# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Arcdoor, Avalon, Echelon, DarkStealer

# Reference: https://twitter.com/ViriBack/status/1260367262399246336
# Reference: https://www.virustotal.com/gui/file/7c9f7e4307f0bd7f269476cc181792aa4d75c5ce84dc22fc0feb73def814c8f1/detection
# Reference: https://app.any.run/tasks/9dcf3d5b-8e9d-46a6-a6c1-32b47a075d10/
# Reference: https://app.any.run/tasks/337c1087-f994-4912-ab11-2a827e689e4d/

# nagano-19599.herokussl.com  # Note: CNAME of legitimate api.ipify.org

# Reference: https://twitter.com/3xp0rtblog/status/1295291062374866944 (# DarkStealer, fork of Echelon)
# Reference: https://app.any.run/tasks/5da0536a-5665-4989-9b82-3bede782d8a6/

ifreegive.ga

# Reference: https://twitter.com/ps66uk/status/1355310619994562566
# Reference: https://app.any.run/tasks/28fa7fa7-7064-4dfc-808e-8ce499ede741/

pandemic-info.com

# Reference: https://www.virustotal.com/gui/file/08f7564766b3cb63da8068940a89f17819722c00b0f72f3d1a508f0b103b6076/detection

f0514188.xsph.ru

# Reference: https://www.virustotal.com/gui/file/5fd8ec1b60ac09a3fef1b9c71258030eaeb8efcb45f6308ac13551d07dc882a7/detection

f0192260.xsph.ru
pizza-joke.000webhostapp.com

# Reference: https://twitter.com/wwp96/status/1365398529301176323
# Reference: https://app.any.run/tasks/9b661bf3-5bef-4434-b56f-cf8a9ba66784/

g99659oz.beget.tech

# Generic

/api.php?chatid=
/sendDocument?chat_id=
