# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://app.validin.com/detail?type=raw&find=SMS+Handler
# Reference: https://www.zoomeye.hk/searchResult?q=%22server%3A+hypercorn-h11%22+%2B%22cache-control%3A+public%22+%2B%22window.global+%3D+window%22&page=1&pageSize=50
# Reference: https://www.virustotal.com/gui/ip-address/185.76.66.206/relations
# Reference: https://www.virustotal.com/gui/file/425002fd581fdd4330154e0c006fb160f2f49af2a7dd38f7d3d8f9eda25bb6b9/detection

http://147.45.42.85
http://185.76.66.206
http://45.82.13.95
http://46.226.167.24
http://5.42.77.147
http://77.221.136.21
http://79.137.202.32
http://81.19.137.10
147.45.42.85:8080
185.76.66.206:8080
46.226.167.24:8080
5.42.77.147:8080
5.42.78.0:8080
77.221.136.21:8080
79.137.202.32:8080
77.221.136.21.sslip.io
sms-app.devserver.labbmiljo.se
sms-app-dev.devserver.labbmiljo.se
sms-app-development.devserver.labbmiljo.se
sms-app-production.devserver.labbmiljo.se

# Reference: https://www.group-ib.com/blog/ajina-malware/
# Reference: https://app.validin.com/detail?type=hash&find=1a9c98808a547d4b50cc31d46e19045bcd2cfc1b#tab=host_pairs_v2
# Reference: https://app.validin.com/detail?type=raw&find=WIN-PDDC81NCU8C#tab=host_pairs_v2

http://109.107.181.127
http://109.120.135.42
http://109.120.178.192
http://147.45.41.47
http://147.45.78.153
http://178.236.247.255
http://185.106.93.204
http://193.233.133.14
http://45.15.157.38
http://45.15.158.101
http://46.226.160.19
http://46.226.161.11
http://46.226.161.17
http://46.226.161.47
http://46.226.166.220
http://46.226.166.68
http://5.42.73.127
http://5.42.73.196
http://5.42.75.233
http://5.42.87.96
http://5.42.95.185
http://77.105.146.170
http://77.105.146.28
http://77.105.146.65
http://77.105.166.215
http://77.221.137.252
http://77.221.140.16
http://77.221.157.211
http://77.221.157.31
http://77.221.157.8
http://77.232.143.164
http://79.137.197.65
http://79.137.202.72
http://79.137.204.18
http://79.137.205.212
http://79.137.206.180
http://79.137.207.243
http://81.19.137.162
http://81.19.137.94
http://89.169.55.99
http://89.22.239.237
http://92.246.138.79
http://94.228.162.159
5.42.75.233.sslip.io
bazaar.top
ge.bazaar.top
test.bazaar.top

# Reference: https://search.censys.io/hosts/45.82.13.95
# Reference: https://app.validin.com/detail?type=raw&find=WIN-BS656MOF35Q#tab=host_pairs_v2

http://103.35.189.44
http://103.35.190.65
http://138.124.184.231
http://138.124.184.241
http://138.124.184.254
http://141.98.168.4
http://141.98.168.82
http://141.98.168.98
http://141.98.168.99
http://141.98.233.14
http://185.234.216.73
http://185.250.151.208
http://185.250.151.214
http://188.127.224.47
http://188.127.227.17
http://188.127.230.189
http://188.127.231.141
http://188.127.237.245
http://188.127.240.2
http://188.127.249.236
http://193.178.210.82
http://194.116.173.208
http://194.165.59.47
http://194.4.48.49
http://194.87.209.208
http://195.123.233.4
http://195.54.33.133
http://217.196.101.145
http://45.137.155.182
http://45.150.65.139
http://45.150.65.61
http://45.150.65.96
http://45.67.229.92
http://45.8.146.146
http://45.8.146.77
http://45.88.77.247
http://46.8.19.146
http://5.34.178.58
http://82.117.252.64
http://89.187.189.205
http://89.187.189.213
http://91.219.150.132
http://94.131.101.138
http://94.131.101.194
http://94.131.102.107
http://94.131.120.122
http://94.232.247.232
http://95.164.34.25
http://95.164.4.234
http://95.164.62.221
188-127-237-245.cprapid.com
anastasia.pro
appfingercheck.net
clickcp.net
cllckcp.com
mail.cryptohamster.net
mail.happyhamster.io
mail.happyhunter.io
mail.incomehunter.pro
mail.netzando.site
mail.otrada-a.ru
netzando.site
pvpbox.delton.ovh
