https://api.ipify.org/

api.ipify.org(173.231.16.76)
104.237.62.211

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

mail.agrilivestock.net(103.215.139.42)
api.ipify.org(64.185.227.155)
173.231.16.76
103.215.139.42

SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

api.ipify.org(173.231.16.76)
173.231.16.76

https://raw.githubusercontent.com/user202212/Test/main/NewFile

raw.githubusercontent.com(185.199.108.133) - malware
185.199.108.133 - mailcious

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://51.79.49.73/crc/Play.exe

181.142.211.88
51.79.49.73 - malware

ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://geoplugin.net/json.gp
http://51.79.49.73/crc/Remc.exe

geoplugin.net(178.237.33.50)
nov231122.con-ip.com(181.142.211.88)
178.237.33.50
181.142.211.88
51.79.49.73 - malware

ET JA3 Hash - Remcos 3.x TLS Connection
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO DNS Redirection Service Domain in DNS Lookup (con-ip .com)

api.ipify.org(64.185.227.155)
104.237.62.211