# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Generic detection for compromised WordPress CMS

# Reference: https://twitter.com/unmaskparasites/status/1355301566933213185

subl.net

# Reference: https://twitter.com/unmaskparasites/status/1367183133938831361

checklist.directory

# Reference: https://twitter.com/unmaskparasites/status/1369733061680586755

blameworthy.buzz
xn--90a7a4a.xn--p1ai
xn--90a8cf.xn--p1ai
xn--d1ad5e.xn--p1ai
xn--h1at3a.xn--p1ai
xn--i1avu.xn--p1ai
xn--k1aty.xn--p1ai
xn--s1afb.xn--p1ai

# Reference: https://twitter.com/unmaskparasites/status/1370579966069383168

/SMILODON/index.php?view=

# Reference: https://twitter.com/unmaskparasites/status/1376690495477276674
# Reference: https://www.virustotal.com/gui/ip-address/194.61.25.77/relations

declarebusinessgroup.ga
dontkinhooot.tw
lovegreenpencils.ga
lowerthenskyactive.ga
strongcapitalads.ga
talkingaboutfirms.ga
travelfornamewalking.ga
travelinskydream.ga

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

/SimplePie/Net/IPv5.php
