http://www.woodlandpizzahartford.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=EgjYCCjbkfVj9ehGxTuHAhcpQboFBLSXtFcJRUu6FmW11AJT4F0+EqeE2EWzm0j+z/EHekc6
http://www.rizrvd.com/bw82/?KzrtE=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&p0G=kJEPdT4h62WlCf
http://www.cbrealvitalize.com/bw82/
http://www.mgg360.com/bw82/
http://www.mgg360.com/bw82/?KzrtE=92sn3P3ud1gtdOyYdsZEcwqQjW3QIGzSMGjo0scjbpzKmVTSJHG7E0muqhXj4oy7XUlzx9IG&p0G=kJEPdT4h62WlCf
http://www.cbrealvitalize.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=QMz1n+xx2KiD30AmT9IbdZVffunkwaB1v+iSpZgJgwTVZu6PNQxJOIJjV5QBJp9Es7YbcplQ
http://www.woodlandpizzahartford.com/bw82/
http://www.gdsjgf.com/bw82/
http://www.gdsjgf.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB

www.gmobilet.com()
www.cbrealvitalize.com(34.102.136.180)
www.rizrvd.com(34.102.136.180) - mailcious
www.woodlandpizzahartford.com(104.31.81.238)
www.mgg360.com(66.152.187.17)
www.joeisono.com()
www.gdsjgf.com(34.102.136.180)
104.31.81.238
66.152.187.17
34.102.136.180 - mailcious

http://www.thedancehalo.com/bw82/
http://www.mgg360.com/bw82/
http://www.lakegastonautoparts.com/bw82/?OVolp=juBLB0WqzeXPFoNXoiaKUMHcPI3xC2bTDg9jeDe0t8cj29/tW+mLTBuOwrYIlHJeRY+fWQQT&lhv4=H0DTRf2P8nD0BN
http://www.mgg360.com/bw82/?OVolp=92sn3P3ud1gtdOyYdsZEcwqQjW3QIGzSMGjo0scjbpzKmVTSJHG7E0muqhXj4oy7XUlzx9IG&lhv4=H0DTRf2P8nD0BN
http://www.thedancehalo.com/bw82/?OVolp=TJmBUVi76XvdedvdT4XTiNg0xow+eIDVhd+PvrNB1pQf64xZGmJKzxet+DQnJGM605l+3b5o&lhv4=H0DTRf2P8nD0BN
http://www.lakegastonautoparts.com/bw82/

www.mgg360.com(66.152.187.17)
www.thedancehalo.com(34.102.136.180)
www.lakegastonautoparts.com(184.168.131.241)
66.152.187.17
34.102.136.180 - mailcious
184.168.131.241 - mailcious

67.10.155.92 - mailcious
94.1.108.190 - mailcious
134.209.36.254 - mailcious
2.84.135.163 - mailcious
140.186.212.146 - mailcious
162.241.242.173 - mailcious
38.111.46.46 - mailcious

ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 17
ET CNC Feodo Tracker Reported CnC Server group 25

swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.142) - mailcious
192.253.246.142

https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
https://motlolidk.blogspot.com/favicon.ico
https://www.google.com/css/maia.css
https://fonts.googleapis.com/css?family=Open+Sans:300
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6181590366086872420&zx=b215f827-8398-4dd3-82f5-d0ee5f578811
https://www.google-analytics.com/analytics.js
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css
https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png
https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js
https://www.gstatic.com/og/_/js/k=og.qtm.en_US.QgY6lxWvAPk.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTvod91nzEJFOvvfJUrn6_vLwwY0bw
https://www.gstatic.com/og/_/ss/k=og.qtm.y0v8--8W2Xg.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtSLvQ9QxDR2uHIB3mSbhYF7uJInw
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700
https://www.blogger.com/img/blogger-logotype-color-black-1x.png
https://www.blogger.com/blogin.g?blogspotURL=https://motlolidk.blogspot.com/p/266.html
https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://motlolidk.blogspot.com/p/266.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://motlolidk.blogspot.com/p/266.html%26bpli%3D1&passive=true&go=true
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://www.blogger.com/static/v1/widgets/2195516358-widgets.js
https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fmotlolidk.blogspot.com%2Fp%2F266.html&bpli=1
https://ssl.gstatic.com/gb/images/p1_799229b0.png
https://resources.blogblog.com/img/icon18_wrench_allbkg.png
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GhYSaDTWhs4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CcmyUNBPTBtz4hsH0C6OHKqodVQ/cb=gapi.loaded_0

ssl.gstatic.com(172.217.25.195)
resources.blogblog.com(172.217.26.41)
www.google.com(172.217.161.36)
www.gstatic.com(172.217.25.67)
fonts.googleapis.com(172.217.175.10)
motlolidk.blogspot.com(172.217.161.33) - mailcious
accounts.google.com(172.217.175.77)
www.google-analytics.com(172.217.24.142)
apis.google.com(216.58.197.206)
fonts.gstatic.com(172.217.161.67)
www.blogger.com(172.217.26.41)
172.217.31.233
216.58.197.97
216.58.199.4 - suspicious
172.217.161.173
142.250.199.78
216.58.199.105
216.58.199.106
172.217.161.174 - mailcious
172.217.24.67
142.250.199.67

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex

114.114.114.114

http://asmaraloka.com/wp-includes/ra5d/
http://albasisgroup.com/2020/12/08/habit-being-created-100-100-free-online-present/

datvietquan.com(103.97.125.60) - malware
ypddf.org(172.96.189.174) - malware
daisyboots.co.uk(31.220.16.209) - mailcious
albasisgroup.com(205.144.171.109) - mailcious
asmaraloka.com(139.162.2.200)
www.asmaraloka.com(139.162.2.200) - mailcious
subramanyatemple.org(103.212.121.63) - mailcious
thanhthatbadinh.com(150.95.110.87) - malware
103.212.121.63 - mailcious
205.144.171.109 - mailcious
139.162.2.200 - mailcious
103.97.125.60 - malware
150.95.110.87 - malware
172.96.189.174 - malware
31.220.16.209 - mailcious

SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

ratking.ddns.net(141.255.144.128)
141.255.144.128

ET POLICY DNS Query to DynDNS Domain *.ddns .net

karlagaray.com(35.208.239.184) - malware
35.208.239.184 - malware

ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)