http://185.215.113.16/inc/4434.exe
http://185.215.113.19/Vi9leo/index.php - rule_id: 41489
http://185.215.113.16/inc/GOLD.exe
http://185.215.113.16/inc/pered.exe - rule_id: 41508
http://185.215.113.16/inc/crypteda.exe - rule_id: 41506
http://185.215.113.16/Jo89Ku7d/index.php - rule_id: 41502
http://185.215.113.16/inc/2020.exe - rule_id: 41509
http://185.215.113.16/inc/25072023.exe - rule_id: 41507

coe.com.vn(103.28.36.182) - malware
103.28.36.182 - malware
185.215.113.67 - mailcious
185.215.113.16 - mailcious
185.215.113.19 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Amadey Bot Activity (POST)
ET INFO Packed Executable Download
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

http://185.215.113.19/Vi9leo/index.php
http://185.215.113.16/inc/pered.exe
http://185.215.113.16/inc/crypteda.exe
http://185.215.113.16/Jo89Ku7d/index.php
http://185.215.113.16/inc/2020.exe
http://185.215.113.16/inc/25072023.exe

https://fastrubberstamps.ca/1

https://fastrubberstamps.ca/2

https://fastrubberstamps.ca/4

https://fastrubberstamps.ca/5

https://fastrubberstamps.ca/7

https://fastrubberstamps.ca/8

http://ua-chrome.tech/123123123

ua-chrome.tech()

https://ftpclienter.com/corp

https://21centuryart.com/arc/msncjsudh

21centuryart.com(127.0.0.1)

http://141.98.234.166/Yotsuba

https://niceslice.top/test2

niceslice.top(93.183.69.189)
93.183.69.189

ET DNS Query to a *.top domain - Likely Hostile

http://177.153.60.249/medium