https://objetivosaludable.com/3312/3312.txt

objetivosaludable.com(217.148.138.233) - malware
217.148.138.233 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

objetivosaludable.com(217.148.138.233) - malware
217.148.138.233 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

198.46.132.159 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET INFO TLS Handshake Failure
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

198.46.132.159 - malware

198.46.132.159 - malware

ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO TLS Handshake Failure

http://www.halalmine.com/nins/?RVlTip=Dzpv8sGxy5uG7ln3FCcZzazm69TQ2VKW5er1rCDVub0C+e1wjNprgoSJwgAqIMNoIK4v1Cgh&QL3=uTypB4hPLby4i - rule_id: 1994
http://www.clemence-pierre.com/nins/?RVlTip=EszyM3kNUKrJxLiq6KpzQMfLVOfVJC4K9tU253nuZIF8QVLY1VS6tN78Lh0sQ+YOEd5HuPhX&QL3=uTypB4hPLby4i - rule_id: 1996
http://www.casastortarestaurant.com/nins/?RVlTip=stiq9rQ49ntyNrITZg6+O1p5SL5rpaqwdvdMJEX2PoQwVMkZ53ugC58GULYR3wU0DbrXD0Cy&QL3=uTypB4hPLby4i
http://www.iararueda.com/nins/?RVlTip=xkFqLLRHTKSoyOiHQwzOyktcQ5JzCZetn2liKiNRm8TiBfzc3WaGhUXMwZpgLm0EtDnjMh0d&QL3=uTypB4hPLby4i
http://www.the4relationships.com/nins/?RVlTip=tueyJm0D391pj/7Jax8CRB0dIVEMFxfmiKkLNxGmnVPnwmitRW48mWqW+HCZGIvrzwEGIem8&QL3=uTypB4hPLby4i
http://www.officecleanaustin.com/nins/?RVlTip=Ic1KlXcqpcxDgH8dO8QFEBDHXHxMh6zu4mkHy8Bu1mc/8Xp4oL77TtUuNrhQYir1z5sCZSiR&QL3=uTypB4hPLby4i

www.halalmine.com(34.102.136.180)
www.casastortarestaurant.com(198.54.117.210)
www.iararueda.com(192.185.16.40)
www.clemence-pierre.com(52.59.122.2)
www.officecleanaustin.com(34.80.190.141)
www.the4relationships.com(34.102.136.180)
192.185.16.40
52.59.122.2
34.102.136.180 - mailcious
198.54.117.216 - phishing
34.80.190.141 - mailcious

ET MALWARE FormBook CnC Checkin (GET)

http://www.halalmine.com/nins/
http://www.clemence-pierre.com/nins/

musicnote.soundcast.me(88.99.99.222) - malware
88.99.99.222 - malware

ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

http://freegeoip.net/shutdown
https://freegeoip.net/xml/
https://api.ipify.org/

api.ipify.org(50.19.92.227)
freegeoip.net(172.67.75.176)
musicnote.soundcast.me(88.99.99.222) - malware
88.99.99.222 - malware
104.26.14.73
23.21.173.155

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)