http://198.176.59.144/4.txt
http://198.176.59.144/6.txt
http://198.176.59.144/1.txt
http://198.176.59.144/3
http://198.176.59.144/5.txt
http://198.176.59.144/2.txt

206.119.117.209
154.19.70.72
198.176.59.144

ET ADWARE_PUP User-Agent (Mozilla/4.0 (compatible))
ET HUNTING Rejetto HTTP File Sever Response
ET HUNTING Terse Request for .txt - Likely Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Packed Executable Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

154.19.70.72

129.159.151.146 - malware

mail.worlorderbillions.top(185.244.151.84) - mailcious
185.244.151.84 - phishing

SURICATA Applayer Detect protocol only one direction
ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

129.159.151.146 - malware

mail.worlorderbillions.top(185.244.151.84) - mailcious
129.159.151.146 - malware
185.244.151.84 - phishing

SURICATA Applayer Detect protocol only one direction
ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

114.132.120.166 - malware