NetWork | ZeroBOX

IP Address	Status	Action
141.94.192.217	Active	Moloch
108.181.20.35	Active	Moloch
164.124.101.2	Active	Moloch
77.91.124.47	Active	Moloch
77.91.124.84	Active	Moloch
77.91.68.248	Active	Moloch
77.91.68.61	Active	Moloch

Name	Response	Post-Analysis Lookup
files.catbox.moe	A 108.181.20.35	108.181.20.35

TCP Requests

UDP Requests

POST 200 http://77.91.68.61/rock/index.php

GET 200 http://77.91.124.47/new/foto5566.exe

POST 200 http://77.91.68.61/rock/index.php

GET 200 http://77.91.124.47/new/fotod250.exe

POST 200 http://77.91.68.61/rock/index.php

GET 200 http://77.91.124.47/anon/an.exe

POST 200 http://77.91.68.61/rock/index.php

GET 200 http://77.91.68.248/fuzz/raman.exe

POST 200 http://77.91.68.61/rock/index.php

GET 404 http://77.91.68.61/rock/Plugins/cred64.dll

GET 200 http://77.91.68.61/rock/Plugins/clip64.dll

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 192.168.56.103:49179 -> 77.91.68.61:80	2027700	ET MALWARE Amadey CnC Check-In	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 77.91.68.61:80	2045751	ET MALWARE Win32/Amadey Bot Activity (POST) M2	A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49180	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49180	2046056	ET MALWARE Redline Stealer Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49185 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49190 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.84:19071 -> 192.168.56.103:49197	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49216 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49224 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49225 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49230 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2017598	ET MALWARE Possible Kelihos.F EXE Download Common Structure	A Network Trojan was detected
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49209 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.84:19071 -> 192.168.56.103:49197	2046056	ET MALWARE Redline Stealer Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49374 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49229	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49238 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49316 -> 77.91.68.61:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49316 -> 77.91.68.61:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.124.84:19071 -> 192.168.56.103:49229	2046056	ET MALWARE Redline Stealer Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2014819	ET INFO Packed Executable Download	Misc activity
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49362 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49367 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49400 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49306 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49335 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49346 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 77.91.68.248:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49502 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49507 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49376 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.68.248:80 -> 192.168.56.103:49194	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.68.248:80 -> 192.168.56.103:49194	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.248:80 -> 192.168.56.103:49194	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49475 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts