Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 2, 2024, 5:49 p.m.	Feb. 2, 2024, 5:51 p.m.

Size	558.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`732ee820e560b24779c626f4ddf85b21`
SHA256	`e974fde146515355313cb69d3bba96923405d1a16a972a39319b4fe523dd3453`
CRC32	`C820F03C`
ssdeep	`12288:gqlcVpdb2Wrm/9glARgVwRlqQmGALPokP5dVR2oXA42wcBiDQRD/Tz4ASe3/FvvG:gNpdb2Wrm/9glARgVwRlqQmGALPokP5j`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

Alej.exe "C:\Users\test22\AppData\Local\Temp\Alej.exe"
296

Name	Response	Post-Analysis Lookup
qu.ax	A 45.145.43.133	45.145.43.236

IP Address	Status	Action
164.124.101.2	Active	Moloch
45.145.43.133	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49163 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49163 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49184 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49171 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49184 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49171 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49163 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49184 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49171 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49168 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49186 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49168 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49172 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49186 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49172 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49168 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49186 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49172 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49195 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49195 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49173 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49162 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49173 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49195 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49162 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49177 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49173 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49177 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49162 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49165 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49197 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49177 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49197 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49197 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49167 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49176 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49176 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49181 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49170 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49181 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49176 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49170 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49206 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49206 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49181 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49170 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49169 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49206 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49169 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49178 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49178 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49174 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49208 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49174 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49208 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49183 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49178 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49208 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49183 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49174 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49183 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49209 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49209 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49180 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49189 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49180 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49193 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49189 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49209 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49193 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49180 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49189 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49193 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49213 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49187 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49213 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49187 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49194 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49213 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49187 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49205 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49194 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49205 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49194 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49205 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49217 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49196 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49217 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49196 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49217 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49202 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49196 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49202 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49219 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49202 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49219 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49219 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49199 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49221 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49199 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49221 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49207 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49199 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49207 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49221 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49220 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49207 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49220 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49220 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49200 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49200 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49224 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49211 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49200 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49224 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49223 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49224 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49223 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49223 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49201 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49201 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49222 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49201 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49226 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49228 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49222 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49228 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49222 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49228 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49214 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49214 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49230 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49225 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49214 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49230 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49225 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49256 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49230 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49225 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49256 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49232 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49256 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49232 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49236 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49232 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49236 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49229 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49236 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49257 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49257 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49236 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49241 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49257 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49241 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49233 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49242 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49233 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49259 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49242 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49259 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49247 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49233 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49242 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49247 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49259 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49247 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49238 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49245 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49238 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49245 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49238 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49245 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49249 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49262 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49262 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49262 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49246 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49243 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49246 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49253 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49246 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49253 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49267 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49243 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49267 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49246 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49253 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49267 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49267 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49248 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49248 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49270 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49255 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49270 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49248 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49255 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49270 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49272 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49272 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49272 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49252 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49252 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49287 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49258 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49287 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49258 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49273 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49287 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49273 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49273 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49260 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49260 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49276 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49276 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49290 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49260 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49290 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49276 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49275 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49290 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49275 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49275 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49263 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49263 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49280 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49280 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49294 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49263 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49294 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49277 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49294 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49277 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2048381	ET INFO Anonymous File Sharing Domain in DNS Lookup (qu .ax)	Misc activity
TCP 192.168.56.103:49280 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49277 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49296 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49296 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49289 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49296 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49289 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49284 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49284 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49164 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49289 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49296 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49164 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49284 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49164 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49284 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49185 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49291 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49291 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49185 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49299 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49299 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49299 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49185 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49166 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49304 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49166 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49304 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49300 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49307 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49300 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49307 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49188 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49166 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49304 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49188 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49300 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49307 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49188 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49175 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49313 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49175 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49310 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49306 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49313 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49190 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49306 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49310 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49175 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49190 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49313 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49306 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49310 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49190 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49179 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49179 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49321 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49314 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49191 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49179 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49321 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49191 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49321 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49265 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49191 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49265 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49212 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49265 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49212 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49315 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49333 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49192 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49315 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49333 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49212 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49192 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49192 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49333 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49315 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49266 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49266 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49216 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49216 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49266 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49198 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49216 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49337 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49320 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49337 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49320 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49198 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49337 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49320 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49218 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49198 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49218 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49268 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49218 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49338 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49268 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49322 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49338 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49322 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49203 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49338 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49203 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49322 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49235 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49235 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49203 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49278 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49235 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49278 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49343 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49331 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49343 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49278 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49331 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49204 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49343 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49204 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49331 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49250 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49250 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49204 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49279 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49250 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49279 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49345 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49345 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49335 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49279 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49335 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49345 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49210 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49210 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49251 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49335 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49251 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49210 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49251 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49351 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49351 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49295 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49295 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49336 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49351 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49336 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49295 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49215 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49336 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49254 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49362 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49254 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49362 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49308 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49308 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49340 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49362 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49340 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49308 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49274 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49227 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49340 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49274 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49372 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49274 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49372 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49311 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49350 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49372 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49350 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49231 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49281 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49231 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49350 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49281 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49281 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49316 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49316 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49353 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49316 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49353 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49282 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49234 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49353 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49234 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49282 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49234 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49282 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49317 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49317 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49361 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49361 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49317 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49237 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49283 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49237 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49361 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49283 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49237 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49283 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49319 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49319 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49368 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49368 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49319 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49239 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49286 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49239 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49368 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49286 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49286 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49325 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49325 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49369 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49369 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49325 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49240 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49240 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49369 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49292 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49292 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49240 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49292 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49330 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49370 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49330 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49370 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49244 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49244 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49330 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49297 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49370 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49297 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49244 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49297 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49332 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49371 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49332 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49261 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49371 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49261 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49298 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49332 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49298 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49371 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49261 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49298 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49334 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49334 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49264 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49301 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49334 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49301 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49301 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49344 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49344 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49269 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49302 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49344 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49302 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49302 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49347 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49347 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49271 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49303 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49271 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49347 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49303 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49271 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49303 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49348 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49348 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49285 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49285 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49305 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49348 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49305 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49285 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49305 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49355 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49355 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49288 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49309 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49288 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49355 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49288 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49364 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49364 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49293 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49293 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49364 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49293 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49365 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49365 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49326 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49326 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49309 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49365 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49309 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49326 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49365 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49312 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49312 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49327 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49327 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49312 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49367 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49327 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49367 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49367 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49323 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49323 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49342 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49342 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49373 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49342 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49373 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49318 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49373 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49318 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49339 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49339 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49346 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49318 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49346 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49339 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49374 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49346 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49374 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49374 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49324 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49341 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49349 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49341 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49324 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49349 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49341 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49349 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49324 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49357 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49352 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49357 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49328 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49352 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49328 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49357 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49352 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49328 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49358 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49356 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49358 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49356 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49329 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49358 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49329 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49356 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49329 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49359 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49359 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49354 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49359 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49354 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49354 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49360 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49360 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49363 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49360 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49363 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49363 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49366 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49366 -> 45.145.43.133:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49366 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49250 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49334 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49280 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49297 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49278 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49242 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49358 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49273 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49216 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49368 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49337 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49212 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49217 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49163 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49357 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49230 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49321 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49359 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49180 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49291 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49360 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49170 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49348 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49173 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49232 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49162 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49262 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49313 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49332 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49249 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49275 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49335 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49238 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49241 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49293 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49222 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49235 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49196 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49340 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49239 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49295 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49324 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49301 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49266 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49269 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49236 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49351 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49218 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49373 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49326 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49353 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49240 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49189 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49298 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49308 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49195 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49257 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49323 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49265 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49320 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49256 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49356 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49364 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49197 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49338 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49288 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49263 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49361 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49176 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49204 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49344 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49350 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49267 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49203 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49303 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49233 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49255 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49289 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49190 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49202 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49322 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49343 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49327 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49319 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49286 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49369 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49205 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49264 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49283 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49363 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49285 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49228 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49254 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49198 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49253 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49304 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49259 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49234 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49258 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49179 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49168 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49310 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49171 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49184 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49339 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49306 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49318 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49237 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49331 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49166 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49345 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49296 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49193 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49206 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49272 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49165 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49211 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49309 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49209 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49220 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49354 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49279 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49370 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49292 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49362 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49167 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49371 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49341 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49223 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49316 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49276 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49312 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49333 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49252 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49245 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49199 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49305 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49225 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49226 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49281 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49214 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49317 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49314 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49261 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49187 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49221 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49181 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49229 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49270 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49186 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49352 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49311 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49372 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49246 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49302 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49342 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49374 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49224 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49274 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49185 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49336 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49178 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49251 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49183 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49315 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49192 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49300 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49164 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49188 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49366 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49277 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49355 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49284 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49227 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49328 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49194 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49213 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49172 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49290 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49169 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49208 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49191 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49200 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49207 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49177 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49201 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49365 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49215 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49329 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49268 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49244 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49294 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49243 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49231 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49287 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49248 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49210 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49247 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49260 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49346 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49299 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49325 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49349 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity
TCP 192.168.56.103:49271 -> 45.145.43.133:443	2048382	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI	Misc activity

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 2, 2024, 5:49 p.m.			0	0
IsDebuggerPresent Feb. 2, 2024, 5:49 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 2, 2024, 5:49 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (19 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 2031616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ba0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00490000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00332000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00465000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00467000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00456000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00970000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0033a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00457000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 2, 2024, 5:49 p.m.	process_identifier: 296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0033c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Feb. 2, 2024, 5:49 p.m.	flags: 15 family: 0		111	0

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Injuke.16!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Sabsik
Skyhigh	RDN/Generic Downloader.x
ALYac	Gen:Variant.Marsilia.102873
Cylance	unsafe
VIPRE	Gen:Variant.Marsilia.102873
Sangfor	Downloader.Msil.Injuke.V40r
K7AntiVirus	Trojan-Downloader ( 005b0f601 )
BitDefender	Trojan.Generic.34848355
K7GW	Trojan-Downloader ( 005b0f601 )
Arcabit	Trojan.Generic.D213BE63
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.QFG
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Trojan.Win32.Injuke.ltxu
Alibaba	Trojan:MSIL/Injuke.b17b4a95
NANO-Antivirus	Trojan.Win32.Injuke.khrkrz
MicroWorld-eScan	Trojan.Generic.34848355
Rising	Downloader.Agent!8.B23 (CLOUD)
Emsisoft	Trojan.Generic.34848355 (B)
F-Secure	Heuristic.HEUR/AGEN.1365690
DrWeb	Trojan.DownLoaderNET.918
TrendMicro	TROJ_GEN.R002C0DAV24
FireEye	Trojan.Generic.34848355
Sophos	Troj/Reflekt-V
Ikarus	Trojan-Downloader.MSIL.Agent
Webroot	W32.Injuke.ltxu
Avira	HEUR/AGEN.1365690
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Sabsik
Microsoft	Trojan:MSIL/AgentTesla.PTGZ!MTB
ZoneAlarm	Trojan.Win32.Injuke.ltxu
GData	Trojan.Generic.34848355
Varist	W32/MSIL_Kryptik.KEE.gen!Eldorado
AhnLab-V3	Trojan/Win.AgentTesla.C5579536
McAfee	RDN/Generic Downloader.x
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3880183352
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0DAV24
Tencent	Malware.Win32.Gencirc.13feba64
MaxSecure	Trojan.Malware.230304354.susgen
Fortinet	MSIL/Agent.QFN!tr.dldr
AVG	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_100% (W)

Alej.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All