http://156.236.72.163:8080/dan.exe

156.236.72.163 - malware

ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP

http://www.billydeluca.com/sd03/?jBZ4=bwn3WNXG1QkKkY/peZjHiiVfFEeZEuNxgxDQNfmA0NAm5QlqR0e5861NDsuhGMHW1ZdwAArQ&P0D=Abs0IXf

www.liberix.se()
www.lincornellah.africa()
www.copywriters.agency()
www.billydeluca.com(198.185.159.145)
198.49.23.144 - mailcious

ET MALWARE FormBook CnC Checkin (GET)

185.161.248.142 - mailcious

http://136.244.84.50:8022/bruh.png

136.244.84.50

89.23.107.125