google.com(172.217.161.46)
172.217.31.142 - phishing

time.google.com(216.239.35.4)
dns.google(8.8.8.8)
216.239.35.0

http://www.bloombathbombs.com/wdhc/
http://www.xn--i1b6ewaaie7gm.com/wdhc/?XRm0zD6x=0LiCscd4a7tI1zgKVF8S+rUGSV/54ZmkWb1WgMQi+fSgg1lYhx/FQ5t44sMewl7CbCPqX6d4&V4=CXFL6
http://www.ez-skin.com/wdhc/?XRm0zD6x=hHcB1VF6gDirRlefmXVbqwZcvdb0sQI2CijSGZ0QjQGvt1HSnIQLaIN/81JJPY4ZtN7YRgzA&V4=CXFL6
http://www.webtinchap.com/wdhc/
http://www.ez-skin.com/wdhc/
http://www.xn--i1b6ewaaie7gm.com/wdhc/
http://www.bloombathbombs.com/wdhc/?XRm0zD6x=Es2RL7ETYJMjLsjERN1lcxAyqHM3gPvC7jfKXp5P0BAnxIVDyWZz5xeNY17RRs6Z+z5zNg1k&V4=CXFL6
http://www.webtinchap.com/wdhc/?XRm0zD6x=OWqWFeXUvcYjnVbfh3wKs9xVY9LZ1xcjdI/DmFSv+ONwutCEFIA/Zdh+BBdL9yWKptOZcTg1&V4=CXFL6

www.webtinchap.com(172.217.175.83)
www.ez-skin.com(23.227.38.74)
www.toyotadongthap.com()
dns.google(8.8.4.4)
www.bloombathbombs.com(23.227.38.74)
time.google.com(216.239.35.4)
www.mygahannaohhomes.com()
www.xn--i1b6ewaaie7gm.com(34.98.99.30)
www.thefundraisingguru.com()
142.250.204.115
23.227.38.74 - mailcious
216.239.35.0
34.98.99.30 - phishing

ET MALWARE FormBook CnC Checkin (GET)

facebook.com(157.240.215.35)
google.com(172.217.175.78)
outlook.com(40.97.156.114)
bing.com(204.79.197.200)
youtube.com(172.217.175.14)
142.250.204.78
13.107.21.200
79.134.225.77 - mailcious
172.217.31.142 - phishing
40.97.116.82
157.240.215.35

facebook.com(157.240.215.35)
google.com(172.217.175.78)
bing.com(204.79.197.200)
outlook.com(40.97.153.146)
youtube.com(172.217.175.14)
13.107.21.200
142.250.66.142
40.97.161.50
157.240.215.35
142.250.66.46 - mailcious

facebook.com(157.240.215.35)
google.com(172.217.175.78)
outlook.com(40.97.153.146)
bing.com(13.107.21.200)
youtube.com(172.217.175.14)
204.79.197.200
40.97.153.146
142.250.204.46
157.240.215.35
172.217.174.110 - phishing

time.google.com(216.239.35.8)
dns.google(8.8.4.4)
216.239.35.4