http://154.91.33.137:443/bId5SaSuvjcN7/PXUkZe6ozG822h4dgO/q19079zQLoBRwb4H3Z/OeRykP5xjz3IcVDO/
https://computerjungle.it/wp-content/N/
https://www.si-batangaspremier.org/wp-admin/Q/

polaroidamsterdam.nl(64.225.66.100)
www.si-batangaspremier.org(35.185.239.65)
computerjungle.it(104.18.51.138)
www.lixko.com(49.235.244.65)
needhelp.gr(185.70.76.234)
bopetsupplies.com(181.215.182.169)
vitrinapyme.com(200.54.18.149)
maturisampietro.ch(164.138.68.247)
164.138.68.247
104.18.50.138
201.238.235.2
64.225.66.100
35.185.239.65
185.70.76.234
49.235.244.65
181.215.182.169
154.91.33.137

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY HTTP traffic on port 443 (POST)

fullelectronica.com.ar(209.133.222.158)
209.133.222.158 - suspicious
117.18.232.200 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex

http://api.ipify.org/

api.ipify.org(54.235.98.120)
184.73.247.141

ET POLICY External IP Lookup api.ipify.org

http://94.23.62.116:8080/Pbag0h/mvUd62SsNH8/4DYYXhPm/ - mailcious

94.23.62.116 - suspicious
81.214.253.80 - suspicious

ET CNC Feodo Tracker Reported CnC Server group 22

http://api.ipify.org/

api.ipify.org(54.204.14.42)
54.235.98.120

ET POLICY External IP Lookup api.ipify.org

http://api.ipify.org/

api.ipify.org(184.73.247.141)
54.235.98.120

ET POLICY External IP Lookup api.ipify.org

http://heankan.bio/js/T8oCHm/ - malware
http://118.7.227.42:443/bOyrBq1ayfNcOnxFFpx/uF47a/ - mailcious

heankan.bio(81.68.185.94) - malware
madrushdigital.com(148.72.196.10) - mailcious
148.72.196.10 - suspicious
118.7.227.42 - suspicious
81.68.185.94 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY HTTP traffic on port 443 (POST)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP

http://118.7.227.42:443/iZaEaqmEhFglix3zMxO/aX4Fl5NFJ2kRA/ok02/pvqgXkq2t2/

118.7.227.42

ET POLICY HTTP traffic on port 443 (POST)

http://inbichngoc.com/wp-admin/S/
http://94.23.62.116:8080/yXAAUMUR9cRwoGWUoxe/hLBP3cOoW/2CNAcOoQj5yhU3IrHC/PdP79d4wroFIpaFqz/fgWv9hljOCV4U/9fROOUoZ/

inbichngoc.com(104.18.63.160)
94.23.62.116
104.18.63.160
81.214.253.80 - suspicious

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 22

http://94.23.62.116:8080/xosojc/

94.23.62.116
81.214.253.80 - suspicious

ET CNC Feodo Tracker Reported CnC Server group 22