www.python.org(151.101.108.223)
146.75.48.223

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://www.qmancha.com/3in6/?_xMc=Beo4F/wq8RdFDjebenLVh1oh+SsijMMrNdTrW7vwt6cBBJ1fMwEG0WxeA2f1nEETpN0HaKEkhCdRxKMYT9GVIb1Qk4T9/iqI4C7vv4jwJXrQCG5wm9ARkKUWCiZrxjNW2BHClOI=&Axq=9gOo - rule_id: 40153
http://www.okbharat.best/976u/ - rule_id: 40155
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3100000.zip
http://www.zonenail.info/kscn/ - rule_id: 40154
http://www.ndhockeyprospects.com/nce6/ - rule_id: 40152
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip
http://www.okbharat.best/976u/?_xMc=LcbIMBKHrUlu6g36gJU23TxUSIJAA5AqBqn1SkrzjOBWV2IrUom/tsrs3RyqUrSaLemFBOJ7TmllXwKY80NR6NzS+gvYpvUSBVMnPSE4hVLeR8H3LdJOpDvLkImWKIGeyON+i8w=&Axq=9gOo - rule_id: 40155
http://www.qmancha.com/3in6/ - rule_id: 40153
http://www.zonenail.info/kscn/?_xMc=CaZls2vsCC5SEDZOsv4l4zf4+k7XWESK018fdyQAavLwN8o4xbvF+/9MEkivzCRJJ+i0yoaeSD7JhY7LWyyoD9eXusj8bKuymVSjXPAPasGwAQwm2megv9Qi6ADKkKSZzY0Zxl8=&Axq=9gOo - rule_id: 40154
http://www.ndhockeyprospects.com/nce6/?_xMc=Ed8kY/rwObA0p5m52hiI4RbFb4piSGCiAjj4r6cZewWhLhgYO7hQxr4Ktdnsbj/KbLEakTji3+PsoJkJr+OK9dvqH1O4J4rEJBexZAekH82LW43vkmO60QjQK3A42tDYMesvjS4=&Axq=9gOo - rule_id: 40152

www.cloud-force.club() - mailcious
www.12315fc.top() - mailcious
www.zonenail.info(66.29.145.248) - mailcious
www.okbharat.best(172.67.167.212) - mailcious
www.qmancha.com(202.95.21.152) - mailcious
www.ndhockeyprospects.com(162.241.253.174) - mailcious
202.95.21.152 - mailcious
162.241.253.174 - mailcious
66.29.145.248 - mailcious
104.21.41.248 - malware
45.33.6.223

ET MALWARE FormBook CnC Checkin (GET) M5
ET DNS Query to a *.top domain - Likely Hostile

http://www.qmancha.com/3in6/
http://www.okbharat.best/976u/
http://www.zonenail.info/kscn/
http://www.ndhockeyprospects.com/nce6/
http://www.okbharat.best/976u/
http://www.qmancha.com/3in6/
http://www.zonenail.info/kscn/
http://www.ndhockeyprospects.com/nce6/

www.python.org(151.101.228.223)
146.75.48.223

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://45.61.132.126/
http://45.61.132.126/Downloads\DocuSign.vbs

45.61.132.126

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://dr-networks.com/

dr-networks.com(45.11.59.130)
45.11.59.130

ET MALWARE [ANY.RUN] DarkGate HTTP POST Activity (TA577)

https://db-ip.com/demo/home.php?s=175.208.134.152

ipinfo.io(34.117.186.192)
db-ip.com(104.26.4.15)
172.67.75.166
147.45.47.126 - mailcious
34.117.186.192

ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
ET MALWARE [ANY.RUN] RisePro TCP (External IP)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
ET MALWARE RisePro CnC Activity (Inbound)