paymetconfirm.com(208.83.69.35) - mailcious
128.199.243.169 - malware

ET POLICY PE EXE or DLL Windows file download HTTP

http://waunake.com:8088/wp-theme/OcXP6U.png

waunake.com(128.199.243.169) - mailcious
128.199.243.169 - malware

ET POLICY PE EXE or DLL Windows file download HTTP

properlysolutionsco.com(128.199.243.169) - mailcious
128.199.243.169 - malware

ET POLICY PE EXE or DLL Windows file download HTTP

http://taskremindment.com:8088/images/OcXP6U.png - rule_id: 3074

taskremindment.com(208.83.69.35) - malware
128.199.243.169 - malware

ET POLICY PE EXE or DLL Windows file download HTTP

http://taskremindment.com:8088/images/OcXP6U.png

http://185.227.139.18/dsaicosaicasdi.php/HsSpKI8PLZu2g - rule_id: 2584

185.227.139.18 - mailcious

ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M2

http://185.227.139.18/dsaicosaicasdi.php

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(104.21.19.200)
checkip.dyndns.org(216.146.43.71)
172.67.188.154
158.101.44.242

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://taskremindment.com:8088/css/b486Pv.png - rule_id: 3113
http://taskremindment.com:8088/css/b486Pv.png

taskremindment.com(128.199.243.169) - malware
128.199.243.169 - malware

ET POLICY PE EXE or DLL Windows file download HTTP

http://taskremindment.com:8088/css/b486Pv.png

paymetconfirm.com(128.199.243.169) - mailcious
128.199.243.169 - malware

ET POLICY PE EXE or DLL Windows file download HTTP

trenchesrelax.duckdns.org(23.101.140.170)
23.101.140.170
158.101.44.242

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain