http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

drive.usercontent.google.com(142.250.206.193) - mailcious
docs.google.com(172.217.161.238) - mailcious
www.dropbox.com(162.125.80.18) - mailcious
freedns.afraid.org(69.42.215.252)
xred.mooo.com() - mailcious
69.42.215.252
142.250.197.65
162.125.80.18 - mailcious
142.250.76.14

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

www.dropbox.com(162.125.80.18) - mailcious
drive.usercontent.google.com(142.250.206.193) - mailcious
freedns.afraid.org(69.42.215.252)
docs.google.com(172.217.25.174) - mailcious
xred.mooo.com() - mailcious
smtp.163.com(103.129.252.45)
103.129.252.45
162.125.80.18 - mailcious
142.250.71.129
142.250.196.238
38.147.172.248 - mailcious
45.33.6.223
69.42.215.252

SURICATA Applayer Detect protocol only one direction
ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)