http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml clean
https://docsecure.top/xls/00999212.xls clean

docsecure.top(8.208.102.117) mailcious
117.18.232.200 suspicious
164.124.101.2 clean
8.208.102.117 clean

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile

http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls

docsecure.top(8.208.102.117) mailcious
117.18.232.200 suspicious
164.124.101.2 clean
8.208.102.117 clean

ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

164.124.101.2 clean

http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls
https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1790317629

docsecure.top(8.208.102.117) - mailcious
117.18.232.200 - suspicious
164.124.101.2
194.36.191.177 - suspicious
8.208.102.117

ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)

http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls

docsecure.top(8.208.102.117) - mailcious
117.18.232.200 - suspicious
164.124.101.2
8.208.102.117

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile

http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls - mailcious

docsecure.top(8.208.102.117) - mailcious
117.18.232.200 - suspicious
164.124.101.2
8.208.102.117

ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://websiteoptimizationcanada.ca/wp-admin/browse/
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

websiteoptimizationcanada.ca(64.69.95.129)
117.18.232.200 - suspicious
164.124.101.2
64.69.95.129

http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

raumfuerneues.eu(81.19.159.73)
117.18.232.200 - suspicious
164.124.101.2
81.19.159.73

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex

http://websiteoptimizationcanada.ca/wp-admin/browse/ - mailcious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

websiteoptimizationcanada.ca(64.69.95.129) - mailcious
117.18.232.200 - suspicious
164.124.101.2
64.69.95.129 - suspicious

164.124.101.2

164.124.101.2

164.124.101.2

164.124.101.2

164.124.101.2
88.123.12.74

164.124.101.2