http://www.meridianopolitico.com/d6b4/?OXolp=Mk+xgxxMFq35RtCV/s1lAC9Od9t6BRTzkK3YJigL61KDkS5U9vEs0v6vAvJo+stnW/rREfuU&Txo=O0DPaBdh7tsX0d

www.patlichen.com()
www.meridianopolitico.com(50.117.40.106)
50.117.40.106

ET MALWARE FormBook CnC Checkin (GET)

http://www.sacredkashilifestudio.net/mxwf/?N2=eipsewIB2PU7fLq0V+MVTYpseXSXiNmBphXFeMyyAJ/wgZWHvgK6rmKFdWqq2CZ89/HqMPFu&2d=YnaxWrPp - rule_id: 3876
http://www.salesnksportswt.top/mxwf/?N2=uYJBTZe+wem0QBywdcFTHeog83TcyiNB0ETXWcjybDUOyRLANZFAapORYGJvd4e0N3a9PRyB&2d=YnaxWrPp

www.salesnksportswt.top(103.139.0.32)
www.sacredkashilifestudio.net(34.102.136.180)
103.139.0.32
34.102.136.180 - mailcious

ET MALWARE FormBook CnC Checkin (GET)
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET HUNTING Request to .TOP Domain with Minimal Headers

http://www.sacredkashilifestudio.net/mxwf/

fellasbam.ddns.net(103.145.252.108)
103.145.252.108

ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET MALWARE Possible NanoCore C2 60B

http://manvim.co/ae1/AE1.php

manvim.co(46.173.214.209) - mailcious
46.173.214.209

ET MALWARE Fareit/Pony Downloader Checkin 3
ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System
ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.