http://paslo.de/phpMyAdmin/
http://westendsolution.com/administrator/
http://ww25.nvhrw.com/phpmyadmin/?subid1=20231125-1957-27f5-b954-dc376cf569f6
http://bseb.com/wp-login.php
http://ohsjd.fr/phpmyadmin/
http://itisgiovannixxiii.email.com/administrator/index.php
http://gmail.coive.com/administrator/index.php
http://paslo.de/phpmyadmin/
http://www.saintjeandedieu.com/phpmyadmin
http://itisgiovannixxiii.email.com/administrator/
http://steamlogic.org/administrator/index.php
http://nvhrw.com/phpmyadmin/
http://protl.com/administrator/
http://egst.edu.et/administrator/index.php
http://jomaroil.com.br/wp-login.php
http://bamboo.cr/phpmyadmin/
http://nvrinc.coml.com/wp-admin/
http://gorina.cat/administrator/index.php
http://eru.edu.eg/administrator/
http://lna.com.mx/administrator/index.php
http://gmail.coive.com/wp-login.php
http://nvhrw.com/administrator/index.php
http://bseb.com/administrator/index.php
http://mi.unc.edu.ar/administrator/
http://istitutocomprensivorosate.edu.it/administrator/
http://ohsjd.fr/administrator/
http://aleeas.com/administrator/
http://www.saintjeandedieu.com/administrator
http://bamboo.cr/administrator/
http://nvrinc.coml.com/wp-login.php
http://www.restajet.com/phpmyadmin/
http://nvrinc.coml.com/administrator/
http://paslo.de/administrator/
http://awartany.com/administrator/index.php
http://wena.be/administrator/
http://bakerisroofing.com/administrator/
http://jomaroil.com.br/wp-admin/
http://steamlogic.org/wp-admin/
http://jomaroil.com.br/phpmyadmin/
http://freecycle.com.br/administrator/
http://awartany.com/phpmyadmin/
http://lna.com.mx/administrator/
http://nvhrw.com/administrator/
http://unab.edu.pe/administrator/
http://lna.com.mx/phpmyadmin/
http://nojesevent.se/wp-admin/
http://gmail.coive.com/administrator/
http://cook.de/wp-admin/
http://awartany.com/administrator/
http://nojesevent.se/administrator/
http://nvrinc.coml.com/administrator/index.php
http://transformadoresvictory.com.mx/administrator/
http://cook.de/administrator/index.php
http://fbsdigitalstore.pk/administrator/
http://egst.edu.et/phpmyadmin/
http://steamlogic.org/phpmyadmin/
http://ww25.nvhrw.com/administrator/?subid1=20231125-1957-2885-9232-b36a0c77a1c5
http://steamlogic.org/administrator/
http://gorina.cat/administrator/
http://nojesevent.se/administrator/index.php
http://ww25.nvhrw.com/administrator/index.php?subid1=20231125-1957-30ca-aaf7-b67d4336639c
http://nojesevent.se/wp-login.php
http://quimifen.com/administrator/index.php
http://restajet.com/administrator/
http://jomaroil.com.br/administrator/
http://quimifen.com/administrator/
http://paslo.de/administrator/index.php
http://transformadoresvictory.com.mx/administrator/index.php
http://bseb.com/administrator/
http://blueil.com/administrator/
http://bseb.com/phpmyadmin/
http://aleeas.com/administrator/index.php
http://cook.de/administrator/
http://blueil.com/administrator/index.php
http://bamboo.cr/administrator/index.php
http://aleeas.com/phpmyadmin/
http://bseb.com/wp-admin/
http://steamlogic.org/wp-login.php
http://egst.edu.et/administrator/
http://jomaroil.com.br/administrator/index.php
http://cook.de/wp-login.php
http://freecycle.com.br/administrator/index.php

(0.0.0.0) -
smtp.getontheweb.com(35.236.231.204)
ftp.telefonica.nl.com()
xs4.com()
ftp.abv.bgo.uk()
h1studio.com(103.15.235.138)
mx.zoho.com(204.141.33.44)
restajet.com(104.22.57.191)
student.fullo.za()
hushmail.l.com()
ohsjd.fr(213.186.33.5)
aspmx.l.google.com(173.194.174.27)
gmail.coroxat.com()
salemarketwave.c()
yahoo.com.arail.com(45.33.23.183)
mail.jpsc.co.za()
pvic.pl()
gmp.br()
alu.iismunari.it(62.149.128.40)
gspnet.it(89.46.105.48)
live.nail.com()
gmai.vus.edu.vn()
gmail.coon.gob.ec()
wena.be(162.241.252.227)
mail.telefonica.nl.com()
starmarkshipping.cocom()
mx2.titan.email(35.168.179.133)
mail.wena.be(162.241.252.227)
colaborativa.etc.br()
freecycle.com.br(54.232.92.235)
mail.outloove.nl()
ftp.o2.co.uk.com()
webbero.it()
unab.edu.pe(192.124.249.103)
bseb.com(209.61.212.154)
gmail.range.es()
seap.com()
mail.1away.top(8.219.60.166)
1away.top()
spokgmail.com()
freemail.hm()
ww25.nvhrw.com(199.59.243.225)
outlook.ausd.org()
builtbybamboo.com(104.21.92.188)
ntlwoil.com()
lna.com.mx(67.225.236.47)
btopenworlgmail.com()
westendsolution.com(107.180.1.10)
mail.gmaicloud.com()
bakerisroofing.com(216.81.136.20)
itisgiovannixxiii.email.com(204.74.99.100)
alt1.aspmx.l.google.com(142.250.141.27)
jpsc.co.za()
mail.gmail.l.edu.co()
mi.unc.edu.ar(200.16.16.57)
gosmart.id(103.131.51.10)
protl.com(13.248.169.48)
nojesevent.se(194.9.94.85)
71d5094d4da04584ea07f8dad8876a.mail.outlook.com(52.101.40.1)
o2.co.um()
gorina.cat(217.76.156.252)
outloove.nl()
doc.mux()
tre.com.ng()
mx1.simplelogin.co(176.119.200.136)
egst.edu.et(162.221.189.186)
awartany.com(74.208.236.160)
nvhrw.com(103.224.212.212)
gmail.coive.com(52.71.57.184)
ftp.webbero.it()
ftp.live.nail.com()
victorysvg.ccom()
volvo.ctps()
kpnmail.il.com()
o2.co.uk.com()
yahoo.cmx.de()
inboxgmx.de()
mail.h-email.net(5.161.194.135)
aleeas.com(172.67.155.39)
www.saintjeandedieu.com(213.186.33.5)
ohsjd-fr.mail.protection.outlook.com(104.47.25.36)
gmaicloud.com()
isise-edu-pe.mail.protection.outlook.com(52.101.11.9)
aspmx2.googlemail.com(142.250.141.26)
ftp.gmail.penny-arcade.com()
gmailley.net()
quimifen.com(66.198.240.40)
enexumhotmail.com()
blueyonderres.com()
rbowprems.ga()
mail.mailerhost.net(161.35.84.83)
msnt.cat()
brazilianl.com()
gmx.dem.br()
fastmail.cmail.ru()
park-mx.above.com(103.224.212.34)
www.hugedomains.com(172.67.70.191)
alt4.aspmx.l.google.com(142.250.152.27)
eru.edu.eg(104.21.44.179)
simplelogin.io(176.119.200.11)
butteredtoast.iomail.com()
alt3.aspmx.l.google.com(64.233.171.26)
mail.doc.mux()
yahlook.com()
mail.gmailley.net()
myschool.hail.com()
ftp.starmarkshipping.cocom()
gmail.tps()
gmail.cve.com()
cobaep.edu.mx(172.16.42.2)
blueil.com(34.205.242.146)
mail.btopenworlgmail.com()
fbsdigitalstore.pk(104.16.159.43)
www.restajet.com(20.40.209.181)
email.cde()
mx20.antispam.mailspamprotection.com(34.120.156.61)
mx2.emailsrvr.com(184.106.54.2)
hotmail.nde()
redifr.cl()
qroo.nuevaescuela.mx(34.70.211.130)
www.freecycle.com.br(18.64.8.47)
cook.de(192.166.192.19)
mail.redifr.cl()
smtpin.rzone.de(81.169.145.97)
mx03b.anti-spam-premium.com(209.59.183.18)
gmafreenet.de()
ftp.freemail.hm()
gmail.coe.com()
bamboo.cr(104.21.88.58)
mx.gspnet.it(62.149.128.157)
frontaggmail.com()
autenticar.unc.edu.ar(200.16.16.171)
frigonor.cl(23.227.38.65)
istitutocomprensivorosate.edu.it(15.188.65.152)
telefonica.nl.com()
abv.bgo.uk()
unipanamericantmail.com()
bakerisroofing-com.mail.protection.outlook.com(104.47.74.10)
mail.blueyonderres.com()
domain-cn-1.cuiqiu.net(82.156.150.164)
jomaroil.com.br(128.201.75.205)
mail.customhost.de(202.61.249.4)
steamlogic.org(3.0.11.115)
paslo.de(81.169.145.158)
live.lkqcorp.com()
ah105.wadax.ne.jp(211.1.224.155)
gmail.penny-arcade.com()
nvrinc.coml.com(99.83.248.67)
hotmail.comnisdubai.ae()
mail.abv.bgo.uk()
westendsolution-com.mail.protection.outlook.com(52.101.9.2)
vo.de(91.223.145.55)
gmailahoo.at()
t-online.d.com()
mail.email.cde()
alt2.aspmx.l.google.com(142.250.115.26)
transformadoresvictory.com.mx(35.215.101.188)
gmail.l.edu.co()
isise.edu.pe()
aspmx4.googlemail.com(64.233.171.27)
50.7.8.141
34.70.211.130
91.121.160.6
64.233.171.26
64.233.171.27
173.203.187.2
49.13.4.90
204.141.33.44
217.76.156.252 - mailcious
176.119.200.11
99.83.248.67 - mailcious
8.219.60.166
107.180.1.10
74.125.23.26
176.119.200.136
74.208.236.160
172.67.173.78
13.248.169.48 - mailcious
52.101.40.6
104.21.92.188
104.22.57.191
54.209.32.212 - mailcious
172.67.202.98
50.21.186.234
103.224.212.34
162.221.189.186
199.59.243.225 - mailcious
52.71.57.184 - mailcious
52.86.6.113 - mailcious
52.101.42.13
52.101.42.10
104.21.44.179
172.67.155.39
34.120.156.61
128.201.75.205
192.166.192.19
52.101.8.34
5.161.98.212
209.61.212.154
104.21.88.58
54.232.92.235
15.188.65.152
202.61.249.4
89.46.105.48 - malware
162.241.252.227
52.101.42.6
81.169.145.158 - mailcious
91.223.145.55
194.9.94.86 - mailcious
194.9.94.85 - mailcious
52.55.70.181
211.1.224.155
142.250.141.26
142.250.141.27
45.136.244.187
104.16.159.43 - mailcious
66.198.240.40
104.21.6.144
213.186.33.5 - mailcious
35.215.101.188
3.130.204.160
185.205.70.136
35.236.231.204
20.40.209.181
204.74.99.100 - suspicious
142.250.115.26
139.162.210.252 - mailcious
104.17.9.99
52.101.11.2
104.47.24.36
3.130.253.23 - mailcious
198.58.118.167 - mailcious
67.225.236.47
67.227.237.112
172.67.9.103
142.250.152.26
223.120.1.10
103.224.212.212 - mailcious
104.47.25.36
104.47.74.10
104.26.7.37
161.35.84.83
91.107.214.206
81.169.145.97
200.16.16.57
192.124.249.103
18.64.8.47
82.156.150.164
216.81.136.20
3.18.7.81 - mailcious
3.94.41.167 - mailcious
3.0.11.115

ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 749
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 747
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 719
ET POLICY TLS possible TOR SSL traffic
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 186
ET SCAN Potential SSH Scan OUTBOUND
ET INFO TLS Handshake Failure
ET DNS Query to a *.top domain - Likely Hostile
ET INFO DNS Query for Suspicious .ga Domain

http://zang1.almashreaq.top/_errorpages/obizx.exe

zang1.almashreaq.top(104.21.70.74) - malware
api.ipify.org(64.185.227.156)
173.231.16.77
172.67.221.26 - malware

ET DNS Query to a *.top domain - Likely Hostile
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET INFO HTTP Request to a *.top domain
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING Possible EXE Download From Suspicious TLD
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://db-ip.com/demo/home.php?s=175.208.134.152

ipinfo.io(34.117.59.81)
db-ip.com(172.67.75.166)
172.67.75.166
194.49.94.152 - mailcious
34.117.59.81

ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE Suspected RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

docs.google.com(142.250.206.206) - mailcious
xred.mooo.com() - mailcious
freedns.afraid.org(69.42.215.252)
www.dropbox.com(162.125.84.18) - mailcious
69.42.215.252
142.251.220.46
162.125.84.18 - mailcious

ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

https://paste.ee/d/GTjJl

paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

bitbucket.org(104.192.141.1) - malware
104.192.141.1 - mailcious

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data

http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/667/608/original/hta.jpg?1700268840

uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.9
104.21.45.138 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/667/608/original/hta.jpg?1700268840
http://91.92.248.130/toothpick.txt

uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.9
104.21.45.138 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

api.ipify.org(64.185.227.156)
173.231.16.77

ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://paste.ee/d/ly4Cq

paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/Oe5nV
https://uploaddeimagens.com.br/images/004/666/683/original/js.jpg?1700183864
http://91.92.246.47/3fgwx.txt

paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.9
104.21.84.67 - malware
172.67.215.45 - malware

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

api.ipify.org(104.237.62.212)
64.185.227.156

ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://srtk.hometax.go.kr/download/jquery-1.11.1.min.js
https://srtk.hometax.go.kr/download/img/security_pop_bt_close.png
https://srtk.hometax.go.kr/download/cri.css?v=1
https://srtk.hometax.go.kr/download/components/enc-cp949-min.js
https://srtk.hometax.go.kr/download/cri_ems_nt.js?v=1
https://srtk.hometax.go.kr/download/rollups/seed.js
https://srtk.hometax.go.kr/download/rollups/md5.js
https://srtk.hometax.go.kr/download/rollups/aes.js
https://srtk.hometax.go.kr/download/img/security_pop_ic_lock.png

srtk.hometax.go.kr(116.67.103.155)
116.67.103.155

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)