http://192.210.206.76/sRDI.dat

c3.wptask.cyou(5.161.70.189)
192.210.206.76
5.161.70.189

gwyk.sp168.tv(156.241.4.189) - mailcious
156.241.4.189 - mailcious

http://www.gdbaodao.cn:2002/time.php

www.gdbaodao.cn(14.19.217.34)
14.19.217.34

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile

http://apps.identrust.com/roots/dstrootcax3.p7c
https://qrco.de/bfAK2I?onO=XTpHzVDAeO?WTh=1XXH9na1GN
https://qrco.de/favicon.ico
https://qrcg-registry.qr-code-generator.com/qrapp-legacy-webcomponents/qrcg.min.js
https://qrco.de/css/build/smartphone-preview.min.css

qrcg-registry.qr-code-generator.com(54.230.176.84)
cdnjs.cloudflare.com(104.17.25.14) - mailcious
qrco.de(13.225.131.84)
182.162.106.33 - malware
104.17.25.14
54.230.176.21
13.225.131.87
23.67.53.17

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO QR Code Generator Domain in DNS Lookup (qrco .de)
ET INFO TLS Handshake Failure

https://db-ip.com/demo/home.php?s=175.208.134.152

ipinfo.io(34.117.186.192)
db-ip.com(104.26.5.15)
104.26.5.15
34.117.186.192
147.45.47.126 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE [ANY.RUN] RisePro TCP (External IP)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
ET MALWARE RisePro CnC Activity (Inbound)

http://80.76.49.148/LgGFdDAm2/AntiVirus.exe
http://80.76.49.148/LgGFdDAm2/AntiVirus2.exe
http://80.76.49.148/LgGFdDAm2/AntiVirus3.exe
http://80.76.49.148/LgGFdDAm2/AntiVirus4.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftNetwork.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftRegistry.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftSecurity.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftValidator.exe

http://172.235.39.109/3090/InetCache.hta
https://uploaddeimagens.com.br/images/004/798/015/original/new_image.jpg?1718284216
https://paste.ee/d/95tJR

paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
172.235.39.109 - mailcious
104.21.84.67 - malware
172.67.215.45 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible HTA Application Download
ET INFO Dotted Quad Host HTA Request
ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI

80.76.49.148 - mailcious

ET DROP Spamhaus DROP Listed Traffic Inbound group 9

80.76.49.148 - mailcious

ET DROP Spamhaus DROP Listed Traffic Inbound group 9