http://147.45.68.138/softokn3.dll
http://147.45.68.138/mozglue.dll
http://147.45.68.138/freebl3.dll
http://147.45.68.138/nss3.dll
http://147.45.68.138/sql.dll
http://147.45.68.138/ - rule_id: 42298
http://147.45.68.138/msvcp140.dll
http://147.45.68.138/vcruntime140.dll

147.45.68.138 - mailcious

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity

http://147.45.68.138/

https://animalesfans.space/park?jpkr7rxhi=LXc8pXq%2B90Dqtjn83Fl3FLo0pHPLDPLaSKYnB%2FH72B5yCdr0JCJOZKWkStPG67hyYHv9uiy27egbaPaFEIaCVQ%3D%3D

animalesfans.space(172.67.180.170)
172.67.180.170

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

104.21.35.232 - mailcious

https://animalesfans.space/105567956143109?zlrgciye=pruV0RC8hqiqgVzdZv9xztJ7m5HTZdfHAqbII593BXvMow8T%2BYmEpf3Dn8pnzbBr

animalesfans.space(104.21.35.232)
104.21.35.232 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

23.224.239.91

https://dl.dropboxusercontent.com/scl/fi/6w90tlrnwmj83537e9md7/0610safe-x.txt?rlkey=d6cedvteok3kyepnfpxtn3i9i&st=yb4jzws0&dl=0
https://dl.dropboxusercontent.com/scl/fi/quo63qm8d3iqlhmpyib7p/20240608.bmp?rlkey=sbpcgubgi0ixiynm5lbsnq81p&st=yldbsrou&dl=0