www.dressroza.com(85.159.66.93)
www.by2526.com(156.237.204.118)
www.dulichngaaz.info(104.21.59.93)
www.doonsideproperty.com(15.197.148.33)
www.qkotc.xyz(15.197.148.33)
www.354388.pet(18.166.41.103)
www.ontoweightloss.health(3.33.130.190)
www.coffeemakers.online(35.213.130.57)
18.166.41.103
15.197.148.33 - mailcious
85.159.66.93 - mailcious
156.237.204.118
172.67.222.36 - mailcious
3.33.130.190 - phishing
35.213.130.57
45.33.6.223

ET MALWARE FormBook CnC Checkin (GET) M5
SURICATA HTTP Request abnormal Content-Encoding header

http://192.210.150.15/xampp/kb/clubtogetmebackwithenitre.tIF

ia803104.us.archive.org(207.241.232.154) - malware
192.210.150.15 - mailcious
207.241.232.154 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://172.245.135.143/90/seetheimagesforflowerstosee.gIF

servidorwindows.ddns.com.br(177.106.217.75) - malware
177.106.217.75 - malware
172.245.135.143 - mailcious

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

servidorwindows.ddns.com.br(177.106.217.75) - malware
177.106.217.75 - malware