https://117.54.250.246/tot92/TEST22-PC_W617601.CE37DE6BBFE09D0A2B7FB41F36253385/5/kps/

103.54.41.193 - mailcious
117.54.250.246
117.252.68.211 - mailcious

ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)

45.137.22.50 - mailcious

ET MALWARE Possible NanoCore C2 60B

http://51.195.61.169/data/getip.php
http://51.195.61.169/data/r_assver.php
http://51.195.61.169/data/serverip.txt

51.195.61.169 - malware

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(104.21.19.200)
checkip.dyndns.org(131.186.113.70)
162.88.193.70
172.67.188.154

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://will.kasraz.com/a/pdf.exe

will.kasraz.com(192.3.122.177) - mailcious
192.3.122.177 - mailcious

ET HUNTING Suspicious Request for Pdf.exe Observed in Zeus/Luminosity Link
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile