8e3d-wzr.duckdns.org(192.169.69.26) - mailcious
156.96.44.201 - suspicious

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET DROP Spamhaus DROP Listed Traffic Inbound group 17

wordupdate.com(104.27.185.80) - malware
104.27.185.80 - suspicious

ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2

http://go.microsoft.com/fwlink/?LinkID=88340
http://www.msftncsi.com/ncsi.txt
http://go.microsoft.com/fwlink/?LinkID=88339
http://go.microsoft.com/fwlink/?LinkID=88338
https://activation.sls.microsoft.com/slspc/SLActivate.asmx
https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx
https://activation.sls.microsoft.com/slrac/SLCertify.asmx

activation.sls.microsoft.com(40.91.72.206)
40.91.72.206
121.254.136.49

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://api.ip.sb/ip

150.134.208.175.b.barracudacentral.org(127.0.0.2)
150.134.208.175.cbl.abuseat.org()
150.134.208.175.zen.spamhaus.org()
api.ip.sb(104.26.12.31)
195.123.240.238
103.131.156.21
141.136.0.4
46.21.153.247
102.164.206.129
103.131.157.102
104.26.12.31

ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)

https://api.ip.sb/ip

150.134.208.175.b.barracudacentral.org(127.0.0.2)
150.134.208.175.cbl.abuseat.org()
150.134.208.175.zen.spamhaus.org()
api.ip.sb(104.26.13.31)
195.123.240.238
172.67.75.172
141.136.0.4
162.212.158.216
156.96.62.82
102.164.206.129
103.131.157.102

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)
ET DROP Spamhaus DROP Listed Traffic Inbound group 17

tastelaspices.in(162.241.148.128) - malware
162.241.148.128 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex