http://x1.i.lencr.org/
https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=1 - rule_id: 40280
https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=1

mailnepalarmymil.mods.email(91.223.208.175)
x1.i.lencr.org(23.52.33.11)
91.223.208.175
23.41.113.9

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://mailnepalarmymil.mods.email/dispachofapc-46703841

http://x1.i.lencr.org/
https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=2 - rule_id: 40280
https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=2

mailnepalarmymil.mods.email(91.223.208.175)
x1.i.lencr.org(23.52.33.11)
91.223.208.175
23.41.113.9

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://mailnepalarmymil.mods.email/dispachofapc-46703841

zstupu.power-peak.com.cn(49.7.60.22)
www.campusvirtual.neotedi.edu.bo()
cpcalendars.page-naver688.com()
sale.joinye.com(60.190.234.151)
sas-ir.com(68.178.165.202)
cpcontacts.lucky88vip.com(103.145.62.222)
smtp.novusthailand.com(118.174.23.90)
wbsubdomain.a.bb.ccc.dddd.mantle.dlt-tech.com(139.196.144.53)
amharaocaca.gov.et()
cpanel.pcsmart.site()
ww.npage-naver0723.com()
mails.rwjansen.com(219.88.70.10)
mail.yatesfamilyartisans.com()
www.qgiscentral.com(190.111.30.52)
mail.vm67.com(103.85.226.45)
www.salimsali-mall.com()
cpcontacts.page-naver615.com()
cpcontacts.huidesuye.com(82.156.18.143)
what.website.cursos.neotedi.edu.bo()
panel.plebeianmc.com()
nsotiensv.click(103.116.52.244)
hqrjswd.ndbykglhmcyuqh.amkeuvwl.fun()
tawatur-einv.com(38.54.114.104)
collaborate.scaledagile.com(18.190.140.7)
ns1.sinaibg.com(37.143.207.223)
hmsliaison.hotelchristopher.com(90.82.50.115)
helpdesk.pittrace.com(24.101.151.68)
jzewvmcdn.33song.com(218.244.156.233)
what.website.xn--fastighetsvrme-gib.nu(194.14.207.177)
smtp.radafi.pl(83.0.116.139)
fgtivolhk.amkeuvwl.fun()
www.rriveram.com(201.206.158.237)
server5.33song.com(218.244.156.233)
acevcajwqhun.fwphysyclim.pbyqwddi.fun()
rhtny.com(39.108.71.105)
www14.duzui360.com(114.55.170.8)
webdisk.mappzi.com(190.111.30.52)
wbsubdomain.a.bb.ccc.dddd.pcsmart.site()
mail.wellness360pro.com(172.67.156.76)
jvuslgpamnhl.bstdgvtb.fun()
ct.PHP-CGI.COM(43.155.10.234)
en.dowpol.com(103.24.119.233)
webdisk.sms-murah.com(23.106.122.175)
dddd.www.navra.org(13.90.224.212)
mail.littlegemscakes.com()
app.npage-naver625.com()
49.7.60.22
121.101.130.150
174.138.17.231
36.90.153.102
189.177.181.0
87.26.88.136
65.132.44.131
180.242.188.142
118.173.247.33
38.9.117.83
50.16.234.185
62.3.14.112
144.86.40.137
47.96.186.135
36.92.143.55
91.14.89.137
36.37.84.210
121.123.72.47
105.154.186.114
202.186.65.234
197.255.161.18
60.53.1.62
5.183.171.153
18.230.206.237
35.213.114.107
31.25.135.75
74.117.58.250
175.107.239.0
60.246.217.247
23.106.122.175
103.164.98.205
49.48.69.125
189.139.150.180
187.155.52.135
1.52.245.253
147.189.174.16
201.119.189.71
186.48.163.147
113.211.54.54
5.57.39.252
68.178.165.202
8.215.31.219
103.127.169.42
36.65.198.217
41.63.27.17
109.250.51.88
113.11.120.202
36.90.6.209
151.196.48.165
202.92.144.27
36.89.237.10
130.164.167.43
199.87.210.195
31.6.1.104
83.118.89.164
213.226.117.12
13.90.224.212
54.243.89.72
36.84.144.226
37.143.207.223
223.206.36.114
42.119.31.241
179.253.188.113
219.92.42.130
103.184.181.38
182.53.129.11
87.126.253.224
113.211.54.25
36.90.21.111
171.101.123.157
45.136.4.169
60.50.80.19
60.190.234.151
113.211.54.134
87.123.176.173
54.255.196.19
36.95.107.163
123.19.207.137
171.6.161.151
64.227.153.151
185.249.202.230
171.101.123.234
125.166.52.109
161.97.113.121
49.48.127.52
95.130.175.87
185.208.23.233
113.211.71.137
182.53.129.102
189.172.94.69
182.53.129.106
171.101.144.130
177.202.224.158
173.234.31.45
43.155.10.234
36.84.145.13
78.3.91.170
109.237.7.112
79.119.80.26
49.48.110.189
189.172.62.18
103.190.29.200
37.1.201.146
36.71.164.74
190.108.90.26
189.162.138.43
219.88.70.10
20.246.22.202
112.78.191.131
223.204.201.209
189.172.98.170
58.124.18.22
49.48.84.105
189.162.136.169
130.164.150.59
103.142.111.180
110.22.151.47
190.111.30.52
116.5.192.223
89.213.41.237
180.245.130.168
187.144.254.76
171.101.144.65
92.247.117.225
125.166.52.4
49.48.127.186
201.40.90.60
189.163.201.155
36.71.166.249
189.182.203.237
107.208.145.240
54.159.142.212
187.1.68.125
223.206.136.215
194.219.215.204
118.99.124.71
125.166.52.44
143.92.147.63
180.183.114.213
77.49.249.107
103.155.201.137
202.186.163.152
20.231.211.201
181.115.182.188
217.113.49.125
185.252.179.105
103.165.35.90
4.236.130.26
185.229.237.32
89.117.76.249
144.86.17.167
4.240.78.12
38.55.216.113
94.66.184.8
223.204.14.74
122.154.56.133
175.138.229.53
189.128.199.156
36.90.152.144
24.66.24.187
190.145.170.206
220.135.216.3
171.101.52.217
45.14.185.30
171.101.138.82
183.88.62.151
158.220.91.166
190.8.227.207
212.87.213.247
1.174.15.218
111.230.17.153
52.178.128.156
110.139.175.86
60.51.226.119
59.96.165.173
36.71.166.80
135.148.77.82
103.100.135.58
36.71.161.89
115.241.144.10
187.144.142.242
18.141.55.63
190.119.76.68
171.101.53.201
3.139.91.193
103.91.211.200
86.127.176.138
103.85.226.45
52.221.97.212
36.71.174.86
189.127.165.191
49.48.145.225
192.41.102.47
163.158.99.61
187.150.96.72
49.48.104.229
80.32.8.140
83.0.116.139
103.90.227.110
220.247.174.189
60.51.47.79
93.217.176.106
218.244.156.233
185.229.237.86
187.141.247.90
189.172.44.168
85.127.37.101
38.54.114.104
185.229.237.162
37.72.71.19
49.48.84.180
49.48.193.61
47.36.13.62
113.211.54.197
188.4.203.108
60.51.156.85
36.71.164.30
189.177.213.169
46.136.144.14
139.196.144.53
84.196.43.122
187.192.245.9
223.206.138.48
104.42.182.200
181.225.12.91
216.146.24.107
190.6.166.112
14.139.182.3
180.253.11.253
193.92.236.12
49.48.127.179
182.53.129.2
177.53.55.199
180.183.9.213
79.117.126.197
60.49.92.252
49.48.124.23
202.186.132.37
182.53.129.92
107.23.115.168
189.172.18.166
103.116.52.244
115.246.185.219
177.125.237.57
79.131.102.225
134.255.220.40
113.211.54.227
125.111.168.45
203.166.207.254
139.144.120.232
183.88.36.161
43.239.205.221
36.79.200.2
186.87.84.238
46.45.185.52
201.51.188.215
154.127.222.136
125.166.52.10
183.88.60.176
190.30.242.89
14.225.44.218
118.100.255.116
77.49.87.98
217.231.245.124
20.226.35.48
49.48.107.203
171.5.27.251
171.5.138.230
218.253.253.73
35.199.106.10
45.89.30.90
180.241.159.108
187.155.0.221
180.75.4.170
171.5.131.130
14.187.171.245
37.72.37.160
189.172.56.232
178.128.82.168
36.72.14.142
36.90.152.179
125.163.157.142
187.175.13.146
109.59.51.151
13.250.47.47
187.155.26.5
221.124.102.126
167.86.134.24
183.88.56.254
217.15.164.206
36.238.206.205
36.90.208.169
41.140.41.118
172.67.156.76
49.48.194.112
162.248.93.192
175.139.130.187
189.177.233.194
103.253.73.212
124.122.106.214
202.150.150.108
223.204.13.148
103.24.119.233
180.247.214.215
5.225.38.54
117.193.145.199
3.23.25.111
78.24.205.196
103.164.132.123
150.107.140.75
36.76.98.20
135.125.202.216
223.204.206.73
58.71.205.159
78.3.177.233
188.152.175.197
111.125.76.63
85.206.72.16
212.14.238.22
139.64.23.244
94.154.33.168
187.155.7.4
103.144.183.156
18.214.64.114
49.48.124.64
189.180.98.211
186.67.151.100
125.165.150.148
171.5.143.210
187.172.94.201
185.229.237.230
188.4.232.102
59.149.150.197
41.141.49.161
182.53.129.110
125.160.59.77
202.186.76.61
125.166.52.55
125.166.52.56
87.122.53.69
36.73.93.146
187.155.12.214
137.59.22.187
189.170.161.160
38.152.53.74
180.183.135.141
186.210.13.164
95.52.94.166
201.246.113.60
49.49.43.101
36.91.46.44
185.229.237.120
51.222.255.58
45.153.7.11
179.104.65.247
38.242.223.23
202.152.20.115
189.177.169.227
113.211.54.166
223.206.37.79
45.144.167.158
45.87.173.36
189.238.33.85
181.60.69.36
93.104.113.207
202.186.64.36
49.49.29.66
187.147.41.222
187.133.39.212
62.48.177.122
114.55.170.8
124.77.29.239
189.237.191.233
189.172.254.191
168.227.96.102
171.5.138.194
49.48.194.157
133.142.117.245
182.53.129.76
49.248.126.138
89.213.5.176
83.250.3.23
62.77.156.72
131.196.199.138
181.163.200.69
46.246.158.84
49.0.82.206
46.152.40.138
113.211.54.111
14.207.2.101
189.174.35.201
124.106.166.170
103.10.231.194
46.246.161.240
36.82.127.105
49.48.120.219
103.8.151.129
201.108.152.229
111.251.137.62
167.61.87.205
213.14.138.253
103.100.128.230
36.71.160.233
180.183.103.246
175.122.36.148
171.101.144.110
182.53.129.26
189.127.164.73
124.122.104.64
116.204.250.84
113.211.54.189
103.89.64.236
188.166.220.51
202.88.209.109
198.244.228.207
189.141.0.76
194.199.109.217
194.45.197.28
195.206.235.71
192.95.51.54
171.5.139.249
200.150.105.229
201.206.158.237
195.85.205.17
180.243.208.234
39.108.71.105
189.172.63.126
194.156.88.183
185.163.116.177
200.34.226.46
182.53.129.85
36.64.141.138
180.183.127.10
113.211.54.231
171.5.132.136
49.48.119.126
217.240.196.88
223.204.204.150
49.49.152.176
187.214.99.103
36.67.214.19
87.184.181.174
131.196.198.225
125.166.52.63
167.94.158.150
181.161.50.9
36.90.152.15
49.48.118.7
162.33.178.179
171.5.143.137
62.33.7.173
36.90.20.89
46.246.213.42
182.53.129.31
103.15.144.178
113.211.54.140
191.108.129.131
109.177.56.137
34.197.23.97
186.210.111.88
14.207.12.53
36.90.161.48
171.96.102.91
212.18.114.92
83.42.110.235
202.185.38.52
45.117.169.199
45.149.93.204
223.206.35.65
103.180.1.131
187.156.221.17
41.139.201.39
187.155.35.134
52.253.115.16
223.206.187.188
185.126.10.125
124.122.103.161
119.8.3.39
103.56.206.107
3.145.97.183
182.53.129.121
95.246.35.95
171.5.130.189
213.136.84.14
36.90.1.224
90.82.50.115
181.60.86.190
139.91.183.28
45.88.191.4
103.84.208.182
186.3.164.72
103.109.45.5
207.188.6.56
5.189.168.170
146.83.123.29
84.32.231.115
180.183.121.165
171.5.130.112
49.48.138.60
36.81.75.211
180.245.206.1
191.252.156.146
124.120.48.126
184.168.31.6
92.219.161.58
121.202.27.61
171.5.137.99
36.84.28.142
36.90.22.59
36.71.173.220
188.36.215.62
45.118.145.218
151.33.211.27
202.186.104.183
36.73.134.12
187.155.87.37
200.88.57.81
203.114.109.139
110.235.247.171
49.48.113.189
180.254.87.240
38.17.55.107
41.196.248.4
183.91.87.163
49.48.113.71
182.53.129.109
171.5.137.231
190.134.70.138
36.90.153.63
187.232.236.201
180.183.102.244
223.204.15.210
105.98.140.16
189.161.91.38
111.243.137.185
124.122.105.96
60.48.82.128
86.144.72.241
103.72.96.239
187.155.53.175
45.146.106.51
118.174.23.90
134.255.225.198
31.126.94.86
36.71.163.68
125.166.52.32
68.134.91.81
109.165.225.84
171.7.149.24
217.20.242.60
122.121.7.83
190.57.37.70
175.201.211.42
213.238.177.114
185.229.238.39
124.122.107.148
190.219.8.220
49.48.107.184
36.91.60.20
181.206.7.48
130.164.189.18
186.107.125.235
177.221.205.214
114.35.14.101
189.174.35.210
189.237.103.209
186.116.15.45
81.227.71.249
54.232.49.151
84.245.8.180
194.14.207.177
38.25.129.221
36.94.130.58
179.70.214.40
51.81.249.201
45.137.69.113
77.49.249.132
47.108.196.23
122.103.101.126
103.125.154.3
103.140.50.24
180.243.78.113
189.172.247.13
5.249.165.152
103.86.156.82
49.48.198.10
200.55.241.74
36.90.21.51
202.152.32.66
87.125.173.162
36.91.9.105
201.146.145.180
171.101.144.252
110.137.159.12
189.248.170.33
58.152.104.216
62.227.152.130
24.101.151.68
20.0.194.184
62.122.229.94
190.57.34.71
45.88.9.42
117.121.211.35
179.110.44.252
79.127.60.2
8.219.230.175
58.71.205.163
49.48.127.149
37.41.80.99
124.120.145.179
36.71.171.101
102.101.163.154
200.48.185.142
131.221.184.195
103.145.62.222
103.247.14.129
173.207.147.199
223.206.141.232
110.139.20.7
194.219.38.182
82.156.18.143
210.186.48.102
79.159.56.153
45.127.133.73
36.91.184.67
160.177.81.160
189.131.243.83
197.4.45.132
112.135.220.65
123.231.237.70
210.91.34.123
189.245.8.222
36.64.141.140
110.136.178.56
191.96.229.8
45.160.18.29
79.42.203.226
217.171.153.175
150.107.136.36
185.84.160.114
49.232.60.34
202.93.227.34
187.148.99.86
180.183.113.221
102.68.77.196
58.71.205.195
189.172.85.39
36.71.198.253
187.188.186.252
36.95.73.81
190.219.196.251
189.177.240.127
94.156.71.142
81.70.87.12
182.53.129.58
171.5.139.127
189.172.32.70
85.172.39.196
36.71.175.65
187.155.40.31
46.246.242.235
177.94.26.24
67.2.161.191
168.149.89.93
189.250.169.132
18.220.224.124
37.138.32.115
36.74.236.233
160.177.37.86
63.225.206.105
77.230.91.9
130.43.54.246
219.76.169.10
130.185.77.34
103.146.196.24
93.225.56.56

ET USER_AGENTS Go HTTP Client User-Agent
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET INFO TLS Handshake Failure
ET DROP Spamhaus DROP Listed Traffic Inbound group 15

auto.c3pool.org(47.76.164.119)
sadan.8b8n.com(166.88.61.212)
47.76.164.119
166.88.61.212

ET POLICY Cryptocurrency Miner Checkin
ET MALWARE Lucifer CnC Checkin
ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray
ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response
ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010

47.76.164.119
166.88.61.212

ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray
ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response
ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010

http://103.195.103.33/nf/Useya.pdf

103.195.100.219
103.195.103.33 - malware

ET INFO Dotted Quad Host PDF Request
ET MALWARE PE EXE or DLL Windows file download disguised as ASCII
ET MALWARE PE EXE or DLL Windows file download Text M2
ET HUNTING [TW] Likely Hex Executable String
ET SHELLCODE Common 0a0a0a0a Heap Spray String

https://covid19help.top/hecto.scr

covid19help.top(104.21.83.128) - mailcious
45.33.6.223
104.21.83.128 - mailcious

ET DNS Query to a *.top domain - Likely Hostile
ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Possible COVID-19 Domain in SSL Certificate M2

www.themirrorproject.org() - mailcious
www.tpsideanchor.com(154.38.187.252)
www.5597043.com(172.66.47.183) - mailcious
covid19help.top(172.67.175.222) - mailcious
www.baldjourney.com(35.212.60.56) - mailcious
www.ekvassf.store() - mailcious
www.planningexcellence.org(172.67.195.9) - mailcious
www.heolty.xyz(162.0.238.43) - mailcious
www.usebanq.com(198.54.117.242) - mailcious
www.mildhicky.com(149.88.71.203) - mailcious
www.ar-robotics.com(34.149.87.45)
www.vt0lcffi5.sbs(47.239.13.172) - mailcious
47.239.13.172 - mailcious
35.212.60.56 - mailcious
172.66.44.73
34.149.87.45 - phishing
172.67.195.9
154.38.187.252
198.54.117.242 - mailcious
104.21.83.128 - mailcious
45.33.6.223
149.88.71.203 - mailcious
162.0.238.43 - mailcious

ET DNS Query to a *.top domain - Likely Hostile
ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Possible COVID-19 Domain in SSL Certificate M2
ET Threatview.io High Confidence Cobalt Strike C2 IP group 3
SURICATA HTTP Request abnormal Content-Encoding header

http://www.usebanq.com/8lx9/
http://www.mildhicky.com/i5j9/
http://www.baldjourney.com/bgvg/
http://www.mildhicky.com/i5j9/
http://www.5597043.com/twtt/
http://www.5597043.com/twtt/
http://www.heolty.xyz/fo0a/
http://www.vt0lcffi5.sbs/l7g9/
http://www.baldjourney.com/bgvg/
http://www.planningexcellence.org/uid7/
http://www.planningexcellence.org/uid7/
http://www.vt0lcffi5.sbs/l7g9/
http://www.usebanq.com/8lx9/
http://www.heolty.xyz/fo0a/

https://paste.ee/d/pjkOs
http://216.9.224.18/2999/pillowgoodandcleanimg.png

paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
216.9.224.18 - mailcious

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://103.195.103.33/nf/Qtdxulkcon.wav

103.195.100.219
103.195.103.33 - malware

ET MALWARE PE EXE or DLL Windows file download disguised as ASCII
ET MALWARE PE EXE or DLL Windows file download Text M2
ET HUNTING [TW] Likely Hex Executable String
ET SHELLCODE Common 0a0a0a0a Heap Spray String
SURICATA Applayer Protocol detection skipped

http://192.168.56.1/

auto.c3pool.org(18.163.115.97)
sadan.8b8n.com(166.88.61.212)
18.163.115.97
47.76.164.119
166.88.61.212

ET MALWARE Lucifer CnC Checkin
ET POLICY Cryptocurrency Miner Checkin