Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 26, 2023, 5:19 p.m.	July 26, 2023, 5:26 p.m.

Size	3.1MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`20f0bdb1c1b0fc48e7923a5e9fc65c50`
SHA256	`4dc5588ac49fa183824ab585b69a491fd45d1d3b2b01f052adc5062b356e7434`
CRC32	`607FF06E`
ssdeep	`98304:nSGqtecGLXDOM19JV9MN14QwqqYoB5pU5SF:SXtaXD119JVKj4QwqqYOm`
Yara	Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)

c2build.exe "C:\Users\test22\AppData\Local\Temp\c2build.exe"
524

Name	Response	Post-Analysis Lookup
files.catbox.moe	A 108.181.20.35	108.181.20.35

IP Address	Status	Action
108.181.20.35	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49161 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49164 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49170 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49176 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49176 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49164 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49176 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49178 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49178 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49179 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49179 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49166 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49178 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49179 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49179 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49187 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49187 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49181 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49187 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49187 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49161 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49172 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49184 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49175 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49175 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49175 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49177 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49183 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49186 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49189 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49189 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49230 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49189 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49190 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49191 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49253 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49174 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49173 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49173 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49173 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49173 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49182 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49182 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49182 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49180 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49180 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49192 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49194 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49188 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49195 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49168 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49212 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49212 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49168 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49212 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49168 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49169 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49228 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49228 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49228 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49233 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49171 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49327 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49259 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49245 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49214 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49214 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49393 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49398 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49406 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49408 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49214 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49265 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49363 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49226 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49415 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49316 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49316 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49316 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49463 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49470 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49355 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49387 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49449 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49513 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49513 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49513 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49513 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49519 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49519 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49519 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49382 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49525 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49525 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49404 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49525 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49257 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49536 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49536 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49407 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49536 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49262 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49558 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49558 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49558 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49417 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49559 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49559 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49559 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49558 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49560 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49560 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49276 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49560 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49562 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49562 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49562 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49563 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49563 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49563 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49566 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49566 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49566 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49568 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49568 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49298 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49568 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49572 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49572 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49572 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49457 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49573 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49465 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49573 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49321 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49573 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49511 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49511 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49572 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49511 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49322 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49514 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49514 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49576 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49576 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49514 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49576 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49324 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49324 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49517 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49517 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49324 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49578 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49517 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49578 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49324 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49578 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49521 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49521 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49521 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49582 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49582 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49582 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49346 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49591 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49591 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49591 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49526 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49526 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49526 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49528 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49510 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49528 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49510 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49528 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49510 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49510 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49532 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49532 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49532 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49535 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49535 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49535 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49518 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49518 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49518 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49450 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49527 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49527 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49544 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49544 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49527 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49544 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49550 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49550 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49540 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49550 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49540 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49540 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49550 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49557 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49557 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49542 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49362 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49557 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49542 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49542 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49365 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49551 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49551 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49368 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49482 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49551 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49557 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49491 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49561 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49561 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49564 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49561 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49564 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49374 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49584 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49564 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49584 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49584 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49565 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49565 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49587 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49565 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49587 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49564 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49587 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49565 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49592 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49592 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49569 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49592 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49569 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49497 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49569 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49574 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49539 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49539 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49539 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49574 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49574 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49549 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49549 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49549 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49575 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49575 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49575 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49553 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49553 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49553 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49583 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49583 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49583 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49567 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49567 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49567 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49570 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49570 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49570 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49509 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49509 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49509 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49571 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49571 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49571 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49515 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49515 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49515 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49577 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49577 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49577 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49516 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49516 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49516 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49579 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49579 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49579 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49523 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49523 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49523 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49581 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49581 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49581 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49531 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49531 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49531 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49533 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49533 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49533 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49534 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49534 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49534 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49543 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49543 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49543 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49545 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49545 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49545 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49546 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49546 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49546 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49547 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49547 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49547 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49548 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49548 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49548 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49554 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49554 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49554 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49555 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49555 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49555 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49556 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49556 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49556 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49555 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49556 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49586 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49586 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49586 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49520 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49520 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49520 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49522 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49522 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49522 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49524 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49529 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49529 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49529 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49530 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49530 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49530 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49537 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49537 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49537 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49538 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49538 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49538 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49538 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49541 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49541 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49541 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49552 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49552 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49552 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49580 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49580 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49580 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49585 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49585 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49585 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49573 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49586 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49316 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49584 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49533 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49568 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49545 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49551 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49558 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49559 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49212 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49554 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49178 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49565 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49541 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49511 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49179 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49516 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49560 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49521 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49572 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49574 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49555 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49547 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49583 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49591 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49540 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49509 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49528 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49585 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49520 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49519 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49168 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49175 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49543 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49569 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49544 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49517 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49530 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49550 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49531 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49592 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49228 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49529 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49567 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49532 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49548 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49537 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49549 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49515 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49161 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49534 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49576 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49536 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49581 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49169 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49539 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49214 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49556 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49513 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49187 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49566 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49546 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49564 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49578 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49510 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49582 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49523 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49542 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49526 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49518 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49557 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49575 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49562 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49514 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49535 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49579 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49176 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49577 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49570 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49527 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49571 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49580 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49552 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49561 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49324 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49189 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49553 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49182 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49226 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49173 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49538 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49522 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 26, 2023, 5:19 p.m.			0	0
IsDebuggerPresent July 26, 2023, 5:19 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (2 events)

Time & API	Arguments	Status	Return	Repeated
CryptExportKey July 26, 2023, 5:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00811588 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1	0
CryptExportKey July 26, 2023, 5:19 p.m.	buffer: f Ù®¡ùU@ÍFéJÞÍ]VôWdÿ7ëÍÏfë crypto_handle: 0x00811588 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 26, 2023, 5:19 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (19 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 393216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00650000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00670000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 1703936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02420000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00772000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007ab000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0078c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00796000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0077a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0079a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00797000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0079b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0078a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 26, 2023, 5:19 p.m.	process_identifier: 524 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0077c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses July 26, 2023, 5:19 p.m.	flags: 1158 family: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0030b400', u'virtual_address': u'0x00002000', u'entropy': 7.999901990796463, u'name': u'.text', u'virtual_size': u'0x0030b344'}

entropy

7.9999019908

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00002c00', u'virtual_address': u'0x0030e000', u'entropy': 7.536951450320146, u'name': u'.rsrc', u'virtual_size': u'0x00002b76'}

entropy

7.53695145032

description

A section with a high entropy has been found

entropy

0.999840179

description

Overall entropy of this PE file is high

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation July 26, 2023, 5:19 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (1 event)

description

c2build.exe tried to sleep 5456426 seconds, actually delayed analysis time by 5456426 seconds

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

FireEye	Generic.mg.20f0bdb1c1b0fc48
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.f5769f
BitDefenderTheta	Gen:NN.ZemsilF.36318.dp0@amUvcRf
Cyren	W32/MSIL_Agent.FQK.gen!Eldorado
Symantec	MSIL.Downloader!gen8
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.PLZ
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Avast	Win32:PWSX-gen [Trj]
F-Secure	Trojan.TR/Dropper.MSIL.Gen
Trapmine	malicious.moderate.ml.score
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.MSIL.Inject
Avira	TR/Dropper.MSIL.Gen
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Google	Detected
APEX	Malicious
Rising	Malware.Obfus/MSIL@AI.93 (RDM.MSIL2:5SHRY/StLxEbCae4JXr4LA)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/AgentTesla.D!tr
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

c2build.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All