http://x1.i.lencr.org/
https://giversherbalproducts.com/Ad47XRSH/fok.html
https://specialistedu.com.hk/495ivO4PQTRk/fok.html
https://denkyiraman.co.uk/hqzqxPNha/fok.html

x1.i.lencr.org(104.74.211.103)
specialistedu.com.hk(103.27.32.22)
denkyiraman.co.uk(198.38.82.168)
giversherbalproducts.com(198.38.82.168)
104.74.211.103
198.38.82.168 - mailcious
103.27.32.22

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic

https://cdn.discordapp.com/attachments/893177342426509335/900745540847943710/A2D3526C.jpg
https://cdn.discordapp.com/attachments/893177342426509335/900745538788540466/C7140825.jpg

cdn.discordapp.com(162.159.135.233) - malware
96.9.210.115
162.159.130.233 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://63.250.40.204/~wpdemo/file.php?search=475803 - rule_id: 6600

63.250.40.204 - mailcious

ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

http://63.250.40.204/~wpdemo/file.php