http://cwikwiiisuyqymso.xyz:443/api/client_hello

cwikwiiisuyqymso.xyz(92.118.10.45)
92.118.10.45 - mailcious
185.81.68.156 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 31

45.95.233.253
94.130.53.50

gbg1.ntp.se(194.58.203.20) -
ntp.nict.jp(61.205.120.130) -
time.cloudflare.com(162.159.200.1) -
time-a-g.nist.gov(129.6.15.28) -
time.apple.com(17.253.114.35) -
ts1.aco.net(193.171.23.163) -
x.ns.gin.ntt.net(129.250.35.250) -
129.250.35.250 -
17.253.114.43 -
162.159.200.123 -
194.58.203.20 -
81.19.131.103 -
193.171.23.163 -
133.243.238.164 -
129.6.15.28 -

https://steamcommunity.com/profiles/76561199824159981 - rule_id: 43856
https://steamcommunity.com/profiles/76561199824159981

t.me(149.154.167.99) -
steamcommunity.com(104.75.33.105) -
104.75.33.105 -
149.154.167.99 -
95.217.25.45 -

ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

https://steamcommunity.com/profiles/76561199824159981

baranreis123.ddns.net() -
108.181.20.39 -

ET POLICY DNS Query to DynDNS Domain *.ddns .net

23.219.19.250 -

files.catbox.moe(108.181.20.39) -
108.181.20.39 -

ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

81.19.131.103 -

https://res.cloudinary.com/daxwua63y/image/upload/v1738334533/alcb4htolzvfhzzufqh5.jpg

res.cloudinary.com(23.46.236.45) -
23.46.236.45 -

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

18.179.18.153 -

sosomyhestor.ddns.net(46.153.112.54)
46.153.112.54

ET POLICY DNS Query to DynDNS Domain *.ddns .net

http://103.84.89.222:33791/
https://api.ip.sb/geoip

api.ip.sb(104.26.13.31)
103.84.89.222
104.26.13.31

ET MALWARE RedLine Stealer - CheckConnect Response
ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request

146.59.154.106