http://87.251.71.75:3214/
http://195.2.84.91/cpu.zip
https://iplogger.org/1r2et7
https://iplogger.org/1rst77
https://iplogger.org/1tsef7
https://pastebin.com/raw/WmBNYXYN
https://pastebin.com/raw/bnxCb5RP
https://api.ip.sb/geoip
https://blog.agencia10x.com/mex.exe
https://blog.agencia10x.com/dance.exe

bbuseruploads.s3.amazonaws.com(52.216.165.51) - malware
blog.agencia10x.com(172.67.213.210) - malware
WHOIS.APNIC.NET(172.104.77.201)
pool.minexmr.com(88.99.193.240) - mailcious
iplogger.org(88.99.66.31)
pastebin.com(104.23.98.190) - mailcious
bitbucket.org(104.192.141.1) - malware
api.ip.sb(104.26.12.31)
whois.iana.org(192.0.32.59)
94.130.164.163
52.217.66.236
172.67.213.210
192.0.32.59
51.254.84.37
88.99.66.31 - mailcious
195.2.84.91
87.251.71.75
104.23.98.190 - mailcious
172.104.79.63
104.192.141.1 - mailcious
51.68.21.188
178.32.120.127
94.130.165.85
104.26.13.31

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY DNS request for Monero mining pool
ET INFO Dotted Quad Host ZIP Request

https://tttttt.me/jojmalbec
https://simsimsalabim.top/

tttttt.me(95.216.186.40)
simsimsalabim.top(104.21.7.191)
95.216.186.40
104.21.7.191

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(172.67.188.154)
checkip.dyndns.org(162.88.193.70)
131.186.113.70
172.67.188.154

ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(172.67.188.154)
checkip.dyndns.org(162.88.193.70)
216.146.43.70 - suspicious
172.67.188.154

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

213.227.154.188

http://45.14.13.58:3214/
https://api.ip.sb/geoip

WHOIS.APNIC.NET(172.104.79.63)
whois.iana.org(192.0.32.59)
api.ip.sb(172.67.75.172)
45.14.13.58
104.26.13.31
192.0.32.59
172.104.79.63

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request

https://178.54.230.164/rob16/TEST22-PC_W617601.DBB171938B5B3F0E1D3A54BB7A19BB90/14/user/test22/0/
https://178.54.230.164/rob16/TEST22-PC_W617601.DBB171938B5B3F0E1D3A54BB7A19BB90/23/2000026/
https://178.54.230.164/rob16/TEST22-PC_W617601.DBB171938B5B3F0E1D3A54BB7A19BB90/14/DNSBL/listed/0/
https://178.54.230.164/rob16/TEST22-PC_W617601.DBB171938B5B3F0E1D3A54BB7A19BB90/0/Windows%207%20x64%20SP1/1103/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/Zzx3znrPnx1D3fT5F/
https://178.54.230.164/rob16/TEST22-PC_W617601.DBB171938B5B3F0E1D3A54BB7A19BB90/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CInternetFreeDownloadManager6334076800%5Coftolkioxk.dwn/0/
https://178.54.230.164/rob16/TEST22-PC_W617601.DBB171938B5B3F0E1D3A54BB7A19BB90/5/kps/

150.134.208.175.b.barracudacentral.org(127.0.0.2)
150.134.208.175.cbl.abuseat.org()
wtfismyip.com(95.217.228.176) - mailcious
150.134.208.175.zen.spamhaus.org()
95.217.228.176
185.234.72.84 - mailcious
178.54.230.164

ET POLICY IP Check wtfismyip.com
ET POLICY curl User-Agent Outbound
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)

http://www.stremate.webcam/67d/?iB=L60FNlF/jVQ40BBK7iqnLkHUoLc/XzLmTX0PxR1gEKqFaHm4yGeaJYrL3ScYhPqvWFOTG2Zj&lH2h=VTRlddqP-RlHE0U

www.t-c-o-t-c.com()
www.peakofgoodlife.com()
www.stremate.webcam(207.246.147.192)
207.246.147.250