http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=653&tdl=653&tds=653&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|653,P2PS|0,PDMode|2&tfl=653&tp=t&tst=1&ttdl=653&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Sam.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=153
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Sam.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=9
http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=2C4D1463A89D6C425729E1EBD92D9A08&p2p=1&t_id=360TS_Setup.exe&tads=17298256&tdl=103789536&tds=17316439&terr=0&tes=Status|1,ErrorCode|0,DnCount|23,HttpNum|18,DnFailCount|22,FStatus|1,P2SS|103789536,P2PS|0,PDMode|3&tfl=103789536&tp=t&tst=1&ttdl=103789536&ttm=6062&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
http://sd.p.360safe.com/8F105DD2B73CEC44783794041478D929FC616836.trt
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1105.exe
https://orion.ts.360.com/installapp?c=&ch=WW.Sam.CPI202405&sch=0&ver=11.0.0.1105&lan=en&os=6.1-x64&mid=fa7bb520099706f4d9615c3663eacc55&time=1718502664&checksum=10FC50695A77DD5E36A7B75A

sd.p.360safe.com(54.230.169.32)
tr.p.360safe.com(54.76.174.118)
int.down.360safe.com(54.230.176.104)
orion.ts.360.com(82.145.215.156)
iup.360safe.com(54.230.61.95)
st.p.360safe.com(54.77.42.29)
s.360safe.com(54.255.136.181)
54.230.61.65
54.255.136.181
54.230.176.36
54.76.174.118
54.77.42.29
54.230.176.22
54.230.169.19
54.230.61.95
82.145.215.156
54.230.176.105
54.230.176.104
54.230.61.39
54.230.61.34

ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

149.129.37.78 - malware

xmr.2miners.com(162.19.139.184) - mailcious
162.19.139.184 - mailcious

ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)

www2.micrr0soft.com(156.241.4.189)
156.241.4.189

https://tunisia-raleigh-fare-odd.trycloudflare.com/a.pdf
https://tunisia-raleigh-fare-odd.trycloudflare.com/b.pdf
https://tunisia-raleigh-fare-odd.trycloudflare.com/qfv0ao.zip

tunisia-raleigh-fare-odd.trycloudflare.com()

ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)

https://sailing-became-stops-maple.trycloudflare.com/a.pdf
https://sailing-became-stops-maple.trycloudflare.com/b.pdf
https://sailing-became-stops-maple.trycloudflare.com/qfv0ao.zip

sailing-became-stops-maple.trycloudflare.com()

ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)