fit.microgent.ru(195.133.40.220)

http://worldzone.kro.kr/pcad164.exe

google.com(172.217.31.174)
worldzone.kro.kr(15.164.192.168)
15.164.192.168
142.250.204.110

ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET POLICY PE EXE or DLL Windows file download HTTP

http://ol.gamegame.info/report7.4.php - rule_id: 1518
http://ip-api.com/json/?fields=8198
http://iw.gamegame.info/report7.4.php - rule_id: 1517

email.yg9.me(198.13.62.186) - suspicious
iw.gamegame.info(172.67.200.215) - mailcious
ol.gamegame.info(172.67.200.215) - mailcious
ip-api.com(208.95.112.1)
198.13.62.186 - suspicious
208.95.112.1
172.67.200.215

ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set
ET POLICY External IP Lookup ip-api.com

http://ol.gamegame.info/report7.4.php
http://iw.gamegame.info/report7.4.php

https://gettingreadytolearn.co.uk/portal/wall/posts/157/thumbs/BeAsmBuB.php - rule_id: 1594

kriegeradvogados.com.br(187.45.181.35) - mailcious
decontaminationcovid19.com(72.10.162.214) - mailcious
ottomanbilisim.com(185.179.27.103) - mailcious
afemnor.es(52.47.49.164) - mailcious
firstcanadianmedical.ca(69.90.221.129) - mailcious
app6.salesdatagenerator.com(162.241.155.78) - mailcious
www.carnivalspadubai.com(166.62.25.253)
661partyrentals.com(66.96.147.106) - mailcious
gettingreadytolearn.co.uk(109.169.78.226) - mailcious
landingpages.pontodata.com.br(104.156.57.250) - mailcious
162.241.155.78 - mailcious
72.10.162.214 - mailcious
66.96.147.106 - mailcious
69.90.221.129
185.179.27.103 - mailcious
187.45.181.35 - mailcious
104.156.57.250 - mailcious
52.47.49.164 - mailcious
109.169.78.226 - mailcious
166.62.25.253

ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
ET INFO TLS Handshake Failure
ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1

https://gettingreadytolearn.co.uk/portal/wall/posts/157/thumbs/BeAsmBuB.php

172.67.200.215
178.47.141.153 - malware

https://app.ibantrocas.com/counter/

app.ibantrocas.com(80.78.22.159)
80.78.22.159

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)