http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(104.21.19.200)
checkip.dyndns.org(216.146.43.70)
131.186.113.70
172.67.188.154

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://novget.com/3.jpg
http://novget.com/1.jpg
http://novget.com/7.jpg
http://novget.com/5.jpg
http://novget.com/6.jpg
http://novget.com/4.jpg
http://novget.com/2.jpg

novget.com(104.168.138.96)
104.168.138.96

ET POLICY Data POST to an image file (jpg)
ET HUNTING Suspicious EXE Download Content-Type image/jpeg

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(104.21.19.200)
checkip.dyndns.org(216.146.43.71)
131.186.113.70
104.21.19.200

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.113.70)
162.88.193.70
104.21.19.200

ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(104.21.19.200)
checkip.dyndns.org(131.186.113.70)
216.146.43.71
172.67.188.154

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)