smtp.gmail.com(74.125.23.108)
173.194.174.109

SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://ip-api.com/line/?fields=hosting

mail.controlfire.com.mx(192.185.123.104)
ip-api.com(208.95.112.1)
192.185.123.104
208.95.112.1

ET POLICY External IP Lookup ip-api.com
SURICATA Applayer Detect protocol only one direction
ET MALWARE AgentTesla Exfil Via SMTP

http://ip-api.com/line/?fields=hosting

ip-api.com(208.95.112.1)
208.95.112.1

ET POLICY External IP Lookup ip-api.com

wins19junspam.duckdns.org(192.169.69.26)
192.169.69.26 - phishing

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

wins26junspam.duckdns.org(191.93.112.233)
191.93.112.233

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

wins26junspam.duckdns.org(191.93.112.233)
191.93.112.233

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe
http://43.198.152.240:8080/api/node/ip_validate

gtxvdqvuweqs.com(16.162.201.176) - mailcious
ipv6-api.iproyal.com()
down.ftp21.cc(119.203.212.165) - malware
download.microsoft.com(23.207.40.161)
api6.my-ip.io()
www.362-com.com(1.226.84.135)
www.4i7i.com(1.226.84.135)
api.iproyal.com(193.228.196.69)
worldtimeapi.org(213.188.196.246)
23.45.52.224
93.189.62.83
213.188.196.246
193.228.196.69
51.161.196.188
43.198.152.240
16.162.201.176 - mailcious
1.226.84.135
119.203.212.165 - malware

ET DNS Query for .cc TLD
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
ET INFO SSH-2.0-Go version string Observed in Network Traffic
ET INFO External IP Lookup Domain DNS Lookup (my-ip .io)

xmr.330com.com(211.108.74.247)
211.108.74.247
62.48.34.99

www.4i7i.com(1.226.84.135)
1.226.84.135