http://x1.i.lencr.org/

peras1.n-e.kr()
x1.i.lencr.org(23.40.44.214)
v4imgs.pointshop.co.kr(61.111.21.173)
www.coinstore.kr(61.111.21.172)
61.111.21.173
23.41.113.9
61.111.21.172 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://gaja79.com/link/fow-mh1004.html
http://antichrist.or.kr/data/cheditor/dir1/lyric64

gaja79.com(182.162.73.77)
antichrist.or.kr(182.162.73.77) - mailcious
182.162.73.77 - suspicious

ET HUNTING Double User-Agent (User-Agent User-Agent)

https://gitlab.com/DemoTrojan/real/-/raw/main/check.bat

gitlab.com(172.65.251.78) - malware
172.65.251.78 - malware

http://45.61.137.37/stea.zip

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAooSZl45YmN9AojjrilUug%3D
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/e00905d4-3856-4887-b595-3b102a6ce467/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=12d00e9f-90ed-42bb-bf8d-a4cee20a83cf&tr=34&tt=17237979717852454&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c09e2018-679b-4892-8c17-f018f66a11f3&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/e00905d4-3856-4887-b595-3b102a6ce467/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=33bc53d7-b38d-4443-ad4c-fe2237b03869&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.2/AgentPackageAgentInformation.zip?kHE0a4AHPD06sRT5dNr8CEGDDgxItT/NNHjAvqtYD5Vp1AfUa8Y22WAUqOM87JT+
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd541e6a-2ba4-4a03-a00f-094ee2b67135&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=37d5c33a-d873-4f9c-819f-519051737e0b&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/e00905d4-3856-4887-b595-3b102a6ce467/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=08d6e7fe-8c3c-4170-8f89-6cd210f9977f&tr=34&tt=17237979729901531&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00bd05cc-8d26-4ad1-94e7-04ee06e4e9a6&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af4be7e1-0f14-4a01-ac83-33610d59f4ff&uuid=e00905d4-3856-4887-b595-3b102a6ce467
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/e00905d4-3856-4887-b595-3b102a6ce467/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b153a57e-499b-4ae8-b169-598fc179a7f6&tt=0&uuid=e00905d4-3856-4887-b595-3b102a6ce467

ocsp.digicert.com(152.195.38.76)
ps.pndsn.com(18.179.18.155)
cacerts.digicert.com(152.195.38.76)
ps.atera.com(18.67.51.59)
agent-api.atera.com(20.37.139.187)
18.67.51.98
20.37.139.187
18.179.18.153
152.195.38.76

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://198.12.81.252/85/meetthebuttersmoothbunsweet.tIF

ia803104.us.archive.org(207.241.232.154) - malware
198.12.81.252 - mailcious
207.241.232.154 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

45.89.247.19

ET DROP Spamhaus DROP Listed Traffic Inbound group 4
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)