imageupload.io(172.67.222.26) - malware
104.21.83.102 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data

http://185.81.157.248:222/mc.jpg

http://185.81.157.24:222/n.jpg

salwanazeeze.duckdns.org(172.111.167.99) - mailcious
salwanazeeze.ddns.net()
172.111.167.99 - mailcious

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET POLICY DNS Query to DynDNS Domain *.ddns .net

salwanazeeze.duckdns.org(172.111.167.99) - mailcious
salwanazeeze.ddns.net()
172.111.167.99 - mailcious

ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

http://wshsoft.company/jv/jrex.zip

repo1.maven.org(199.232.196.209)
github.com(20.200.245.247) - mailcious
wshsoft.company(185.232.14.169) - malware
50kteam.dynamic-dns.net(185.222.58.83)
objects.githubusercontent.com(185.199.109.133) - malware
185.222.58.83
151.101.40.209
185.232.14.169
185.199.110.133 - malware
20.200.245.247 - malware