Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 28, 2021, 8:04 a.m.	May 28, 2021, 8:22 a.m.

Size	6.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0e24059570f9655711ba4454c21c9e2e`
SHA256	`3931b6203a3812f8e88eab9f33619db282e61fd02e1aa5de7bf4289fddca4c6f`
CRC32	`0A29B799`
ssdeep	`96:jrekZvkg2vwAUDaZ2j9YXQbheD1TIoDKk5WiUtWwAzNt:J2GO2JYA+J5WiUtWz`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)

test.exe "C:\Users\test22\AppData\Local\Temp\test.exe"
2856

Name	Response	Post-Analysis Lookup
ieaspk.com	A 67.220.184.98	67.220.184.98
vunachiimpex.xyz	A 185.239.243.112

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.239.243.112	Active	Moloch
67.220.184.98	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 67.220.184.98:443 -> 192.168.56.101:49207	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49205	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49213	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49210	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49204	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49205 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49205	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49205	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49213 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49213 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49209	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49214	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49201 -> 185.239.243.112:80	2022896	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016	A Network Trojan was detected
TCP 192.168.56.101:49209 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49214 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49214 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49217	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49223	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49208	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49217 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49217 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49223 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49212	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49217 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49212 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 185.239.243.112:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49212 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49212 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49218	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49218 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49218 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49218 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49225	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49225 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49220	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49225 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49225 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49222	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49220 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49220 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49222 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49222 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49216	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49225	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49221	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49225	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49216 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49216 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49232	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49216 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49229	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49232 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49221	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49221	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49229 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49229 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49229 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49226	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49247	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49226 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49247 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49226 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49247 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49226 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49239	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49247	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49247	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49228	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49239 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49239 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49239 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 185.239.243.112:80 -> 192.168.56.101:49201	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 67.220.184.98:443 -> 192.168.56.101:49251	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 185.239.243.112:80 -> 192.168.56.101:49201	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.101:49251 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49251 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49251 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49240	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49240 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49240 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49240 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49252	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49252 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49252 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49252 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49241	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49241 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49241 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49241 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49253	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49253 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49253 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49253 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49244	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49244 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49244 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49244 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49259	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49259 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49259 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49259 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49245	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49245 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49245 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49245 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49263	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49263 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49263 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49248	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49263 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49248 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49248 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49264	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49264 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49257	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49264 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49264 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49257 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49257 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49273	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49273 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49269	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49273 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49273 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49269 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49269 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49278	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49269	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49269	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49278 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49278 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49278 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49275	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49275 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49275 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49299	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49275 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49299 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49219	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49299 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49299 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49277	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49219 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49219 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49219 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49277 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49302	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49228 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49277 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49228 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49277 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49302 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49302 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49302 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49230	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49233	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49282	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49233 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49303	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49233 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49233 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49303 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49282 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49303 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49303 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49231	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49235	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49283	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49231 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49306	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49235 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49231 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49235 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49231 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49283 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49306 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49283 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49306 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49283 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49306 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49249	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49290	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49311	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49249 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49249 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49249 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49290 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49311 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49223 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49290 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49311 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49290 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49311 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49258	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49320	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49258 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49292	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49238	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49202	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49258 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49258 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49320 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49292 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49320 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49292 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49320 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49292 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49238 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49289	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49236	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49332	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49289 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49307	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49289 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49289 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49243	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49332 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49236 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49307 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49236 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49332 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49307 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49332 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49307 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49243 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49243 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49291	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49261	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49291 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49334	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49310	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49291 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49291 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49246	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49261 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49334 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49310 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49261 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49334 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49291	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49310 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49334 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49291	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49310 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49246 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49246 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49246 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49293	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49262	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49344	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49321	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49293 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49262 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49250	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49293 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49262 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49344 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49293 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49321 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49262 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49344 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49321 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49344 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49321 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49250 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49296	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49267	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49345	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49323	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49267 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49296 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49255	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49267 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49296 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49345 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49296 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49323 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49345 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49323 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49255 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49267 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49345 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49323 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49301	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49348	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49270	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49326	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49256	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49301 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49301 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49301 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49348 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49326 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49256 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49348 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49326 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49256 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49348 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49326 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49270 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49270 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49308	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49270 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49352	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49338	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49260	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49308 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49308 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49352 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49308 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49203	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49352 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49260 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49352 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49338 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49260 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49338 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49260 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49338 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49203 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49203 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49313	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49260	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49353	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49271	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49260	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49313 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49347	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49313 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49313 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49353 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49266	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49353 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49347 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49353 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49206	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49271 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49266 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49271 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49266 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49271 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49328	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49347 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49206 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49347 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49206 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49328 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49328 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49328 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49272	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49280	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49355	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49272 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49211	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49272 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49280 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49272 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49355 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49336	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49280 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49355 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49355 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49336 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49211	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49336 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49211	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49336 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49274	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49365	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49281	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49274 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49365 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49281 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49365 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49281 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49340	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49365 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49274 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49215	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49274 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49340 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49340 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49340 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49372	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49284	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49279	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49358	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49372 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49284 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49346	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49372 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49284 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49372 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49358 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49224	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49346 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49346 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49279 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49346 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49279 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49374	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49295	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49349	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49295 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49374 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49286	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49295 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49374 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49295 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49374 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49349 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49349 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49286 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49349 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49227	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49358 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49358 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49305	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49398	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49356	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49305 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49361	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49305 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49356 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49398 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49305 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49356 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49398 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49286 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49356 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49398 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49361 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49361 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49286 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49234	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49361 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49314	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49234 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49360	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49234 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49234 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49314 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49362	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49288	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49314 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49360 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49314 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49362 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49288 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49362 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49288 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49362 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49360 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49360 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49237	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49315	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49366	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49294	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49315 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49237 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49315 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49237 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49315 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49366 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49367	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49294 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49366 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49237 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49294 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49366 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49294 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49367 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49367 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49400	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49319	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49400 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49242	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49373	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49297	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49400 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49319 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49400 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49319 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49367 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49319 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49242 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49297 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49373 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49242 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49373 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49297 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49242 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49373 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49297 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49325	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49376	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49373	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49373	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49325 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49325 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49298	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49254	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49325 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49376 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49376 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49298 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49380	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49376 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49254 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49298 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49254 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49298 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49254 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49380 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49329	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49380 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49402	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49380 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49329 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49300	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49329 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49402 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49329 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49402 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49265	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49402 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49381	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49300 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49300 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49381 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49265 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49381 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49265 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49330	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49381 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49378	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49304	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49330 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49330 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49330 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49378 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49304 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49383	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49378 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49268	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49304 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49378 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49304 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49268 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49331	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49268 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49383 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49333	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49331 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49383 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49331 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49383 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49403	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49331 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49333 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49276	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49333 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49333 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49403 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49403 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49331	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49276 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49403 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49331	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49276 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49276 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49385	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49394	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49339	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49337	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49385 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49385 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49394 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49339 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49385 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49394 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49394 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49337 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49339 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49337 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49337 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49285	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49339 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49389	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49285 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49285 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49285 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49405	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49341	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49342	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49389 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49389 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49405 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49389 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49405 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49341 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49342 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49405 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49341 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49342 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49411	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49341 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49342 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49411 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49411 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49407	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49411 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49408	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49363	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49351	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49407 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49408 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49363 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49408 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49416	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49351 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49408 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49363 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49351 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49363 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49351 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49416 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49416 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49416 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49407 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49407 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49414	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49371	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49354	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49414 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49414 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49371 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49414 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49371 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49354 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49287	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49371 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49354 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49410	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49354 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49287 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49410 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49287 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49410 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49375	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49410 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49422	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49364	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49375 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49422 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49375 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49364 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49422 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49375 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49364 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49422 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49412	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49364 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49412 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49412 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49423	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49412 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49436	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49369	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49423 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49423 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49423 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49369 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49309	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49436 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49369 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49421	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49436 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49369 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49436 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49421 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49309 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49421 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49421 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49370	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49377	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49421	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49438	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49430	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49421	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49370 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49370 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49370 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49430 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49438 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49309 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49377 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49438 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49435	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49430 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49377 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49438 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49430 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49377 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49309 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49435 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49384	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49435 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49435 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49384 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49450	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49384 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49382	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49312	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49384 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49450 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49382 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49450 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49312 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49443	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49382 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49450 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49312 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49382 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49391	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49443 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49443 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49443 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49391 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49433	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49391 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49391 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49399	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49433 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49433 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49456	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49433 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49312 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49456 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49392	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49399 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49456 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49456 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49392 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49392 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49316	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49392 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49454	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49413	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49316 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49458	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49316 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49316 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49454 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49413 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49454 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49458 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49413 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49393	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49454 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49458 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49413 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49458 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49393 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49437	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49393 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49393 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49437 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49461	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49419	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49462	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49437 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49437 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49461 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49419 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49461 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49419 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49396	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49462 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49461 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49462 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49462 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49419 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49396 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49396 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49396 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49463	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49420	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49466	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49317	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49463 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49440	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49397	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49463 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49420 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49463 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49420 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49440 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49420 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49397 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49440 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49397 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49440 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49397 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49465	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49465 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49441	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49465 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49424	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49404	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49317 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49465 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49441 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49317 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49441 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49317 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49424 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49424 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49466 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49404 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49424 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49466 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49441 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49404 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49466 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49468	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49318	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49468 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49429	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49468 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49444	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49468 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49318 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49469	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49318 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49404 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49429 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49318 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49429 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49444 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49469 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49429 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49444 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49444 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49469 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49469 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49470	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49322	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49432	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49470 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49448	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49322 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49472	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49470 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49322 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49432 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49322 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49432 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49448 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49432 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49472 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49448 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49472 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49448 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49472 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49470 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49418	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49324	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49418 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49418 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49442	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49418 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49324 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49476	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49479	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49324 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49324 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49442 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49442 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49476 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49479 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49442 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49476 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49479 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49476 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49479 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49425	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49327	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49425 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49425 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49451	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49425 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49327 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49327 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49483	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49484	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49327 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49451 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49451 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49483 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49451 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49484 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49483 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49484 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49483 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49484 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49335	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49427	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49455	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49335 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49335 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49335 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49467	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49427 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49455 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49427 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49455 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49455 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49427 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49467 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49467 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49467 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49343	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49457	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49434	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49343 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49343 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49474	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49343 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49457 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49434 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49457 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49474 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49457 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49434 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49474 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49434 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49474 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49350	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49434	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49474	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49434	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49471	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49474	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49350 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49350 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49350 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49471 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49471 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49446	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49471 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49481	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49446 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49357	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49446 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49481 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49446 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49481 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49481 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49473	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49357 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49357 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49357 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49473 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49481	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49473 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49481	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49453	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49473 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49453 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49359	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49453 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49486	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49453 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49475	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49359 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49486 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49359 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49486 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49359 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49486 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49475 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49475 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49459	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49475 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49459 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49459 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49368	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49487	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49459 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49477	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49487 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49368 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49487 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49368 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49477 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49487 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49368 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49477 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49464	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49477 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49464 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49464 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49464 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49379	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49490	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49478	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49379 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49490 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49379 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49478 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49490 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49379 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49480	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49490 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49478 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49478 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49480 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49480 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49480 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49386	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49482	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49386 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49386 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49482 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49386 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49482 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49482 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49387	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49485	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49387 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49485 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49387 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49485 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49387 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49485 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49388	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 67.220.184.98:443 -> 192.168.56.101:49488	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49388 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49488 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49388 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49488 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49388 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49488 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49388	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49388	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49489	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49489 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49390	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49489 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49489 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49390 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49390 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49390 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49395	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49395 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49395 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49395 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49401	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49401 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49401 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49401 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49406	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49406 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49406 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49406 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49409	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49409 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49409 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49409 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49415	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49415 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49415 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49415 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49417	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49417 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49417 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49417 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49426	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49426 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49426 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49426 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49428	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49428 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49428 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49428 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49431	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49431 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49431 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49431 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49439	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49439 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49439 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49439 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49439	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49439	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49445	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49445 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49445 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49445 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49447	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49447 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49447 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49447 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49449	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49449 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49449 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49449 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49452	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49452 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49452 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49452 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49460	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49460 -> 67.220.184.98:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49460 -> 67.220.184.98:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49460 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49394	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49371	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49394	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49371	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49476	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49476	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49324	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49360	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49372	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49324	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49360	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49372	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49251	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49215	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49251	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49244	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49262	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49215	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49244	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49262	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49332	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49332	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49386	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49338	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49272	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49386	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49338	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49272	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49259	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49259	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49390	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49450	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49390	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49450	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49334	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49455	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49334	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49455	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49322	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49454	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49322	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49454	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49412	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49488	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49412	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49488	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49224	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49245	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49411	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49224	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49245	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49411	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49352	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49352	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49368	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49368	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49219	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49356	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49264	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49219	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49356	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49264	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49254	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49429	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49254	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49429	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49433	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49358	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49433	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49358	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49447	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49297	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49447	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49297	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49292	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49292	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49379	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49471	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49379	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49471	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49468	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49456	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49468	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49456	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49357	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49216	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49357	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49216	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49353	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49239	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49353	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49239	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49387	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49477	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49387	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49477	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49210	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49438	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49210	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49438	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49294	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49203	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49294	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49385	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49203	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49465	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49385	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49465	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49375	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49449	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49375	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49407	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49257	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49449	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49407	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49257	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49341	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49341	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49346	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49452	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49435	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49346	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49452	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49435	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49414	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49231	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49414	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49268	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49231	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49466	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49268	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49466	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49402	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49237	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49399	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49402	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49237	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49273	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49399	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49367	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49273	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49367	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49307	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49395	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49288	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49307	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49395	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49288	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49253	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49253	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49349	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49283	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49316	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49349	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49283	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49316	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49469	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49469	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49301	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49415	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49355	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49301	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49415	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49302	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49355	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49302	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49214	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49285	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49214	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49285	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49380	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49400	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49380	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49400	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49428	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49228	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49428	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49228	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49345	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49207	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49345	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49350	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49207	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49376	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49350	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49376	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49263	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49275	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49263	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49309	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49275	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49340	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49309	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49340	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49361	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49483	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49361	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49483	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49490	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49490	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49419	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49243	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49389	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49310	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49417	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49243	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49389	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49310	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49417	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49328	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49328	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49314	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49406	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49314	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49320	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49398	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49406	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49437	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49320	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49398	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49437	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49250	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49359	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49250	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49323	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49359	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49381	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49323	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49313	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49381	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49313	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49281	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49401	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49281	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49240	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49401	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49303	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49240	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49233	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49303	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49280	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49233	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49335	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49280	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49335	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49365	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49344	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49365	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49308	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49344	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49329	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49234	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49308	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49329	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49419	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49347	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49484	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49347	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49234	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49218	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49484	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49218	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49446	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49446	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49431	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49212	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49485	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49463	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49431	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49217	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49485	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49463	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49284	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49217	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49284	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49265	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49413	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49282	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49265	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49413	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49448	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49282	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49427	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49448	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49212	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49427	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49270	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49290	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49270	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49289	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49404	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49290	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49289	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49383	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49404	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49267	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49383	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49267	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49405	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49249	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49369	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49405	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49249	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49362	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49369	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49442	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49362	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49442	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49467	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49436	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49238	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49467	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49222	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49238	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49436	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49222	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49276	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49296	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49276	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49296	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49391	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49248	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49311	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49391	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49248	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49311	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49261	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49226	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49261	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49226	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49319	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49277	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49472	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49277	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49319	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49426	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49472	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49444	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49426	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49444	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49470	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49393	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49470	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49252	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49227	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49393	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49252	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49441	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49227	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49441	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49209	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49304	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49209	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49458	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49304	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49213	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49458	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49336	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49213	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49422	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49336	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49432	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49422	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49432	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49348	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49384	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49348	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49430	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49384	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49408	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49339	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49430	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49408	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49339	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49462	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49256	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49462	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49256	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49423	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49326	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49204	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49423	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49326	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49204	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49364	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49364	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49494 -> 67.220.184.98:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 67.220.184.98:443 -> 192.168.56.101:49242	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49235	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49242	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49235	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49425	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49425	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49479	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49298	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49378	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49298	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49392	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49479	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49392	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49378	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49397	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49409	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49397	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49409	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49487	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49418	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49487	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49445	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49418	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49445	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49440	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49315	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49440	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49317	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49315	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49317	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49293	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49305	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49318	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49293	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49305	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49318	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49274	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49416	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49410	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49460	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49410	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49274	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49416	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49330	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49424	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49366	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49330	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49424	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49366	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49473	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49370	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49306	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49473	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49370	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49306	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49279	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49255	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49460	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49220	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49255	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49220	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49287	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49374	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49287	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49374	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49486	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49299	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49486	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49279	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49299	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49229	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49258	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49382	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49229	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49258	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49278	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49382	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49278	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49403	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49232	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49403	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49312	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49295	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49312	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49295	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49363	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49241	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49363	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49241	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49202	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49480	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49202	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49480	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49461	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49232	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49333	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49461	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49327	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49333	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49327	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49464	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49464	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49321	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49343	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49321	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49489	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49343	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49459	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49489	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49459	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49206	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49475	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49206	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49223	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49475	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49223	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49377	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49354	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49377	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49354	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49451	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49266	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49451	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49266	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49420	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49351	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49420	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49351	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49236	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49342	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49236	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49342	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49300	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49453	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49300	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49453	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49457	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49246	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49457	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49246	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49478	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49478	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49337	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49337	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49271	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49325	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49271	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49325	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49208	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49208	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49396	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49396	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49230	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49230	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49482	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49482	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49286	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 67.220.184.98:443 -> 192.168.56.101:49286	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 28, 2021, 8:04 a.m.			0	0
IsDebuggerPresent May 28, 2021, 8:04 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 28, 2021, 8:04 a.m.		1	1	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET http://vunachiimpex.xyz/buta/vuga.exe

Performs some HTTP requests (1 event)

request

GET http://vunachiimpex.xyz/buta/vuga.exe

Allocates read-write-execute memory (usually to unpack itself) (19 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00710000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72741000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72742000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00432000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00465000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00467000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00670000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00457000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00456000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2021, 8:04 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses May 28, 2021, 8:04 a.m.	flags: 15 family: 0		111	0

File has been identified by 25 AntiVirus engines on VirusTotal as malicious (25 events)

Elastic	malicious (high confidence)
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 0057c3331 )
Alibaba	Trojan:MSIL/Generic.25b90c05
K7GW	Trojan-Downloader ( 0057c3331 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.HWU
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
Avast	FileRepMalware
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
eGambit	Unsafe.AI_Score_57%
AegisLab	Trojan.MSIL.Agensla.i!c
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
McAfee	RDN/Generic Downloader.x
TrendMicro-HouseCall	TROJ_GEN.R002H0DER21
Rising	Downloader.Agent!8.B23 (CLOUD)
SentinelOne	Static AI - Suspicious PE
Fortinet	MSIL/Bulz.0420!tr
BitDefenderTheta	Gen:NN.ZemsilF.34692.am0@aqK@g3m
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_90% (W)

test.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All