http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152

api.telegram.org(149.154.167.220) - mailcious
reallyfreegeoip.org(104.21.67.152)
checkip.dyndns.org(132.226.8.169)
132.226.8.169
172.67.177.134
149.154.167.220 - mailcious

ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET INFO TLS Handshake Failure
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
ET HUNTING Telegram API Domain in DNS Lookup
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check

http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152

reallyfreegeoip.org(172.67.177.134)
checkip.dyndns.org(193.122.6.168)
193.122.130.0
104.21.67.152

ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check

gh9st.mywire.org(166.181.83.184) - mailcious
166.181.83.184

ET INFO DYNAMIC_DNS Query to a *.mywire .org Domain

https://byqb.loyalty.hienphucuanhanloai.org/orderReview

byqb.loyalty.hienphucuanhanloai.org(45.88.186.194)
45.88.186.194 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

http://tveight8vs.top/v1/upload.php

tveight8vs.top(185.68.93.123)
185.68.93.123

ET DROP Spamhaus DROP Listed Traffic Inbound group 31
ET MALWARE Cryptbot CnC DGA Domain (eight8)
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
ET INFO HTTP Request to a *.top domain

https://mato3pdf.b-cdn.net/pdf
https://matozip1.b-cdn.net/K1.zip
https://matozip1.b-cdn.net/K2.zip

matozip1.b-cdn.net(169.150.249.168) - malware
mato3pdf.b-cdn.net(169.150.249.168)
109.61.83.99
109.61.83.245

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://mato3f.b-cdn.net/town-fil
https://matozip1.b-cdn.net/K1.zip
https://matozip1.b-cdn.net/K2.zip

matozip1.b-cdn.net(143.244.49.177) - malware
mato3f.b-cdn.net(143.244.50.91)
109.61.83.243
169.150.225.41

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)