http://104.194.128.170/svp/Ykwrxaauw.dat - rule_id: 37401

iplogger.com(148.251.234.93) - mailcious
148.251.234.93 - mailcious
104.194.128.170 - mailcious

ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)
ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

http://104.194.128.170/svp/Ykwrxaauw.dat

http://104.194.128.170/svp/Ykwrxaauw.dat
http://77.91.68.52/fuza/nalo.exe - rule_id: 37263
http://171.22.28.226/download/WWW14_64.exe - rule_id: 36907
http://77.91.68.52/fuza/2.ps1 - rule_id: 37266
http://172.86.97.117/himeffectivelyproress.exe
http://85.217.144.143/files/Amadey.exe - rule_id: 37253
http://45.9.74.80/zinda.exe - rule_id: 37063
http://gons01b.top/build.exe
http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911
http://45.15.156.229/api/firegate.php - rule_id: 36052
http://gobo02fc.top/build.exe
http://85.217.144.143/files/My2.exe - rule_id: 34643
http://apps.identrust.com/roots/dstrootcax3.p7c
http://5.75.212.77/55d1d90f582be35927dbf245a6a59f6e
http://77.91.68.52/fuza/sus.exe - rule_id: 37265
http://jackantonio.top/timeSync.exe - rule_id: 37357
http://zexeq.com/files/1/build3.exe - rule_id: 27913
http://77.91.68.52/fuza/foto2552.exe - rule_id: 37267
http://94.142.138.113/api/tracemap.php - rule_id: 28877
http://193.42.32.118/api/firegate.php - rule_id: 36458
http://171.22.28.226/download/Services.exe - rule_id: 37064
http://kevinrobinson.top/e9c345fc99a4e67e.php
http://5.42.92.88/loghub/master - rule_id: 37264
http://galandskiyher5.com/downloads/toolspub1.exe
http://lakuiksong.known.co.ke/netTimer.exe - rule_id: 37358
http://193.42.32.118/api/tracemap.php - rule_id: 36180
http://45.9.74.80/0bjdn2Z/index.php - rule_id: 26790
http://5.75.212.77/
http://77.91.124.1/theme/index.php - rule_id: 37040
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://171.22.28.213/3.exe - rule_id: 37068
http://194.169.175.232/autorun.exe - rule_id: 36817
http://94.142.138.113/api/firegate.php - rule_id: 36152
http://193.42.32.118/api/firecom.php - rule_id: 36700
http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
http://www.maxmind.com/geoip/v2.1/city/me
http://5.75.212.77/upgrade.zip
http://77.91.68.249/navi/kur90.exe - rule_id: 37069
https://db-ip.com/demo/home.php?s=175.208.134.152
https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe - rule_id: 36783
https://sun6-23.userapi.com/c909228/u52355237/docs/d38/95de023df160/d3h782af.bmp?extra=uWvrEgJ3z5rjbkGUgGON8BXoSf90LSPwWAVk1MDz2OGC8nJ7Utcq106l9DbiP0hwHWIPGkGeSQz1I4q-2rTjcC0itP_kUcIkzUbCArTQw7W5SWTQ68NispfgdBF879wcmT2vN2D5d1A-dqqB
https://sun6-23.userapi.com/c909518/u52355237/docs/d49/debee9bfa529/PL_Client.bmp?extra=_HM8K8Sjj1WxKScQ1OeYMYRrX5RMl47KjJl7rwxmzUFhY6HrzOU4J5MJ2VAdTOuft64FSYluhbzSv9pEZlFOTcbs8GEL2XxJVnZXzbEsgwyqWDzo8igRCcZOQKYXFnUdy_j7_idbCPcftFZA
https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyzIlVx6lvDzEWF2VQxM6HnX3-7bQnCeiaJ8MzoFw7koldZNkvp9MJgSpLpAAJ-RbwL6dIMHGg
https://sun6-23.userapi.com/c235131/u52355237/docs/d29/36cae3a74adf/2.bmp?extra=uh8Nl0xP01rObI2BgDjA81T1ht-JLxZhwz08F1JatMWjPlUdT9BtUuQyrzy8TEQXqyjdKZK0UYOAhBCV3wODweJt-D01gV2oaL0fISrPLFWSG9xh0IGIjUAu7QEVx0PY-SA8x2zc1V7QAvEc
https://vk.com/doc52355237_667122051?hash=LLU5GKPE1Bxnq0uull1jryyVzalFqZ7cqq3hgRfl8pz&dl=Sow5fZmwA8GkZGzQhzOU7iQNHmYouZcqLORXwYaqRSc&api=1&no_preview=1#rise
https://sun6-20.userapi.com/c235131/u52355237/docs/d47/1e4aeaf4b1cc/crypted.bmp?extra=VfK8gGvrthV0hJRIQ7uVaB63HwstXnqx7j4VPNZHwI4G7JbTAKOzOCiPCvNdfuAi5rd_PorBwxTw_A0OJF0Zx-Nm_AM4IxAqk_bR9oyn25eR1cLHusUvUBRQ3l5X5kDDBthNc3DsI-61cMLK
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
https://experiment.pw/setup294.exe
https://pastebin.com/raw/HPj0MzD6
https://sun6-21.userapi.com/c237231/u52355237/docs/d27/414f7ca564de/tmvwr.bmp?extra=4uCpGtOudHwIqN77rEX9G8lWrBIS3DKRQnWulm-GsiVJDRUh2vA0LlERRvfWitZqVnntI_idvAjIbjJ3Z5i8u0XcfjmrpbWm8W7SlF1LNKXL9YWyeGqt3cL-YZxQV6odCmlo7fI3VmrRjw-v
https://api.myip.com/
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxfTCKidsLSETyDN2ZQPPtpAFuvSbxIsl2_xXmgKF4k7ryyJcqupcrFS-Bsux6MQriiC3Mp&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S537430000%3A1697678262022281
https://steamcommunity.com/profiles/76561199563297648 - rule_id: 37362
https://vk.com/doc52355237_667061084?hash=RhHoRXA484KClkz0frx3CM9bI4u2I55Ei4EZrjsoui4&dl=Fdk6Nbq2bRZKBvCJgsexoP1lzfwWZIQUN1YWRdecfpP&api=1&no_preview=1#zxc
https://msdl.microsoft.com/download/symbols/index2.txt
https://sun6-23.userapi.com/c909518/u52355237/docs/d48/7a6c9a3fc548/WWW11_32.bmp?extra=gEVUBIMSpLFW-sulR4k8pIyQnDa735WSxMfKdQ0FVscR3Z-euUtZLO5-UkuSpVRy2FTLe6_wLrRN7iqVt_tf5g5d_VS9Bh0zx-v7NIR77xhiJaAwEZ-zB-ErFyjqxUJPoy0Qy0mlY-bG6AK-
https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb
https://diplodoka.net/315b6291544e9427ed9c51d39ce0e88a/7a54bdb20779c4359694feaa1398dd25.exe
https://potatogoose.com/315b6291544e9427ed9c51d39ce0e88a/baf14778c246e15550645e30ba78ce1c.exe
https://sun6-22.userapi.com/c909418/u52355237/docs/d54/7cf9702300ea/zxc.bmp?extra=RNCMcjFxA24fI1PmnuRyOY5IftzA7ZvZDX-jEzoN8B1frPPqZcklxduh1iFcuH8q2IQVpvD-oNcodE946iNJu3oxUE5QUW6e_KNW2e1C_xzdfrxKV8Tfmxfo90tWcb2DO2c26nOVDKdnvJVf
https://dzen.ru/?yredirect=true
https://vk.com/doc52355237_667128433?hash=c75kTaBvy8XsGUHj9nZuWnwfdY9ZY2Vr0W0kqMRZKj4&dl=yd0Kt5iJ7qiHq1ne4m1DmzhCyz12TwydRCTVOZYwpg8&api=1&no_preview=1#redcl
https://pastebin.com/raw/xYhKBupz - rule_id: 36780
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://sso.passport.yandex.ru/push?uuid=8bd09553-e90a-40db-9876-5bae9fb9ffda&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
https://api.2ip.ua/geo.json
https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=7uuTdQ9yPFoIgRPO6Phqx1wMESnkwiHJHATRmVnGV%2FQ%3D&spr=https&se=2023-10-20T01%3A12%3A02Z&rscl=x-e2eid-26e9f45d-861f4c0b-b06b9090-63530012-session-900d63c7-554d47c4-854dea3d-0e2598c0
https://sun6-22.userapi.com/c237231/u52355237/docs/d30/15a1cf47157b/StealerClient_vmp.bmp?extra=KT-f23WxqBQ65uqhhWHQXPNuhiIugIViEdMCQi2BzBo7yt9K1aN3W99K2QYBjITkBCkQw3odEfiI7hfrUgxVCdGOBJ14TNwPPuQK0DvmNqyqwrlh6cFvi-zxRGnOSjGaFh0PU4iAgwwk_c8p
https://accounts.google.com/_/bscframe
https://vk.com/doc52355237_667106954?hash=u1nxcEZaxcLM5gBJiodoTcIasNoT55fLzvwrRyhTuIk&dl=eHGUUzvGf3mld3Z4uL26ddKyh2AQiccctdzWDv3HEzk&api=1&no_preview=1#1
https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=jYWwYqntlQNo7VqQEVc7W0I7oehs9CpUhmmPu4LPWr4%3D&spr=https&se=2023-10-20T01%3A35%3A45Z&rscl=x-e2eid-bfe69332-5f324c5b-a4756aa8-ea45ce85-session-c338b56b-83a7497d-b3581a15-6a910b4f
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://sun6-23.userapi.com/c909228/u52355237/docs/d47/e08d562222fa/test222.bmp?extra=FKHq0JGAiinhcWKOGpyO4U_lhw9Olo9e_pEe34SbB12PISAklYZQ3HrQCl_WIfjsPWOYZxD9YZx1KLHcAYg8zGIzEtfmlRchaiOTaUHO1g2BjvGsxR-2EbTc4Xw94m3rCXZUQvFZql9qy3E3
https://octocrabs.com/7725eaa6592c80f8124e769b4e8a07f7.exe - rule_id: 36716

server5.statscreate.org(185.82.216.96)
pastebin.com(104.20.68.143) - mailcious
db-ip.com(172.67.75.166)
telegram.org(149.154.167.99)
jackantonio.top(45.132.1.20) - malware
dzen.ru(62.217.160.2)
neuralshit.net(172.67.134.35) - malware
www.maxmind.com(104.18.146.235)
t.me(149.154.167.99) - mailcious
ipinfo.io(34.117.59.81)
accounts.google.com(142.250.206.205)
ssl.gstatic.com(142.250.206.227)
sun6-23.userapi.com(95.142.206.3) - mailcious
galandskiyher5.com(194.169.175.127) - malware
potatogoose.com(172.67.180.173)
darianentertainment.com(65.109.26.240)
lakuiksong.known.co.ke(146.59.70.14) - malware
api.2ip.ua(104.21.65.24)
steamcommunity.com(104.76.78.101) - mailcious
martvl.com(69.48.143.183) - malware
laubenstein.space(45.130.41.101) - mailcious
twitter.com(104.244.42.1)
msdl.microsoft.com(204.79.197.219)
lrefjviufewmcd.org(91.215.85.209) - malware
yip.su(148.251.234.93) - mailcious
cdn.discordapp.com(162.159.130.233) - malware
sun6-20.userapi.com(95.142.206.0) - mailcious
kevinrobinson.top(45.132.1.20)
octocrabs.com(104.21.21.189) - mailcious
clientservices.googleapis.com(142.250.206.195)
sun6-21.userapi.com(95.142.206.1) - mailcious
sso.passport.yandex.ru(213.180.204.24)
walkinglate.com(172.67.212.188) - malware
diplodoka.net(104.21.78.56)
experiment.pw(172.67.167.220)
yandex.ru(77.88.55.60)
grabyourpizza.com(172.67.197.174) - malware
iplogger.com(148.251.234.93) - mailcious
gons01b.top(85.143.220.63)
zexeq.com(190.139.250.133) - malware
api.db-ip.com(104.26.5.15)
vsblobprodscussu5shard10.blob.core.windows.net(20.150.79.68)
colisumy.com() - malware
net.geo.opera.com(107.167.110.216)
api.myip.com(172.67.75.163)
stun.l.google.com(172.217.211.127)
gobo02fc.top(85.143.220.63)
sun6-22.userapi.com(95.142.206.2) - mailcious
978e3a64-beaf-4479-964b-134bc983cfb0.uuid.statscreate.org(185.82.216.96)
flyawayaero.net(104.21.93.225) - malware
vsblobprodscussu5shard58.blob.core.windows.net(20.150.79.68)
vk.com(87.240.137.164) - mailcious
iplis.ru(148.251.234.93) - mailcious
lycheepanel.info(104.21.32.208) - malware
95.142.206.1 - mailcious
148.251.234.93 - mailcious
194.169.175.128 - mailcious
162.159.133.233 - malware
104.18.145.235
69.48.143.183 - malware
172.67.167.220
194.169.175.127 - malware
185.225.75.171 - mailcious
77.91.124.55 - mailcious
142.250.66.99
62.217.160.2
104.244.42.1 - suspicious
104.26.5.15
85.217.144.143 - malware
5.255.255.77
172.67.212.188
172.86.97.117
85.143.220.63
149.154.167.99 - mailcious
104.21.65.24
104.21.34.37 - phishing
5.42.92.88 - mailcious
172.67.75.163
104.21.90.82 - malware
45.9.74.80 - malware
91.215.85.209 - mailcious
204.79.197.219
172.67.187.122 - malware
77.91.68.52 - mailcious
74.125.204.127
171.22.28.224
171.22.28.226 - malware
87.240.132.67 - mailcious
171.22.28.221 - malware
85.209.11.85
34.117.59.81
77.91.68.249 - malware
45.129.14.83 - malware
104.21.21.189
211.181.24.132
172.67.180.173
182.162.106.32
182.162.106.33 - malware
104.26.8.59
104.21.6.10 - malware
45.130.41.101 - mailcious
142.250.204.141
87.240.132.78 - mailcious
5.75.212.77
45.132.1.20 - mailcious
142.251.220.109
172.67.75.166
194.169.175.232 - malware
20.150.38.228
77.91.124.1 - malware
94.142.138.113 - mailcious
121.254.136.9
65.109.26.240 - mailcious
185.82.216.96
104.26.9.59
104.21.78.56
107.167.110.211
45.15.156.229 - mailcious
104.194.128.170
104.26.4.15
193.42.32.29 - malware
95.142.206.3 - mailcious
95.142.206.2 - mailcious
172.67.139.220
185.216.70.238 - mailcious
104.21.32.208 - malware
104.21.93.225 - phishing
146.59.70.14 - malware
171.22.28.239
172.217.24.77
213.180.204.24
171.22.28.213 - malware
95.142.206.0 - mailcious
193.42.32.118 - mailcious
172.67.34.170 - mailcious
172.217.27.3
171.22.28.236
104.76.78.101 - mailcious

ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
SURICATA Applayer Mismatch protocol both directions
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.pw domain - Likely Hostile
ET DNS Query to a *.top domain - Likely Hostile
ET INFO Executable Download from dotted-quad Host
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET INFO HTTP Request to a *.top domain
ET DROP Spamhaus DROP Listed Traffic Inbound group 7
ET HUNTING Suspicious services.exe in URI
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
ET INFO TLS Handshake Failure
ET HUNTING Possible EXE Download From Suspicious TLD
ET POLICY External IP Address Lookup DNS Query (2ip .ua)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING Request to .TOP Domain with Minimal Headers
ET INFO Packed Executable Download
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Get_settings)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound)
ET MALWARE Redline Stealer Activity (Response)
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST)
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET INFO Dotted Quad Host ZIP Request
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key
ET MALWARE Win32/Filecoder.STOP Variant Public Key Download
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
ET MALWARE Win32/Vodkagats Loader Requesting Payload
ET INFO PS1 Powershell File Request
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic

http://77.91.68.52/fuza/nalo.exe
http://171.22.28.226/download/WWW14_64.exe
http://77.91.68.52/fuza/2.ps1
http://85.217.144.143/files/Amadey.exe
http://45.9.74.80/zinda.exe
http://zexeq.com/test2/get.php
http://45.15.156.229/api/firegate.php
http://85.217.144.143/files/My2.exe
http://77.91.68.52/fuza/sus.exe
http://jackantonio.top/timeSync.exe
http://zexeq.com/files/1/build3.exe
http://77.91.68.52/fuza/foto2552.exe
http://94.142.138.113/api/tracemap.php
http://193.42.32.118/api/firegate.php
http://171.22.28.226/download/Services.exe
http://5.42.92.88/loghub/master
http://lakuiksong.known.co.ke/netTimer.exe
http://193.42.32.118/api/tracemap.php
http://45.9.74.80/0bjdn2Z/index.php
http://77.91.124.1/theme/index.php
http://45.15.156.229/api/tracemap.php
http://171.22.28.213/3.exe
http://194.169.175.232/autorun.exe
http://94.142.138.113/api/firegate.php
http://193.42.32.118/api/firecom.php
http://77.91.68.249/navi/kur90.exe
https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe
https://steamcommunity.com/profiles/76561199563297648
https://pastebin.com/raw/xYhKBupz
https://octocrabs.com/7725eaa6592c80f8124e769b4e8a07f7.exe

http://ip-api.com/json/

berlinqua.duckdns.org(179.13.0.48)
ip-api.com(208.95.112.1)
179.13.0.48
208.95.112.1

ET MALWARE Common RAT Connectivity Check Observed
ET POLICY External IP Lookup ip-api.com
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

http://chongmei33.publicvm.com:7045/is-ready - rule_id: 28328
http://ip-api.com/json/

chongmei33.publicvm.com(103.47.144.71) - mailcious
ftp.martur.cl(187.49.9.55)
ip-api.com(208.95.112.1)
208.95.112.1
187.49.9.55 - mailcious
103.47.144.71 - mailcious

SURICATA Applayer Detect protocol only one direction
ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)
ET POLICY External IP Lookup ip-api.com
ET MALWARE WSHRAT CnC Checkin
ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain

http://chongmei33.publicvm.com:7045/is-ready

http://www.into-org.com/rs10/?C0D=+njUxLNT9hCOVJ3Lnug2QEI/7WyUV+ofb+5xay11NC0a753xJF4LqnCsTY0IVEvVOlnNjj+S&QZ3=ehux_vXh401Xart
http://www.mtauratarnt.com/rs10/?C0D=pPtLjK+gsCF+gBeBSkx+WEjNRlgjs/QTeyOfbuiR2sOl/G3k+8MocAF2pTNT/vXnM1YvSeQw&QZ3=ehux_vXh401Xart

www.mtauratarnt.com(104.21.69.174)
www.into-org.com(213.186.33.5)
104.21.69.174
104.194.128.170
213.186.33.5 - mailcious

ET MALWARE FormBook CnC Checkin (GET)

121.254.136.9