http://204.44.124.137/452/storedbananagreattastysweetgiftforyou.tIF

ia803104.us.archive.org(207.241.232.154) - malware
204.44.124.137 - mailcious
207.241.232.154 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

chongmei33.publicvm.com(46.246.82.84) - mailcious
46.246.82.84

ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)

http://www.angelenterprise.biz/7zy1/
http://www.top10countdown.info/9iyi/
http://www.erhgtfd.buzz/t10y/?XV8-Hz4=3aJdPJ1a4NI1qu7022ZDLsImYKXculCDO9eSpcnjY+C3XioScyu5qDWRAXoXYiiK/wxdMfYlyHmeWBY6mNj4y2sNHI32v3Z3h9LTFwVjjnhNagd2ZGKm57KEOaM2or23YfUkf78=&6J=y28pNUsNSBrnl
http://www.balclub.top/n6ow/?XV8-Hz4=38ktoOAqlsdBNOwtGPeqpwbXg8XZDhh9hx/T15WN4O7jP341BwXDLasP6fmFWq2yAUzs8E3bhhhZPnVzp6zBa61nEQGZ0KivGuaAZgdniVgPlbL6HIHWJWR+jF5IN+RJ3d250ww=&6J=y28pNUsNSBrnl
http://www.top10countdown.info/9iyi/?XV8-Hz4=TEW93add3/KADuasFVG+dG9MzmMDmk9DxIOIoqonj3JZHbyqUe8ztsbPa/1SzYtypAwxOGB/4yWtN2fN9AzrDYT25iswFDz0kbjUqI5iK6J1mBTFWIVA7pA4sKOe/YVmttHIQcg=&6J=y28pNUsNSBrnl
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
http://www.erhgtfd.buzz/t10y/
http://www.balclub.top/n6ow/

www.angelenterprise.biz(3.33.130.190)
www.balclub.top(63.250.47.40)
www.erhgtfd.buzz(45.33.30.197)
www.top10countdown.info(15.197.148.33)
www.kxshopmr.store()
15.197.148.33 - mailcious
63.250.47.40
3.33.130.190 - phishing
45.33.30.197 - mailcious
45.33.6.223

ET INFO HTTP Request to a *.buzz domain
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE FormBook CnC Checkin (GET) M5
ET INFO HTTP Request to a *.top domain
ET INFO Observed DNS Query to .biz TLD

objects.githubusercontent.com(185.199.111.133) - malware
github.com(20.200.245.247) - mailcious
papacy.ddns.net(146.70.54.98) - mailcious
papacy.line.pm()
repo1.maven.org(199.232.196.209)
151.101.196.209
185.199.110.133 - malware
146.70.54.98
20.200.245.247 - malware

ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
ET POLICY DNS Query to DynDNS Domain *.ddns .net

https://archive.org/download/new_image_vbs/new_image_vbs.jpg
http://107.173.4.10/119/RNOLL.txt

archive.org(207.241.224.2) - mailcious
207.241.224.2 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://archive.org/download/new_image_vbs/new_image_vbs.jpg
http://85.239.241.184/35/WERFFG.txt

archive.org(207.241.224.2) - mailcious
207.241.224.2 - mailcious
45.33.6.223

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://geoplugin.net/json.gp

geoplugin.net(178.237.33.50)
dremom2.duckdns.org(45.89.247.65)
178.237.33.50
45.89.247.65

ET DROP Spamhaus DROP Listed Traffic Inbound group 4
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

http://geoplugin.net/json.gp

geoplugin.net(178.237.33.50)
ugnrv.duckdns.org(192.3.101.254)
178.237.33.50
192.3.101.254

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection

http://27.25.150.29:20246/api.php?api=kmlogon&app=10000&kami=clEU5yRUaj&markcode=clEU5yRUaj&sign=c10fda4b223ff2f185babccf765c122b
http://27.25.150.29:20246/Re.php
http://27.25.150.29:20246/km.php?km=clEU5yRUaj

23.224.55.203
27.25.150.29

http://tventyv20sb.top/v1/upload.php

tventyv20sb.top(194.87.248.136)
194.87.248.136

ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
ET INFO HTTP Request to a *.top domain