcernin.fr/save.php
radium-audio.com/save.php
railway.net.tw/save.php
rallysweden.com/save.php
ranmabooks.com/save.php
rbarcia.pt/save.php
reallifecomics.com/save.php
rechtsanwalt-wucherpfennig.de/save.php
reformasceibo.es/save.php
reisebloggerwelt.de/save.php
rencontrenationaledanse.fr/save.php
restauracekup.cz/save.php
restaurangfolkparken.se/save.php
rezetennisclub.fr/save.php
ringco.ir/save.php
ringkhodro.ir/save.php
rishish.com/save.php
rodrigofischer.com/save.php
running.hkcosmo.com/save.php
russondesign.com/save.php
rvonkruger.com.br/save.php
rz-menden.de/save.php
salarquitectura.es/save.php
salsadk.dk/save.php
sandbox.herzek.net/save.php
sato-transport.net/save.php
sbc.gold-ichiba.com/save.php
scheiff.eu/save.php
schoolreport.belperschool.co.uk/save.php
schroederdennis.de/save.php
schuitemaker.twentepc.nl/save.php
shodo.cosavostra.com/save.php
shop.roseofsharon.hk/save.php

# Reference: https://securityintelligence.com/x-force/gootbot-gootloaders-new-approach-to-post-exploitation/
# Reference: https://otx.alienvault.com/pulse/655343a01d5cec168a522f27

63factory.jp/wordpress/xmlrpc.php
contentstudent.com/xmlrpc.php

# Reference: https://app.any.run/tasks/8d4ea302-a822-46b2-bb2b-51a1dd052dc0/

/sRSVYdkWbWU11.bin

# Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2023-12-05)

inerino.co.za/index.php
insource.nz/blog.php
mpvip.com.br/docs.php
musically.shift-m.com/docs.php
oneminutechallenge.hu/news.php
onlineandon.com/news.php
openday.mcs.it/news.php
pinklittlenotebook.com/news.php
planex.wjg.jp/news.php
po.csrcpall.com/news.php
preprod.lelit.fr/news.php
prestburycheshire.com/news.php
probono.6600dev.com/news.php
project-ile.net/news.php
projectboxmedia.com/news.php
propertyshopofthecarolinas.com/news.php
quind.de/news.php
sikasonhiep.com/blog.php
slottje.com/blog.php
smarttours.ro/blog.php
smd.agency/blog.php
snopro.eu/blog.php
sonnenkirche.de/blog.php
spd-haltern-am-see.de/blog.php
spenden.procamp.org/blog.php
spice.ehero.es/blog.php
spielsand-kaufen.com/blog.php
squarechapel.co.uk/blog.php
stadnicka.com/blog.php
staging.aoibhneas.org.scms.sq1.io/blog.php
staging.ivet.edu.au/blog.php
starli.top/blog.php
stavangeradvokaten.no/blog.php
stefangubser.com/blog.php
stromduellen.no/blog.php
studentalpharotterdam.nl/blog.php
studiocircle.co.uk/blog.php
studiotapas.com/blog.php
sunbattery.ir/blog.php
sunnhordlandantirust.no/blog.php
supergaywedding.com/blog.php
support.aidemy.net/blog.php
survey.ykasandbox.com/blog.php
suzukikougei.co.jp/blog.php
svoy.pro/blog.php
swartauto.nl/blog.php
t03imd.info/blog.php
tanakakoichi.com/blog.php
tarabuhagiar.com/blog.php
tascareaga.com/blog.php
tasmanrevival.com/blog.php
tattoocapilar.com/blog.php
taxexemptconsultants.com/blog.php
tcservices.com/blog.php
teamdioxide.com/blog.php
technologiczni24.pl/blog.php
telefonteknik.se/blog.php
tennesseescholars.org/blog.php
test.calcanto.de/blog.php
test.odrtechinc.com/blog.php
textart.nonhoff.info/blog.php
the-hope-foundation.kdconnect.uk/blog.php
the-other-milk.com/blog.php
theJKinz.com/blog.php
thechip.shop/blog.php
theconniewong.com/blog.php
thedovepartnership.co.uk/blog.php
theloosechangecharity.co.uk/blog.php
thenordicman.com/blog.php
thieuhoa.com.vn/blog.php
thirstymag.com/blog.php
tintin.coffee/blog.php
tipthara.com/blog.php
tisdagskaffe.se/blog.php
titan-fitness.com/blog.php
toenchen-und-herrschmidt.de/blog.php
toenchen-und-herrschmidt.ee/blog.php
tororomba.com.br/blog.php
toshiaki1.com/blog.php
ubezpieczeniawalczyk.pl/blog.php
uczestnik.devagroup.nq.pl/blog.php
uczestnik3.devagroup.nq.pl/blog.php
udef.fr/blog.php
uk.qolsys.com/blog.php
undergroundnyc.com/blog.php
unisono.band/blog.php
upcyclestitches.com/blog.php
v3.mytalentplatform.com/blog.php
veken.de/blog.php
vicsthemovingman.net/blog.php
vinhos.grandcru.com.br/blog.php
vipaco.vn/blog.php
vladferoiu.com/blog.php
za-co-za.co.za/index.php

# Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (#2024-03-24)

0939it.com/xmlrpc.php
52poke.com/xmlrpc.php
aarch.dk/xmlrpc.php
abako.se/wordpress/xmlrpc.php
allfridaystudio.com/xmlrpc.php
ama-studio.it/xmlrpc.php
amida.se/xmlrpc.php
ansoffs.com/xmlrpc.php
articuly.com/xmlrpc.php
artisebio.com/xmlrpc.php
atalyadis.com/xmlrpc.php
atemberaubende-akzente.de/m/xmlrpc.php
atlanticyachtandship.com/xmlrpc.php
auxiliaryenergy.com/xmlrpc.php
back-zeit.de/xmlrpc.php
balanceanddizzinessphysicaltherapy.com/xmlrpc.php
barn2.com/xmlrpc.php
belvederebenidorm.com/xmlrpc.php
bourse-du-travail.com/blog/xmlrpc.php
boxhaus.de/blog/xmlrpc.php
brainsoulsuccess.com/xmlrpc.php
brandweeravenhorn.nl/xmlrpc.php
breckenridge-vacation-homes.com/xmlrpc.php
calzaturificioliberty.it/xmlrpc.php
cathedrale-nantes.fr/xmlrpc.php
charchiinet.com/xmlrpc.php
charltonbrown.edu.au/xmlrpc.php
cheapandbestshopforlife.com/wordpress/xmlrpc.php
cittadifondazione.it/xmlrpc.php
connachttribune.ie/xmlrpc.php
conoleforcongress.com/xmlrpc.php
cultus.dk/xmlrpc.php
dansport.is/xmlrpc.php
darolvakil.com/xmlrpc.php
dgtread.com/xmlrpc.php
diereisedeineslebens.de/xmlrpc.php
divipeople.com/xmlrpc.php
djurskyddetvastervik.se/xmlrpc.php
dme.gr/xmlrpc.php
drzewkonaprezent.pl/xmlrpc.php
elbepokal.de/xmlrpc.php
emeliew.se/xmlrpc.php
eshraghbook.com/xmlrpc.php
faneuilhallmarketplace.com/xmlrpc.php
fuzionproscooter.com/xmlrpc.php
games-up.fr/xmlrpc.php
geekhacker.ru/xmlrpc.php
geekville.ru/xmlrpc.php
gochat247.com/xmlrpc.php
goldco.com/xmlrpc.php
goodklei.ru/xmlrpc.php
gradecam.com/xmlrpc.php
healthcares.life/xmlrpc.php
helpsarkari.com/xmlrpc.php
hethooghuis.nl/xmlrpc.php
hkcapsule.com/xmlrpc.php
irannihon.com/xmlrpc.php
jt.my/xmlrpc.php
kbjporn.com/xmlrpc.php
kresy.pl/xmlrpc.php
lascebrassalen.com/xmlrpc.php
lasik2020.com/xmlrpc.php
livingshorespa.com/xmlrpc.php
luxurylaunches.com/xmlrpc.php
mcws.org/xmlrpc.php
michiganumc.org/xmlrpc.php
moaetscandg.org.ng/xmlrpc.php
mundoalbiceleste.com/xmlrpc.php
mycashtree.net/xmlrpc.php
natbooks.com.au/xmlrpc.php
netmag.pk/xmlrpc.php
ngajiyok.com/xmlrpc.php
nitrobilisim.com.tr/xmlrpc.php
onlinemoneyspy.com/xmlrpc.php
outsidespace.co.nz/xmlrpc.php
palaiofaliro.gr/xmlrpc.php
parentingisnteasy.co/xmlrpc.php
pipingpotcurry.com/xmlrpc.php
playgroundbaron.com/xmlrpc.php
pointerclicker.com/xmlrpc.php
prokirpich76.ru/xmlrpc.php
promixacademy.com/xmlrpc.php
pvcfencingwarehouse.com.au/xmlrpc.php
ragmcloud.com/xmlrpc.php
rahatupu.net/xmlrpc.php
republicanpress.org/xmlrpc.php
rushradar.com/xmlrpc.php
saint-augustin.ch/xmlrpc.php
schematherapyinstitute.com.au/xmlrpc.php
seva-ese.com/xmlrpc.php
sheffi-tours.co.il/xmlrpc.php
shemshad.com/xmlrpc.php
shtourval.ru/xmlrpc.php
shywolfsanctuary.org/xmlrpc.php
smartai.com.au/xmlrpc.php
smokersplanet.de/xmlrpc.php
smwroclaw.pl/xmlrpc.php
snyk.io/xmlrpc.php
som.edu.vn/xmlrpc.php
specialeventservices.com/xmlrpc.php
susanin.fun/xmlrpc.php
swingandbeyond.com/xmlrpc.php
systemtranslation.com/xmlrpc.php
tamilcinetalk.com/xmlrpc.php
testiran.com/xmlrpc.php
thechutneylife.com/xmlrpc.php
themeatandwineco.com/xmlrpc.php
themodestwallet.com/xmlrpc.php
travel2next.com/xmlrpc.php
typhoontv.in/xmlrpc.php
urbedu.live/blog.php
uumu.fi/blog.php
vancleefinc.com/blog.php
vaqutauxfamily-fanclub.com/blog.php
vente-outillages.com/blog.php
vicantres.com/blog.php
vietsportscience.com/blog.php
viewcast.tv/blog.php
villadsen4x4.dk/blog.php
vilmas.digital-brands.de/blog.php
vogelhaus-gestaltung.de/blog.php
volleyball-muenchen.de/blog.php
volleytip.com/blog.php
volltrendyfashion.de/blog.php
voxpublica.no/blog.php
webipal.com/xmlrpc.php
weissenbach-pr.de/xmlrpc.php
wheelz.me/xmlrpc.php
wordpress.itrip.ro/xmlrpc.php
xlights.org/xmlrpc.php
yekdoa.ir/xmlrpc.php
zahiraccounting.com/xmlrpc.php
zarinbano.com/xmlrpc.php

# Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2024-03-31)

192-168-1-1-admin-admin.ru/xmlrpc.php
althaus-innenausbau.de/xmlrpc.php
amazila.cz/xmlrpc.php
assamjatiyabidyalay.com/doc.php
aurory.io/xmlrpc.php
baaghitv.com/xmlrpc.php
beeldvorm.eu/xmlrpc.php
bodylift.si/xmlrpc.php
bsdeboomgaard.be/xmlrpc.php
buckcenter.edu.ec/xmlrpc.php
bulaintel.com/xmlrpc.php
cantinalandi.com/xmlrpc.php
catherinefoundation.org/xmlrpc.php
celeritastransporte.com/xmlrpc.php
cityhomesedmonton.ca/xmlrpc.php
convertkit.com/xmlrpc.php
cuinescalaf.com/xmlrpc.php
cumm.co.uk/xmlrpc.php
descarca.info/xmlrpc.php
designtoolsnetwork.com/xmlrpc.php
digitalmarketingcompany.me/xmlrpc.php
donquichottedeladendre-ath.be/xmlrpc.php
eatech.uk/xmlrpc.php
exceloffthegrid.com/xmlrpc.php
ffteducationdatalab.org.uk/xmlrpc.php
growthworks.io/xmlrpc.php
hitech-us.com/xmlrpc.php
juststories.se/xmlrpc.php
kayoanime.com/xmlrpc.php
kemilektioner.se/xmlrpc.php
kinosait24.ru/xmlrpc.php
lasantaespina.cat/xmlrpc.php
mangacrab.com/xmlrpc.php
matchtime.co/xmlrpc.php
mcintoshdaily.com/xmlrpc.php
mepiu.it/xmlrpc.php
outdoorgearshub.com/xmlrpc.php
overbeekphotos.com/xmlrpc.php
prozhedownload.com/xmlrpc.php
seiji-folk.com/xmlrpc.php
stanta.co.uk/xmlrpc.php
support.dotregis.com/xmlrpc.php
tanya-tanya.com/xmlrpc.php
taronews.tw/xmlrpc.php
telegramguru.com/xmlrpc.php
theyogainstitute.org/xmlrpc.php
topcoloringpages.net/xmlrpc.php
vipaco.vn/xmlrpc.php
wielkopolskamagazyn.pl/xmlrpc.php
wildundhund.de/xmlrpc.php

# Reference: https://x.com/Gootloader/status/1796196497626698016
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.21/relations

hotheads.co.za

# Reference: https://x.com/banthisguy9349/status/1808578996055257334
# Reference: https://urlhaus.abuse.ch/host/skf-mx.com/

skf-mx.com

# Reference: https://x.com/NDA0E/status/1809288536983589288
# Reference: https://www.joesandbox.com/analysis/1468338#iocs

http://91.92.242.245
91.92.242.245:443
pineappletech.ae/at/

# Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2024-07-07)

1poclimaty.ru/xmlrpc.php
2015.artencounters.ro/manual.php
3axis.co/xmlrpc.php
4bata.net/manual.php
4dgamers.com/manual.php
4handscleaning.com/manual.php
602024.com/manual.php
76crimes.com/xmlrpc.php
8design.se/xmlrpc.php
8ktv-test.de/xmlrpc.php
aalborgfaegteklub.dk/article.php
absoluteestimating.com/xmlrpc.php
abtenau-info.at/xmlrpc.php
abumarketrc.com/xmlrpc.php
academieairespace.com/xmlrpc.php
ackesbilservice.se/article.php
activefisher.net/xmlrpc.php
adktechs.com/xmlrpc.php
adventurewallcoverings.co.za/xmlrpc.php
aimrental.net/manual.php
airgaz.bydgoszcz.pl/manual.php
ajserviceusa.com/manual.php
alcorfund.com/xmlrpc.php
alex-faber.com/manual.php
alisa-nails-koeln.de/article.php
alldaily.ru/xmlrpc.php
allegro.autoszczepaniak.pl/manual.php
almik.com/article.php
alphacleantech.com/how-contract-research-organizations-profit-business-model-analysis
alternative-tibetaine.org/xmlrpc.php
ambitiouswithcards.com/xmlrpc.php
ambtenarensalaris.nl/xmlrpc.php
amerac.org/xmlrpc.php
americanbussales.net/xmlrpc.php
americanepoxy.bond10templates.com/2022/12/04/ver-saldo-do-nota-legal
amittiwari.net/xmlrpc.php
ancestralfindings.com/xmlrpc.php
andreaslennartsson.com/manual.php
andylaub.com/manual.php
anettelonnsfotvard.se/doc.php
animalvictory.org/xmlrpc.php
animefestival.asia/manual.php
annehemgard.se/xmlrpc.php
annitaswaerts.nl/manual.php
anordestdiche.com/article.php
anordestdiche.com/xmlrpc.php
antonina.campi.spotkaniakultur.com/article.php
aphcareerconnect.org/xmlrpc.php
apol.eu/doc.php
app-gehts.de/xmlrpc.php
appleluxurycar.com/xmlrpc.php
arabfish.net/xmlrpc.php
arduino-projects4u.com/xmlrpc.php
arkadiuszkedziora.pl/article.php
arkamaya-grhatama.com/xmlrpc.php
artlab.se/manual.php
arton-bv.nl/xmlrpc.php
arts-npo.org/manual.php
asleman.org/2022/01/17/tattooing-from-home-laws-in-alberta-what-you-need-to-know
asleman.org/2022/03/31/washington-state-medical-assistant-scope-of-practice-laws-legal-overview
asleman.org/2023/12/10/do-you-qualify-for-bereavement-leave-for-grandparents-in-law
assenmacher-koeln.de/xmlrpc.php
astrolady.org/xmlrpc.php
atasafaris.com/xmlrpc.php
atlantabarbellgym.com/xmlrpc.php
atvtrade.ru/xmlrpc.php
audrey-drenthen-art.nl/article.php
auto-coop.com/manual.php
auto-coop.hu/manual.php
awadhshreehospital.in/index.php/2023/03/20/pros-and-cons-of-multilateral-trade-agreements
aynasy.com/manual.php
azahar.bg/manual.php
b-betternow.com/manual.php
bakbordet.se/manual.php
balabaksha.kz/xmlrpc.php
balkanyemekleri.com/xmlrpc.php
bearnutscomic.com/xmlrpc.php
beginagaininstitute.com/xmlrpc.php
belindadavisbranchlaw.com/article.php
bellapizzact.com/article.php
bellbaker.com/bcnu-collective-agreement-bereavement-leave
bellbaker.com/guarantor-for-rental-agreement-ontario
bemiva.it/article.php
benspencermusic.com/article.php
besocy.com/xmlrpc.php
betelpl.bdl.pl/manual.php
betonades.com/article.php
bezpiecznie.org/manual.php
bgagro.bg/xmlrpc.php
bienenzucht-villachland.at/xmlrpc.php
bigcheeserodents.com/mcmaster-collective-agreement-faculty
bigdawgimages.net/manual.php
bilgisebili.com/xmlrpc.php
billbelsey.com/article.php
bilyonaryo.com/xmlrpc.php
bip.dpsbranszczyk.pl/manual.php
blackdiamondbjj.com/xmlrpc.php
bliss.pro/manual.php
blixtgordon.se/manual.php
blog.demuthphoto.com/manual.php
blog.enghauser.de/manual.php
blog.festivalfilmeduc.net/manual.php
blog.gn8.at/manual.php
blog.hongo-makoto.com/manual.php
blog.icondesignlab.com/manual.php
blog.itoyakuten.net/manual.php
blog.jens-bolz.de/manual.php
blog.jonheese.com/manual.php
blog.kappo-mifuku.com/manual.php
blog.lizzygraykitchens.com/manual.php
blog.nishitama-auto.com/manual.php
blog.pet-portraitartist.com/manual.php
blog.rainbow1122.com/manual.php
blog.saffronstays.com/manual.php
blog.soryokan.com/manual.php
blog.teramachi-ah.com/manual.php
blog.yorozumanrakudo.com/manual.php
blog.zhaixudong.com/manual.php
bluewateryoga.com.au/xmlrpc.php
blurrypixel.com/manual.php
bmeg.fel.cvut.cz/manual.php
boisebrides.keydesigndevelopment.com/manual.php
bokenasetsadra.se/xmlrpc.php
bollywoodtadka.xyz/xmlrpc.php
booking.chaletsphilippe.com/manual.php
booking.intersport.it/manual.php
bookmeacookie.pl/xmlrpc.php
bordingfriluftsbad.dk/article.php
boulangeriebezencon.ch/xmlrpc.php
bramafhu.pl/manual.php
brandontucker.com/article.php
brastal.pl/manual.php
brokensilenze.one/xmlrpc.php
btini.net/article.php
buhexpert8.ru/xmlrpc.php
bultecappelle.fr/article.php
bunkomania.net/article.php
burleys.ca/2023/05/23/what-is-an-enterprise-agreements
businessforfilipinos.com/xmlrpc.php
businesstraveller.pl/manual.php
bvp.ch/hold-harmless-agreement-car-accident
bvp.ch/manual.php
bvp.ch/transfer-agreement-concept
bvp.ch/transfer-agreement-concept/
calderconsultants.com/manual.php
cambiobolivar.com/manual.php
canadajobbank.org/xmlrpc.php
cap-berriat.com/article.php
carercn.com/xmlrpc.php
carlhansensolv.dk/xmlrpc.php
cartoongayporn.com/xmlrpc.php
casadevida.net/2022/03/11/lease-agreement-between-husband-and-wife
casagaribaldi.it/2022/04/20/will-dispute-lawyers-brisbane
casagaribaldi.it/xmlrpc.php
catalogodecosmetica.com/manual.php
catering-szafran.pl/manual.php
cbseguides.com/xmlrpc.php
ccga.com/article.php
ccspaintingllc.com/xmlrpc.php
celinabostic.de/xmlrpc.php
celinecuypers.be/article.php
centralzvornik.ba/manual.php
centre-culturel-laricamarie.fr/manual.php
chanderbhushan.com/doc.php
chivas.taegermoos.com/manual.php
choi.helava.com/manual.php
chudywawrzyniec.pl/manual.php
chunjack.nl/article.php
cichaz.com/article.php
cimaq.es/manual.php
clinicachirurgie3.ro/article.php
clintkustoms.com/manual.php
cmorgan.com/blog/xmlrpc.php
cnsmaryland.org/xmlrpc.php
cocbases.com/xmlrpc.php
cocktailhacker.com/manual.php
col21-champollion.ac-dijon.fr/manual.php
colorinkbook.com/article.php
colourful-decor.be/article.php
compose.ly/xmlrpc.php
configurelaptop.eu/xmlrpc.php
conyers.biz/index.php/2023/06/04/nbu-msp-collective-agreement
coolskyfood.com/xmlrpc.php
cosplayboobies.com/xmlrpc.php
costumes-urbains.com/manual.php
cpbrandindia.com/manual.php
crappel.co/article.php
crappel.com/article.php
cremer-fliesen.de/xmlrpc.php
crochetkim.com/xmlrpc.php
ctoasaservice.org/xmlrpc.php
cultureroadtravel.com/xmlrpc.php
curecvc.com/oklahoma-street-legal-vehicle-requirements
cybergroundproject.com/manual.php
d-garage.jp/article.php
d-mag.com/manual.php
daarine.ir/xmlrpc.php
dailyshepursues.com/xmlrpc.php
dailysonardesh.com/xmlrpc.php
dakee.ir/xmlrpc.php
dantra.de/manual.php
dariosc.pro-linuxpl.com/article.php
darmanet.com/xmlrpc.php
darululoom.com.au/understanding-dog-barking-laws-in-nsw-what-you-need-to-know
dasouza.es/manual.php
davidjhindlemann.com/reports.php
dawinmeckel.de/xmlrpc.php
daylightdesignsinc.com/manual.php
dc3common.sakura.ne.jp/manual.php
debarcadere.be/xmlrpc.php
delcas.com.br/xmlrpc.php
denisburns.com/reports.php
dermcollective.com/xmlrpc.php
despedidadesolteroengandia.globalwords.net/manual.php
detforening.dk/reports.php
devblog.ludikreation.com/reports.php
diabetesstrong.com/xmlrpc.php
diavolino.ch/article.php
digibaru.com/xmlrpc.php
digitalfreight.co.uk/reports.php
discovermass.com/xmlrpc.php
dismerchandise.com/doc.php
divorcedwomensclub.com.au/article.php
dizikonusu.com/xmlrpc.php
djinfo.pl/reports.php
dmboxing.co/reports.php
dmboxing.com/reports.php
dobrykrawiec.pl/article.php
docsjapan.xsrv.jp/reports.php
doctorsacademy.org/list/xmlrpc.php
dontcrydesignlab.com/reports.php
doublertrailers.com/reports.php
dreaming.works/article.php
dresstherapist.sakura.ne.jp/reports.php
dressyrsnack.se/reports.php
duendealhambra.com/article.php
dutchdreamhorses.com/reports.php
e-add.pl/article.php
eaalim.com/xmlrpc.php
eastnaija.com/xmlrpc.php
eberlie.ca/tenancy-agreement-sample-guyana
eberlie.ca/tenancy-agreement-sample-guyana/
ecoledebatteriejonathandesrumeaux.fr/reports.php
ecoprotection.in/understanding-traffic-laws-in-grenada-a-complete-guide/64592/
eddie-hernandez.com/xmlrpc.php
edu.ngoinhatienganh.com/reports.php
egvisaservices.com/xmlrpc.php
egylgs.info/xmlrpc.php
elgreco-sindlingen.de/xmlrpc.php
embracethewater.wondermeeting.se/reports.php
emmikochteinfach.de/xmlrpc.php
empiretaxusa.com/xmlrpc.php
energotechnika.com.pl/reports.php
eneva.ru/xmlrpc.php
enhornabatklubb.se/reports.php
entekhab.org/xmlrpc.php
entertainmenttechnologies.co.uk/reports.php
ependyseis.com.gr/reports.php
equinox-hotels.com/xmlrpc.php
equip.com.es/article.php
erhvervsundhed.dk/reports.php
estedavivere.it/xmlrpc.php
estforestry.com/reports.php
etisalangy.com/xmlrpc.php
etnikk.com/reports.php
eurotranschanet.fr/xmlrpc.php
exotours.in/read-agreement-of-being-gay-for-30-days
exotours.in/read-agreement-of-being-gay-for-30-days/
experimentation.univ-littoral.fr/~druel10/wordpress/?p=5675
experimentation.univ-littoral.fr/~eric/wp/masterddl/2022/09/10/hot-cargo-agreement-define/
experimentation.univ-littoral.fr/~eric/wp/masterddl/2023/03/05/agreement-sayings/
experimentation.univ-littoral.fr/~eric/wp/masterddl/2023/07/23/paypal-billing-agreement-cancelled-facebook/
facebook.ygdiw.com/article.php
fantasticomundodesunca.org/article.php
fantasy-hive.co.uk/xmlrpc.php
fastex.se/english.php
femmetech.org/article.php
festivalrykten.se/reports.php
finaltolightspeed.com/english.php
firebirdimages.com/reports.php
flavirama.be/reports.php
fluechtlinge-malen.ch/what-is-gratuitous-contract/
forum.altoadigeinnovazione.it/reports.php
francesco.tarricone.it/reports.php
francesmacve.com/reports.php
freeupscmaterials.org/xmlrpc.php
freshysites.com/xmlrpc.php
future-plast.com/article.php
g8education.edu.au/xmlrpc.php
gadgetstouse.com/xmlrpc.php
gaep.net/get.php
gantegh.agbubulgaria.org/reports.php
gemak.mk/xmlrpc.php
genevafarm.com/reports.php
geomatikkbedriftene.no/reports.php
georaldc.com/reports.php
giantif.com/xmlrpc.php
gimnazjum6.zgo.pl/reports.php
glasstheatre.org/reports.php
globeagency.com/get.php
good2bsocial.com/xmlrpc.php
goodferry.pl/reports.php
goodstos.com/agreement-side-effects/
goodstos.com/airline-baggage-agreement/
goodstos.com/armistice-agreement-1953/
goodstos.com/breach-contract-law/
goodstos.com/conditional-contract-meaning/
goodstos.com/mutual-agreement-resignation-letter-sample
goodstos.com/service-level-agreement-laboratory/
gps-football.com/reports.php
granitedevices.com/xmlrpc.php
greveclimaticaestudantil.pt/xmlrpc.php
gribnik.info/xmlrpc.php
gridlocktable.com/xmlrpc.php
grundens.com/xmlrpc.php
guitardivision.com/xmlrpc.php
gundrymd.com/xmlrpc.php
gustancho.com/xmlrpc.php
gxtfinance.com/english.php
h-port-s.com/reports.php
hastingsarchitecture.com/get.php
hatsandbootslinedanceherning.dk/get.php
health.sjp.ac.lk/reports.php
hentai-witch.com/xmlrpc.php
hentaiworld.tv/xmlrpc.php
heshamsaad.com/xmlrpc.php
hidethatfat.com/xmlrpc.php
hirschen-rorschach.ch/what-is-a-safe-equity-agreement/
hmidarjeeling.com/xmlrpc.php
holzkontor.de/get.php
homedevice.pro/reports.php
hopgermany.com/reports.php
hortonhighschool.ca/xmlrpc.php
hotelfonfreda.com/reports.php
hotelleportalou.com/get.php
hubby69.com/xmlrpc.php
hukukarastirmavakfi.com/reports.php
hvamkulturogforsamlingshus.dk/reports.php
i-likeitalot.com/reports.php
iantucker.ca/reports.php
ictnieuws.nl/reports.php
ielts.com.au/xmlrpc.php
ieshua.org/reports.php
ikenouedojo.com/reports.php
ikwilvanmijnpoloaf.nl/2023/06/08/secret-agreement-between-germany
ikwilvanmijnpoloaf.nl/2023/08/11/a-voidable-contract-is-quizlet
ikwilvanmijnpoloaf.nl/2023/08/28/how-to-write-money-agreement
ilearnschools.org/xmlrpc.php
imaginaria.pl/reports.php
ingahanka.de/reports.php
inpersonakbh.dk/reports.php
intellectualpirates.net/reports.php
intermissionhostel.no/reports.php
intranat.vhfk.se/reports.php
irpp.org/xmlrpc.php
itigic.com/xmlrpc.php
iveri.com/xmlrpc.php
izj.unsa.ba/reports.php
janniolssondeler.com/xmlrpc.php
javelinmarketing.nl/reports.php
javtape.net/xmlrpc.php
javtorrent.me/xmlrpc.php
jcfpa.org/2023/01/20/sample-physician-assistant-practice-agreement-california
jenn.jj/reports.php
jensenauto.no/reports.php
johann-wittmann.com/get.php
justinpgrier.com/reports.php
kampermazury.pl/reports.php
kancelariakaluza.pl/reports.php
karmanima.net/xmlrpc.php
kawapopularna.pl/xmlrpc.php
ketabpedia.com/xmlrpc.php
keydian.com/reports.php
kfzsoeder.de/reports.php
kimtams.dk/reports.php
kitchenofdebjani.com/xmlrpc.php
krushinews18.com/free-online-company-secretary-courses-legal-training-certification
ktweb.home.pl/reports.php
lab.damianobeducci.com/reports.php
labonczfa.hu/5-comma-rules-a-guide-to-proper-punctuation-in-legal-writing
labstyl.nazwa.pl/reports.php
lakedistrictbikes.com/xmlrpc.php
lamperdingen.ch/reports.php
langtonhowarth.co.uk/2022/12/05/what-age-can-you-legally-leave-a-child-home-alone-in-california
langtonhowarth.co.uk/2022/12/06/what-color-rock-lights-are-legal-in-florida
laptop.org/xmlrpc.php
larandeteknik.se/reports.php
lareplica.es/withdrawal-agreement-free-movement
larryslocksmith.com/is-a-collaborative-practice-agreement-required-in-texas-for-physician-assistant
laurenti.ch/cavedesponts/what-is-a-contract-seal
leadershipmanagement.com.au/xmlrpc.php
les-dessous-de-karen.com/reports.php
levaho.fr/reports.php
libet-kielce.pl/reports.php
licorice.uz/reports.php
lifeunworthyoflife.com/reports.php
lilabrand.com/reports.php
limatuju.com/xmlrpc.php
lokersma.info/xmlrpc.php
lollipophouse.ir/xmlrpc.php
lotbuds.com/legalisation-of-documents-a-guide-to-authenticating-legal-papers
lumiere.grupotyc.com/orange-coast-title-company-license-number-legal-title-services
m-melody.jp/xmlrpc.php
madalynsklar.com/xmlrpc.php
makestories.io/xmlrpc.php
malfant-masson-genealogie.fr/api.php
mctools.co/ifrs-16-legal-fees-understanding-the-implications-for-businesses
measuremarketing.com/xmlrpc.php
medischdrukwerk.nl/english.php
mediterranews.org/xmlrpc.php
mega-mkv.com/xmlrpc.php
metalhoz.com/english.php
miketrees.com/english.php
mindelscott.com/2022/11/11/legal-responsibility-of-a-when-a-dog-attacks-a-cat
mindelscott.com/2022/12/13/writing-dollar-amounts-in-legal-documents
mindfulsearching.com/xmlrpc.php
mlwmlw.org/xmlrpc.php
montebello6.se/api.php
museocambellotti.cittadifondazione.it/vps-enterprise-agreement-2016-schedule-b
mysmartbox.solutions/california-law-essential-break-room-requirements-explained
naghsheshahr.com/xmlrpc.php
nationalviews.com/xmlrpc.php
nematinuts.com/xmlrpc.php
news.mn/xmlrpc.php
ngsindia.org/2021/12/30/ukraine-staff-level-agreement-legal-guidelines-and-requirements
ngsindia.org/2023/10/12/understanding-the-lebanese-legal-system-laws-courts-and-rights
nokohome.se/xmlrpc.php
norholmgods.com/common-law-marriage-military-recognition-and-legal-rights
nzdcr.co.nz/xmlrpc.php
openaps.org/xmlrpc.php
openloadmovies.live/xmlrpc.php
osinkokuningas.fi/xmlrpc.php
ototo.com.cn/api.php
overhplusproperties.com/fha-cash-reserve-requirements-everything-you-need-to-know
ozanisguvenligi.com/xmlrpc.php
paloubis.com/2023/05/what-is-the-benefit-of-a-tolling-agreement
panang.se/xmlrpc.php
passikuvasuomi.fi/xmlrpc.php
paydo.com/xmlrpc.php
pdfkutub.net/xmlrpc.php
peacerivervet.com/xmlrpc.php
penhaligonsfriends.org.uk/english.php
petrolpower.de/english.php
phoenixair.com/xmlrpc.php
phongthuyphunggia.com/xmlrpc.php
phutungotochinhhang.vn/what-is-in-the-new-nafta-agreement
pinkfinancialbank.com/2022/02/26/humana-medicare-tier-exception-form
pinokiosacz.pl/xmlrpc.php
platypus-verlag.ch/us-social-security-agreements
platypus-verlag.ch/wisconsin-tax-installment-agreement
plugh.co.in/understanding-false-advertising-laws-in-ohio-what-you-need-to-know
portalebambini.it/xmlrpc.php
porusski.me/xmlrpc.php
pptribe.com/2022/11/13/legal-valuation-group-valuation-sap
prestigiousmassage.com/xmlrpc.php
pricelessdesign.com/full-scope-contracting
produtoresflorestais.pt/gun-laws-in-denmark-understanding-regulations-and-restrictions
produtoresflorestais.pt/understanding-the-different-types-of-states-in-international-law
produtoresflorestais.pt/understanding-wave-contracts-legal-considerations-implications
profaj.com/xmlrpc.php
prokeypc.com/xmlrpc.php
psdkits.com/xmlrpc.php
psychosfera.kz/xmlrpc.php
pt-tkbi.com/scaffolding-agreement
pt-tkbi.com/what-is-the-difference-between-appointment-letter-and-employment-contract
quantumsoftech.com/blog/how-to-sue-landlord-for-breach-of-contract-legal-guide
radium-audio.com/annual-agreement-for-permanent-seasonal-employment
recetascocinaperuana.com/xmlrpc.php
regyan.com/sample-house-rules-for-tenants-creating-a-fair-and-legal-living-environment
reiner.nrha.com/ema-guidance-on-quality-agreements
restaurant-riva.net/xmlrpc.php
retromuzsika.hu/xmlrpc.php
rg-adguard.net/xmlrpc.php
richardvanhooijdonk.com/xmlrpc.php
rickwire.com/xmlrpc.php
ripcoltd.co.uk/api.php
rkbaienfurt.de/xmlrpc.php
rondesantis.com/xmlrpc.php
rosenfeldmedia.com/xmlrpc.php
ryver.com/xmlrpc.php
saasfeerentals.com/stamping-fee-for-sp-agreement
safarcranes.com/subject-verb-agreement-example-sentences
salamfest.com/xmlrpc.php
samsebeastrolog.online/xmlrpc.php
saubere-dienste.de/xmlrpc.php
searkweather.com/xmlrpc.php
selekta.fi/xmlrpc.php
selwoodconsultants.co.ke/2023/08/10/how-can-i-cancel-my-internet-contract-without-paying
seorongdaiduong.com/xmlrpc.php
servicesksa.com/xmlrpc.php
shiroutowiki.work/xmlrpc.php
shodo.cosavostra.com/xmlrpc.php
signcitysa.com/general-manager-role-key-responsibilities-and-legal-implications
signcitysa.com/understanding-japanese-weapon-laws-regulations-and-restrictions
sigortamsaglik.com/xmlrpc.php
sim-unlock.blog/xmlrpc.php
sindipetropb.com.br/xmlrpc.php
sirfresh.co.za/xmlrpc.php
sitesrip.org/xmlrpc.php
slimmerverdienen.nl/xmlrpc.php
smallders.com/ar/understanding-ohio-forced-medication-laws-what-you-need-to-know
smartgamepiano.com/xmlrpc.php
smokeshopdelivers.com/xmlrpc.php
solar-audio.net/is-bear-spray-legal-in-ca-california-bear-spray-laws-explained
solar-audio.net/understanding-call-and-put-contracts-legal-options-trading-guide
somersetpizzamd.com/xmlrpc.php
sparo1.se/xmlrpc.php
spinmortgage.com/xmlrpc.php
stamyn.com/xmlrpc.php
sterling-sound.com/xmlrpc.php
studiolegalefalco-masi.it/microsoft-enterprise-purchase-agreement
studiolegalefalco-masi.it/microsoft-enterprise-purchase-agreement/
suviki.com/api.php
swemed.se/xmlrpc.php
swiatyerby.pl/xmlrpc.php
systra-logistik.de/xmlrpc.php
taiwandiginews.com.tw/api.php
tcl.brandshop.ke/understanding-legal-entity-hierarchy-a-comprehensive-guide
teachersbadi.in/xmlrpc.php
terragamecenter.com/blog/sample-letter-to-request-extension-of-contract
textis.ru/xmlrpc.php
theceostory.in/xmlrpc.php
theelegant.co.uk/abm/disagreement-has-how-many-syllables
themetorrent.org/xmlrpc.php
thepointsking.com/xmlrpc.php
thetip.co.kr/xmlrpc.php
thevarsity.ca/xmlrpc.php
thll.org.tw/xmlrpc.php
ticketneedlellc.com/xmlrpc.php
timesit.org/xmlrpc.php
tiodonghua.com/xmlrpc.php
titikdua.net/xmlrpc.php
tobano.pl/xmlrpc.php
toivolanpiha.fi/xmlrpc.php
tophomenews.com/xmlrpc.php
toptorials.com/xmlrpc.php
toscalindeboom.nl/archive.php
traveling.winklen.ch/blog.php
travelperi.com/xmlrpc.php
travisshoots.com/blog/resignation-letter-template-mutual-agreement
trustadvisorygroup.com/2022/10/01/are-ping-eye-irons-legal
trustadvisorygroup.com/2022/11/26/pet-skunk-legal-in-california
trustadvisorygroup.com/2022/11/26/pls-00208-identifier-is-not-a-legal-cursor-attribute
trustadvisorygroup.com/2022/12/11/what-tint-is-legal-in-new-mexico
udfa.techeva.co.in/agreement-to-terms-and-conditions-wording/
unimus.ac.id/xmlrpc.php
upwork999.com/?p=6877
urbedu.live/ny-car-lease-tax-calculator
urbedu.live/ny-car-lease-tax-calculator/
urbedu.live/what-is-the-difference-between-sla-ola-and-underpinning-contracts
venousmode.com/xmlrpc.php
vicbros.com/xmlrpc.php
virusvaria.nl/xmlrpc.php
voluntariosenelmundo.com/xmlrpc.php
voxpublica.no/xmlrpc.php
vsenews.kr.ua/xmlrpc.php
waheeda.nl/xmlrpc.php
wahlshausen.net/xmlrpc.php
wakafmu.org/xmlrpc.php
wakapi.com/xmlrpc.php
ware2go.co/xmlrpc.php
wct-witcom.nl/xmlrpc.php
web-e-reputation.com/xmlrpc.php
welfare.sjp.ac.lk/article.php
wildaid.org/xmlrpc.php
williesimpson.com/doc.php
wislah.com/xmlrpc.php
wlmedia.co.uk/xmlrpc.php
wonderforest.com/xmlrpc.php
wp.henko.nu/article.php
wp.snowbombing.com/article.php
ww4.amazila.cz/xmlrpc.php
xn--80ajgpcpbhkds4a4g.xn--p1ai/xmlrpc.php
xn--ngbeab6ar43f.com/xmlrpc.php
xvideospornor.com/xmlrpc.php
yorkbrooks.com/phantom-equity-plan-agreement
you-green.com/sample-general-manager-employment-contract-for-a-company
zarmes.ir/xmlrpc.php
zharov.info/archive.php

# Reference: https://x.com/JAMESWT_MHT/status/1811635502367342827

teleservice-hifi.it

# Reference: https://www.virustotal.com/gui/file/40ebf60bad346dedf495fd3969d4ffb1819bbc0b3e41faff5e5339719b965c6f/detection

http://185.158.248.133
certikeys.org
novapostal.org
track.novapostal.org
uspp.certikeys.org

# Generic

/rpersist4/-1008320073
/rpersist4/-327594751
/rpersist4/
/search?elweodvfxwfrwey=
/rbody320
/tes2t
