https://paste.ee/d/PYjOy

paste.ee(185.26.104.247) - mailcious
185.26.104.247 - mailcious

http://91.92.254.29/Users_API/HURRICANE/file_2n4kbwex.dbr.txt
http://airstreamsa.in.net/ajai/wave.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg

ia803405.us.archive.org(207.241.232.195) - mailcious
91.92.254.29 - mailcious
207.241.232.195 - mailcious

ET DROP Spamhaus DROP Listed Traffic Inbound group 13
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://paste.ee/d/7HCkx

paste.ee(185.26.104.247) - mailcious
185.26.104.247 - mailcious

https://steamcommunity.com/profiles/76561199730044335
https://t.me/bu77un

t.me(149.154.167.99) - mailcious
steamcommunity.com(104.75.41.21) - mailcious
104.87.193.17
149.154.167.99 - mailcious
95.217.241.48

ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

https://bitbucket.org/fcsdcvscvc/sadcasdv/raw/62af221cbc4d137cf4e95f7d66f3ced90597b434/kupee

bitbucket.org(43.202.69.9) - malware
104.192.141.1 - mailcious

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

216.9.224.18 - mailcious

http://geoplugin.net/json.gp

geoplugin.net(178.237.33.50)
authurremcsupdate.duckdns.org()
192.3.101.18
178.237.33.50

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection

94.156.71.43

ET DROP Spamhaus DROP Listed Traffic Inbound group 15
ET INFO Microsoft net.tcp Connection Initialization Activity

http://py.pl/I7mIC

py.pl(151.101.66.133)
151.101.194.133 - phishing

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure