130.51.40.39

103.176.113.85

107.173.62.82

103.133.111.110 - mailcious

92.38.240.64
103.133.111.110 - mailcious
5.132.162.27

103.133.111.110 - mailcious

103.153.77.2

http://www.mephisto-romania.com/rf5o/?iB8DPfF8=ognUjWY6KOidWyfcMPakERI2bed9J+C9zZCf9F9Go147zPP3kIl/oXNBbev8HkyRHCGMOdNK&Ir=Y48Du8sh
http://www.monacheesa.com/rf5o/?iB8DPfF8=pqBniIUMcKAVrfUDXBsY6Zdq+nAKaopX/nkNDTwKSe3hkcegDeaCXTITtOuZg8axbBEUW87Q&Ir=Y48Du8sh
http://www.myclubrover.com/rf5o/?iB8DPfF8=JOUvoATkCjKj98dDZiiXPstlnChN/Oj8kkN7tCWBwmLCwOh5imTYHs1jUspe3LhL6SDHlyF3&Ir=Y48Du8sh
http://www.palmjava.com/rf5o/?iB8DPfF8=xsG6FxdjqnF8uuYfyLNWqgH4SBtC5LcGbac3ZUyiiDQ8vcA5MRjpYhUzq3jffd2ZTqaN20YJ&Ir=Y48Du8sh
http://www.ayudasdelgobierno.com/rf5o/?iB8DPfF8=J/apB9ZiXP6OuF86W+fAr5sk5ZNGf1mieNBpy9Iv+UyF/MsyOEZKsoGBhRQOBOKs3XreoL7F&Ir=Y48Du8sh

www.ayudasdelgobierno.com(108.167.149.240)
www.cloud-logix.com(52.54.60.54)
www.otpravka-pochti-23v.xyz()
www.myclubrover.com(198.49.23.144)
www.palmjava.com(103.253.215.130)
www.mephisto-romania.com(196.247.61.11)
www.monacheesa.com(206.188.192.231)
3.224.108.191
108.167.149.240 - malware
52.205.156.53
196.247.61.11
103.253.215.130
206.188.192.231
198.185.159.144 - mailcious

ET MALWARE FormBook CnC Checkin (GET)

http://www.4444wns.com/rf5o/?QFQLCr=9q0GOrZ0nNjsFLr+8PLaypET/07tWd7bS7qUMFECVdpaS/NnVj/0qTd+KOhq+XsRxYHeTQ0B&oXU=_6g8ydKPyJots
http://www.digitalunivers.city/rf5o/?QFQLCr=BZ4DWq00hiEzBgfWc5RZz2jh2HhmSypNEmoJbJdvt3c9RX7gAuQ2h0yMdTyvDyhXwZmblXKa&oXU=_6g8ydKPyJots
http://www.curtisdanielstattoostudio.com/rf5o/?QFQLCr=pdJ3GYWJb+yi5LO2Ccl1vGP+EDIOHtu9wy+pJOGFtfUqFiMQSXnDKiq516+4QvJ/5KRoxfWS&oXU=_6g8ydKPyJots
http://www.peacemaker-recruit.com/rf5o/?QFQLCr=WErm4lIJlLt5N5mwclGj/AL+cX0ZhYdgjkqhvrVwbaMjesjeWO+0Qd22g5V7bn/XQQd7hvVo&oXU=_6g8ydKPyJots
http://www.cheapshoppy.com/rf5o/?QFQLCr=Q+PKZ9c1fIuSHpecD6akMfkf92SqZJChLDu6QnJCm1MgP3RMXPHvolXPqwxJ+Spda1Bnw+QV&oXU=_6g8ydKPyJots
http://www.tenloe089.xyz/rf5o/?QFQLCr=PxELiG7O3Q87mJ1J2f5hkXpl7mf4tUbVqGAfw1ZZ+IF8lSX79o1sFMLuOfTLfpqswjwhsVjH&oXU=_6g8ydKPyJots
http://www.mariareis.space/rf5o/?QFQLCr=jN3Zixm4nAysEcvizo+5uOLAcqqB+o813wWf4LGH2MYSrvoMsEig3Mg28FTcxwgcIdrDE8tP&oXU=_6g8ydKPyJots
http://www.iqhotelgroup.com/rf5o/?QFQLCr=wEeOS8h+IxXA/tEOS5Y8BAd2GC4lulicjkhIA7B6VHupSh5b9SkAv9/2wQRS+ceEDC60QArq&oXU=_6g8ydKPyJots

www.iqhotelgroup.com(182.50.132.242)
www.astodome.com(68.183.15.160)
www.mariareis.space(162.210.102.230)
www.digitalunivers.city(103.224.182.210)
www.cheapshoppy.com(34.102.136.180)
www.smartag1.xyz()
www.4444wns.com(207.148.70.230)
www.peacemaker-recruit.com(183.181.96.6)
www.curtisdanielstattoostudio.com(199.59.242.153)
www.tenloe089.xyz(170.33.12.250)
www.handbagbnuusj.xyz()
162.210.102.230 - phishing
207.148.70.230
183.181.96.6
116.202.53.24
68.183.15.160
34.102.136.180 - mailcious
199.59.242.153 - mailcious
103.224.182.210 - phishing
170.33.12.250

ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers

http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-82AE3B94C6E640BFD8A2B1B55E28013A.html - rule_id: 555
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E5BB09F553C565796734AD4DA3E77A8F.html - rule_id: 555
http://checkip.dyndns.org/
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FD2733653B32ACA3398F03021115FCB5.html - rule_id: 555
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(104.21.19.200)
x11fdf4few8f41f.com(104.21.73.19) - mailcious
checkip.dyndns.org(131.186.161.70)
104.21.73.19
172.67.188.154
131.186.161.70

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response

http://x11fdf4few8f41f.com/liverpool-fc-news/
http://x11fdf4few8f41f.com/liverpool-fc-news/
http://x11fdf4few8f41f.com/liverpool-fc-news/