ControllerFinallineballinglove33.webredirect.org(77.247.127.169)
77.247.127.169

ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex

mas.to(88.99.75.82)
77.247.127.169
88.99.75.82

ET DNS Query for .to TLD
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://136.243.159.53/~element/page.php?id=493 - rule_id: 5135

136.243.159.53 - mailcious

ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2

http://136.243.159.53/~element/page.php

cutixglobal.ddns.net(5.107.90.242) - mailcious
37.235.1.174 - mailcious
5.107.90.242

ET POLICY DNS Query to DynDNS Domain *.ddns .net

https://cortinastelasytrazos.com/Yro6Atvj/sec.html
https://orquideavallenata.com/4jmDb0s9sg/sec.html
https://fundacionverdaderosheroes.com/gY0Op5Jkht/sec.html

orquideavallenata.com(108.167.165.249) - mailcious
fundacionverdaderosheroes.com(108.167.165.249) - mailcious
cortinastelasytrazos.com(108.167.165.249) - mailcious
108.167.165.249 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure