http://spec.cloud.360safe.com/commonquery
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1103.exe
http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|656,P2PS|0,PDMode|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=9&dt=7&size=103774176&ds=14824882.29
http://conf.f.360.cn/getconf.php
http://54.251.105.191/msvquery
http://sd.p.360safe.com/AC05282966EF28F0BC58DFBBE2E9591EF2A43BD6.trt
http://104.192.108.110/cloudquery.php
http://bp.conf.cloud.360safe.com/getconf.php
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
http://5.42.66.47/files/setup.exe
http://s.360safe.com/safei18n/query_env.htm?v611=DgY0MAEI0c7TigABAACF%2Fun%2BsCIUuKO4l5NILjahqSvMLXSDHb8%2FWuhCOcrv%2FhjSejb2sXIbKLJuE2%2FWLLaX7KSaRN9Ai%2B8kA6OFEpx27%2B%2F93tit1rlfCz8Q0VgSF55x4HM7RzagpOzvLsOpD8ijfES%2Bdq9NAcEpYaLwx4b%2BF5%2FT24ae3ll8xdaTUKsBLOH95azn0d1r3i7jBq0ET7iSqoMyAuki90AEnMrbgH2NdIggPxMpsUzG6r17FYxHBeLdQ6BB8I5DeWaMpIsKPXGFT6f0YxiqiViG1IZjyqU1xSdempia453PrEwV%2BJxCwK%2FreSD%2BnDd3O%2F0DQjtVlGxuY7R6iJ042YiNzq1uaZHZFf43xVAuBnlmKU9JtqupSBfgqyJBPAfJ%2BBLIQ9WgMg8kz1FnXycm0szEMMBTm1ISIEfLlQfMmsGI%2BVLcZHMCN5QpVylh5gwY5TpviZSvN%2BIPJaCr7fxFsaVfNDmjKPQA
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=153
http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=BA320C501D0312BEC018E22653081CCD&p2p=1&t_id=360TS_Setup.exe&tads=17295696&tdl=103774176&tds=17182501&terr=0&tes=Status|1,ErrorCode|0,DnCount|24,HttpNum|19,DnFailCount|23,FStatus|1,P2SS|103774176,P2PS|0,PDMode|3&tfl=103774176&tp=t&tst=1&ttdl=103774176&ttm=6109&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
http://tconf.cloud.360safe.com/status.html
https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW.Marketator.CPI20230405_6.6.0.1054.exe
https://yip.su/RNWPd.exe - rule_id: 37623
https://orion.ts.360.com/installapp?c=&ch=WW.Marketator.CPI20230405&sch=0&ver=11.0.0.1103&lan=en&os=6.1-x64&mid=3b96717f137ac716bab250f817240788&time=1716766485&checksum=E94E8C74AAF3CB2D62391070
https://pastebin.com/raw/V6VJsrV3 - rule_id: 37255

spec.cloud.360safe.com(104.192.109.75)
time-b.timefreq.bldrdoc.gov(132.163.96.2)
sd.p.360safe.com(54.230.169.32)
tr.p.360safe.com(54.76.174.118)
bp.conf.cloud.360safe.com(54.251.105.241)
u.qurl.cloud.360safe.com(54.251.106.27)
int.down.360safe.com(54.230.176.36)
free.360totalsecurity.com(54.192.175.27)
a-dira.net(207.180.242.32)
yip.su(104.21.79.77) - mailcious
conf.f.360.cn(180.163.243.118)
tconf.cloud.360safe.com(1.192.193.157)
orion.ts.360.com(82.145.215.152)
s.360safe.com(54.255.136.181)
iup.360safe.com(54.230.61.34)
st.p.360safe.com(54.77.42.29)
pastebin.com(104.20.3.235) - mailcious
54.230.61.65
54.77.42.29
54.192.175.27
104.192.108.104
54.230.176.105
207.180.242.32 - mailcious
5.42.66.47 - mailcious
54.179.136.152
54.230.176.36
54.230.61.95
104.21.79.77 - phishing
54.251.105.191
54.230.61.39
54.230.61.34
172.67.19.24 - mailcious
54.255.136.181
104.192.108.130
104.192.108.110
104.192.108.118
54.230.169.8
54.76.174.118
54.230.176.22
180.163.243.87
132.163.96.2
82.145.215.156
54.230.176.104
185.172.128.82 - malware
104.192.108.79

ET DROP Spamhaus DROP Listed Traffic Inbound group 1
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET INFO TLS Handshake Failure
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false)
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)