https://api.ipify.org/

api.ipify.org(104.26.12.205)
67.225.140.44 - mailcious
156.67.222.125
103.10.234.110
92.205.12.157 - mailcious
186.202.153.144
104.26.12.205
184.95.34.178
209.17.116.160 - phishing
198.12.217.103
217.144.105.174 - mailcious
172.67.150.46 - mailcious
91.121.51.179
208.109.42.57
66.235.200.146 - malware
148.251.83.53
160.153.0.192
68.66.226.122 - malware
172.67.189.193
185.91.127.132
172.67.129.119
172.67.165.235

ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 202
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

api.ipify.org(104.237.62.212)
173.231.16.77

ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://www.bimiraq.com/ncoj/
http://www.antsnav.com/ncoj/?nxDCyr=k6lZgIYtgKScwrY8pHro/PDAsyN+Ma0X/rCAAme2ni/5IVGLYG0zVGplEfRL+3QOVGKsiLjVRU/vs+oeg30ChqgsNcJjfndCx8nhIPk=&6h=f51UoXbt17G
http://www.38mwynj7dug2.buzz/ncoj/?nxDCyr=cqsb9busYckswu5tl2hs1PEI9pWErdimDzlp34E2aha2iJT2eFFG/funIEYSTKoaqITRs/NPOvbiiBSI+XWo0HJ5fu7hwmxGTgtg6FY=&6h=f51UoXbt17G
http://www.antsnav.com/ncoj/
http://www.bimiraq.com/ncoj/?nxDCyr=XIxLCAEQ0j01YzKaapTqF+nS+qsHR4K+mT3TcIh0YevVauHQuuRL63AlAq6+mNvg+WbM+1ZCwlrFZaygUBCQMrF8dtNZCh2ZDkiTiSo=&6h=f51UoXbt17G
http://www.lppkk.com/ncoj/
http://www.bord90-1us.click/ncoj/?nxDCyr=/wpW4Eg1zfji5WRIM69mwwfkBKVWxDHOUMH3dJ+6otM1KiL+BV8qZwOPMcyaXeTE36ZRIVdGgp9cEXlGc10Qp3ASMmejNlAX5LVEWFU=&6h=f51UoXbt17G
http://www.bord90-1us.click/ncoj/
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
http://www.lppkk.com/ncoj/?nxDCyr=Mtp3WxtNvxk26bamdUjkb0yMxjBBBeG3EFYaeCPTWM8qB4rDVAANJEhbdFBrwp5JzidZg3tzQPFU7dQqmqHJyHV4uamwOaSCvkmmqms=&6h=f51UoXbt17G
http://www.38mwynj7dug2.buzz/ncoj/

www.38mwynj7dug2.buzz(154.221.16.17)
www.chweboosting.site()
www.bord90-1us.click(172.67.158.108)
www.bimiraq.com(142.250.206.211)
www.antsnav.com(172.67.142.142)
www.lppkk.com(38.181.59.39)
142.250.66.51
104.21.66.93
45.33.6.223
172.67.142.142
38.181.59.39
154.221.16.17

ET INFO HTTP Request to a *.buzz domain

api.ipify.org(64.185.227.156)
173.231.16.77

ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

smtp.alba-consultants-be.com(208.91.198.143)
208.91.199.223 - mailcious

SURICATA Applayer Detect protocol only one direction
ET MALWARE AgentTesla Exfil Via SMTP

api.ipify.org(173.231.16.76)
64.185.227.156

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)