http://x1.i.lencr.org/
https://mirrorlakedrugs.com/wp-content/themes/twentyseventeen/template-parts/footer/0ZyL3hUtu.php

mirrorlakedrugs.com(199.59.243.227) - mailcious
highpointroofers.com() - mailcious
ukcorporatetransfer.com(3.33.130.190) - mailcious
x1.i.lencr.org(23.52.33.11)
thegoldprocess.com(23.227.38.32) - mailcious
brasilvioleiro.com.br() - mailcious
test.podcastbites.io(162.241.218.172) - mailcious
breadxfish.com() - mailcious
zotno.xyz(77.37.75.155) - mailcious
reachmedical.in() - mailcious
www.thewordmarvel.com()
77.37.66.5
23.227.38.32 - mailcious
199.59.243.227
23.41.113.9
3.33.130.190 - phishing
162.241.218.172 - phishing

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

45.66.231.190

aloud.relax98.bilotora.ru() - mailcious

configure.syscatec.com(69.46.5.226) - mailcious
69.46.5.226 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

configure.syscatec.com(69.46.5.226) - mailcious
69.46.5.226 - mailcious

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://89.23.98.22/LN/Konstantin.exe

89.23.98.22

154.211.22.56

http://yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php?query=1

yanggucam.designsoup.co.kr(121.78.88.79) - mailcious
121.78.88.79 - mailcious

ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)