https://db-ip.com/demo/home.php?s=175.208.134.152

ipinfo.io(34.117.186.192)
db-ip.com(104.26.4.15)
147.45.47.126
104.26.4.15
34.117.186.192

ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
ET MALWARE RisePro CnC Activity (Inbound)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

5.42.96.86

ET DROP Spamhaus DROP Listed Traffic Inbound group 1

103.116.247.143 - malware

https://db-ip.com/demo/home.php?s=175.208.134.152

ipinfo.io(34.117.186.192)
db-ip.com(104.26.4.15)
147.45.47.126
104.26.4.15
34.117.186.192

ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

i1.whatsa.com.cn(118.24.33.126)
118.24.33.126

http://apps.identrust.com/roots/dstrootcax3.p7c
http://94.156.8.229/dashboard/east.exe
http://94.156.8.229/api/endpoint.php
http://94.156.8.229:1334/

ipinfo.io(34.117.186.192)
xmr.2miners.com(162.19.139.184) - mailcious
api.ipify.org(104.26.13.205)
api.ip.sb(104.26.12.31)
182.162.106.33 - malware
104.26.4.15
162.19.139.184 - mailcious
104.26.13.205
104.26.12.31
34.117.186.192
94.156.8.229 - malware

ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
ET DROP Spamhaus DROP Listed Traffic Inbound group 15
ET MALWARE RedLine Stealer - CheckConnect Response
ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
ET INFO Executable Download from dotted-quad Host
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request
SURICATA HTTP unable to match response to request
ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)

http://relay-02-static.network/rkei/581.bin

relay-02-static.network(185.196.10.99) - malware
185.196.10.99 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 32

http://relay-02-static.network/rkei/1208.bin

relay-02-static.network(185.196.10.99) - malware
relay-03-static.cloud(111.90.145.132)
185.196.10.99 - malware
111.90.145.132

ET DROP Spamhaus DROP Listed Traffic Inbound group 32

162.19.139.184 - mailcious

118.24.33.126