popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

http://www.tepevizyon.com.tr/xx/Panel/PvqDq929BSx_A_D_M1n_a.php

AntiVM MSOffice File AntiDebug
  1. Resubmit sample
Category Machine Started Completed
URL s1_win7_x6403_us March 5, 2023, 12:42 a.m. March 5, 2023, 12:44 a.m.
URL http://www.tepevizyon.com.tr/xx/Panel/PvqDq929BSx_A_D_M1n_a.php

Name Response Post-Analysis Lookup
fonts.googleapis.com
A 172.217.25.10
142.250.207.106
www.tepevizyon.com.tr
A 213.238.183.171
CNAME tepevizyon.com.tr
213.238.183.171
IP Address Status Action
117.18.232.200 Active Moloch
164.124.101.2 Active Moloch
172.217.25.10 Active Moloch
213.238.183.171 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49175 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49175 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49175 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49175 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49175 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49189 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49189 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49189 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49189 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49196 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49196 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49196 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49196 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49196 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49200 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49200 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49200 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49200 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49200 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49208 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49208 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49208 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49208 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49208 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49172 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49172 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49172 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49177 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49177 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49177 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49177 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49177 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49184 -> 172.217.25.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49174 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49180 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49180 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49180 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49180 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49180 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49185 -> 172.217.25.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49203 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49206 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49206 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49174 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49174 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49174 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49174 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49173 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49173 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49182 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49182 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49182 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49183 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49183 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49183 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49182 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49182 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49183 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49183 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49187 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49187 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49206 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49187 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49187 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49206 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49206 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49201 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49210 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49210 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49202 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49202 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49211 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49211 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49178 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49223 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49178 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49223 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49178 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49223 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49223 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49178 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49223 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49178 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49211 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49211 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49212 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49212 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49192 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49192 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49227 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49227 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49191 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49191 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49227 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49227 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49212 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49191 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49204 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49191 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49204 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49204 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49228 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49192 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49228 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49192 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49204 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49212 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49228 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49195 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49204 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49195 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49195 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49195 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49195 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49228 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49194 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49194 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49194 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49267 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49194 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49210 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49194 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49210 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49199 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49199 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49199 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49222 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49199 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49199 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49267 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49222 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49267 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49222 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49222 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49222 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49267 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49267 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49236 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49236 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49236 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49274 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49221 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49221 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49221 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49236 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49236 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49205 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49205 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49205 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49274 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49221 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49221 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49205 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49205 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49274 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49274 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49231 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49231 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49231 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49231 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49231 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49235 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49235 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49235 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49235 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49235 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49238 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49238 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49238 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49238 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49286 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49286 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49286 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49242 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49242 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49242 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49242 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49251 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49251 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49251 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49251 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49251 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49268 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49268 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49268 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49268 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49277 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49277 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49277 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49277 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49277 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49230 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49230 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49230 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49230 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49230 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49287 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49287 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49287 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49289 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49241 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49241 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49286 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49286 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49287 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49287 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49172 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49289 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49241 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49172 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49241 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49289 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49289 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49176 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49176 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49176 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49258 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49258 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49258 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49176 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49258 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49176 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49258 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49179 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49179 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49271 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49179 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49271 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49271 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49271 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49181 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49181 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49181 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49280 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49280 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49179 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49179 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49280 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49280 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49181 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49181 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49188 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49188 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49225 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49225 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49225 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49188 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49188 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49225 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49225 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49190 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49190 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49190 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49190 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49190 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49198 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49198 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49260 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49260 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49260 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49260 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49260 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49264 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49264 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49264 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49264 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49220 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49220 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49220 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49220 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49220 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49285 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49285 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49224 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49285 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49224 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49285 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49224 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49224 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49224 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49229 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49229 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49229 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49229 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49240 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49240 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49240 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49240 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49255 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49255 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49255 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49255 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49252 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49252 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49252 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49252 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49252 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49259 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49259 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49253 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49253 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49253 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49259 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49253 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49253 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49256 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49259 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49256 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49256 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49256 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49259 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49256 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49265 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49261 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49265 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49261 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49265 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49261 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49265 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49265 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49263 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49263 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49263 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49263 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49263 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49261 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49261 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49272 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49272 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49272 -> 213.238.183.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.238.183.171:443 -> 192.168.56.103:49272 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49272 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49290 -> 213.238.183.171:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49290 -> 213.238.183.171:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49290 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49290 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49201 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49201 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49207 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49207 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49203 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.238.183.171:443 -> 192.168.56.103:49203 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49184
172.217.25.10:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com 2e:01:79:0a:f4:af:b4:b2:18:5f:56:ea:ed:84:40:c2:63:9f:2c:90
TLSv1
192.168.56.103:49185
172.217.25.10:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com 2e:01:79:0a:f4:af:b4:b2:18:5f:56:ea:ed:84:40:c2:63:9f:2c:90

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefdbfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 108324496
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 108330448
registers.r11: 108326256
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1896521642
registers.r13: 0
1 0 0
request GET http://www.tepevizyon.com.tr/xx/Panel/PvqDq929BSx_A_D_M1n_a.php
request GET http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/css/prettyPhoto.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/css/font-awesome.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css
request GET http://www.tepevizyon.com.tr/wp-includes/css/classic-themes.min.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/contact-form-7/includes/css/styles.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce-composite-products/assets/css/frontend/woocommerce.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce-composite-products/assets/css/frontend/checkout-blocks.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/xstore.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/mobile-panel.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/woocommerce/global.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/404-page.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/contact-forms.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/menu.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/all-departments-menu.min.css
request GET http://www.tepevizyon.com.tr/wp-content/uploads/xstore/kirki-styles.css
request GET http://www.tepevizyon.com.tr/wp-includes/js/jquery/jquery.min.js
request GET http://www.tepevizyon.com.tr/wp-includes/js/jquery/jquery-migrate.min.js
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/elementor.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/breadcrumbs.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/back-top.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/search.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/off-canvas.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/mobile-menu.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/builders/elementor/etheme-icon-box.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/toggles-by-arrow.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/banners/banners-global.min.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/builders/elementor/etheme-countdown.min.css
request GET http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/post-136.css
request GET http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/woocommerce/cart-widget.min.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css
request GET http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/post-149.css
request GET http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css
request GET http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/global.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/et-core-plugin/app/assets/lib/xstore-icons/css/light.css
request GET http://www.tepevizyon.com.tr/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.10
request GET http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.min.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/contact-form-7/includes/swv/js/index.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/contact-form-7/includes/js/index.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.10
request GET http://www.tepevizyon.com.tr/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.10
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js
request GET http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js
request POST http://www.tepevizyon.com.tr/?wc-ajax=get_refreshed_fragments&elementor_page_id=0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 416
region_size: 3805184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002ee0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 416
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003280000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007725d000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077282000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077264000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077282000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc7d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc7d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe4f4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff871000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007724a000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 416
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000034b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef1709000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2076
region_size: 16388096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002cd0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2076
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003c70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772b1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007725d000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077282000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077264000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077282000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc7d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc7d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe4f4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff871000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007724a000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007724f000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007724d000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007724b000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076fd6000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077706000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076fd1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077250000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007724a000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776df000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000776eb000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe1a7000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe494000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe491000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe496000
process_handle: 0xffffffffffffffff
1 0 0
Application Crash Process iexplore.exe with pid 416 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefdbfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 108324496
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 108330448
registers.r11: 108326256
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1896521642
registers.r13: 0
1 0 0
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\index[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\rbtools.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\woocommerce.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\js.cookie.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\frontend.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\promoTextCarousel.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\etheme-scripts.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\mobilePanel.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery.blockUI.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\portfolio.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ethemeCountdown.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\rs6.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery.lazyload[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\ajaxSearch.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery.yith-wcwl.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\elements-handlers.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery.selectBox.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\swiper.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\all-departments-menu.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\core.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\forms[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\frontend-modules.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\mobileMenu.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\webpack.runtime.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\back-top.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\cart-fragments.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\add-to-cart.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\regenerator-runtime.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-migrate.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\productCategoriesWidget.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\frontend.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\index[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\woocommerce.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\fixedHeader.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery.prettyPhoto.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\tabs.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\hooks.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\wishlist.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\webpack-pro.runtime.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\i18n.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\waypoints.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\imagesLoaded[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\wp-polyfill.min[1].js
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x000007fffff70000
process_handle: 0xffffffffffffffff
1 0 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:416 CREDAT:145409
host 117.18.232.200
Process injection Process 416 resumed a thread in remote process 2076
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000000000000338
suspend_count: 1
process_identifier: 2076
1 0 0