206.238.220.102

http://apps.identrust.com/roots/dstrootcax3.p7c
http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt - rule_id: 39695
https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2841&c=2841 - rule_id: 39690
https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=2841 - rule_id: 39689
https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=444&c=2841 - rule_id: 39689
https://d1vt2h4o64rfsv.cloudfront.net/load/load.php?c=2841&a=2841 - rule_id: 39691

d22hce23hy1ej9.cloudfront.net(13.225.110.70) - mailcious
cdn-edge-node.com(104.21.11.117) - mailcious
240429000936002.mjt.kqri92.top(94.156.35.76) - mailcious
d1vt2h4o64rfsv.cloudfront.net(18.244.65.223) - mailcious
adblock2024.shop(172.67.176.247) - mailcious
172.67.165.254 - mailcious
18.244.65.10 - mailcious
104.21.43.83 - mailcious
13.225.110.102
182.162.106.144
179.43.158.2

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile

http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt
https://d22hce23hy1ej9.cloudfront.net/load/th.php
https://d22hce23hy1ej9.cloudfront.net/load/dl.php
https://d22hce23hy1ej9.cloudfront.net/load/dl.php
https://d1vt2h4o64rfsv.cloudfront.net/load/load.php

http://apps.identrust.com/roots/dstrootcax3.p7c

adblock2024.shop(172.67.176.247) - mailcious
61.111.58.35 - malware
104.21.43.83 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://sta.alie3ksgee.com/aaaaaaaa.jpg
http://sta.alie3ksgee.com/xxxxxxxx.jpg
http://sta.alie3ksgee.com/123.456

sta.alie3ksgee.com(103.146.158.221)
103.146.158.221 - malware

ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP