http://98.103.204.12:443/YRgEh2XeeZ5zN2QzA/7SZFl6VRUbzsMY/ - mailcious
http://197.245.25.228/S2IbDcSYrnonhq/ - mailcious

98.103.204.12 - suspicious
197.245.25.228 - suspicious

ET POLICY HTTP traffic on port 443 (POST)

92.255.207.89
217.79.179.177

ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 811

http://eexcom.tk/21.gif

eexcom.tk(195.20.40.211)
195.20.40.211
117.18.232.200 - suspicious

ET DNS Query to a .tk domain - Likely Hostile
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY HTTP Request to a *.tk domain

http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/

http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$WIN7-PC$Administrator$Windows7Ultimate-71$-$WIN7-PCAdministrator - mailcious
http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInfF2.php?info=Test$WIN7-PCAdministrator - mailcious

www.mia.alkhaleejpk.info(82.221.136.4)
82.221.136.4 - suspicious

http://mia.alkhaleejpk.info/PsehestyvuPw/F1l3estPhPInf1.php?info=Test$TEST22-PC$test22$Windows7ProfessionalN-$-$TEST22-PCtest22 - mailcious
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/

mia.alkhaleejpk.info(82.221.136.4) - mailcious
82.221.136.4 - suspicious

http://murari.es/wp-content/h/
http://manolidis.kaisariani.gr/tmp/5/ - mailcious
http://24.178.90.49/SVmJzAp7HVY8mHNIpMM/bQtMmXnBGHnrrksr9El/

murari.es(185.179.143.59)
manolidis.kaisariani.gr(185.4.133.222) - mailcious
24.178.90.49
185.4.133.222 - suspicious
185.179.143.59
117.18.232.200 - suspicious

ET POLICY Terse Named Filename EXE Download - Possibly Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP

http://24.178.90.49/SaOpGGPf4clTxKhIjI8/ZjLusWFu9KW3FJ/ - mailcious
http://96.126.101.6:8080/0kIT1GsRZGg/Z219KFj1BzaFjv1gvh/2vzfAUPzqPln/nPIyUyki5/

24.178.90.49 - suspicious
96.126.101.6

http://www.sangamapparel.com/wp-content_old/whE/ - malware
http://197.245.25.228/QYNzkDxxNR/iFqKm606R5s/TRsowSNRIJ/Bri8I/6Xp3X0FYYVmWzz/ - mailcious

www.sangamapparel.com(94.130.141.30) - malware
94.130.141.30 - suspicious
197.245.25.228 - suspicious

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP

http://adidasyeezy.store/welph/ccrcbr1xFU/ - mailcious
http://www.zunan.com.tw/wp-admin/lQ59Q/ - mailcious
http://vinarorganics.com/css/L0vMERYKQD/ - mailcious

vstsample.com(103.151.217.206) - malware
tuneclick.co.uk(149.255.58.11) - mailcious
vinarorganics.com(209.99.40.222) - mailcious
atrezzos.beneficiosparaempleados.com(15.236.109.244) - mailcious
adidasyeezy.store(104.27.183.91) - mailcious
library.strophicmusic.com(149.255.58.11) - mailcious
www.zunan.com.tw(198.55.121.47) - mailcious
104.27.182.91
209.99.40.222 - suspicious
103.151.217.206 - suspicious
15.236.109.244 - suspicious
149.255.58.11 - suspicious
198.55.121.47 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://167.114.153.111:8080/vl126a8N/5wiUuQmGCgMvcUic2H/RDvnC/ - mailcious

208.180.207.205 - suspicious
167.114.153.111 - suspicious

http://murari.es/wp-content/h/ - malware
http://24.178.90.49/TpAcThqgw/xrBxqAcY6Ua/ - mailcious

murari.es(185.179.143.59) - malware
24.178.90.49 - suspicious
185.179.143.59 - suspicious

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP

http://24.178.90.49/EgmK3EDnonZrHy2ck/0vWGlqaP5E/ - mailcious

24.178.90.49 - suspicious