http://marceloxfoto.com/docs/ezemeneoonhandemefaicnb.djx

marceloxfoto.com(217.160.0.138)
217.160.0.138
172.217.25.14 - suspicious

http://marceloxfoto.com/docs/ezemeneoonhandemefaicnb.djx

marceloxfoto.com(217.160.0.138)
217.160.0.138
172.217.25.14 - suspicious

http://marceloxfoto.com/docs/ezemeneoonhandemefaicnb.djx

marceloxfoto.com(217.160.0.138)
217.160.0.138
172.217.25.14 - suspicious

http://morasergiov.ac.ug/ - mailcious
http://morasergiov.ac.ug/vcruntime140.dll
http://morasergiov.ac.ug/nss3.dll
http://morasergiov.ac.ug/sqlite3.dll
http://jamesrlongacre.ug/index.php - mailcious
http://morasergiov.ac.ug/freebl3.dll
http://morasergiov.ac.ug/mozglue.dll
http://morasergiov.ac.ug/main.php - mailcious
http://morasergiov.ac.ug/msvcp140.dll
http://morasergiov.ac.ug/softokn3.dll
http://217.8.117.77/oscjgfhwvvas.exe - malware

morasergiov.ac.ug(217.8.117.77) - mailcious
jamesrlongacre.ug(217.8.117.77) - malware
217.8.117.77 - suspicious

ET DROP Spamhaus DROP Listed Traffic Inbound group 38
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

194.113.34.49

194.113.34.49

194.113.34.49

194.113.34.49

194.113.34.49
172.217.25.14 - suspicious