# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bigpretzel, graphite spyware

# Reference: https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
# Reference: https://search.censys.io/hosts/178.237.39.204

178.237.39.204:443
178.237.39.204:50801
178.237.39.204:53392
178.237.39.204:64823
84.110.122.27:443
84.110.47.82:4443
84.110.47.83:443
84.110.47.84:443
84.110.47.84:4443
84.110.47.84:1443
84.110.47.85:1443
84.110.47.85:4443
84.110.47.86:4432
84.110.47.86:4443
84.110.47.86:2443
ancient-thing.it
external-astra.com
external-cag.com
external-cap.com
external-drt.com
external-muki.com
external-shotgun3.com
external-sht-prd-4.com
external-sht.com
external-sht_prd_2.com
internal-abba.com
internal-stg.com
modern-money.org
forti.external-muki.com
forti.external-shotgun3.com
forti.external-sht-prd-4.com
forti.external-sht.com
forti.external-sht_prd_2.com
forti.internal-stg.com
forti.paraccess.com

# Reference: https://x.com/blackorbird/status/1933368441433698638
# Reference: https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/ (# bigpretzel)
# Reference: https://app.validin.com/detail?find=%2FO%3Dnetwork39managment%2FCN%3Dgreenad&type=raw&ref_id=92a69af4516#tab=host_pairs (# 2025-06-13)

194.71.130.218:443
46.183.184.91:443
