# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: 404 keylogger, snake keylogger

# Reference: https://habr.com/ru/company/group-ib/blog/477198/ (Russian)

404projects.xyz

# Reference: https://app.any.run/tasks/c87283f6-7087-4ab5-91ac-f8fdfa25ce9e/

srvc13.turhost.com

# Reference: https://app.any.run/tasks/94023cca-f07c-4a5f-8a72-2cc9fc4eb1be/

blackhillls.ddns.net

# Reference: https://twitter.com/wwp96/status/1328308638470066177
# Reference: https://app.any.run/tasks/c16aff7d-63be-4654-bc27-ae78b489fcee/

167.88.170.103:21
167.88.170.103:35060

# Reference: https://twitter.com/wwp96/status/1331116035680980992
# Reference: https://app.any.run/tasks/e3dd7875-4ef2-4f7f-ac5b-8616f3c132c4/

ckfashion.shop

# Reference: https://app.any.run/tasks/13b60c7f-f80e-4a7a-8f21-afd287113465/
# Reference: https://app.any.run/tasks/4b675b8e-4a84-4d75-a4a1-4dc6868bdc5a/

92.53.96.254:35705
bitrix370.timeweb.ru

# Reference: https://app.any.run/tasks/40ed1720-a991-4a6a-9e76-25907a359531/

188.225.21.131:35076
vh340.timeweb.ru

# Reference: https://app.any.run/tasks/824f076f-c5e6-473a-84b6-d114a4837863/

176.57.209.21:59257
premium34.timeweb.ru

# Reference: https://twitter.com/reecdeep/status/1364226980120465412

itrader-germany.de

# Reference: https://twitter.com/reecdeep/status/1371750624140857345

endovision.xyz

# Reference: https://twitter.com/Racco42/status/1372290134931083266
# Reference: https://app.any.run/tasks/bb98a4a5-192e-42c3-9fbc-7625dfffd4ff/

imginternational.xyz

# Reference: https://twitter.com/whitehoodie4/status/1374289414935961600

vespang.tk

# Reference: https://twitter.com/ps66uk/status/1381918013214064646
# Reference: https://tria.ge/210413-s27a2natdx

govidanatur.xyz

# Reference: https://twitter.com/ps66uk/status/1382274063658258440
# Reference: https://www.virustotal.com/gui/file/92a4c8920eda2528675ed61d4e72b4e2e6f51f6c47aab88581bab36d656a224a/detection

nobetone.xyz

# Reference: https://twitter.com/BushidoToken/status/1387495666184822785

nobettwo.xyz

# Reference: https://gist.github.com/silence-is-best/852a1c7c7dcf29fdc8d5df73433e7676
# Reference: https://www.virustotal.com/gui/file/a2c1e79d6f5f36ab9af9d623c37dedf201cb3552bade7cfc1f00bcaeaed98d5e/detection

lokalboyz.com

# Reference: https://www.virustotal.com/gui/domain/maisoui.us/relations
# Reference: https://www.virustotal.com/gui/file/64a17ddefb0368f4512f3d89fabbb0e220f80d2febd28b21fc4262779ceea635/detection

maisoui.us

# Reference: https://www.virustotal.com/gui/domain/1bayer.com/relations
# Reference: https://www.virustotal.com/gui/file/dd7d3cad1f509caedc2ea7a255a74cdc75498eeca31b67a5fa581ca67ba8b761/detection

1bayer.com

# Reference: https://twitter.com/reecdeep/status/1406925281928134661

iykmoreentrprise.org
