popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Setup_pass1234.zip

Amadey ZIP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 13, 2023, 4:55 p.m. Sept. 13, 2023, 4:58 p.m.
Size 8.0MB
Type Zip archive data, at least v5.1 to extract
MD5 d6333d9f2326da7b78144d52fa20a05c
SHA256 33a6ea57e2165198411a5f7a855478a8aef5dd6631ee28b0571292c9d9214763
CRC32 53A8E7FF
ssdeep 196608:1PXO7GAkROaWG5XSO7JFns58Qm4UX1QbWQY7dr0:1feaWG9FnsyQmWI0
Yara
  • zip_file_format - ZIP file format

Name Response Post-Analysis Lookup
preconcert.pw
A 104.21.84.222
A 172.67.197.101
172.67.197.101
williecampbell.top
A 51.250.21.16
51.250.21.16
apps.identrust.com
A 182.162.106.33
CNAME a1952.dscq.akamai.net
A 182.162.106.32
CNAME identrust.edgesuite.net
A 23.67.53.27
A 23.67.53.17
23.67.53.27
ipinfo.io
A 34.117.59.81
34.117.59.81
learn.microsoft.com
CNAME learn-public.trafficmanager.net
CNAME learn.microsoft.com.edgekey.net
CNAME learn.microsoft.com.edgekey.net.globalredir.akadns.net
CNAME e13636.dscb.akamaiedge.net
A 104.75.33.236
104.75.33.236
hugersi.com
A 91.215.85.147
91.215.85.147
colisumy.com
A 211.181.24.133
A 190.139.250.133
A 181.170.86.159
A 84.224.216.79
A 211.53.230.67
A 189.186.80.218
A 189.245.1.33
A 37.34.248.24
A 175.120.254.9
A 211.119.84.111
189.186.80.218
charlesjones.top
A 51.250.21.16
51.250.21.16
sun6-23.userapi.com
A 95.142.206.3
95.142.206.3
worldtopnews.fun
A 104.21.13.218
A 172.67.133.72
172.67.133.72
agsnv.com
A 181.214.31.34
181.214.31.34
iplis.ru
A 148.251.234.93
148.251.234.93
bitbucket.org
A 104.192.141.1
104.192.141.1
vk.com
A 87.240.129.133
A 87.240.132.72
A 87.240.132.78
A 87.240.137.164
A 93.186.225.194
A 87.240.132.67
87.240.132.78
iplogger.org
A 148.251.234.83
148.251.234.83
sun6-20.userapi.com
A 95.142.206.0
95.142.206.0
ji.alie3ksgbb.com
A 172.67.200.102
A 104.21.90.117
172.67.200.102
z.nnnaajjjgc.com
A 156.236.72.121
156.236.72.121
api.2ip.ua
A 162.0.217.254
162.0.217.254
t.me
A 149.154.167.99
149.154.167.99
sun6-21.userapi.com
A 95.142.206.1
95.142.206.1
230907161118223.nmr.xrm42.top
A 94.156.35.76
94.156.35.76
vanaheim.cn
A 185.39.205.39
185.39.205.39
steamcommunity.com
A 184.50.42.33
184.50.42.33
api.myip.com
A 172.67.75.163
A 104.26.9.59
A 104.26.8.59
172.67.75.163
transfer.sh
A 144.76.136.153
144.76.136.153
db-ip.com
A 104.26.5.15
A 104.26.4.15
A 172.67.75.166
172.67.75.166
zexeq.com
A 201.124.224.61
A 175.119.10.231
A 211.171.233.129
A 211.181.24.133
A 186.182.55.44
A 109.98.58.98
A 210.182.29.70
A 168.187.75.100
A 115.88.24.200
A 181.170.86.159
175.119.10.231
IP Address Status Action
104.192.141.1 Active Moloch
104.21.13.218 Active Moloch
104.21.84.222 Active Moloch
104.21.90.117 Active Moloch
104.26.5.15 Active Moloch
104.26.8.59 Active Moloch
104.75.33.236 Active Moloch
116.203.7.16 Active Moloch
144.76.136.153 Active Moloch
148.251.234.83 Active Moloch
148.251.234.93 Active Moloch
149.154.167.99 Active Moloch
156.236.72.121 Active Moloch
162.0.217.254 Active Moloch
164.124.101.2 Active Moloch
171.22.28.208 Active Moloch
176.113.115.84 Active Moloch
181.214.31.34 Active Moloch
182.162.106.33 Active Moloch
184.30.187.53 Active Moloch
184.50.42.33 Active Moloch
185.225.73.32 Active Moloch
185.39.205.39 Active Moloch
194.169.175.128 Active Moloch
31.41.244.27 Active Moloch
34.117.59.81 Active Moloch
45.15.156.229 Active Moloch
5.42.92.211 Active Moloch
51.250.21.16 Active Moloch
51.38.95.107 Active Moloch
77.91.68.238 Active Moloch
87.121.221.58 Active Moloch
87.240.132.72 Active Moloch
87.240.132.78 Active Moloch
91.215.85.147 Active Moloch
94.142.138.131 Active Moloch
95.142.206.0 Active Moloch
95.142.206.1 Active Moloch
95.142.206.3 Active Moloch
201.124.224.61 Active Moloch
211.181.24.133 Active Moloch
23.67.53.27 Active Moloch
45.9.74.80 Active Moloch
94.156.35.76 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49169 -> 104.26.8.59:443 2042969 ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) Device Retrieving External IP Address Detected
TCP 192.168.56.102:49169 -> 104.26.8.59:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49168 -> 94.142.138.131:80 2045779 ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49173 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49174 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49174 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49175 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49187 -> 104.21.84.222:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.21.84.222:80 -> 192.168.56.102:49187 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49189 -> 104.21.84.222:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.102:51405 -> 164.124.101.2:53 2016778 ET DNS Query to a *.pw domain - Likely Hostile Potentially Bad Traffic
TCP 104.21.84.222:80 -> 192.168.56.102:49189 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49177 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49193 -> 104.21.84.222:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49179 -> 171.22.28.208:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.102:49179 -> 171.22.28.208:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 104.21.90.117:80 -> 192.168.56.102:49186 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 192.168.56.102:49179 -> 171.22.28.208:80 2016698 ET HUNTING Suspicious services.exe in URI Potentially Bad Traffic
TCP 192.168.56.102:49188 -> 51.250.21.16:80 2022896 ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 A Network Trojan was detected
TCP 192.168.56.102:49188 -> 51.250.21.16:80 2023882 ET INFO HTTP Request to a *.top domain Potentially Bad Traffic
UDP 192.168.56.102:51598 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 176.113.115.84:80 -> 192.168.56.102:49184 2400018 ET DROP Spamhaus DROP Listed Traffic Inbound group 19 Misc Attack
TCP 192.168.56.102:49183 -> 77.91.68.238:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.102:49182 -> 87.121.221.58:80 2018581 ET MALWARE Single char EXE direct download likely trojan (multiple families) A Network Trojan was detected
TCP 192.168.56.102:49182 -> 87.121.221.58:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.102:49182 -> 87.121.221.58:80 2019714 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile Potentially Bad Traffic
TCP 192.168.56.102:49191 -> 181.214.31.34:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49191 -> 181.214.31.34:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49195 -> 104.192.141.1:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49195 -> 104.192.141.1:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 171.22.28.208:80 -> 192.168.56.102:49179 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 171.22.28.208:80 -> 192.168.56.102:49179 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.102:49199 -> 181.214.31.34:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49183 -> 77.91.68.238:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 104.192.141.1:443 -> 192.168.56.102:49202 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49202 -> 104.192.141.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49181 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49181 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49198 -> 104.192.141.1:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 91.215.85.147:80 -> 192.168.56.102:49200 2400006 ET DROP Spamhaus DROP Listed Traffic Inbound group 7 Misc Attack
TCP 192.168.56.102:49204 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49171 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.102:49171 -> 34.117.59.81:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49171 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 181.214.31.34:443 -> 192.168.56.102:49212 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.21.84.222:80 -> 192.168.56.102:49190 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49185 -> 104.192.141.1:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49185 -> 104.192.141.1:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49180 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49180 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49214 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49214 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49182 -> 87.121.221.58:80 2018581 ET MALWARE Single char EXE direct download likely trojan (multiple families) A Network Trojan was detected
TCP 192.168.56.102:49182 -> 87.121.221.58:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.102:49182 -> 87.121.221.58:80 2019714 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile Potentially Bad Traffic
TCP 192.168.56.102:49206 -> 181.214.31.34:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49197 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49197 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 176.113.115.84:8080 -> 192.168.56.102:49205 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 176.113.115.84:8080 -> 192.168.56.102:49205 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 176.113.115.84:8080 -> 192.168.56.102:49205 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 192.168.56.102:49217 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49217 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49188 -> 51.250.21.16:80 2022896 ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 A Network Trojan was detected
TCP 87.121.221.58:80 -> 192.168.56.102:49182 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 87.121.221.58:80 -> 192.168.56.102:49182 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.102:49218 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49216 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49216 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49220 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49220 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49221 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49221 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.91.68.238:80 -> 192.168.56.102:49183 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 77.91.68.238:80 -> 192.168.56.102:49183 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 87.240.132.72:80 -> 192.168.56.102:49225 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49211 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49211 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49227 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49228 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49230 -> 95.142.206.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.192.141.1:443 -> 192.168.56.102:49210 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 87.240.132.72:80 -> 192.168.56.102:49223 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49224 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49224 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49232 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49232 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.215.85.147:80 -> 192.168.56.102:49200 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 192.168.56.102:49196 -> 181.214.31.34:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49196 -> 181.214.31.34:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.250.21.16:80 -> 192.168.56.102:49188 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 51.250.21.16:80 -> 192.168.56.102:49188 2023464 ET HUNTING Possible EXE Download From Suspicious TLD Misc activity
TCP 192.168.56.102:49233 -> 95.142.206.0:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49243 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49243 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.192.141.1:443 -> 192.168.56.102:49207 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49207 -> 104.192.141.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49208 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49208 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49248 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49229 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49234 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49236 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49236 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49231 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49231 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49237 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49237 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49238 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49239 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49209 -> 181.214.31.34:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49252 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49253 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49256 -> 95.142.206.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49257 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49258 -> 95.142.206.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49259 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49259 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49254 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49263 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49261 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49264 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49265 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49267 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49273 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.169.175.128:50505 -> 192.168.56.102:49268 2046266 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) Malware Command and Control Activity Detected
TCP 192.168.56.102:49277 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49278 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49274 -> 45.15.156.229:80 2045779 ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) Malware Command and Control Activity Detected
TCP 192.168.56.102:49281 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49284 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49287 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.102:49287 -> 34.117.59.81:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49287 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.102:49286 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49289 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49268 -> 194.169.175.128:50505 2046269 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) Malware Command and Control Activity Detected
TCP 192.168.56.102:49294 -> 104.26.5.15:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49300 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49290 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 192.168.56.102:49298 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.38.95.107:42494 -> 192.168.56.102:49311 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 194.169.175.128:50500 -> 192.168.56.102:49272 2046266 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) Malware Command and Control Activity Detected
TCP 192.168.56.102:49323 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.169.175.128:50500 -> 192.168.56.102:49272 2046267 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) Malware Command and Control Activity Detected
TCP 156.236.72.121:443 -> 192.168.56.102:49325 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49297 -> 5.42.92.211:80 2047625 ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) A Network Trojan was detected
TCP 192.168.56.102:49297 -> 5.42.92.211:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49329 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49299 -> 51.250.21.16:80 2044243 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in Malware Command and Control Activity Detected
TCP 192.168.56.102:49299 -> 51.250.21.16:80 2023882 ET INFO HTTP Request to a *.top domain Potentially Bad Traffic
TCP 192.168.56.102:49308 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49330 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49316 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49319 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49333 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49340 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49272 -> 194.169.175.128:50500 2046270 ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) Malware Command and Control Activity Detected
TCP 192.168.56.102:49295 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49304 -> 104.21.13.218:80 2046637 ET MALWARE [ANY.RUN] Win32/Lumma Stealer Configuration Request Attempt Malware Command and Control Activity Detected
TCP 156.236.72.121:443 -> 192.168.56.102:49309 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49313 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49315 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.102:57203 -> 164.124.101.2:53 2027026 ET POLICY External IP Address Lookup DNS Query (2ip .ua) Device Retrieving External IP Address Detected
UDP 192.168.56.102:53208 -> 164.124.101.2:53 2035948 ET POLICY IP Check Domain (iplogger .org in DNS Lookup) Potential Corporate Privacy Violation
TCP 156.236.72.121:443 -> 192.168.56.102:49346 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49356 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49351 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49358 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49351 -> 162.0.217.254:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49351 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49360 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49352 -> 148.251.234.83:443 2035949 ET POLICY IP Check Domain (iplogger .org in TLS SNI) Potential Corporate Privacy Violation
TCP 192.168.56.102:49352 -> 148.251.234.83:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49352 -> 148.251.234.83:443 2035949 ET POLICY IP Check Domain (iplogger .org in TLS SNI) Potential Corporate Privacy Violation
TCP 192.168.56.102:49345 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.41.244.27:41140 -> 192.168.56.102:49326 2400000 ET DROP Spamhaus DROP Listed Traffic Inbound group 1 Misc Attack
TCP 192.168.56.102:49334 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49353 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49365 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49343 -> 87.240.132.78:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49370 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49376 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49377 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49380 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49384 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49382 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.240.132.78:80 -> 192.168.56.102:49343 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49386 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.102:49393 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 51.38.95.107:42494 -> 192.168.56.102:49311 2046056 ET MALWARE Redline Stealer Activity (Response) A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.102:49388 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49395 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49364 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49362 -> 87.240.132.78:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 156.236.72.121:443 -> 192.168.56.102:49373 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49403 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49378 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49397 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49399 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49415 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49374 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49417 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49406 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49410 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49421 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49422 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49426 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49433 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49412 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49438 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.102:51852 -> 8.8.8.8:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 192.168.56.102:49413 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49446 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49418 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49419 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49450 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49452 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49448 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49469 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49456 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49474 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49435 -> 45.9.74.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49458 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49440 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49478 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49461 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49484 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49436 -> 87.240.132.78:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49436 -> 87.240.132.78:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49489 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49445 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49472 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49435 -> 45.9.74.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 162.0.217.254:443 -> 192.168.56.102:49473 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49449 -> 87.240.132.78:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49462 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49460 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49466 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49497 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49475 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49483 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49487 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49502 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49432 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49508 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49444 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49495 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.102:49464 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49485 -> 201.124.224.61:80 2002400 ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49485 -> 201.124.224.61:80 2036334 ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49242 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49242 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49491 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49480 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49529 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49500 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.102:49500 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49500 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.102:49514 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49516 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49245 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49245 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49520 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49244 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 201.124.224.61:80 -> 192.168.56.102:49485 2036335 ET MALWARE Win32/Filecoder.STOP Variant Public Key Download A Network Trojan was detected
TCP 192.168.56.102:49530 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49501 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49531 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49541 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49492 -> 201.124.224.61:80 2002400 ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) A Network Trojan was detected
TCP 192.168.56.102:49492 -> 201.124.224.61:80 2020826 ET MALWARE Potential Dridex.Maldoc Minimal Executable Request A Network Trojan was detected
TCP 192.168.56.102:49492 -> 201.124.224.61:80 2036333 ET MALWARE Win32/Vodkagats Loader Requesting Payload A Network Trojan was detected
TCP 192.168.56.102:49522 -> 116.203.7.16:80 2027262 ET INFO Dotted Quad Host ZIP Request Potentially Bad Traffic
TCP 201.124.224.61:80 -> 192.168.56.102:49492 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 192.168.56.102:49246 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 156.236.72.121:443 -> 192.168.56.102:49546 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49553 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49521 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49525 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49558 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49494 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.102:49494 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49494 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.102:49557 -> 104.75.33.236:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.75.33.236:443 -> 192.168.56.102:49561 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49527 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49538 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49542 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49544 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49568 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49569 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2027700 ET MALWARE Amadey CnC Check-In Malware Command and Control Activity Detected
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2045751 ET MALWARE Win32/Amadey Bot Activity (POST) M2 A Network Trojan was detected
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.102:49251 -> 87.240.132.72:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49251 -> 87.240.132.72:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49581 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49275 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49306 -> 185.225.73.32:44973 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49582 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49306 -> 185.225.73.32:44973 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 192.168.56.102:49306 -> 185.225.73.32:44973 2046105 ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) A Network Trojan was detected
TCP 192.168.56.102:49306 -> 185.225.73.32:44973 2046105 ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) A Network Trojan was detected
TCP 192.168.56.102:49585 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49341 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49337 -> 87.240.132.78:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49337 -> 87.240.132.78:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49344 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49357 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49357 -> 162.0.217.254:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49357 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 148.251.234.83:443 -> 192.168.56.102:49359 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49367 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49260 -> 87.240.132.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49390 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49391 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49396 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49270 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49405 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49279 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49423 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49282 -> 104.26.8.59:443 2042969 ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) Device Retrieving External IP Address Detected
TCP 192.168.56.102:49282 -> 104.26.8.59:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49431 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49283 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49590 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49292 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.102:49292 -> 34.117.59.81:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49292 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 156.236.72.121:443 -> 192.168.56.102:49586 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49454 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49305 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49318 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49451 -> 94.156.35.76:80 2022896 ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.102:49320 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49324 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49451 -> 94.156.35.76:80 2022896 ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 A Network Trojan was detected
TCP 192.168.56.102:49328 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49302 -> 148.251.234.93:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49463 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49335 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49463 -> 162.0.217.254:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49463 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49339 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.225.73.32:44973 -> 192.168.56.102:49306 2046056 ET MALWARE Redline Stealer Activity (Response) A Network Trojan was detected
TCP 185.225.73.32:44973 -> 192.168.56.102:49306 2046106 ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) A Network Trojan was detected
TCP 148.251.234.93:443 -> 192.168.56.102:49331 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49350 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49354 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 162.0.217.254:443 -> 192.168.56.102:49363 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49588 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49372 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49387 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49400 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49490 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49401 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49408 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49409 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49428 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49429 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49439 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49437 -> 45.9.74.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.102:49437 -> 45.9.74.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 45.9.74.80:80 -> 192.168.56.102:49437 2014819 ET INFO Packed Executable Download Misc activity
TCP 192.168.56.102:49443 -> 87.240.132.78:80 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.102:49443 -> 87.240.132.78:80 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49596 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.9.74.80:80 -> 192.168.56.102:49437 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 45.9.74.80:80 -> 192.168.56.102:49437 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.102:49610 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49616 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49611 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49534 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49503 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49619 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.102:49507 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49601 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49602 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49467 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49468 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49468 -> 162.0.217.254:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49468 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49479 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.154.167.99:443 -> 192.168.56.102:49505 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49545 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49486 -> 211.181.24.133:80 2020826 ET MALWARE Potential Dridex.Maldoc Minimal Executable Request A Network Trojan was detected
TCP 192.168.56.102:49486 -> 211.181.24.133:80 2036333 ET MALWARE Win32/Vodkagats Loader Requesting Payload A Network Trojan was detected
TCP 211.181.24.133:80 -> 192.168.56.102:49486 2014819 ET INFO Packed Executable Download Misc activity
TCP 156.236.72.121:443 -> 192.168.56.102:49606 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 211.181.24.133:80 -> 192.168.56.102:49486 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 192.168.56.102:49519 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49533 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.102:49539 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49547 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49551 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49559 -> 104.75.33.236:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49560 -> 104.75.33.236:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49562 -> 104.75.33.236:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49613 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49622 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49498 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49509 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49631 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49627 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49630 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49515 -> 184.50.42.33:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49517 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49526 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49566 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49537 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49634 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49632 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49556 -> 104.75.33.236:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49555 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49565 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49571 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49573 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.102:49577 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49572 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49578 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49583 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49637 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49592 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49594 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49638 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49636 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49599 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49598 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49575 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49603 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49604 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.102:49617 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49639 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2014819 ET INFO Packed Executable Download Misc activity
TCP 192.168.56.102:49620 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49640 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49628 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49644 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49642 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49647 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 45.9.74.80:80 -> 192.168.56.102:49512 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.102:49657 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.102:62542 -> 8.8.8.8:53 2034316 ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) Potentially Bad Traffic
UDP 192.168.56.102:62542 -> 8.8.8.8:53 2035139 ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) Misc activity
TCP 192.168.56.102:49646 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49659 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49662 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49660 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49651 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49664 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49665 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49667 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49672 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49683 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49682 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49668 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49655 -> 144.76.136.153:443 2035145 ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) Misc activity
TCP 156.236.72.121:443 -> 192.168.56.102:49684 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49700 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49688 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49703 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49705 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49655 -> 144.76.136.153:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49708 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49663 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49709 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 144.76.136.153:443 -> 192.168.56.102:49655 2033076 ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh) Potential Corporate Privacy Violation
TCP 192.168.56.102:49711 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49671 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49653 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49720 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49715 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49723 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49717 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49656 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49675 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49678 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49733 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49736 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49686 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49690 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49741 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49751 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49697 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49674 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49757 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49673 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49701 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49580 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49707 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49714 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49706 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49768 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49722 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49727 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49775 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49728 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49737 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49790 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49745 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49748 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49747 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49791 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49792 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49800 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49760 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49764 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49765 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49767 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49766 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49804 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49774 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49783 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49784 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49807 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49731 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49808 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49812 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49591 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49739 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49740 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49817 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49743 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49759 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49821 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49820 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49770 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49773 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49779 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49781 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49782 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49787 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49595 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49794 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49795 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49797 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49801 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49811 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49815 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49824 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49826 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49750 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49749 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49825 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49831 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49841 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49863 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49847 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49867 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49849 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49879 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49880 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49858 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49884 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49903 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49872 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49914 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49876 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49885 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49947 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49895 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49952 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49896 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49953 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49956 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49907 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49910 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49970 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49915 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49990 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49918 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50003 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49926 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50013 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49929 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50014 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49930 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50037 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49964 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49972 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49973 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49982 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49991 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49778 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49997 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50016 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50021 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:50029 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:50046 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50048 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49786 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49828 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49833 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49836 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49846 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49850 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49851 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49853 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49859 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49866 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49608 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49868 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49834 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49837 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49870 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49838 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49845 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49874 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49890 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49897 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49921 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49935 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49942 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49871 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49948 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49959 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49960 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49887 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49962 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49893 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49966 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49976 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49898 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49984 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49900 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:50005 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50020 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50022 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49917 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50024 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49920 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49803 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50028 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49806 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50036 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49936 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49938 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49939 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49950 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49969 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49975 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49994 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50002 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50004 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50010 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50019 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50026 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50027 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49809 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50030 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50043 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49816 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49612 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49823 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49832 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49842 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49862 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49621 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49864 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49875 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49878 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49882 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49901 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49906 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49912 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49922 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49925 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49931 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49940 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49944 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49951 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49985 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49986 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49996 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49999 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50009 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49624 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50012 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49625 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50035 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50039 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50045 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49645 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49650 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49654 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49512 -> 45.9.74.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.102:49680 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49681 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49689 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49691 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49693 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49696 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49698 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49699 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49716 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49718 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49725 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49724 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49730 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49732 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49742 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49753 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49755 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49758 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49762 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49772 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49789 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49798 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49814 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49829 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49311 -> 51.38.95.107:42494 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.102:49843 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49854 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49855 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49857 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49888 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49892 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49904 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49909 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49913 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49923 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49932 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49934 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49943 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49955 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49958 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49961 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49968 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49978 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49979 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:49981 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.102:49987 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49993 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49995 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50001 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50007 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50018 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:50040 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.102:50041 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:50049 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49494 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.102:49292 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 184.30.187.53:80 -> 192.168.56.102:49549 2221010 SURICATA HTTP unable to match response to request Generic Protocol Command Decode
TCP 192.168.56.102:49468 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49500 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.102:49171 -> 34.117.59.81:443 2025331 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) Device Retrieving External IP Address Detected
TCP 192.168.56.102:49463 -> 162.0.217.254:443 2033214 ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Potentially Bad Traffic

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49169
104.26.8.59:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1
192.168.56.102:49177
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49193
104.21.84.222:443 		C=US, O=Let's Encrypt, CN=E1 CN=preconcert.pw 60:b2:a3:3e:2f:80:57:cd:6f:c1:a3:e9:b3:c6:cb:95:41:83:4a:64
TLSv1
192.168.56.102:49227
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49228
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49230
95.142.206.1:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1
192.168.56.102:49233
95.142.206.0:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1
192.168.56.102:49248
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49229
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49252
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49253
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49256
95.142.206.3:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1
192.168.56.102:49257
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49258
95.142.206.3:443 		None None None
TLSv1
192.168.56.102:49254
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49263
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49294
104.26.5.15:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5
TLSv1
192.168.56.102:49374
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49460
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49260
87.240.132.72:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1
192.168.56.102:49282
104.26.8.59:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1
192.168.56.102:49515
184.50.42.33:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com b1:30:5e:4c:ee:14:70:87:a7:d7:1c:77:07:b5:3c:2c:99:13:aa:c5
TLS 1.2
192.168.56.102:49655
144.76.136.153:443 		C=US, O=Let's Encrypt, CN=R3 CN=transfer.sh 4b:77:1f:b2:fe:8e:4f:93:e4:34:20:28:f2:b6:7a:3a:ff:0f:d1:f6

suspicious_features Connection to IP address suspicious_request GET http://94.142.138.131/api/tracemap.php
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://94.142.138.131/api/firegate.php
suspicious_features Connection to IP address suspicious_request HEAD http://171.22.28.208/download/Services.exe
suspicious_features Connection to IP address suspicious_request HEAD http://87.121.221.58/g.exe
suspicious_features Connection to IP address suspicious_request HEAD http://77.91.68.238/love/no230.exe
suspicious_features Connection to IP address suspicious_request GET http://171.22.28.208/download/Services.exe
suspicious_features Connection to IP address suspicious_request GET http://87.121.221.58/g.exe
suspicious_features Connection to IP address suspicious_request GET http://77.91.68.238/love/no230.exe
suspicious_features Connection to IP address suspicious_request GET http://176.113.115.84:8080/4.php
suspicious_features Connection to IP address suspicious_request GET http://45.15.156.229/api/tracemap.php
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://5.42.92.211/loghub/master
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://charlesjones.top/e9c345fc99a4e67e.php
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://worldtopnews.fun/c2conf
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://45.15.156.229/api/firegate.php
suspicious_features Connection to IP address suspicious_request HEAD http://45.9.74.80/super.exe
suspicious_features Connection to IP address suspicious_request HEAD http://45.9.74.80/ummaa.exe
suspicious_features Connection to IP address suspicious_request GET http://45.9.74.80/super.exe
suspicious_features Connection to IP address suspicious_request GET http://45.9.74.80/ummaa.exe
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://45.9.74.80/0bjdn2Z/index.php
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://45.9.74.80/opaa37.exe
suspicious_features Connection to IP address suspicious_request GET http://116.203.7.16/7b01483643983171e949f923c5bc80e7
suspicious_features Connection to IP address suspicious_request GET http://116.203.7.16/htdocs.zip
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://45.9.74.80/toolspub2.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://45.9.74.80/31839b57a4f11171d6abc8bbc4451ee4.exe
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://116.203.7.16/
suspicious_features GET method with no useragent header suspicious_request GET https://transfer.sh/get/uTWorMyudp/hgjjhlkgkl.exe
request GET http://94.142.138.131/api/tracemap.php
request POST http://94.142.138.131/api/firegate.php
request HEAD http://171.22.28.208/download/Services.exe
request HEAD http://87.121.221.58/g.exe
request HEAD http://77.91.68.238/love/no230.exe
request HEAD http://ji.alie3ksgbb.com/m/ela205.exe
request HEAD http://williecampbell.top/calc2.exe
request GET http://ji.alie3ksgbb.com/m/ela205.exe
request GET http://171.22.28.208/download/Services.exe
request GET http://apps.identrust.com/roots/dstrootcax3.p7c
request GET http://williecampbell.top/calc2.exe
request GET http://87.121.221.58/g.exe
request GET http://77.91.68.238/love/no230.exe
request HEAD http://hugersi.com/dl/6523.exe
request GET http://hugersi.com/dl/6523.exe
request GET http://176.113.115.84:8080/4.php
request GET http://45.15.156.229/api/tracemap.php
request GET http://worldtopnews.fun/
request POST http://5.42.92.211/loghub/master
request POST http://charlesjones.top/e9c345fc99a4e67e.php
request GET http://worldtopnews.fun/login
request POST http://worldtopnews.fun/c2conf
request POST http://45.15.156.229/api/firegate.php
request HEAD http://45.9.74.80/super.exe
request HEAD http://45.9.74.80/ummaa.exe
request GET http://45.9.74.80/super.exe
request GET http://45.9.74.80/ummaa.exe
request HEAD http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe
request GET http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe
request GET http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true
request GET http://colisumy.com/dl/build2.exe
request GET http://zexeq.com/files/1/build3.exe
request POST http://45.9.74.80/0bjdn2Z/index.php
request GET http://45.9.74.80/opaa37.exe
request GET http://116.203.7.16/7b01483643983171e949f923c5bc80e7
request GET http://116.203.7.16/htdocs.zip
request GET http://45.9.74.80/toolspub2.exe
request GET http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=LHNMv561Ao9oyPaxqTAOF0Ae.exe&platform=0009&osver=5&isServer=0
request GET http://45.9.74.80/31839b57a4f11171d6abc8bbc4451ee4.exe
request POST http://116.203.7.16/
request GET https://api.myip.com/
request GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1
request GET https://preconcert.pw/setup294.exe
request GET https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats
request GET https://vk.com/doc17799268_667301259?hash=mz2nLKvo6dt1uE06v4jRORCgXO1tbK1pSlJhEfMFJco&dl=vkt89M90dzWpJZ9hvFWUTeZuZHqaxeSpP8mP7ffY8Z0&api=1&no_preview=1
request GET https://sun6-21.userapi.com/c235131/u17799268/docs/d34/20a2f6c4d3f4/d3232adg.bmp?extra=suUcIL34C8tZuA415Q8lnsWylAKtf3SORQHWwTtRCAhor9Xh31vJ6M2BmK67YddRXGwiLAW0jvq_FoA4Id_CzGfizeXTtd7lsFd1NrUnyhtFzoxZ9_XyQPBa1ZY9ol22CvDvWfKJysaOOqpn
request GET https://vk.com/doc17799268_667281004?hash=xOqcu1ZGarivubW5PP3sEBGynm7PLhU3P4kzSjNpUgz&dl=BDGaIhRFJdbZh0HkjSHVN3oPAh2dusZaaZGmKdcx4h8&api=1&no_preview=1#1
request GET https://sun6-20.userapi.com/c237331/u17799268/docs/d32/20d06de2d171/crypted.bmp?extra=Ix6P6PHPTaU-Y3IcBr-4XYzVARL6dIIfwVgGD1PgAHnQ8YE8I6mxpzvBb8ZC-5spd3ReZ1Yx-dQbztud3MKZLNEYdKKzb49L34FiqbZHziCi8D6pAzz-wEYZ9qJs6eJrhDDttVXq_XHjBjXh
request GET https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test
request GET https://vk.com/doc44017378_669136690?hash=E5ro6HNAOZHVOgZiTIDkvKctXbILQ0zBBx6f8KGt5e8&dl=qG39A2bhq4t9EZmEY5oWbCHZP2L9kp7Offbq4R5FDD0&api=1&no_preview=1#test2
request POST http://94.142.138.131/api/firegate.php
request POST http://5.42.92.211/loghub/master
request POST http://charlesjones.top/e9c345fc99a4e67e.php
request POST http://worldtopnews.fun/c2conf
request POST http://45.15.156.229/api/firegate.php
request POST http://45.9.74.80/0bjdn2Z/index.php
request POST http://116.203.7.16/
domain preconcert.pw description Palau domain TLD
domain iplis.ru description Russian Federation domain TLD
domain charlesjones.top description Generic top level domain TLD
domain williecampbell.top description Generic top level domain TLD
domain 230907161118223.nmr.xrm42.top description Generic top level domain TLD
domain ipinfo.io
host 116.203.7.16
host 171.22.28.208
host 176.113.115.84
host 184.30.187.53
host 185.225.73.32
host 194.169.175.128
host 31.41.244.27
host 45.15.156.229
host 5.42.92.211
host 51.38.95.107
host 77.91.68.238
host 87.121.221.58
host 94.142.138.131
host 45.9.74.80
dead_host 192.168.56.102:49414
dead_host 192.168.56.102:49988
dead_host 192.168.56.102:49427
dead_host 192.168.56.102:49455
dead_host 192.168.56.102:49607
dead_host 192.168.56.102:49905
dead_host 192.168.56.102:49629
dead_host 192.168.56.102:49441
dead_host 192.168.56.102:49734
dead_host 192.168.56.102:50011
dead_host 192.168.56.102:49348
dead_host 192.168.56.102:49336
dead_host 192.168.56.102:49777
dead_host 192.168.56.102:49392
dead_host 192.168.56.102:49482
dead_host 192.168.56.102:49967
dead_host 192.168.56.102:49883
dead_host 192.168.56.102:49510
dead_host 192.168.56.102:49470
dead_host 192.168.56.102:50044
dead_host 192.168.56.102:49670
dead_host 192.168.56.102:49692
dead_host 192.168.56.102:49756
dead_host 192.168.56.102:49587
dead_host 185.39.205.39:443
dead_host 192.168.56.102:49326
dead_host 192.168.56.102:49927
dead_host 192.168.56.102:49404
dead_host 192.168.56.102:49381
dead_host 192.168.56.102:49840
dead_host 192.168.56.102:49535
dead_host 192.168.56.102:49564
dead_host 176.113.115.84:80
dead_host 192.168.56.102:49819
dead_host 31.41.244.27:41140
dead_host 192.168.56.102:49713
dead_host 192.168.56.102:49946
dead_host 192.168.56.102:49496
dead_host 192.168.56.102:49648
dead_host 192.168.56.102:49524
dead_host 192.168.56.102:49184
dead_host 192.168.56.102:49799
dead_host 192.168.56.102:49861
dead_host 192.168.56.102:49307
dead_host 192.168.56.102:50032
dead_host 192.168.56.102:49366