http://185.172.128.5/v8sjh3hs8/index.php

185.172.128.5 - malware

23.95.235.86 - mailcious

89.23.99.86

http://192.3.179.162/352/wlanext.exe

192.3.179.162 - malware
172.67.195.141 - malware

ET INFO Executable Download from dotted-quad Host

142.251.220.78
142.251.220.97

https://drive.google.com/uc?export=download&confirm=no_antivirus&id=1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8
https://doc-0c-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gsj07kmmd732u9jfj0sd2ubl6lqnbh2o/1702290825000/03617822427045637603/*/1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8?e=download&uuid=cd74acaf-b34e-46e0-a195-a721074feb84

doc-0c-bs-docs.googleusercontent.com(142.250.207.97)
drive.google.com(142.250.206.206) - mailcious
142.251.220.78
142.251.220.97

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

94.130.51.115 - mailcious

ET MALWARE Arechclient2 Backdoor CnC Init