http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/597/236/original/rump_privada.jpg?1693847070
http://95.214.27.56/cuzineaktivosbase64.txt

uploaddeimagens.com.br(104.21.45.138) - malware
182.162.106.32
104.21.45.138 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://80.76.51.250/ - rule_id: 36122
http://80.76.51.250/Downloads/client_upd.lnk
http://80.76.51.250/Downloads/desktop.ini
http://80.76.51.250/Downloads - rule_id: 36123

80.76.51.250 - mailcious

http://80.76.51.250/
http://80.76.51.250/Downloads

https://embutidoskami.sdb.bo/wp-content/uploads/2015/06/HDDREQ.hta

login.drive-google-com.tk(103.108.67.191)
103.108.67.191

ET DNS Query to a .tk domain - Likely Hostile

http://185.28.39.17:7777/185.28.39.18/damianozx.exe

185.28.39.17 - malware

ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://www.mysticheightstrail.com/sy22/?EDK8gDR=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&BZ=E2M4oNPx_Ln
http://www.thwmlohr.click/sy22/?EDK8gDR=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&BZ=E2M4oNPx_Ln
http://www.zhperviepixie.com/sy22/?EDK8gDR=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&BZ=E2M4oNPx_Ln - rule_id: 35635
http://www.gracefullytouchedartistry.com/sy22/?EDK8gDR=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&BZ=E2M4oNPx_Ln - rule_id: 35940

www.gracefullytouchedartistry.com(34.149.87.45) - mailcious
www.thwmlohr.click(43.154.67.170)
www.zhperviepixie.com(167.172.228.26) - mailcious
www.drpenawaraircondhargarahmah.com()
www.mysticheightstrail.com(34.102.136.180)
43.154.67.170 - mailcious
167.172.228.26 - mailcious
34.102.136.180 - mailcious
34.149.87.45 - phishing

ET MALWARE FormBook CnC Checkin (GET)

http://www.zhperviepixie.com/sy22/
http://www.gracefullytouchedartistry.com/sy22/