SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

195.133.40.209 - mailcious

http://104.168.46.107/430/vbc.exe

104.168.46.107 - mailcious

ET INFO Executable Download from dotted-quad Host
ET MALWARE MSIL/GenKryptik.FQRH Download Request
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://techcosupportservice.com/ext/manifest.json
http://techcosupportservice.com/ext/background.js
http://techcosupportservice.com/ext/main.js

techcosupportservice.com(198.251.84.36)
198.251.84.36

81.68.216.37 - malware

81.68.216.37 - malware

ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP