SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

http://vagenor.space/333g100/main.php
http://vagenor.space/333g100/index.php

vagenor.space(172.67.128.34)
104.21.0.170

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP

http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/PhZsaXdR1V7zV9wmdXNv
http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/jkHs2LXmxxRKvBtHVYp
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/Bbf0VKK5GZjWAo2phPwe
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://dorothymambrose.live/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/g5cBEYiSfa9vFvj9Qix6
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip

dorothymambrose.live(198.54.116.130) - mailcious
198.54.116.130 - mailcious

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE MICROPSIA CnC Checkin
ET MALWARE MICROPSIA Screenshot Upload M3

raw.githubusercontent.com(185.199.111.133) - malware
tBfNnomHZaZYlUMCzNsz.tBfNnomHZaZYlUMCzNsz()
22231jssdszs.fun()
rbThmErFPsQOqBITcVsiJBDzE.rbThmErFPsQOqBITcVsiJBDzE()
dvYQmQzOWlOLeZxphJ.dvYQmQzOWlOLeZxphJ()
185.199.110.133 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

https://www.google.com/css/maia.css
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=644545533916229546&zx=d115e04f-289c-416f-9629-378d57f34c1a
https://www.blogger.com/static/v1/widgets/2583860411-widgets.js
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css
https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
https://fonts.googleapis.com/css?family=Open+Sans:300
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700
https://www.blogger.com/img/blogger-logotype-color-black-1x.png
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff
https://35d42729-3b2d-44cd-88c7-59a76492301c.usrfiles.com/ugd/35d427_aba34aefaf6944578eaddcbf518b0d51.txt
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff
https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://fckusecurityresearchermotherfkrs.blogspot.com/p/15_17.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://fckusecurityresearchermotherfkrs.blogspot.com/p/15_17.html%26type%3Dblog%26bpli%3D1&passive=true&go=true
https://www.google-analytics.com/analytics.js
https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Ffckusecurityresearchermotherfkrs.blogspot.com%2Fp%2F15_17.html&type=blog&bpli=1
https://www.blogger.com/blogin.g?blogspotURL=https://fckusecurityresearchermotherfkrs.blogspot.com/p/15_17.html&type=blog
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png
https://www.blogger.com/static/v1/jsbin/3046902713-ieretrofit.js
https://fonts.gstatic.com/s/opensans/v22/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css

resources.blogblog.com(142.250.196.137)
www.google.com(142.250.196.100)
www.gstatic.com(142.250.196.99)
fonts.googleapis.com(172.217.175.74)
35d42729-3b2d-44cd-88c7-59a76492301c.usrfiles.com(34.102.176.152)
accounts.google.com(172.217.24.141)
www.google-analytics.com(172.217.174.110)
fonts.gstatic.com(216.58.197.227)
www.blogger.com(142.250.196.137)
142.250.204.132
172.217.161.142
142.250.207.73
142.250.66.99
172.217.31.227
142.250.204.41
34.102.176.152 - mailcious
142.250.199.77
142.250.66.42

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)