http://142.202.242.176:6677/update-status%7CSDK+Installed
http://142.202.242.176:6677/give-me-chpv
http://142.202.242.176:6677/moz-sdk
http://ip-api.com/json/
http://142.202.242.176:6677/maili
http://142.202.242.176:6677/give-me-ffpv
http://wshsoft.company/python27.zip
http://142.202.242.176:6677/chrome
http://142.202.242.176:6677/is-ready
http://142.202.242.176:6677/update-status%7CInstalling+SDK
http://142.202.242.176:6677/ie
http://pastebin.com/raw/WVFt9GbZ
https://pastebin.com/raw/WVFt9GbZ

wshsoft.company(194.59.164.67) - malware
pastebin.com(104.20.68.143) - mailcious
vj5566.duckdns.org(142.202.242.176)
ip-api.com(208.95.112.1)
142.202.242.176
194.59.164.67 - malware
104.20.68.143 - mailcious
208.95.112.1
104.20.67.143 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET POLICY External IP Lookup ip-api.com
ET MALWARE WSHRAT CnC Checkin
ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
ET MALWARE WSHRAT Credential Dump Module Download Command Inbound
ET CHAT IRC USER command

http://vj7974.duckdns.org:7974/Vre
http://pastebin.com/raw/A2n1xGpr
http://ip-api.com/json/
https://pastebin.com/raw/A2n1xGpr

vj7974.duckdns.org(142.202.242.176)
pastebin.com(104.20.68.143) - mailcious
ip-api.com(208.95.112.1)
142.202.242.176
208.95.112.1
104.20.67.143 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup ip-api.com
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET INFO HTTP POST Request to DuckDNS Domain
ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain