http://wiyolo.com/956fb7ffae6a93d9
http://wiyolo.com/956fb7ffae6a93d9/
http://wiyolo.com/956fb7ffae6a93d9/remove.html

wiyolo.com(142.234.157.206)
142.234.157.206

http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150

freegeoip.app(172.67.188.154)
checkip.dyndns.org(158.101.44.242)
104.21.48.37 - malware
158.101.44.242
172.67.188.154

ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

www.youtube.com(172.217.161.46)
www.google.com(142.250.196.100)
142.250.66.132
142.250.204.78

www.corbvalperu.com()

http://www.manualdobalconista.com/crg3/?Ulm=5aJYfJodYG6BrS0FfuAwGX0MfoQ+tl7mlPkfTpt57IVgoZ48UAgNU6sYsDPVuo0HUmr+aUbZ&TVg8Al=uFNXBt2HlNP8
http://www.thedecorcorner.com/crg3/?Ulm=jyRJRWWorKBrL9rPhTzn3uyL3ElVefX3VfTSscFXSKsmaYWV2Cj1pXrkGXbwLbU0ZvFEd1u4&TVg8Al=uFNXBt2HlNP8

www.m-starlighthoi.com()
www.manualdobalconista.com(162.241.2.219)
www.thedecorcorner.com(34.102.136.180)
162.241.2.219
34.102.136.180 - mailcious

ET MALWARE FormBook CnC Checkin (GET)

http://sherence.ru/323.exe
https://sh1729062.b.had.su//loader.txt - rule_id: 4573
https://sh1729062.b.had.su//cisCheckerstroke.php - rule_id: 4574
https://sh1729062.b.had.su//gate.php?hwid=7C6024AD&os=6.1.7601&av= - rule_id: 4575

sherence.ru(172.67.176.114) - malware
sh1729062.b.had.su(92.119.113.140) - mailcious
172.67.176.114 - malware
172.67.188.154
92.119.113.140 - malware

ET DNS Query for .su TLD (Soviet Union) Often Malware Related
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://sh1729062.b.had.su//loader.txt
https://sh1729062.b.had.su//cisCheckerstroke.php
https://sh1729062.b.had.su//gate.php

92.119.113.140 - malware

https://ghapan.com/Kdg73onC3oQ/090921.html
https://gruasingenieria.pe/LUS1NTVui6/090921.html
https://yoowi.net/tDzEJ8uVGwdj/130921.html
https://chaturanga.groopy.com/7SEZBnhMLW/130921.html
https://lotolands.com/JtaTAt4Ej/130921.html

ghapan.com(136.243.74.161)
gruasingenieria.pe(192.185.17.114)
yoowi.net(210.211.111.87)
chaturanga.groopy.com(143.95.80.83)
lotolands.com(198.54.124.27)

https://ghapan.com/Kdg73onC3oQ/090921.html
https://gruasingenieria.pe/LUS1NTVui6/090921.html
https://yoowi.net/tDzEJ8uVGwdj/130921.html
https://chaturanga.groopy.com/7SEZBnhMLW/130921.html
https://lotolands.com/JtaTAt4Ej/130921.html

ghapan.com(136.243.74.161)
gruasingenieria.pe(192.185.17.114)
yoowi.net(210.211.111.87)
chaturanga.groopy.com(143.95.80.83)
lotolands.com(198.54.124.27)

http://api.ipify.org/
http://woureves.ru/8/forum.php

woureves.ru(91.226.80.10) - mailcious
api.ipify.org(23.23.145.149)
50.19.104.221
91.226.80.10 - mailcious

ET POLICY External IP Lookup api.ipify.org

http://woureves.ru/8/forum.php - rule_id: 5191
http://api.ipify.org/

woureves.ru(91.226.80.10) - mailcious
api.ipify.org(50.16.248.208)
54.235.244.43
91.226.80.10 - mailcious

ET POLICY External IP Lookup api.ipify.org

http://woureves.ru/8/forum.php