https://api.ipify.org/

api.ipify.org(64.185.227.155)
104.237.62.211

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://j.ffbbjjkk.com/logo.png
https://j.ffbbjjkk.com/35.html

j.ffbbjjkk.com(172.67.158.22) - mailcious
104.21.8.227

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

95.217.124.180 - mailcious

5rrgmeftoclglat5t7mmd9a.62wtco97ne9fk1j06ldaz()

http://23.94.231.188/797/vbc.exe

23.94.231.188 - malware

ET INFO Executable Download from dotted-quad Host
ET MALWARE MSIL/GenKryptik.FQRH Download Request
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://37.139.128.83/golden.pdf - rule_id: 27987
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip

37.139.128.83 - mailcious

ET INFO Dotted Quad Host PDF Request

http://37.139.128.83/golden.pdf

omerlan.duckdns.org(193.56.29.112) - mailcious
193.56.29.112 - mailcious

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

151.80.89.234