http://ddos.dnsnb8.net/cj//k1.rar
http://ddos.dnsnb8.net/cj//k2.rar
http://ddos.dnsnb8.net/cj//k3.rar
http://ddos.dnsnb8.net/cj//k4.rar
http://ddos.dnsnb8.net/cj//k5.rar

ddos.dnsnb8.net(44.221.84.105) - mailcious
44.221.84.105

http://ddos.dnsnb8.net/cj//k1.rar
http://ddos.dnsnb8.net/cj//k2.rar
http://ddos.dnsnb8.net/cj//k3.rar
http://ddos.dnsnb8.net/cj//k4.rar

ddos.dnsnb8.net(44.221.84.105) - mailcious
44.221.84.105

https://scratchedcards.com/can/cantruck

scratchedcards.com(5.188.88.146) - malware
5.188.88.146 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

wins26junspam.duckdns.org(191.93.112.233)
191.93.112.233

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

wins26junspam.duckdns.org(191.93.112.233)
191.93.112.233

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

wins19junspam.duckdns.org(192.169.69.26)
192.169.69.26 - phishing

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

http://ip-api.com/line/?fields=hosting

ip-api.com(208.95.112.1)
208.95.112.1

ET POLICY External IP Lookup ip-api.com

http://ip-api.com/line/?fields=hosting

mail.controlfire.com.mx(192.185.123.104)
ip-api.com(208.95.112.1)
192.185.123.104
208.95.112.1

ET POLICY External IP Lookup ip-api.com
SURICATA Applayer Detect protocol only one direction
ET MALWARE AgentTesla Exfil Via SMTP

http://198.46.178.137/88133/igccu.exe

dashboardproducts.info(91.92.240.69)
91.92.240.69
198.46.178.137 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response