69.61.42.27

http://geoplugin.net/json.gp
http://64.188.25.4/ASfZgs135.bin
http://194.55.224.13/_errorpages/kobee.exe

geoplugin.net(178.237.33.50)
178.237.33.50
64.188.25.4 - mailcious
69.61.42.27
194.55.224.13 - malware

http://45.9.74.182/b7djSDcPcZ/index.php

45.9.74.182 - malware

https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=oQBwb5yyFDUo

whatismyipaddressnow.co(172.67.143.245)
104.21.71.78

http://23.94.148.61/599/ChromeSetup.exe

api.ipify.org(173.231.16.76)
23.94.148.61 - malware
64.185.227.156

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response