xp18.ddns.net(103.133.104.146) - mailcious
172.67.200.215
103.133.104.146 - mailcious
172.67.215.92

ET POLICY DNS Query to DynDNS Domain *.ddns .net

t.me(149.154.167.99)
149.154.167.99
103.133.104.146 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.113.70)
216.146.43.70 - suspicious
104.21.19.200

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://ip-api.com/json/

ip-api.com(208.95.112.1)
208.95.112.1
205.185.123.144 - malware

ET POLICY External IP Lookup ip-api.com

archive.org(207.241.224.2) - mailcious
73cceb63-7ecd-45e2-9eab-f8d98aab177f.usrfiles.com(34.102.176.152) - mailcious
ia601509.us.archive.org(207.241.227.119) - mailcious
ia804501.us.archive.org(207.241.235.71) - mailcious
207.241.227.119 - mailcious
207.241.224.2 - mailcious
34.102.176.152 - mailcious
207.241.235.71 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://205.185.123.144/ports.txt

208.95.112.1
205.185.123.144 - malware

http://www.procircleacademy.com/p2io/?AlB=tgVoMP8jv8oJh0LH0MPWwDnGYGbnfEGTJ+yRL/Ijcc1+MHyU0MyQxKIFLUwq3WzUPcz2/uvN&ark=tXIxBh8PvLyhF - rule_id: 2905
http://www.newmopeds.com/p2io/?AlB=bSK1RxPLajIrf62nOJ2LeA3okZHmhG3V4GBmTatllgIVkFsFULHDN0cIL5FJcRS/4igqPa1G&ark=tXIxBh8PvLyhF - rule_id: 1717
http://www.cyrilgraze.com/p2io/?AlB=PONkgH6OT+IdHpvpbj4YyU3gBn/U0y1OFS1Y8BXnr3YdY2x3tUozsMLieTk0sG+frQWfUBsy&ark=tXIxBh8PvLyhF - rule_id: 1567
http://www.shopihy.com/p2io/?AlB=Ei6RqbmvJXwd1KhoWyb/BZtLNDk4B448l51n8Zz8P/g/u3IBdZc5bHR/QCXBboISRM182550&ark=tXIxBh8PvLyhF - rule_id: 2198
http://www.boogerstv.com/p2io/?AlB=fW2NkW2hr8hPz8wwd/m+egXTc5dWq8qtohIQX9xRv3Snfsyr1ZmLXS10rFsoitOMGqtVMq3V&ark=tXIxBh8PvLyhF

www.shopihy.com(160.153.137.40)
www.boogerstv.com(198.54.117.218)
www.newmopeds.com(52.58.78.16)
www.procircleacademy.com(104.16.13.194) - mailcious
www.a3i7ufz4pt3.net()
www.cyrilgraze.com(172.67.138.177)
198.54.117.212 - mailcious
104.16.13.194
52.58.78.16 - mailcious
205.185.123.144 - malware
172.67.138.177 - mailcious
160.153.137.40 - mailcious

ET MALWARE FormBook CnC Checkin (GET)

http://www.procircleacademy.com/p2io/
http://www.newmopeds.com/p2io/
http://www.cyrilgraze.com/p2io/
http://www.shopihy.com/p2io/

194.147.115.140 - mailcious

airloweryd.com(45.153.230.151) - mailcious
45.153.230.151 - mailcious