# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.proofpoint.com/us/threat-insight/post/gootkit-banking-trojan-jumps-channel swysocki77.com gorski83.com ostrowski87.com jasinski2015.com olszewski78.com pozheeshebudem.com freforevermailtes.com nidermidertom.com ecuremailbestfree.com securewebgooglesite.com robertpouslen12494.pw robertpouslen1234524.com update-service7825t28.com domolor.com babosikimne.com babosikidai.com vaillantsawer.com proballansmen.com reputamadrell.com lastrizariano.com rokobarokkino.com artipreambulo.com trequablaster.com pretriquestro.com rebellintosto.com mellicianactr.com abc.doitgraphic.org updatebase.bid shop.lifexcellence.org # Reference: http://www.broadanalysis.com/2017/03/13/rig-exploit-kit-via-eitest-delivers-gootkit-banking-malware-2/ duplanty.top # Reference: https://www.cert-pa.it/news?id=10536 sph.expoartshop.com # Reference: https://twitter.com/James_inthe_box/status/1102904911212101634 vancouverislandprocessor.com # Reference: https://twitter.com/James_inthe_box/status/914111090425917440 # Reference: https://pastebin.com/T2ryBWdZ /rpersist4/ # Reference: https://twitter.com/JAMESWT_MHT/status/1113395985043079169 # Reference: https://sugitamuchi.hatenablog.com/entry/2019/04/13/224350 (JP-lang) /loadercrypt_823EF8A810513A4071485C36DDAD4CC3.php # Reference: https://www.joesandbox.com/analysis/117861/0/pdf /crypt0DD1D2637FDB71097213D70B94E86930.php # Reference: https://twitter.com/VK_Intel/status/1006545151823613952 ftps.layermag.com lab.aplusstatus.com 0.turkcedusunturkcekonus.com # Reference: https://twitter.com/malware_traffic/status/767852827200761856 apsoo3k2i.ahgsuy3829.top # Reference: https://twitter.com/Racco42/status/1063412662623760385 ppp.picchio-intl.com ricci.bikescout24.fr # Reference: https://twitter.com/BroadAnalysis/status/815211105664565248 cedar.igrooveweb.com salsx.sedtinterrighthe.top # Reference: https://twitter.com/BroadAnalysis/status/788400179091214336 acc.arabicdessert.co kd67.prmhohzsl.top # Reference: https://twitter.com/BroadAnalysis/status/782996903025844224 b6l2op.dxzvkr.top # Reference: https://twitter.com/malware_traffic/status/766412267063607296 dmqxmz.lowashemterle.top # Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/ ami.sigaingegneria.com erre.effe-erre.es filuetrama.top martatov.top # Reference: https://twitter.com/reecdeep/status/1130497379411595266 fila.heathercrowe.ca koohy.top # Reference: https://app.any.run/tasks/77932db7-ffb1-409a-9b28-9cf6c8e70c1c/ fila.su170.org # Reference: https://twitter.com/reecdeep/status/1136950470696681473 it.goodvibeskicking.com tru.cheersportacademy.com # Reference: https://twitter.com/reecdeep/status/1139063611681325056 kohe.even-air.com ove.resourceny.net # Reference: https://twitter.com/reecdeep/status/1139436492152102912 box.therusticsandbox.com # Reference: https://twitter.com/James_inthe_box/status/1141326136212766720 checkcacheonline.com # Reference: https://twitter.com/abuse_ch/status/1141330445663113218 onlinecachecheck.com # Reference: https://www.cert-pa.it/notizie/campagna-gootkit-tramite-jasperloader-verso-pubbliche-amministrazioni/ fattura.directionalforcedrive.com majorleaguepub.com calc.1407cty13pec.com koh.191northfront.com karysmarie.me otnhmtkwnz.top # Reference: https://twitter.com/reecdeep/status/1153248954911514625 me.karysmarie.me # Reference: https://twitter.com/reecdeep/status/1156085593148932097 koh.corkysfreshwater.com lucky.bayonetbreakers.com # Reference: https://twitter.com/reecdeep/status/1156866545651474432 drive.deescreationstore.com kope.deessolutionsdemo.com # Reference: https://twitter.com/reecdeep/status/1159353959271845888 me.woodlandsareareview.com # Reference: https://twitter.com/reecdeep/status/1159349342144253954 drive.gstroop4822.org free.deescreationstore.com # Reference: https://twitter.com/reecdeep/status/1158754365559193602 me.kaleighrose.me otnhmdmwnz.top # Reference: https://twitter.com/reecdeep/status/1158751070425763840 soft.photosbydee.com # Reference: https://twitter.com/peterkruse/status/1158761928736628736 bill.newsrental.net help.skofirm.org zgzimdqwnj.top # Reference: https://twitter.com/reecdeep/status/1156866545651474432 drive.deescreationstore.com kope.deessolutionsdemo.com # Reference: https://twitter.com/reecdeep/status/1164503528271990784 hop.hopedaleweb.com web.tilmonday.com wws.no-shirt-no-shoes.com # Reference: https://twitter.com/reecdeep/status/1164508719742423044 hop.hopedaleweb.com zgzimdkwod.top # Reference: https://twitter.com/JAMESWT_MHT/status/1164511396849160193 web.cfmontessori.com wws.dbimages.com # Reference: https://twitter.com/JAMESWT_MHT/status/1169549992345985025 wow.doorattendants.com me.jmitchelldayton.com web.speakingofhome.com pro.prosperitybookkeeping.net # Reference: https://twitter.com/reecdeep/status/1171022723587420162 ser.jonnalbandian.com wws.christinedavies.biz vps.healinglightwithin.com it.its1ofakind.net # Reference: https://twitter.com/JAMESWT_MHT/status/1172515470202871808 ser.jonnalbandian.com wws.christinedavies.biz you.cypressstakeyouth.com adp.mjmentertainment.com # Reference: https://twitter.com/MBThreatIntel/status/1174471949059125248 adp.reevesandcompany.com beta.madeintaylors.com picturecrafting.site # Reference: https://twitter.com/JAMESWT_MHT/status/1175128962919542785 guipicturecrafting.site # Reference: https://twitter.com/reecdeep/status/1176407972249001984 wws.breebrasil.com wws.guidemyhunt.com # Reference: https://twitter.com/reecdeep/status/1176414815033679873 web.speakingofhome.com pro.prosperitybookkeeping.net # Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Malware.Gootkit-7333291-0) cibariefoodconsulting.com hymnsontap.com its1ofakind.net jmitchelldayton.com kaleighrose.me karysmarie.me kkillihhy.top mjmentertainment.com otnhmdmwnz.top picturecrafting.site reevesandcompany.com simplebutmatters.com thebellamyfamily.me ttbuilders.com woodlandsareareview.com # Reference: https://twitter.com/deepspacesc/status/1133755269836693506 capfaregreem.eu # Reference: https://any.run/malware-trends/goodkit (Note: as seen on 2019-12-04) web.speakingofhome.com home.ktxhome.com home.hopedaybook.com beta.madeintaylors.com # Reference: https://app.any.run/tasks/18e0b136-bfa9-4837-8ea7-5ee4a6a732e9/ kasdima.top # Reference: https://twitter.com/0xCARNAGE/status/1246485252903702528 # Reference: https://app.any.run/tasks/137d26a0-a94a-414b-a953-711647b4093b/ medicinecomplete.com # Reference: https://twitter.com/ffforward/status/1326144202997166084 # Reference: https://twitter.com/ffforward/status/1326144205106909185 # Reference: https://tria.ge/201110-shdmh4swv6/ # Reference: https://bazaar.abuse.ch/sample/416215d488021e257a7a0552efd53ca8e80b6d066135cbf94dab5b898612c6e7/ # Reference: https://www.virustotal.com/gui/file/30c57c642bb1fc530f6a22718c8eec2b6a6834b2165168a7567c4cee4d298037/detection # Reference: https://www.virustotal.com/gui/file/35fd40cd3529e9b39b363bba62990949468f3a97ebb7e30e0f7629a64ae3c1d3/detection chaabattent.com kerymarynicegross.com kladrykroptur.com kvaladrigrosdrom.top madregobilsg.com pillygreamstronh.com # Reference: https://securelist.com/gootkit-the-cautious-trojan/102731/ # Reference: https://otx.alienvault.com/pulse/60be30837c3f13bb72131f36 kerymarynicegross.top kvaladrigrosdrom.top lbegardingstorque.com pillygreamstronh.com scellapreambulus.top # Reference: https://www.virustotal.com/gui/ip-address/185.130.104.179/relations # Reference: https://www.virustotal.com/gui/file/89450d2a60569fb344706de0f1d2105dfb60cfec7118f8d517a2ad0022697fad/detection admovinseth.com insourcehawaii.com vinsethteas.com dp.insourcehawaii.com lps.admovinseth.com xrp.vinsethteas.com # Reference: https://www.virustotal.com/gui/file/1d0030552e6ff56b7d5469c869af95f0e315888568c00ff2c85da6ba6efa9d4c/detection 195.22.26.252:8080 195.22.26.252:6969 195.22.26.253:6969 ere5453.com vip.ere5453.com # Reference: https://twitter.com/GootLoaderSites/status/1514211046629814272 kepw.org korsakovmusic.com # Reference: https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/ # Reference: https://otx.alienvault.com/pulse/6278f9624d491d800adf4944 jp.imonitorsoft.com/test.php?hjkiofilihyl= junk-bros.com/test.php?hjkiofilihyl= kakiosk.adsparkdev.com/test.php?hjkiofilihyl= /test.php?hjkiofilihyl= # Reference: https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html # Reference: https://otx.alienvault.com/pulse/62e3c4e56e6b1aff022c72ff http://89.238.185.13 # Reference: https://tria.ge/220802-qrqatsfcf5/behavioral1 /test.php?xkiutrbcfgqble= # Reference: https://tria.ge/220802-xhw6cabcgr/behavioral1 /test.php?wiliidivzlonkb= # Reference: https://tria.ge/220728-tgsvrahbb3/behavioral1 /test.php?rgfufxdpdybaw= # Reference: https://tria.ge/220728-msbmaaehf6/behavioral1 /test.php?pmfvhcbyovwmpdyx= # Reference: https://twitter.com/AvastThreatLabs/status/1561685383368286210 frerecapucinbenin.org/search.php giuseppedeluigi.com/search.php kettlebellgie.be/search.php # Reference: https://www.virustotal.com/gui/file/acf7ed3990f94b5c55dfb66537b8ec8ffc8b44855f6107934e750377d1831fb0/detection 195.22.26.253:8080 195.22.26.254:8080 # Reference: https://www.virustotal.com/gui/file/7b376ed4e818dd70ec3c07b366da439cc194694186abacc535708f090f1affbc/detection 193.166.255.171:8080 23.253.46.64:6969 # Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ http://5.8.18.159 http://5.8.18.7 138.197.222.36:443 1c-kursy.online/download.php 1fc-muelheim.de/download.php 5esaison.ch/download.php 7x3.jp/download.php 8659design.se/download.php aaa-studios.de/download.php aadesignstudio.it/download.php aandjaudhali.com/download.php abbazia.hu/download.php abdmedia.online/download.php abe.bethmcmillian.com/download.php aboveandbeyondmovers.com/download.php abt.hu/download.php academics360.valaprime.com.ng/download.php acc.odrtechinc.com/download.php accessi.altaroma.it/download.php acil.m-g-n.me/download.php acuicultura.ihcantabria.com/download.php adamolam.co.il/download.php adamsarhan.com/download.php aderbuild.com.au/download.php adila.sabluxgroup.com/download.php admisiones.ipac.edu.ec/download.php adolphi-stiftung.de/download.php adriaticdeluxeapartments.com/download.php aerotechcaps.com/xmlrpc.php afschools.vermilion.com/download.php agent.seektobe.com.au/download.php ahp-microsite.knockmedia.dev/download.php aidemy.net/download.php aikido-secrets.co.il/download.php airtechsystem.co.jp/download.php akademos.com.ar/download.php aktoto.eu/download.php al-hazam.com/download.php alabuscnc.com/download.php alarmz.co/download.php alaynabowman.com/content.php albertoferreira.art.br/download.php alethium.com/download.php alexeasytechnology.co.za/download.php alfabets.pl/download.php almazova.space/download.php alpharealestate.amaseon.com/download.php alsalamatryon.com/download.php alteronreit.com/download.php alumbramento.com.br/download.php amatosport.pl/content.php amatus.office.thexroadz.com/content.php ambersdogwise.nl/content.php amg.rmutk.ac.th/content.php amthanhthongbao.com/content.php ancrages.ca/content.php anee.ee/content.php annett.ca/content.php anphatedu.com/content.php antbee-corp.demodemo.link/content.php antoun.com.au/content.php api-help.100px.com/content.php apostocatering.gr/content.php app.ykasandbox.com/content.php apparences-magazine.be/content.php apuestagolf.com/content.php ar-d.jp/content.php architectuur.webdesignbrabant.net/content.php armin.mls-test.ch/content.php art.barakaconsultants.com/content.php artidesign.studio/content.php artisanvinegar.co.uk/content.php asi-instruments.com/content.php askyadoc.org/content.php atelierceline.fr/content.php atlantacreditrepair.info/content.php atopicschool.co.il/content.php augustynbaran.pl/content.php autocars-sapporo.com/content.php avada2.ladygym.ro/content.php avindustry.org/content.php avls.com.ph/content.php avocadobar.mls-test.ch/content.php azitgroup.com.au/content.php backlogworld.demodemo.link/content.php bagat24.de/content.php baltimorecreditrepair.info/content.php bams.co/content.php bannisterministry.org/content.php baohomnay365.com/content.php barwyszkla.pl/content.php bassanglersofmichigan.com/content.php bbqaddicts.fr/content.php bctambore.com.br/content.php bddlandscaping.com/content.php beachfront.demodemo.link/content.php beauty.audreylyllian.com.br/content.php bellevue-tourtour.com/content.php benettonrugby.it/content.php benlloc.es/content.php bergenadvokatene.no/news.php bestervergleich24.de/news.php beta.voxpublica.no/news.php bevdev.freshcreative.com.au/news.php bfa.csrcpall.com/news.php bfasa.co.za/news.php bialpro.pl/news.php bigbobspizza.com/news.php bildwein.pieroth.de/news.php biosage-saudrune.fr/news.php biozek.com/xmlrpc.php birbeslenme.com/news.php biyuu.net/news.php blakwaveproductions.com/news.php blessed-trinity-parish.org/news.php blog.annelie-voyage.com/news.php blog.atelierceline.fr/news.php blog.cerebelum.net/news.php blog.defouw.org/news.php blog.denelan.com/news.php blog.france-langue.fr/news.php blog.progamma.com/news.php blog.wo365.com/news.php bluefrontmagnetics.com/news.php bna.tframe.de/news.php bng-old.theapsgroup.scot/news.php boyarskymurphy.com/news.php cpbrandindia.com/xmlrpc.php dogsfun.net/download.php dolphins.needeepindesign.com.au/download.php dozecomunicacao.com.br/download.php dpiadmin.dpipreview.nl/download.php drammensadvokatene.no/download.php drewhuddleston.com/download.php drguentert.mls-test.ch/download.php drift.rayna-web.fr/download.php druczki.pl/download.php duinbehoud.nl/download.php dwe.amaseon.com/download.php easiestbatteryrepair.com/download.php ecomuseodellegrigne.it/download.php eigoboo.bulog.jp/download.php eiradio.com/download.php elektrykstaszow.pl/download.php elmartecnologia.com.br/download.php emailbuilder.a6uat.co.uk/download.php embroiderybadge.rfstaging.co.uk/download.php encompassproperties.com/download.php energiemc2.com/download.php erdalcengiz.com/go.php esmmprev.dev.interstrand.com/download.php espacoememoria.org/download.php estarque.com.br/download.php ets2.gr/download.php eucontab.com.br/go.php euskaljakintza.com/go.php existeraboutdeplume.fr/go.php expoteam.ro/go.php eyu.net/go.php fafa.ysdong.top/go.php fahrschulethomas.com/go.php farbenspiel-trier.de/go.php farwestlandscape.net/go.php fas.wyb.ac.lk/go.php ffsimv.gr/go.php fincompara.co/xmlrpc.php firmenakademie.com/go.php fisika.uad.ac.id/go.php foblesproject.pl/go.php formacion.energy-minus.es/go.php freeintalk.co/go.php freeintalk.com/go.php freudeundheilung.de/go.php fysiotherapie-panken.nl/go.php gabycampo.com.ar/go.php gasperinieps.it/go.php gazette.cercledeyoga.fr/go.php gebruederbild.com/go.php gehrels.info/go.php gghengineers.com/go.php ggse.us/go.php ghandchifamily.com/go.php ghostapp.co.uk/go.php ghostheads.gbgrid.com/go.php giccmedical.com/go.php glaudio.com.au/go.php glendonlee.com/go.php gremlin.net/go.php gullkorndesign.com/go.php gullkorndesign.de/go.php gutenberg.marketing-flash.dd/go.php gutenberg.marketing-flash.de/go.php hadleymothersclub.org/go.php hair-med-krakow.pl/go.php hair-med.com.pl/go.php ilpiccolocampo.it/blog.php imago-dp.com/blog.php inerino.co.za jonathanbartz.com/test.php karbonaudit.cf/test.php kwagalafoundation.nl/test.php lacocinadefrabisa.lavozdegalicia.es/test.php lakelandartassociation.org/test.php lakeside-fishandchips.com/test.php lenovob2bportal.com/test.php lesriceysimports.com/test.php lha.co.ke/test.php livesports.co/test.php moussokouma.de/xmlrpc.php my-game.biz pillardeploymentretreat.com/xmlrpc.php satoyamasafu.com/content.php secora.cl/content.php setman.es/content.php seyhanaluminyum.com/content.php sheffieldcoronarysociety.org.uk/content.php sicherheitsingenieure-huber.de/content.php sicilyin.com/content.php silpa.co.in/xmlrpc.php slimdiet.eu/content.php smartcontracts.nl/content.php spyadviser.com/content.php srdemolition.com/content.php studio-lapinternet.fr/content.php szipe.org/faq.php talentree.fi/xmlrpc.php tavernelentrepot.be/faq.php thediarytours.com/faq.php thekyhomeinspector.org/faq.php tillit-hjarta.se/faq.php tvsguides.com/xmlrpc.php twoviewsmovies.com/faq.php vacanzenelmediterraneo.com/faq.php valentinhenning.de/faq.php vasktextil.com/faq.php vecctor.lazyls.co/faq.php verlaghausundmarkt.de/faq.php villa-rosenrausch.de/faq.php vojens-trailerudlejning.dk/faq.php vrouwenversierentips.org/faq.php waffen-seilz.de/faq.php webdesignbrabant.net/faq.php werbefirma.hamburg/faq.php whitepanama-films.com/faq.php wiccinigeria.org/faq.php wild-confetti.com/faq.php wonderfulegypttours.com/faq.php worpswede-blog.de/faq.php wtcomms.co.uk/faq.php wyndemeredesigns.jonfarrell.io/faq.php xaderbuild.com.au/download.php yec.edu.mm/xmlrpc.php yvesrobert-decoration.com/faq.php za-co-za.co.za zen-altitude.fr/faq.php zhongguotese.net/faq.php /tmp_it22/test_zip2/loader_zip.js # Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2023-09-20) gutesherz.or/go.php heartwoodproperties.com/blog.php heike.teofilius.de/blog.php heldenfutter.de/blog.php ikhwarn.com/blog.php ikwilvanmijnpoloaf.nl/blog.php ilovealtona.org/blog.php images.cjp.mx/blog.php imas.uk.com/blog.php informatyczny.expert/blog.php # Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2023-10-22) herbert-strohmaier.de/blog.php heuberg-einrichtungen.de/blog.php hockeycorner.net/blog.php hoco-moebel.de/blog.php hologramy-kolekcjonerskie.pl/blog.php hslawcorp.com/blog.php ibirtm.pl/blog.php imago-int.eu/blog.php inprojexautomotive.com/blog.php insource.nz/blog.phheatherwoodpta.org/blog.php inspiration4fitness.de/blog.php ippm.dk/blog.php iprommark.com.ua/blog.php iuic.de/blog.php jacksworkspace.com/blog.php johnryan.ie/blog.php jphilippeau.com/blog.php junkwize.passionstaging.co.uk/blog.php jvasky.com/blog.php kalendarze.merkuriusz.pl/blog.php kantarellstigen1.se/blog.php kapsalonbrand.nl/blog.php karlshamnsfotoklubb.se/blog.php kavoshpos.com/comments.php keltek.co.uk/comments.php kendalwills.co.uk/comments.php kform.innan.net/comments.php kiezradler.de/comments.php kiub.cosavostra.com/comments.php kizys.net/comments.php korelyakov.com/comments.php kr.newyork-english.edu/comments.php kraftyadvantagemarketing.com/comments.php krippenfreunde-schnaittenbach.de/comments.php kristiansandadvokatene.no/comments.php kuckste.de/comments.php kwiatkifranciszka.edu.pl/comments.php laboratoriocitrico.com/comments.php legalny.com.pl/comments.php lepanam.com/comments.php lewispublishing.org/comments.php limbus-holding.de/comments.php local.silly-beer.com/comments.php manfredfohringer.de/comments.php manfredritschard.com/comments.php markadsrad.ru.is/comments.php marketdriven.chevronmarcom.com/comments.php marketstrategiesmgmt.com/comments.php maxguenter.de/comments.php mcnazamecku.net.scms.sq1.io/docs.php mdsbio-tech.com/docs.php media-accelerator.it/docs.php meekoppelen.klimaatadaptatie.nl/docs.php mein.miteinander.reisen/docs.php members.bonusbomber.com/docs.php mercedes5pluss.no/docs.php metagaming.tv/docs.php metodabls.pl/docs.php midwayfun.client.dev.rocketeffect.com/docs.php mindfully.vn/docs.php mirabilismusic.net/docs.php mirazbakery.com/docs.php mitgliederbereich.frederik-malsy.com/docs.php mittnyahem.com/docs.php mkbwindows.co.uk/docs.php modatrends.nl/docs.php moeve-schmelz.de/docs.php mooreinsure.net/docs.php motociclistagiapponese.com/docs.php movingtonewzealand.org/docs.php mps.rfstaging.co.uk/docs.php mvz-ansbach.de/docs.php my.freeintalk.com/docs.php mycom.global/docs.php myhealthspin.com/docs.php myinternetchapel.org/docs.php myoldcountryhouse.com/docs.php myuoh.org/docs.php mywinthropcondo.com/docs.php nado.ca/docs.php naniwa-ginzaaward.hisaki-design.com/docs.php natrumax.com.vn/docs.php nattivos.com/docs.php nbconstructor.com/docs.php nblandgroup.com/docs.php nebo-trk.com/docs.php netherlands.qolsys.com/docs.php new.clovercars.net/docs.php new.scratch-build.com/docs.php newireluck2.com/docs.php newperspectivellc.com/docs.php news.soxo.bet/docs.php nextgenlead.org/docs.phpp nhakhoablossom.vn/docs.php nicholasoflondon.co.uk/docs.php ninapodiatry.co.uk/docs.php no.sexydate.world/docs.php nocknock.io/docs.php nordics.qolsys.com/docs.php northshoregreencare.co.nz/docs.php nortproperties.se/docs.php np.lostsoulsuk.com/docs.php nsdayan.com/docs.php oaklanddental.org/news.php obrecht.agentenpreview.com/docs.php obrobkacieplna.com/docs.php obsessive.business/docs.php ocatio.co.uk/docs.php occhio.com.au/docs.php oceanprezentow.pl/docs.php odal.codeium.dev/news.php ogaki-asobanight.com/news.php okidok.se/news.php oldtimertreffen-rethem.de/news.php ondrejklicpera.cz/news.php orangeprint.pl/news.php orsomedia.cosavostra.com/news.php ouchi-work-mei.com/news.php pacoprian.es/news.php palitaliawines.com/news.php pandr.pandroutsourcing.com/news.php parafianieboczowy.pl/news.php paragonprinting.co.uk/news.php parencyivf.com/news.php parentpipelineproject.org/news.php pasta-mania.it/news.php path4hosts.com/news.php pax-anders.de/news.php pecatonicabeer.com/news.php penzion-bawaria.cz/news.php pepelu-staging.01staging.site/news.php pitt.com.br/news.php pokojechancza.pl/news.php portugal.qolsys.com/news.php powerthruconsulting.com/news.php quangcaolcd.com/save.php quote.keydesignwebsites.com/save.php racingclub-saintcernin.fr/save.php radium-audio.com/save.php railway.net.tw/save.php rallysweden.com/save.php ranmabooks.com/save.php rbarcia.pt/save.php reallifecomics.com/save.php rechtsanwalt-wucherpfennig.de/save.php reformasceibo.es/save.php reisebloggerwelt.de/save.php rencontrenationaledanse.fr/save.php restauracekup.cz/save.php restaurangfolkparken.se/save.php rezetennisclub.fr/save.php ringco.ir/save.php ringkhodro.ir/save.php rishish.com/save.php rodrigofischer.com/save.php running.hkcosmo.com/save.php russondesign.com/save.php rvonkruger.com.br/save.php rz-menden.de/save.php salarquitectura.es/save.php salsadk.dk/save.php sandbox.herzek.net/save.php sato-transport.net/save.php sbc.gold-ichiba.com/save.php scheiff.eu/save.php schoolreport.belperschool.co.uk/save.php schroederdennis.de/save.php schuitemaker.twentepc.nl/save.php shodo.cosavostra.com/save.php shop.roseofsharon.hk/save.php # Reference: https://securityintelligence.com/x-force/gootbot-gootloaders-new-approach-to-post-exploitation/ # Reference: https://otx.alienvault.com/pulse/655343a01d5cec168a522f27 63factory.jp/wordpress/xmlrpc.php contentstudent.com/xmlrpc.php # Reference: https://app.any.run/tasks/8d4ea302-a822-46b2-bb2b-51a1dd052dc0/ /sRSVYdkWbWU11.bin # Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2023-12-05) inerino.co.za/index.php insource.nz/blog.php mpvip.com.br/docs.php musically.shift-m.com/docs.php oneminutechallenge.hu/news.php onlineandon.com/news.php openday.mcs.it/news.php pinklittlenotebook.com/news.php planex.wjg.jp/news.php po.csrcpall.com/news.php preprod.lelit.fr/news.php prestburycheshire.com/news.php probono.6600dev.com/news.php project-ile.net/news.php projectboxmedia.com/news.php propertyshopofthecarolinas.com/news.php quind.de/news.php sikasonhiep.com/blog.php slottje.com/blog.php smarttours.ro/blog.php smd.agency/blog.php snopro.eu/blog.php sonnenkirche.de/blog.php spd-haltern-am-see.de/blog.php spenden.procamp.org/blog.php spice.ehero.es/blog.php spielsand-kaufen.com/blog.php squarechapel.co.uk/blog.php stadnicka.com/blog.php staging.aoibhneas.org.scms.sq1.io/blog.php staging.ivet.edu.au/blog.php starli.top/blog.php stavangeradvokaten.no/blog.php stefangubser.com/blog.php stromduellen.no/blog.php studentalpharotterdam.nl/blog.php studiocircle.co.uk/blog.php studiotapas.com/blog.php sunbattery.ir/blog.php sunnhordlandantirust.no/blog.php supergaywedding.com/blog.php support.aidemy.net/blog.php survey.ykasandbox.com/blog.php suzukikougei.co.jp/blog.php svoy.pro/blog.php swartauto.nl/blog.php t03imd.info/blog.php tanakakoichi.com/blog.php tarabuhagiar.com/blog.php tascareaga.com/blog.php tasmanrevival.com/blog.php tattoocapilar.com/blog.php taxexemptconsultants.com/blog.php tcservices.com/blog.php teamdioxide.com/blog.php technologiczni24.pl/blog.php telefonteknik.se/blog.php tennesseescholars.org/blog.php test.calcanto.de/blog.php test.odrtechinc.com/blog.php textart.nonhoff.info/blog.php the-hope-foundation.kdconnect.uk/blog.php the-other-milk.com/blog.php theJKinz.com/blog.php thechip.shop/blog.php theconniewong.com/blog.php thedovepartnership.co.uk/blog.php theloosechangecharity.co.uk/blog.php thenordicman.com/blog.php thieuhoa.com.vn/blog.php thirstymag.com/blog.php tintin.coffee/blog.php tipthara.com/blog.php tisdagskaffe.se/blog.php titan-fitness.com/blog.php toenchen-und-herrschmidt.de/blog.php toenchen-und-herrschmidt.ee/blog.php tororomba.com.br/blog.php toshiaki1.com/blog.php ubezpieczeniawalczyk.pl/blog.php uczestnik.devagroup.nq.pl/blog.php uczestnik3.devagroup.nq.pl/blog.php udef.fr/blog.php uk.qolsys.com/blog.php undergroundnyc.com/blog.php unisono.band/blog.php upcyclestitches.com/blog.php v3.mytalentplatform.com/blog.php veken.de/blog.php vicsthemovingman.net/blog.php vinhos.grandcru.com.br/blog.php vipaco.vn/blog.php vladferoiu.com/blog.php za-co-za.co.za/index.php # Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (#2024-03-24) 0939it.com/xmlrpc.php 52poke.com/xmlrpc.php aarch.dk/xmlrpc.php abako.se/wordpress/xmlrpc.php allfridaystudio.com/xmlrpc.php ama-studio.it/xmlrpc.php amida.se/xmlrpc.php ansoffs.com/xmlrpc.php articuly.com/xmlrpc.php artisebio.com/xmlrpc.php atalyadis.com/xmlrpc.php atemberaubende-akzente.de/m/xmlrpc.php atlanticyachtandship.com/xmlrpc.php auxiliaryenergy.com/xmlrpc.php back-zeit.de/xmlrpc.php balanceanddizzinessphysicaltherapy.com/xmlrpc.php barn2.com/xmlrpc.php belvederebenidorm.com/xmlrpc.php bourse-du-travail.com/blog/xmlrpc.php boxhaus.de/blog/xmlrpc.php brainsoulsuccess.com/xmlrpc.php brandweeravenhorn.nl/xmlrpc.php breckenridge-vacation-homes.com/xmlrpc.php calzaturificioliberty.it/xmlrpc.php cathedrale-nantes.fr/xmlrpc.php charchiinet.com/xmlrpc.php charltonbrown.edu.au/xmlrpc.php cheapandbestshopforlife.com/wordpress/xmlrpc.php cittadifondazione.it/xmlrpc.php connachttribune.ie/xmlrpc.php conoleforcongress.com/xmlrpc.php cultus.dk/xmlrpc.php dansport.is/xmlrpc.php darolvakil.com/xmlrpc.php dgtread.com/xmlrpc.php diereisedeineslebens.de/xmlrpc.php divipeople.com/xmlrpc.php djurskyddetvastervik.se/xmlrpc.php dme.gr/xmlrpc.php drzewkonaprezent.pl/xmlrpc.php elbepokal.de/xmlrpc.php emeliew.se/xmlrpc.php eshraghbook.com/xmlrpc.php faneuilhallmarketplace.com/xmlrpc.php fuzionproscooter.com/xmlrpc.php games-up.fr/xmlrpc.php geekhacker.ru/xmlrpc.php geekville.ru/xmlrpc.php gochat247.com/xmlrpc.php goldco.com/xmlrpc.php goodklei.ru/xmlrpc.php gradecam.com/xmlrpc.php healthcares.life/xmlrpc.php helpsarkari.com/xmlrpc.php hethooghuis.nl/xmlrpc.php hkcapsule.com/xmlrpc.php irannihon.com/xmlrpc.php jt.my/xmlrpc.php kbjporn.com/xmlrpc.php kresy.pl/xmlrpc.php lascebrassalen.com/xmlrpc.php lasik2020.com/xmlrpc.php livingshorespa.com/xmlrpc.php luxurylaunches.com/xmlrpc.php mcws.org/xmlrpc.php michiganumc.org/xmlrpc.php moaetscandg.org.ng/xmlrpc.php mundoalbiceleste.com/xmlrpc.php mycashtree.net/xmlrpc.php natbooks.com.au/xmlrpc.php netmag.pk/xmlrpc.php ngajiyok.com/xmlrpc.php nitrobilisim.com.tr/xmlrpc.php onlinemoneyspy.com/xmlrpc.php outsidespace.co.nz/xmlrpc.php palaiofaliro.gr/xmlrpc.php parentingisnteasy.co/xmlrpc.php pipingpotcurry.com/xmlrpc.php playgroundbaron.com/xmlrpc.php pointerclicker.com/xmlrpc.php prokirpich76.ru/xmlrpc.php promixacademy.com/xmlrpc.php pvcfencingwarehouse.com.au/xmlrpc.php ragmcloud.com/xmlrpc.php rahatupu.net/xmlrpc.php republicanpress.org/xmlrpc.php rushradar.com/xmlrpc.php saint-augustin.ch/xmlrpc.php schematherapyinstitute.com.au/xmlrpc.php seva-ese.com/xmlrpc.php sheffi-tours.co.il/xmlrpc.php shemshad.com/xmlrpc.php shtourval.ru/xmlrpc.php shywolfsanctuary.org/xmlrpc.php smartai.com.au/xmlrpc.php smokersplanet.de/xmlrpc.php smwroclaw.pl/xmlrpc.php snyk.io/xmlrpc.php som.edu.vn/xmlrpc.php specialeventservices.com/xmlrpc.php susanin.fun/xmlrpc.php swingandbeyond.com/xmlrpc.php systemtranslation.com/xmlrpc.php tamilcinetalk.com/xmlrpc.php testiran.com/xmlrpc.php thechutneylife.com/xmlrpc.php themeatandwineco.com/xmlrpc.php themodestwallet.com/xmlrpc.php travel2next.com/xmlrpc.php typhoontv.in/xmlrpc.php urbedu.live/blog.php uumu.fi/blog.php vancleefinc.com/blog.php vaqutauxfamily-fanclub.com/blog.php vente-outillages.com/blog.php vicantres.com/blog.php vietsportscience.com/blog.php viewcast.tv/blog.php villadsen4x4.dk/blog.php vilmas.digital-brands.de/blog.php vogelhaus-gestaltung.de/blog.php volleyball-muenchen.de/blog.php volleytip.com/blog.php volltrendyfashion.de/blog.php voxpublica.no/blog.php webipal.com/xmlrpc.php weissenbach-pr.de/xmlrpc.php wheelz.me/xmlrpc.php wordpress.itrip.ro/xmlrpc.php xlights.org/xmlrpc.php yekdoa.ir/xmlrpc.php zahiraccounting.com/xmlrpc.php zarinbano.com/xmlrpc.php # Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2024-03-31) 192-168-1-1-admin-admin.ru/xmlrpc.php althaus-innenausbau.de/xmlrpc.php amazila.cz/xmlrpc.php assamjatiyabidyalay.com/doc.php aurory.io/xmlrpc.php baaghitv.com/xmlrpc.php beeldvorm.eu/xmlrpc.php bodylift.si/xmlrpc.php bsdeboomgaard.be/xmlrpc.php buckcenter.edu.ec/xmlrpc.php bulaintel.com/xmlrpc.php cantinalandi.com/xmlrpc.php catherinefoundation.org/xmlrpc.php celeritastransporte.com/xmlrpc.php cityhomesedmonton.ca/xmlrpc.php convertkit.com/xmlrpc.php cuinescalaf.com/xmlrpc.php cumm.co.uk/xmlrpc.php descarca.info/xmlrpc.php designtoolsnetwork.com/xmlrpc.php digitalmarketingcompany.me/xmlrpc.php donquichottedeladendre-ath.be/xmlrpc.php eatech.uk/xmlrpc.php exceloffthegrid.com/xmlrpc.php ffteducationdatalab.org.uk/xmlrpc.php growthworks.io/xmlrpc.php hitech-us.com/xmlrpc.php juststories.se/xmlrpc.php kayoanime.com/xmlrpc.php kemilektioner.se/xmlrpc.php kinosait24.ru/xmlrpc.php lasantaespina.cat/xmlrpc.php mangacrab.com/xmlrpc.php matchtime.co/xmlrpc.php mcintoshdaily.com/xmlrpc.php mepiu.it/xmlrpc.php outdoorgearshub.com/xmlrpc.php overbeekphotos.com/xmlrpc.php prozhedownload.com/xmlrpc.php seiji-folk.com/xmlrpc.php stanta.co.uk/xmlrpc.php support.dotregis.com/xmlrpc.php tanya-tanya.com/xmlrpc.php taronews.tw/xmlrpc.php telegramguru.com/xmlrpc.php theyogainstitute.org/xmlrpc.php topcoloringpages.net/xmlrpc.php vipaco.vn/xmlrpc.php wielkopolskamagazyn.pl/xmlrpc.php wildundhund.de/xmlrpc.php # Reference: https://x.com/Gootloader/status/1796196497626698016 # Reference: https://www.virustotal.com/gui/ip-address/91.215.85.21/relations hotheads.co.za # Reference: https://x.com/banthisguy9349/status/1808578996055257334 # Reference: https://urlhaus.abuse.ch/host/skf-mx.com/ skf-mx.com # Reference: https://x.com/NDA0E/status/1809288536983589288 # Reference: https://www.joesandbox.com/analysis/1468338#iocs http://91.92.242.245 91.92.242.245:443 pineappletech.ae/at/ # Reference: https://threatfox.abuse.ch/browse/malware/js.gootloader/ (# 2024-07-07) 1poclimaty.ru/xmlrpc.php 2015.artencounters.ro/manual.php 3axis.co/xmlrpc.php 4bata.net/manual.php 4dgamers.com/manual.php 4handscleaning.com/manual.php 602024.com/manual.php 76crimes.com/xmlrpc.php 8design.se/xmlrpc.php 8ktv-test.de/xmlrpc.php aalborgfaegteklub.dk/article.php absoluteestimating.com/xmlrpc.php abtenau-info.at/xmlrpc.php abumarketrc.com/xmlrpc.php academieairespace.com/xmlrpc.php ackesbilservice.se/article.php activefisher.net/xmlrpc.php adktechs.com/xmlrpc.php adventurewallcoverings.co.za/xmlrpc.php aimrental.net/manual.php airgaz.bydgoszcz.pl/manual.php ajserviceusa.com/manual.php alcorfund.com/xmlrpc.php alex-faber.com/manual.php alisa-nails-koeln.de/article.php alldaily.ru/xmlrpc.php allegro.autoszczepaniak.pl/manual.php almik.com/article.php alphacleantech.com/how-contract-research-organizations-profit-business-model-analysis alternative-tibetaine.org/xmlrpc.php ambitiouswithcards.com/xmlrpc.php ambtenarensalaris.nl/xmlrpc.php amerac.org/xmlrpc.php americanbussales.net/xmlrpc.php americanepoxy.bond10templates.com/2022/12/04/ver-saldo-do-nota-legal amittiwari.net/xmlrpc.php ancestralfindings.com/xmlrpc.php andreaslennartsson.com/manual.php andylaub.com/manual.php anettelonnsfotvard.se/doc.php animalvictory.org/xmlrpc.php animefestival.asia/manual.php annehemgard.se/xmlrpc.php annitaswaerts.nl/manual.php anordestdiche.com/article.php anordestdiche.com/xmlrpc.php antonina.campi.spotkaniakultur.com/article.php aphcareerconnect.org/xmlrpc.php apol.eu/doc.php app-gehts.de/xmlrpc.php appleluxurycar.com/xmlrpc.php arabfish.net/xmlrpc.php arduino-projects4u.com/xmlrpc.php arkadiuszkedziora.pl/article.php arkamaya-grhatama.com/xmlrpc.php artlab.se/manual.php arton-bv.nl/xmlrpc.php arts-npo.org/manual.php asleman.org/2022/01/17/tattooing-from-home-laws-in-alberta-what-you-need-to-know asleman.org/2022/03/31/washington-state-medical-assistant-scope-of-practice-laws-legal-overview asleman.org/2023/12/10/do-you-qualify-for-bereavement-leave-for-grandparents-in-law assenmacher-koeln.de/xmlrpc.php astrolady.org/xmlrpc.php atasafaris.com/xmlrpc.php atlantabarbellgym.com/xmlrpc.php atvtrade.ru/xmlrpc.php audrey-drenthen-art.nl/article.php auto-coop.com/manual.php auto-coop.hu/manual.php awadhshreehospital.in/index.php/2023/03/20/pros-and-cons-of-multilateral-trade-agreements aynasy.com/manual.php azahar.bg/manual.php b-betternow.com/manual.php bakbordet.se/manual.php balabaksha.kz/xmlrpc.php balkanyemekleri.com/xmlrpc.php bearnutscomic.com/xmlrpc.php beginagaininstitute.com/xmlrpc.php belindadavisbranchlaw.com/article.php bellapizzact.com/article.php bellbaker.com/bcnu-collective-agreement-bereavement-leave bellbaker.com/guarantor-for-rental-agreement-ontario bemiva.it/article.php benspencermusic.com/article.php besocy.com/xmlrpc.php betelpl.bdl.pl/manual.php betonades.com/article.php bezpiecznie.org/manual.php bgagro.bg/xmlrpc.php bienenzucht-villachland.at/xmlrpc.php bigcheeserodents.com/mcmaster-collective-agreement-faculty bigdawgimages.net/manual.php bilgisebili.com/xmlrpc.php billbelsey.com/article.php bilyonaryo.com/xmlrpc.php bip.dpsbranszczyk.pl/manual.php blackdiamondbjj.com/xmlrpc.php bliss.pro/manual.php blixtgordon.se/manual.php blog.demuthphoto.com/manual.php blog.enghauser.de/manual.php blog.festivalfilmeduc.net/manual.php blog.gn8.at/manual.php blog.hongo-makoto.com/manual.php blog.icondesignlab.com/manual.php blog.itoyakuten.net/manual.php blog.jens-bolz.de/manual.php blog.jonheese.com/manual.php blog.kappo-mifuku.com/manual.php blog.lizzygraykitchens.com/manual.php blog.nishitama-auto.com/manual.php blog.pet-portraitartist.com/manual.php blog.rainbow1122.com/manual.php blog.saffronstays.com/manual.php blog.soryokan.com/manual.php blog.teramachi-ah.com/manual.php blog.yorozumanrakudo.com/manual.php blog.zhaixudong.com/manual.php bluewateryoga.com.au/xmlrpc.php blurrypixel.com/manual.php bmeg.fel.cvut.cz/manual.php boisebrides.keydesigndevelopment.com/manual.php bokenasetsadra.se/xmlrpc.php bollywoodtadka.xyz/xmlrpc.php booking.chaletsphilippe.com/manual.php booking.intersport.it/manual.php bookmeacookie.pl/xmlrpc.php bordingfriluftsbad.dk/article.php boulangeriebezencon.ch/xmlrpc.php bramafhu.pl/manual.php brandontucker.com/article.php brastal.pl/manual.php brokensilenze.one/xmlrpc.php btini.net/article.php buhexpert8.ru/xmlrpc.php bultecappelle.fr/article.php bunkomania.net/article.php burleys.ca/2023/05/23/what-is-an-enterprise-agreements businessforfilipinos.com/xmlrpc.php businesstraveller.pl/manual.php bvp.ch/hold-harmless-agreement-car-accident bvp.ch/manual.php bvp.ch/transfer-agreement-concept bvp.ch/transfer-agreement-concept/ calderconsultants.com/manual.php cambiobolivar.com/manual.php canadajobbank.org/xmlrpc.php cap-berriat.com/article.php carercn.com/xmlrpc.php carlhansensolv.dk/xmlrpc.php cartoongayporn.com/xmlrpc.php casadevida.net/2022/03/11/lease-agreement-between-husband-and-wife casagaribaldi.it/2022/04/20/will-dispute-lawyers-brisbane casagaribaldi.it/xmlrpc.php catalogodecosmetica.com/manual.php catering-szafran.pl/manual.php cbseguides.com/xmlrpc.php ccga.com/article.php ccspaintingllc.com/xmlrpc.php celinabostic.de/xmlrpc.php celinecuypers.be/article.php centralzvornik.ba/manual.php centre-culturel-laricamarie.fr/manual.php chanderbhushan.com/doc.php chivas.taegermoos.com/manual.php choi.helava.com/manual.php chudywawrzyniec.pl/manual.php chunjack.nl/article.php cichaz.com/article.php cimaq.es/manual.php clinicachirurgie3.ro/article.php clintkustoms.com/manual.php cmorgan.com/blog/xmlrpc.php cnsmaryland.org/xmlrpc.php cocbases.com/xmlrpc.php cocktailhacker.com/manual.php col21-champollion.ac-dijon.fr/manual.php colorinkbook.com/article.php colourful-decor.be/article.php compose.ly/xmlrpc.php configurelaptop.eu/xmlrpc.php conyers.biz/index.php/2023/06/04/nbu-msp-collective-agreement coolskyfood.com/xmlrpc.php cosplayboobies.com/xmlrpc.php costumes-urbains.com/manual.php cpbrandindia.com/manual.php crappel.co/article.php crappel.com/article.php cremer-fliesen.de/xmlrpc.php crochetkim.com/xmlrpc.php ctoasaservice.org/xmlrpc.php cultureroadtravel.com/xmlrpc.php curecvc.com/oklahoma-street-legal-vehicle-requirements cybergroundproject.com/manual.php d-garage.jp/article.php d-mag.com/manual.php daarine.ir/xmlrpc.php dailyshepursues.com/xmlrpc.php dailysonardesh.com/xmlrpc.php dakee.ir/xmlrpc.php dantra.de/manual.php dariosc.pro-linuxpl.com/article.php darmanet.com/xmlrpc.php darululoom.com.au/understanding-dog-barking-laws-in-nsw-what-you-need-to-know dasouza.es/manual.php davidjhindlemann.com/reports.php dawinmeckel.de/xmlrpc.php daylightdesignsinc.com/manual.php dc3common.sakura.ne.jp/manual.php debarcadere.be/xmlrpc.php delcas.com.br/xmlrpc.php denisburns.com/reports.php dermcollective.com/xmlrpc.php despedidadesolteroengandia.globalwords.net/manual.php detforening.dk/reports.php devblog.ludikreation.com/reports.php diabetesstrong.com/xmlrpc.php diavolino.ch/article.php digibaru.com/xmlrpc.php digitalfreight.co.uk/reports.php discovermass.com/xmlrpc.php dismerchandise.com/doc.php divorcedwomensclub.com.au/article.php dizikonusu.com/xmlrpc.php djinfo.pl/reports.php dmboxing.co/reports.php dmboxing.com/reports.php dobrykrawiec.pl/article.php docsjapan.xsrv.jp/reports.php doctorsacademy.org/list/xmlrpc.php dontcrydesignlab.com/reports.php doublertrailers.com/reports.php dreaming.works/article.php dresstherapist.sakura.ne.jp/reports.php dressyrsnack.se/reports.php duendealhambra.com/article.php dutchdreamhorses.com/reports.php e-add.pl/article.php eaalim.com/xmlrpc.php eastnaija.com/xmlrpc.php eberlie.ca/tenancy-agreement-sample-guyana eberlie.ca/tenancy-agreement-sample-guyana/ ecoledebatteriejonathandesrumeaux.fr/reports.php ecoprotection.in/understanding-traffic-laws-in-grenada-a-complete-guide/64592/ eddie-hernandez.com/xmlrpc.php edu.ngoinhatienganh.com/reports.php egvisaservices.com/xmlrpc.php egylgs.info/xmlrpc.php elgreco-sindlingen.de/xmlrpc.php embracethewater.wondermeeting.se/reports.php emmikochteinfach.de/xmlrpc.php empiretaxusa.com/xmlrpc.php energotechnika.com.pl/reports.php eneva.ru/xmlrpc.php enhornabatklubb.se/reports.php entekhab.org/xmlrpc.php entertainmenttechnologies.co.uk/reports.php ependyseis.com.gr/reports.php equinox-hotels.com/xmlrpc.php equip.com.es/article.php erhvervsundhed.dk/reports.php estedavivere.it/xmlrpc.php estforestry.com/reports.php etisalangy.com/xmlrpc.php etnikk.com/reports.php eurotranschanet.fr/xmlrpc.php exotours.in/read-agreement-of-being-gay-for-30-days exotours.in/read-agreement-of-being-gay-for-30-days/ experimentation.univ-littoral.fr/~druel10/wordpress/?p=5675 experimentation.univ-littoral.fr/~eric/wp/masterddl/2022/09/10/hot-cargo-agreement-define/ experimentation.univ-littoral.fr/~eric/wp/masterddl/2023/03/05/agreement-sayings/ experimentation.univ-littoral.fr/~eric/wp/masterddl/2023/07/23/paypal-billing-agreement-cancelled-facebook/ facebook.ygdiw.com/article.php fantasticomundodesunca.org/article.php fantasy-hive.co.uk/xmlrpc.php fastex.se/english.php femmetech.org/article.php festivalrykten.se/reports.php finaltolightspeed.com/english.php firebirdimages.com/reports.php flavirama.be/reports.php fluechtlinge-malen.ch/what-is-gratuitous-contract/ forum.altoadigeinnovazione.it/reports.php francesco.tarricone.it/reports.php francesmacve.com/reports.php freeupscmaterials.org/xmlrpc.php freshysites.com/xmlrpc.php future-plast.com/article.php g8education.edu.au/xmlrpc.php gadgetstouse.com/xmlrpc.php gaep.net/get.php gantegh.agbubulgaria.org/reports.php gemak.mk/xmlrpc.php genevafarm.com/reports.php geomatikkbedriftene.no/reports.php georaldc.com/reports.php giantif.com/xmlrpc.php gimnazjum6.zgo.pl/reports.php glasstheatre.org/reports.php globeagency.com/get.php good2bsocial.com/xmlrpc.php goodferry.pl/reports.php goodstos.com/agreement-side-effects/ goodstos.com/airline-baggage-agreement/ goodstos.com/armistice-agreement-1953/ goodstos.com/breach-contract-law/ goodstos.com/conditional-contract-meaning/ goodstos.com/mutual-agreement-resignation-letter-sample goodstos.com/service-level-agreement-laboratory/ gps-football.com/reports.php granitedevices.com/xmlrpc.php greveclimaticaestudantil.pt/xmlrpc.php gribnik.info/xmlrpc.php gridlocktable.com/xmlrpc.php grundens.com/xmlrpc.php guitardivision.com/xmlrpc.php gundrymd.com/xmlrpc.php gustancho.com/xmlrpc.php gxtfinance.com/english.php h-port-s.com/reports.php hastingsarchitecture.com/get.php hatsandbootslinedanceherning.dk/get.php health.sjp.ac.lk/reports.php hentai-witch.com/xmlrpc.php hentaiworld.tv/xmlrpc.php heshamsaad.com/xmlrpc.php hidethatfat.com/xmlrpc.php hirschen-rorschach.ch/what-is-a-safe-equity-agreement/ hmidarjeeling.com/xmlrpc.php holzkontor.de/get.php homedevice.pro/reports.php hopgermany.com/reports.php hortonhighschool.ca/xmlrpc.php hotelfonfreda.com/reports.php hotelleportalou.com/get.php hubby69.com/xmlrpc.php hukukarastirmavakfi.com/reports.php hvamkulturogforsamlingshus.dk/reports.php i-likeitalot.com/reports.php iantucker.ca/reports.php ictnieuws.nl/reports.php ielts.com.au/xmlrpc.php ieshua.org/reports.php ikenouedojo.com/reports.php ikwilvanmijnpoloaf.nl/2023/06/08/secret-agreement-between-germany ikwilvanmijnpoloaf.nl/2023/08/11/a-voidable-contract-is-quizlet ikwilvanmijnpoloaf.nl/2023/08/28/how-to-write-money-agreement ilearnschools.org/xmlrpc.php imaginaria.pl/reports.php ingahanka.de/reports.php inpersonakbh.dk/reports.php intellectualpirates.net/reports.php intermissionhostel.no/reports.php intranat.vhfk.se/reports.php irpp.org/xmlrpc.php itigic.com/xmlrpc.php iveri.com/xmlrpc.php izj.unsa.ba/reports.php janniolssondeler.com/xmlrpc.php javelinmarketing.nl/reports.php javtape.net/xmlrpc.php javtorrent.me/xmlrpc.php jcfpa.org/2023/01/20/sample-physician-assistant-practice-agreement-california jenn.jj/reports.php jensenauto.no/reports.php johann-wittmann.com/get.php justinpgrier.com/reports.php kampermazury.pl/reports.php kancelariakaluza.pl/reports.php karmanima.net/xmlrpc.php kawapopularna.pl/xmlrpc.php ketabpedia.com/xmlrpc.php keydian.com/reports.php kfzsoeder.de/reports.php kimtams.dk/reports.php kitchenofdebjani.com/xmlrpc.php krushinews18.com/free-online-company-secretary-courses-legal-training-certification ktweb.home.pl/reports.php lab.damianobeducci.com/reports.php labonczfa.hu/5-comma-rules-a-guide-to-proper-punctuation-in-legal-writing labstyl.nazwa.pl/reports.php lakedistrictbikes.com/xmlrpc.php lamperdingen.ch/reports.php langtonhowarth.co.uk/2022/12/05/what-age-can-you-legally-leave-a-child-home-alone-in-california langtonhowarth.co.uk/2022/12/06/what-color-rock-lights-are-legal-in-florida laptop.org/xmlrpc.php larandeteknik.se/reports.php lareplica.es/withdrawal-agreement-free-movement larryslocksmith.com/is-a-collaborative-practice-agreement-required-in-texas-for-physician-assistant laurenti.ch/cavedesponts/what-is-a-contract-seal leadershipmanagement.com.au/xmlrpc.php les-dessous-de-karen.com/reports.php levaho.fr/reports.php libet-kielce.pl/reports.php licorice.uz/reports.php lifeunworthyoflife.com/reports.php lilabrand.com/reports.php limatuju.com/xmlrpc.php lokersma.info/xmlrpc.php lollipophouse.ir/xmlrpc.php lotbuds.com/legalisation-of-documents-a-guide-to-authenticating-legal-papers lumiere.grupotyc.com/orange-coast-title-company-license-number-legal-title-services m-melody.jp/xmlrpc.php madalynsklar.com/xmlrpc.php makestories.io/xmlrpc.php malfant-masson-genealogie.fr/api.php mctools.co/ifrs-16-legal-fees-understanding-the-implications-for-businesses measuremarketing.com/xmlrpc.php medischdrukwerk.nl/english.php mediterranews.org/xmlrpc.php mega-mkv.com/xmlrpc.php metalhoz.com/english.php miketrees.com/english.php mindelscott.com/2022/11/11/legal-responsibility-of-a-when-a-dog-attacks-a-cat mindelscott.com/2022/12/13/writing-dollar-amounts-in-legal-documents mindfulsearching.com/xmlrpc.php mlwmlw.org/xmlrpc.php montebello6.se/api.php museocambellotti.cittadifondazione.it/vps-enterprise-agreement-2016-schedule-b mysmartbox.solutions/california-law-essential-break-room-requirements-explained naghsheshahr.com/xmlrpc.php nationalviews.com/xmlrpc.php nematinuts.com/xmlrpc.php news.mn/xmlrpc.php ngsindia.org/2021/12/30/ukraine-staff-level-agreement-legal-guidelines-and-requirements ngsindia.org/2023/10/12/understanding-the-lebanese-legal-system-laws-courts-and-rights nokohome.se/xmlrpc.php norholmgods.com/common-law-marriage-military-recognition-and-legal-rights nzdcr.co.nz/xmlrpc.php openaps.org/xmlrpc.php openloadmovies.live/xmlrpc.php osinkokuningas.fi/xmlrpc.php ototo.com.cn/api.php overhplusproperties.com/fha-cash-reserve-requirements-everything-you-need-to-know ozanisguvenligi.com/xmlrpc.php paloubis.com/2023/05/what-is-the-benefit-of-a-tolling-agreement panang.se/xmlrpc.php passikuvasuomi.fi/xmlrpc.php paydo.com/xmlrpc.php pdfkutub.net/xmlrpc.php peacerivervet.com/xmlrpc.php penhaligonsfriends.org.uk/english.php petrolpower.de/english.php phoenixair.com/xmlrpc.php phongthuyphunggia.com/xmlrpc.php phutungotochinhhang.vn/what-is-in-the-new-nafta-agreement pinkfinancialbank.com/2022/02/26/humana-medicare-tier-exception-form pinokiosacz.pl/xmlrpc.php platypus-verlag.ch/us-social-security-agreements platypus-verlag.ch/wisconsin-tax-installment-agreement plugh.co.in/understanding-false-advertising-laws-in-ohio-what-you-need-to-know portalebambini.it/xmlrpc.php porusski.me/xmlrpc.php pptribe.com/2022/11/13/legal-valuation-group-valuation-sap prestigiousmassage.com/xmlrpc.php pricelessdesign.com/full-scope-contracting produtoresflorestais.pt/gun-laws-in-denmark-understanding-regulations-and-restrictions produtoresflorestais.pt/understanding-the-different-types-of-states-in-international-law produtoresflorestais.pt/understanding-wave-contracts-legal-considerations-implications profaj.com/xmlrpc.php prokeypc.com/xmlrpc.php psdkits.com/xmlrpc.php psychosfera.kz/xmlrpc.php pt-tkbi.com/scaffolding-agreement pt-tkbi.com/what-is-the-difference-between-appointment-letter-and-employment-contract quantumsoftech.com/blog/how-to-sue-landlord-for-breach-of-contract-legal-guide radium-audio.com/annual-agreement-for-permanent-seasonal-employment recetascocinaperuana.com/xmlrpc.php regyan.com/sample-house-rules-for-tenants-creating-a-fair-and-legal-living-environment reiner.nrha.com/ema-guidance-on-quality-agreements restaurant-riva.net/xmlrpc.php retromuzsika.hu/xmlrpc.php rg-adguard.net/xmlrpc.php richardvanhooijdonk.com/xmlrpc.php rickwire.com/xmlrpc.php ripcoltd.co.uk/api.php rkbaienfurt.de/xmlrpc.php rondesantis.com/xmlrpc.php rosenfeldmedia.com/xmlrpc.php ryver.com/xmlrpc.php saasfeerentals.com/stamping-fee-for-sp-agreement safarcranes.com/subject-verb-agreement-example-sentences salamfest.com/xmlrpc.php samsebeastrolog.online/xmlrpc.php saubere-dienste.de/xmlrpc.php searkweather.com/xmlrpc.php selekta.fi/xmlrpc.php selwoodconsultants.co.ke/2023/08/10/how-can-i-cancel-my-internet-contract-without-paying seorongdaiduong.com/xmlrpc.php servicesksa.com/xmlrpc.php shiroutowiki.work/xmlrpc.php shodo.cosavostra.com/xmlrpc.php signcitysa.com/general-manager-role-key-responsibilities-and-legal-implications signcitysa.com/understanding-japanese-weapon-laws-regulations-and-restrictions sigortamsaglik.com/xmlrpc.php sim-unlock.blog/xmlrpc.php sindipetropb.com.br/xmlrpc.php sirfresh.co.za/xmlrpc.php sitesrip.org/xmlrpc.php slimmerverdienen.nl/xmlrpc.php smallders.com/ar/understanding-ohio-forced-medication-laws-what-you-need-to-know smartgamepiano.com/xmlrpc.php smokeshopdelivers.com/xmlrpc.php solar-audio.net/is-bear-spray-legal-in-ca-california-bear-spray-laws-explained solar-audio.net/understanding-call-and-put-contracts-legal-options-trading-guide somersetpizzamd.com/xmlrpc.php sparo1.se/xmlrpc.php spinmortgage.com/xmlrpc.php stamyn.com/xmlrpc.php sterling-sound.com/xmlrpc.php studiolegalefalco-masi.it/microsoft-enterprise-purchase-agreement studiolegalefalco-masi.it/microsoft-enterprise-purchase-agreement/ suviki.com/api.php swemed.se/xmlrpc.php swiatyerby.pl/xmlrpc.php systra-logistik.de/xmlrpc.php taiwandiginews.com.tw/api.php tcl.brandshop.ke/understanding-legal-entity-hierarchy-a-comprehensive-guide teachersbadi.in/xmlrpc.php terragamecenter.com/blog/sample-letter-to-request-extension-of-contract textis.ru/xmlrpc.php theceostory.in/xmlrpc.php theelegant.co.uk/abm/disagreement-has-how-many-syllables themetorrent.org/xmlrpc.php thepointsking.com/xmlrpc.php thetip.co.kr/xmlrpc.php thevarsity.ca/xmlrpc.php thll.org.tw/xmlrpc.php ticketneedlellc.com/xmlrpc.php timesit.org/xmlrpc.php tiodonghua.com/xmlrpc.php titikdua.net/xmlrpc.php tobano.pl/xmlrpc.php toivolanpiha.fi/xmlrpc.php tophomenews.com/xmlrpc.php toptorials.com/xmlrpc.php toscalindeboom.nl/archive.php traveling.winklen.ch/blog.php travelperi.com/xmlrpc.php travisshoots.com/blog/resignation-letter-template-mutual-agreement trustadvisorygroup.com/2022/10/01/are-ping-eye-irons-legal trustadvisorygroup.com/2022/11/26/pet-skunk-legal-in-california trustadvisorygroup.com/2022/11/26/pls-00208-identifier-is-not-a-legal-cursor-attribute trustadvisorygroup.com/2022/12/11/what-tint-is-legal-in-new-mexico udfa.techeva.co.in/agreement-to-terms-and-conditions-wording/ unimus.ac.id/xmlrpc.php upwork999.com/?p=6877 urbedu.live/ny-car-lease-tax-calculator urbedu.live/ny-car-lease-tax-calculator/ urbedu.live/what-is-the-difference-between-sla-ola-and-underpinning-contracts venousmode.com/xmlrpc.php vicbros.com/xmlrpc.php virusvaria.nl/xmlrpc.php voluntariosenelmundo.com/xmlrpc.php voxpublica.no/xmlrpc.php vsenews.kr.ua/xmlrpc.php waheeda.nl/xmlrpc.php wahlshausen.net/xmlrpc.php wakafmu.org/xmlrpc.php wakapi.com/xmlrpc.php ware2go.co/xmlrpc.php wct-witcom.nl/xmlrpc.php web-e-reputation.com/xmlrpc.php welfare.sjp.ac.lk/article.php wildaid.org/xmlrpc.php williesimpson.com/doc.php wislah.com/xmlrpc.php wlmedia.co.uk/xmlrpc.php wonderforest.com/xmlrpc.php wp.henko.nu/article.php wp.snowbombing.com/article.php ww4.amazila.cz/xmlrpc.php xn--80ajgpcpbhkds4a4g.xn--p1ai/xmlrpc.php xn--ngbeab6ar43f.com/xmlrpc.php xvideospornor.com/xmlrpc.php yorkbrooks.com/phantom-equity-plan-agreement you-green.com/sample-general-manager-employment-contract-for-a-company zarmes.ir/xmlrpc.php zharov.info/archive.php # Reference: https://x.com/JAMESWT_MHT/status/1811635502367342827 teleservice-hifi.it # Generic /rpersist4/-1008320073 /rpersist4/-327594751 /rpersist4/ /search?elweodvfxwfrwey= /rbody320 /tes2t