Network Analysis

Download pcap
Hosts 0 DNS 0 TCP 0 UDP 0 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action VT Location
No hosts contacted.
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.168.219:52445 -> 50.87.137.113:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.87.137.113:443 -> 192.168.168.219:52446 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52447 -> 78.46.1.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52449 -> 92.205.192.141:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.205.192.141:443 -> 192.168.168.219:52450 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52451 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52453 -> 37.202.7.169:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.202.7.169:443 -> 192.168.168.219:52454 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52457 -> 185.103.16.188:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.103.16.188:443 -> 192.168.168.219:52458 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52459 -> 3.33.251.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52461 -> 37.9.175.133:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.9.175.133:443 -> 192.168.168.219:52462 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52463 -> 89.110.179.179:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.110.179.179:443 -> 192.168.168.219:52464 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52465 -> 217.160.0.92:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.92:443 -> 192.168.168.219:52466 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52467 -> 213.175.208.90:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.175.208.90:443 -> 192.168.168.219:52468 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52469 -> 217.160.0.237:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.237:443 -> 192.168.168.219:52470 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
UDP 192.168.168.219:55223 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 192.168.168.219:52471 -> 91.225.81.9:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52473 -> 194.30.99.95:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.30.99.95:443 -> 192.168.168.219:52474 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52475 -> 85.13.155.183:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.13.155.183:443 -> 192.168.168.219:52476 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52477 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52479 -> 199.16.172.213:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 199.16.172.213:443 -> 192.168.168.219:52480 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52481 -> 172.67.183.252:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.67.183.252:443 -> 192.168.168.219:52482 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52485 -> 217.160.0.87:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.87:443 -> 192.168.168.219:52486 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52487 -> 34.174.215.122:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.174.215.122:443 -> 192.168.168.219:52488 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52489 -> 35.214.25.158:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.214.25.158:443 -> 192.168.168.219:52490 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52491 -> 104.155.138.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52493 -> 143.198.7.126:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 143.198.7.126:443 -> 192.168.168.219:52494 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52495 -> 149.56.43.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.56.43.78:443 -> 192.168.168.219:52496 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52497 -> 77.222.40.195:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.222.40.195:443 -> 192.168.168.219:52498 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52499 -> 188.213.19.166:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52499 -> 188.213.19.166:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 188.213.19.166:443 -> 192.168.168.219:52499 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52500 -> 188.213.19.166:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52501 -> 195.3.195.201:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.3.195.201:443 -> 192.168.168.219:52502 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52503 -> 62.182.18.149:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52503 -> 62.182.18.149:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 62.182.18.149:443 -> 192.168.168.219:52503 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52504 -> 62.182.18.149:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52505 -> 185.157.56.11:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.157.56.11:443 -> 192.168.168.219:52506 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52507 -> 108.178.17.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52507 -> 108.178.17.142:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 108.178.17.142:443 -> 192.168.168.219:52507 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52508 -> 108.178.17.142:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52509 -> 176.31.163.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52510 -> 91.210.225.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.210.225.23:443 -> 192.168.168.219:52511 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52512 -> 209.87.149.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 209.87.149.78:443 -> 192.168.168.219:52513 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52514 -> 104.21.48.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52515 -> 104.21.21.241:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52516 -> 91.185.184.170:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52517 -> 172.81.116.97:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.81.116.97:443 -> 192.168.168.219:52518 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52519 -> 109.234.160.199:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.160.199:443 -> 192.168.168.219:52520 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52521 -> 172.232.25.148:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.232.25.148:443 -> 192.168.168.219:52522 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52523 -> 217.160.0.95:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.95:443 -> 192.168.168.219:52524 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52525 -> 35.170.173.134:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.170.173.134:443 -> 192.168.168.219:52526 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52527 -> 78.46.133.97:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 78.46.133.97:443 -> 192.168.168.219:52527 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 78.46.133.97:443 -> 192.168.168.219:52528 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52529 -> 77.222.40.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.222.40.14:443 -> 192.168.168.219:52530 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52531 -> 178.128.138.113:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 178.128.138.113:443 -> 192.168.168.219:52532 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52533 -> 217.64.195.176:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.64.195.176:443 -> 192.168.168.219:52534 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52535 -> 91.201.63.7:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.201.63.7:443 -> 192.168.168.219:52536 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52537 -> 65.60.10.226:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52537 -> 65.60.10.226:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52538 -> 65.60.10.226:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52539 -> 178.20.216.245:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52539 -> 178.20.216.245:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 178.20.216.245:443 -> 192.168.168.219:52539 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52540 -> 178.20.216.245:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52541 -> 45.90.230.13:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52541 -> 45.90.230.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52542 -> 45.90.230.13:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52543 -> 162.241.217.186:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.217.186:443 -> 192.168.168.219:52544 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52545 -> 51.15.159.75:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.15.159.75:443 -> 192.168.168.219:52546 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52547 -> 82.98.154.79:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52548 -> 5.180.184.153:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52548 -> 5.180.184.153:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 5.180.184.153:443 -> 192.168.168.219:52548 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52549 -> 5.180.184.153:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52550 -> 35.214.211.239:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.214.211.239:443 -> 192.168.168.219:52551 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 62.182.18.149:443 -> 192.168.168.219:52504 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52552 -> 104.21.44.61:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 188.213.19.166:443 -> 192.168.168.219:52500 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52553 -> 162.159.137.54:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52555 -> 80.240.20.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 80.240.20.142:443 -> 192.168.168.219:52556 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52557 -> 51.15.236.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 108.178.17.142:443 -> 192.168.168.219:52508 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52559 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52561 -> 51.195.6.20:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.195.6.20:443 -> 192.168.168.219:52562 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52563 -> 160.153.133.193:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 160.153.133.193:443 -> 192.168.168.219:52564 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52565 -> 94.237.96.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.237.96.23:443 -> 192.168.168.219:52566 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52567 -> 35.214.249.33:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.214.249.33:443 -> 192.168.168.219:52568 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52569 -> 195.78.67.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52569 -> 195.78.67.66:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 195.78.67.66:443 -> 192.168.168.219:52569 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52570 -> 195.78.67.66:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52571 -> 95.130.22.108:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 95.130.22.108:443 -> 192.168.168.219:52572 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52573 -> 37.228.89.36:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.228.89.36:443 -> 192.168.168.219:52574 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52575 -> 217.160.0.84:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.84:443 -> 192.168.168.219:52576 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52577 -> 162.241.244.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.244.73:443 -> 192.168.168.219:52578 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52579 -> 198.46.90.29:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 198.46.90.29:443 -> 192.168.168.219:52580 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52492 -> 188.165.33.133:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52581 -> 104.18.127.49:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52582 -> 138.197.111.104:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.90.230.13:443 -> 192.168.168.219:52541 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52583 -> 213.154.226.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.154.226.66:443 -> 192.168.168.219:52584 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
UDP 192.168.168.219:52912 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 188.114.97.1:443 -> 192.168.168.219:52585 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52585 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52587 -> 162.241.219.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.219.212:443 -> 192.168.168.219:52588 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52589 -> 217.160.0.18:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.18:443 -> 192.168.168.219:52590 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52591 -> 104.152.168.18:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52591 -> 104.152.168.18:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 104.152.168.18:443 -> 192.168.168.219:52591 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52592 -> 104.152.168.18:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52593 -> 159.60.134.0:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52595 -> 18.223.114.188:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 18.223.114.188:443 -> 192.168.168.219:52596 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52597 -> 149.202.147.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52602 -> 23.185.0.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52604 -> 185.32.57.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.32.57.142:443 -> 192.168.168.219:52605 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52606 -> 195.242.130.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52606 -> 195.242.130.99:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 195.242.130.99:443 -> 192.168.168.219:52606 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 195.78.67.66:443 -> 192.168.168.219:52570 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52607 -> 195.242.130.99:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52608 -> 195.20.254.27:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.20.254.27:443 -> 192.168.168.219:52609 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52610 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52611 -> 136.144.209.173:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.152.168.18:443 -> 192.168.168.219:52592 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 136.144.209.173:443 -> 192.168.168.219:52612 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52613 -> 178.173.12.6:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 65.60.10.226:443 -> 192.168.168.219:52537 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
UDP 192.168.168.219:64826 -> 8.8.8.8:53 2027867 ET INFO Observed DNS Query to .life TLD Potentially Bad Traffic
TCP 192.168.168.219:52615 -> 185.60.135.196:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52616 -> 94.231.103.31:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.231.103.31:443 -> 192.168.168.219:52617 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52618 -> 172.67.132.175:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 65.60.10.226:443 -> 192.168.168.219:52538 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52619 -> 216.246.47.102:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52619 -> 216.246.47.102:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52620 -> 216.246.47.102:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52622 -> 167.86.90.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 167.86.90.231:443 -> 192.168.168.219:52623 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.157:443 -> 192.168.168.219:52624 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52624 -> 85.10.159.157:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.157:443 -> 192.168.168.219:52625 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52626 -> 91.184.0.31:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.184.0.31:443 -> 192.168.168.219:52627 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 178.20.216.245:443 -> 192.168.168.219:52540 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 5.180.184.153:443 -> 192.168.168.219:52549 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52628 -> 62.221.214.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 62.221.214.138:443 -> 192.168.168.219:52629 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52630 -> 162.241.218.106:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.218.106:443 -> 192.168.168.219:52631 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 45.90.230.13:443 -> 192.168.168.219:52542 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52633 -> 34.237.37.253:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.237.37.253:443 -> 192.168.168.219:52634 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52637 -> 34.241.64.5:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.241.64.5:443 -> 192.168.168.219:52637 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 34.241.64.5:443 -> 192.168.168.219:52640 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52641 -> 34.224.10.110:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.224.10.110:443 -> 192.168.168.219:52642 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52643 -> 184.154.118.34:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52643 -> 184.154.118.34:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 216.246.47.102:443 -> 192.168.168.219:52619 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 216.246.47.102:443 -> 192.168.168.219:52620 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52644 -> 184.154.118.34:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 184.154.118.34:443 -> 192.168.168.219:52644 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52645 -> 167.99.54.169:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 167.99.54.169:443 -> 192.168.168.219:52646 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52647 -> 74.208.236.61:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 74.208.236.61:443 -> 192.168.168.219:52648 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52649 -> 149.126.4.16:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52649 -> 149.126.4.16:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 149.126.4.16:443 -> 192.168.168.219:52649 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52650 -> 149.126.4.16:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52651 -> 93.157.100.80:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 93.157.100.80:443 -> 192.168.168.219:52652 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52653 -> 159.223.131.215:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 159.223.131.215:443 -> 192.168.168.219:52654 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52655 -> 3.33.130.190:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52657 -> 18.209.242.7:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 18.209.242.7:443 -> 192.168.168.219:52658 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52659 -> 13.248.169.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52661 -> 157.90.88.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 157.90.88.146:443 -> 192.168.168.219:52662 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52663 -> 162.213.253.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.213.253.35:443 -> 192.168.168.219:52664 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52665 -> 103.224.212.210:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.224.212.210:443 -> 192.168.168.219:52666 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52667 -> 135.125.16.232:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 135.125.16.232:443 -> 192.168.168.219:52668 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52669 -> 46.30.213.94:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.213.94:443 -> 192.168.168.219:52670 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52671 -> 185.151.30.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.151.30.168:443 -> 192.168.168.219:52672 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52673 -> 104.21.14.40:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52674 -> 104.26.8.217:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.26.8.217:443 -> 192.168.168.219:52675 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52676 -> 50.87.198.148:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.87.198.148:443 -> 192.168.168.219:52677 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52678 -> 35.215.89.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.215.89.131:443 -> 192.168.168.219:52679 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52680 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.242.130.99:443 -> 192.168.168.219:52607 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52681 -> 185.230.63.186:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52683 -> 192.249.117.25:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.249.117.25:443 -> 192.168.168.219:52684 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52685 -> 3.33.251.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52687 -> 104.21.24.104:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52688 -> 172.67.218.81:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52689 -> 151.101.130.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52691 -> 162.241.244.141:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.244.141:443 -> 192.168.168.219:52692 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52693 -> 87.118.122.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.118.122.41:443 -> 192.168.168.219:52694 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52695 -> 76.223.67.189:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52697 -> 104.21.85.80:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52698 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52699 -> 76.223.54.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52701 -> 109.234.161.232:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.161.232:443 -> 192.168.168.219:52702 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52703 -> 156.38.144.210:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52703 -> 156.38.144.210:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52704 -> 156.38.144.210:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52706 -> 35.227.194.51:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.227.194.51:443 -> 192.168.168.219:52707 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52708 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52709 -> 141.193.213.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.193.213.10:443 -> 192.168.168.219:52710 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52711 -> 77.111.95.167:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.111.95.167:443 -> 192.168.168.219:52712 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52713 -> 199.36.158.100:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52715 -> 45.159.204.94:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.159.204.94:443 -> 192.168.168.219:52716 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52717 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52718 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52719 -> 172.64.147.251:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.64.147.251:443 -> 192.168.168.219:52720 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52721 -> 148.251.11.181:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.11.181:443 -> 192.168.168.219:52722 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52723 -> 104.155.138.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52724 -> 194.249.231.96:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.126.4.16:443 -> 192.168.168.219:52650 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52726 -> 104.18.19.126:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52727 -> 3.33.251.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52729 -> 91.146.100.126:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.146.100.126:443 -> 192.168.168.219:52730 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52732 -> 82.223.32.39:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 82.223.32.39:443 -> 192.168.168.219:52733 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52734 -> 136.243.123.152:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52735 -> 50.6.153.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.6.153.233:443 -> 192.168.168.219:52736 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52737 -> 209.182.202.254:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 209.182.202.254:443 -> 192.168.168.219:52738 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52739 -> 144.202.13.33:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 144.202.13.33:443 -> 192.168.168.219:52740 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52741 -> 104.26.5.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.26.5.145:443 -> 192.168.168.219:52742 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52743 -> 149.255.62.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.255.62.72:443 -> 192.168.168.219:52744 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52745 -> 82.197.86.86:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52745 -> 82.197.86.86:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 82.197.86.86:443 -> 192.168.168.219:52745 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52746 -> 82.197.86.86:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52747 -> 31.31.198.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.31.198.8:443 -> 192.168.168.219:52748 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52749 -> 116.202.168.54:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 116.202.168.54:443 -> 192.168.168.219:52750 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52751 -> 109.237.136.215:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.237.136.215:443 -> 192.168.168.219:52752 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52753 -> 94.46.169.84:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52755 -> 45.84.218.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.84.218.35:443 -> 192.168.168.219:52756 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52757 -> 31.169.61.34:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.169.61.34:443 -> 192.168.168.219:52758 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52759 -> 46.226.24.119:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.226.24.119:443 -> 192.168.168.219:52760 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52761 -> 86.110.194.157:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52763 -> 188.225.23.170:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 188.225.23.170:443 -> 192.168.168.219:52764 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52765 -> 104.21.64.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.38.144.210:443 -> 192.168.168.219:52704 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52766 -> 104.26.0.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52767 -> 104.26.0.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52768 -> 46.30.215.16:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.215.16:443 -> 192.168.168.219:52769 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52770 -> 35.179.36.215:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52771 -> 148.251.145.30:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52771 -> 148.251.145.30:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.145.30:443 -> 192.168.168.219:52771 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52772 -> 148.251.145.30:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52773 -> 69.61.45.80:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 69.61.45.80:443 -> 192.168.168.219:52774 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52775 -> 193.163.77.9:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 193.163.77.9:443 -> 192.168.168.219:52776 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52777 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52778 -> 92.205.93.57:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.205.93.57:443 -> 192.168.168.219:52779 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52780 -> 185.30.32.169:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.30.32.169:443 -> 192.168.168.219:52781 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52784 -> 89.116.192.252:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52785 -> 89.116.192.252:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52786 -> 209.182.193.217:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 209.182.193.217:443 -> 192.168.168.219:52787 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52788 -> 198.185.159.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.38.144.210:443 -> 192.168.168.219:52703 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52790 -> 160.153.0.140:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 160.153.0.140:443 -> 192.168.168.219:52791 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52792 -> 108.167.164.84:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52793 -> 80.158.2.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 184.154.118.34:443 -> 192.168.168.219:52643 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52794 -> 198.46.93.64:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 198.46.93.64:443 -> 192.168.168.219:52795 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52796 -> 198.49.23.144:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.168.219:50887 -> 8.8.8.8:53 2848586 ETPRO INFO Observed DNS Query for Israel Domain (.il) Potential Corporate Privacy Violation
UDP 192.168.168.219:50887 -> 8.8.8.8:53 2848586 ETPRO INFO Observed DNS Query for Israel Domain (.il) Potential Corporate Privacy Violation
TCP 192.168.168.219:52798 -> 192.81.213.222:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52799 -> 109.106.253.163:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52799 -> 109.106.253.163:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52800 -> 109.106.253.163:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52801 -> 83.133.245.163:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 83.133.245.163:443 -> 192.168.168.219:52802 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52803 -> 103.127.163.168:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52803 -> 103.127.163.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52804 -> 103.127.163.168:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52805 -> 3.124.100.143:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52807 -> 167.86.98.177:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 167.86.98.177:443 -> 192.168.168.219:52808 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52809 -> 104.152.168.46:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52809 -> 104.152.168.46:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52810 -> 104.152.168.46:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52811 -> 185.99.199.148:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.99.199.148:443 -> 192.168.168.219:52812 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52814 -> 91.216.156.120:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52814 -> 91.216.156.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52815 -> 91.216.156.120:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52816 -> 172.67.200.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52817 -> 172.67.200.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.145.30:443 -> 192.168.168.219:52772 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52818 -> 109.234.164.70:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.164.70:443 -> 192.168.168.219:52819 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52820 -> 185.104.29.132:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.104.29.132:443 -> 192.168.168.219:52821 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52822 -> 91.203.111.18:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.203.111.18:443 -> 192.168.168.219:52823 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52824 -> 3.33.130.190:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52826 -> 217.70.186.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52828 -> 104.17.145.110:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52830 -> 92.205.64.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.205.64.14:443 -> 192.168.168.219:52831 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52832 -> 76.223.54.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 82.197.86.86:443 -> 192.168.168.219:52746 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52835 -> 185.21.40.199:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52835 -> 185.21.40.199:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.21.40.199:443 -> 192.168.168.219:52835 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52836 -> 185.21.40.199:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52837 -> 208.80.122.251:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 208.80.122.251:443 -> 192.168.168.219:52838 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52839 -> 37.187.114.134:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.187.114.134:443 -> 192.168.168.219:52840 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.119:443 -> 192.168.168.219:52841 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52841 -> 85.10.159.119:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.119:443 -> 192.168.168.219:52842 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52843 -> 104.21.78.77:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52844 -> 89.108.65.79:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.108.65.79:443 -> 192.168.168.219:52845 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52846 -> 81.0.247.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 81.0.247.13:443 -> 192.168.168.219:52847 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52848 -> 91.210.225.22:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.210.225.22:443 -> 192.168.168.219:52849 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52850 -> 172.67.167.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52851 -> 162.159.140.166:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.159.140.166:443 -> 192.168.168.219:52852 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52853 -> 41.185.64.26:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 41.185.64.26:443 -> 192.168.168.219:52854 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52855 -> 192.250.239.129:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.250.239.129:443 -> 192.168.168.219:52856 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52857 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52858 -> 216.108.238.96:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 216.108.238.96:443 -> 192.168.168.219:52858 2013659 ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit) Potential Corporate Privacy Violation
TCP 192.168.168.219:52859 -> 89.116.147.189:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52859 -> 89.116.147.189:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.116.147.189:443 -> 192.168.168.219:52859 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52860 -> 89.116.147.189:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.116.147.189:443 -> 192.168.168.219:52860 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52861 -> 185.233.54.141:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.233.54.141:443 -> 192.168.168.219:52862 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 91.216.156.120:443 -> 192.168.168.219:52814 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 103.127.163.168:443 -> 192.168.168.219:52804 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.116.192.252:443 -> 192.168.168.219:52785 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52864 -> 68.178.145.128:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 68.178.145.128:443 -> 192.168.168.219:52865 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52866 -> 208.100.26.245:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.127.163.168:443 -> 192.168.168.219:52803 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52868 -> 170.64.150.204:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 170.64.150.204:443 -> 192.168.168.219:52869 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52870 -> 176.62.173.90:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52872 -> 217.21.85.72:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52872 -> 217.21.85.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52873 -> 217.21.85.72:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52874 -> 103.224.212.214:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.224.212.214:443 -> 192.168.168.219:52875 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52876 -> 50.116.53.94:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.116.53.94:443 -> 192.168.168.219:52877 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52878 -> 76.223.54.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52880 -> 35.214.79.238:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.214.79.238:443 -> 192.168.168.219:52881 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52882 -> 62.113.229.82:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 62.113.229.82:443 -> 192.168.168.219:52883 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52884 -> 94.231.103.59:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.231.103.59:443 -> 192.168.168.219:52885 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52886 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52888 -> 92.204.239.237:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.204.239.237:443 -> 192.168.168.219:52889 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.152.168.46:443 -> 192.168.168.219:52809 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52890 -> 87.230.106.31:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.230.106.31:443 -> 192.168.168.219:52891 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 76.223.105.230:443 -> 192.168.168.219:52892 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52892 -> 76.223.105.230:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 76.223.105.230:443 -> 192.168.168.219:52893 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52894 -> 104.21.45.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52895 -> 104.21.45.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52896 -> 141.193.213.11:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.193.213.11:443 -> 192.168.168.219:52897 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52898 -> 195.242.92.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.242.92.8:443 -> 192.168.168.219:52899 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 91.216.156.120:443 -> 192.168.168.219:52815 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52900 -> 23.227.38.65:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.21.40.199:443 -> 192.168.168.219:52836 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52902 -> 162.241.244.25:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.244.25:443 -> 192.168.168.219:52903 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52904 -> 155.133.138.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52906 -> 34.238.178.141:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.238.178.141:443 -> 192.168.168.219:52907 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52908 -> 185.237.65.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.237.65.99:443 -> 192.168.168.219:52909 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52910 -> 173.236.209.186:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 173.236.209.186:443 -> 192.168.168.219:52911 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52913 -> 35.206.92.98:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.206.92.98:443 -> 192.168.168.219:52914 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52915 -> 67.222.38.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 67.222.38.73:443 -> 192.168.168.219:52916 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52917 -> 193.19.160.70:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 193.19.160.70:443 -> 192.168.168.219:52918 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52919 -> 46.17.9.125:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.17.9.125:443 -> 192.168.168.219:52920 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52921 -> 46.105.57.169:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.105.57.169:443 -> 192.168.168.219:52922 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52923 -> 35.222.201.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.222.201.142:443 -> 192.168.168.219:52924 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52925 -> 51.195.234.92:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52925 -> 51.195.234.92:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.195.234.92:443 -> 192.168.168.219:52925 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52926 -> 51.195.234.92:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52927 -> 185.146.21.71:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52927 -> 185.146.21.71:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.146.21.71:443 -> 192.168.168.219:52927 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52928 -> 185.146.21.71:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52929 -> 104.154.76.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.154.76.111:443 -> 192.168.168.219:52930 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52931 -> 34.77.225.87:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52933 -> 74.208.236.128:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 74.208.236.128:443 -> 192.168.168.219:52934 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52935 -> 91.195.240.12:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.168.219:60652 -> 8.8.8.8:53 2848586 ETPRO INFO Observed DNS Query for Israel Domain (.il) Potential Corporate Privacy Violation
UDP 192.168.168.219:60652 -> 8.8.8.8:53 2848586 ETPRO INFO Observed DNS Query for Israel Domain (.il) Potential Corporate Privacy Violation
TCP 192.168.168.219:52937 -> 178.79.173.191:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52937 -> 178.79.173.191:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 178.79.173.191:443 -> 192.168.168.219:52937 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52938 -> 178.79.173.191:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52939 -> 162.241.217.156:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.217.156:443 -> 192.168.168.219:52940 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52941 -> 76.223.54.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52943 -> 185.58.213.84:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.58.213.84:443 -> 192.168.168.219:52944 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52945 -> 104.18.30.60:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.30.60:443 -> 192.168.168.219:52946 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.152.168.46:443 -> 192.168.168.219:52810 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 109.106.253.163:443 -> 192.168.168.219:52799 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
UDP 192.168.168.219:58468 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 192.168.168.219:52947 -> 95.216.224.217:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 95.216.224.217:443 -> 192.168.168.219:52948 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52950 -> 95.216.12.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 95.216.12.233:443 -> 192.168.168.219:52951 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52952 -> 178.33.104.6:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 178.33.104.6:443 -> 192.168.168.219:52953 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52954 -> 99.83.190.102:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 99.83.190.102:443 -> 192.168.168.219:52955 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52956 -> 185.215.4.16:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.106.253.163:443 -> 192.168.168.219:52800 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52958 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52959 -> 5.159.62.243:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.159.62.243:443 -> 192.168.168.219:52960 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52961 -> 51.38.122.134:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.38.122.134:443 -> 192.168.168.219:52962 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52963 -> 87.98.154.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.98.154.146:443 -> 192.168.168.219:52964 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52965 -> 15.197.240.20:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52967 -> 46.30.215.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.215.66:443 -> 192.168.168.219:52968 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52969 -> 138.201.19.151:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 138.201.19.151:443 -> 192.168.168.219:52970 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52971 -> 5.45.112.80:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52972 -> 162.159.135.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52974 -> 89.46.106.57:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.46.106.57:443 -> 192.168.168.219:52975 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52976 -> 46.30.213.184:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.213.184:443 -> 192.168.168.219:52977 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52978 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.146.21.71:443 -> 192.168.168.219:52928 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52871 -> 92.43.216.137:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52979 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52981 -> 212.7.207.88:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.7.207.88:443 -> 192.168.168.219:52982 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52983 -> 75.2.70.75:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 75.2.70.75:443 -> 192.168.168.219:52984 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52985 -> 152.89.92.53:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 152.89.92.53:443 -> 192.168.168.219:52986 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52987 -> 198.185.159.144:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52990 -> 213.186.33.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.186.33.3:443 -> 192.168.168.219:52991 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52992 -> 217.160.0.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.35:443 -> 192.168.168.219:52993 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52995 -> 162.159.135.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:52997 -> 185.104.29.122:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.104.29.122:443 -> 192.168.168.219:52998 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:52999 -> 209.59.190.118:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 209.59.190.118:443 -> 192.168.168.219:53000 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53001 -> 91.204.209.16:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53001 -> 91.204.209.16:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.204.209.16:443 -> 192.168.168.219:53001 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53002 -> 91.204.209.16:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53003 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53005 -> 74.50.79.163:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53005 -> 74.50.79.163:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53006 -> 74.50.79.163:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53007 -> 185.100.5.235:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.100.5.235:443 -> 192.168.168.219:53007 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 185.100.5.235:443 -> 192.168.168.219:53008 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53009 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.21.85.72:443 -> 192.168.168.219:52873 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53010 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53011 -> 89.40.173.167:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.40.173.167:443 -> 192.168.168.219:53012 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53013 -> 151.101.66.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53015 -> 162.43.121.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.43.121.21:443 -> 192.168.168.219:53016 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53017 -> 167.99.19.89:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.21.85.72:443 -> 192.168.168.219:52872 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53018 -> 216.239.36.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53019 -> 216.58.211.243:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53020 -> 31.217.192.106:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53020 -> 31.217.192.106:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.217.192.106:443 -> 192.168.168.219:53020 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53021 -> 31.217.192.106:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53022 -> 104.21.20.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53024 -> 85.10.200.44:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.200.44:443 -> 192.168.168.219:53025 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53026 -> 193.37.145.69:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 193.37.145.69:443 -> 192.168.168.219:53027 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53028 -> 92.53.96.169:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.53.96.169:443 -> 192.168.168.219:53029 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53030 -> 46.163.78.186:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.163.78.186:443 -> 192.168.168.219:53031 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53032 -> 185.26.156.125:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.26.156.125:443 -> 192.168.168.219:53033 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53034 -> 198.185.159.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53036 -> 140.83.34.244:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53036 -> 140.83.34.244:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53037 -> 140.83.34.244:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53038 -> 93.191.156.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 93.191.156.146:443 -> 192.168.168.219:53039 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53040 -> 37.128.144.114:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.128.144.114:443 -> 192.168.168.219:53041 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53042 -> 5.9.77.36:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.9.77.36:443 -> 192.168.168.219:53043 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 51.195.234.92:443 -> 192.168.168.219:52926 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 178.79.173.191:443 -> 192.168.168.219:52938 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53044 -> 176.62.169.242:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53045 -> 108.157.229.117:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 108.157.229.117:443 -> 192.168.168.219:53046 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53047 -> 162.251.120.90:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53049 -> 103.146.63.122:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53049 -> 103.146.63.122:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53050 -> 103.146.63.122:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53051 -> 120.138.22.182:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 120.138.22.182:443 -> 192.168.168.219:53052 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53053 -> 212.52.166.228:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.52.166.228:443 -> 192.168.168.219:53054 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53055 -> 45.45.216.250:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.45.216.250:443 -> 192.168.168.219:53056 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53057 -> 35.190.31.54:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.190.31.54:443 -> 192.168.168.219:53058 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53059 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53061 -> 102.209.21.222:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53062 -> 102.209.21.222:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:52989 -> 89.33.65.195:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53063 -> 85.10.159.45:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.45:443 -> 192.168.168.219:53063 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.45:443 -> 192.168.168.219:53064 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53065 -> 185.230.63.107:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53067 -> 52.223.13.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53069 -> 212.8.207.5:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.8.207.5:443 -> 192.168.168.219:53070 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53071 -> 147.135.50.216:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 147.135.50.216:443 -> 192.168.168.219:53072 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53073 -> 15.197.148.33:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53075 -> 52.28.213.112:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 52.28.213.112:443 -> 192.168.168.219:53076 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53077 -> 181.88.192.53:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 181.88.192.53:443 -> 192.168.168.219:53078 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53079 -> 91.184.0.30:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.184.0.30:443 -> 192.168.168.219:53080 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53081 -> 192.0.78.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.0.78.13:443 -> 192.168.168.219:53082 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53083 -> 13.248.169.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53085 -> 136.144.250.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 136.144.250.121:443 -> 192.168.168.219:53086 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53087 -> 216.238.109.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53089 -> 80.69.161.37:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 140.83.34.244:443 -> 192.168.168.219:53037 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53090 -> 172.67.67.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53092 -> 217.146.69.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.146.69.17:443 -> 192.168.168.219:53093 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53094 -> 5.134.6.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.134.6.41:443 -> 192.168.168.219:53094 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 5.134.6.41:443 -> 192.168.168.219:53095 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 31.217.192.106:443 -> 192.168.168.219:53021 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53096 -> 151.101.66.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53098 -> 87.106.241.178:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.106.241.178:443 -> 192.168.168.219:53099 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53100 -> 93.119.3.55:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 93.119.3.55:443 -> 192.168.168.219:53101 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53102 -> 104.37.84.171:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.37.84.171:443 -> 192.168.168.219:53103 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53104 -> 52.215.137.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 52.215.137.200:443 -> 192.168.168.219:53105 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53106 -> 75.2.70.75:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 75.2.70.75:443 -> 192.168.168.219:53107 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53108 -> 92.112.183.103:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53110 -> 195.161.68.19:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.161.68.19:443 -> 192.168.168.219:53111 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53112 -> 141.193.213.20:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53114 -> 91.204.209.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53114 -> 91.204.209.21:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 91.204.209.21:443 -> 192.168.168.219:53114 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53115 -> 91.204.209.21:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53116 -> 172.67.179.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53117 -> 192.124.249.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.124.249.120:443 -> 192.168.168.219:53118 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 74.50.79.163:443 -> 192.168.168.219:53006 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 74.50.79.163:443 -> 192.168.168.219:53005 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53119 -> 157.230.236.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 157.230.236.120:443 -> 192.168.168.219:53120 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53121 -> 104.21.19.227:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53122 -> 91.250.102.240:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53123 -> 5.254.124.205:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53123 -> 5.254.124.205:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 5.254.124.205:443 -> 192.168.168.219:53123 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53124 -> 5.254.124.205:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53125 -> 34.210.174.112:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.210.174.112:443 -> 192.168.168.219:53126 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53127 -> 78.47.106.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53128 -> 34.174.241.236:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.174.241.236:443 -> 192.168.168.219:53129 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53130 -> 94.231.103.92:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.231.103.92:443 -> 192.168.168.219:53131 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 140.83.34.244:443 -> 192.168.168.219:53036 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53132 -> 37.139.3.100:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.139.3.100:443 -> 192.168.168.219:53133 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53134 -> 159.65.29.150:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 159.65.29.150:443 -> 192.168.168.219:53135 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53136 -> 70.32.23.61:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53136 -> 70.32.23.61:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53137 -> 70.32.23.61:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53138 -> 141.193.213.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.193.213.10:443 -> 192.168.168.219:53139 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53140 -> 151.101.66.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53142 -> 85.187.142.77:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53142 -> 85.187.142.77:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.187.142.77:443 -> 192.168.168.219:53142 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53143 -> 85.187.142.77:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53144 -> 141.193.213.11:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.193.213.11:443 -> 192.168.168.219:53145 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53146 -> 103.224.212.211:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.224.212.211:443 -> 192.168.168.219:53147 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 103.146.63.122:443 -> 192.168.168.219:53050 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 91.204.209.16:443 -> 192.168.168.219:53002 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53148 -> 149.126.4.46:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53148 -> 149.126.4.46:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 149.126.4.46:443 -> 192.168.168.219:53148 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53149 -> 149.126.4.46:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53150 -> 46.30.213.129:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.213.129:443 -> 192.168.168.219:53151 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53152 -> 159.203.88.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 102.209.21.222:443 -> 192.168.168.219:53062 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53153 -> 116.202.163.33:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 116.202.163.33:443 -> 192.168.168.219:53154 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
UDP 192.168.168.219:52963 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 192.168.168.219:53155 -> 94.231.103.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.231.103.138:443 -> 192.168.168.219:53156 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53157 -> 104.21.48.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53158 -> 18.130.41.217:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53160 -> 185.117.170.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.146.63.122:443 -> 192.168.168.219:53049 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.117.170.111:443 -> 192.168.168.219:53161 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53162 -> 213.239.227.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53162 -> 213.239.227.10:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.239.227.10:443 -> 192.168.168.219:53162 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53163 -> 213.239.227.10:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53164 -> 23.100.43.208:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53166 -> 91.207.205.11:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53166 -> 91.207.205.11:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53168 -> 103.30.147.42:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53168 -> 103.30.147.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53169 -> 103.30.147.42:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53170 -> 3.164.240.57:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 3.164.240.57:443 -> 192.168.168.219:53171 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53172 -> 85.13.135.135:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.13.135.135:443 -> 192.168.168.219:53173 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53175 -> 66.96.147.96:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53176 -> 78.46.5.147:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.254.124.205:443 -> 192.168.168.219:53124 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53177 -> 77.111.240.235:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.111.240.235:443 -> 192.168.168.219:53178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53179 -> 87.98.154.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.98.154.146:443 -> 192.168.168.219:53180 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53181 -> 46.30.58.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.58.168:443 -> 192.168.168.219:53182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53183 -> 76.223.54.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53185 -> 198.185.159.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53187 -> 104.21.112.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53188 -> 31.31.196.191:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.31.196.191:443 -> 192.168.168.219:53189 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53190 -> 3.33.130.190:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53192 -> 195.201.31.84:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53194 -> 192.0.78.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.0.78.13:443 -> 192.168.168.219:53195 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53196 -> 81.169.145.105:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 81.169.145.105:443 -> 192.168.168.219:53197 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53198 -> 75.2.70.75:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 75.2.70.75:443 -> 192.168.168.219:53199 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53200 -> 46.182.213.140:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.182.213.140:443 -> 192.168.168.219:53201 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53202 -> 159.69.132.199:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 159.69.132.199:443 -> 192.168.168.219:53203 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53204 -> 192.0.78.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.0.78.13:443 -> 192.168.168.219:53205 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53206 -> 212.53.214.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.53.214.78:443 -> 192.168.168.219:53207 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53208 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53210 -> 46.30.215.102:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.215.102:443 -> 192.168.168.219:53211 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 70.32.23.61:443 -> 192.168.168.219:53136 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53212 -> 51.222.109.192:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.222.109.192:443 -> 192.168.168.219:53213 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53214 -> 212.90.148.124:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.90.148.124:443 -> 192.168.168.219:53215 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53216 -> 149.126.4.85:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53216 -> 149.126.4.85:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 149.126.4.85:443 -> 192.168.168.219:53216 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53217 -> 149.126.4.85:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53218 -> 104.152.168.206:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53218 -> 104.152.168.206:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53219 -> 104.152.168.206:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53220 -> 23.139.0.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53222 -> 165.227.40.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53223 -> 195.15.224.139:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.15.224.139:443 -> 192.168.168.219:53224 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53225 -> 64.23.250.26:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 64.23.250.26:443 -> 192.168.168.219:53226 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53227 -> 109.234.161.245:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.161.245:443 -> 192.168.168.219:53228 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53229 -> 209.17.116.160:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53231 -> 162.159.135.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53233 -> 31.7.7.155:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.7.7.155:443 -> 192.168.168.219:53234 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53235 -> 84.16.66.164:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 84.16.66.164:443 -> 192.168.168.219:53236 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53237 -> 15.197.225.128:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53239 -> 185.104.29.164:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.104.29.164:443 -> 192.168.168.219:53240 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53241 -> 157.173.216.22:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53241 -> 157.173.216.22:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53242 -> 157.173.216.22:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53243 -> 217.160.0.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.66:443 -> 192.168.168.219:53244 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 213.239.227.10:443 -> 192.168.168.219:53163 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 70.32.23.61:443 -> 192.168.168.219:53137 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 149.126.4.46:443 -> 192.168.168.219:53149 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53245 -> 85.10.140.71:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.140.71:443 -> 192.168.168.219:53246 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53247 -> 104.21.48.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.21.48.1:443 -> 192.168.168.219:53248 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53249 -> 109.234.161.218:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.161.218:443 -> 192.168.168.219:53250 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53251 -> 195.211.72.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.211.72.10:443 -> 192.168.168.219:53252 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53253 -> 185.151.30.181:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.151.30.181:443 -> 192.168.168.219:53254 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53255 -> 198.49.23.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53257 -> 83.166.128.63:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.204.209.21:443 -> 192.168.168.219:53115 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 91.207.205.11:443 -> 192.168.168.219:53166 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 83.166.128.63:443 -> 192.168.168.219:53258 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53259 -> 217.160.0.95:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.95:443 -> 192.168.168.219:53260 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53261 -> 185.204.218.56:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53261 -> 185.204.218.56:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.204.218.56:443 -> 192.168.168.219:53261 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53263 -> 185.243.11.125:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.243.11.125:443 -> 192.168.168.219:53264 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53265 -> 138.128.178.242:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53265 -> 138.128.178.242:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53266 -> 138.128.178.242:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53267 -> 52.71.222.18:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 52.71.222.18:443 -> 192.168.168.219:53268 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
UDP 192.168.168.219:53916 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 192.168.168.219:53270 -> 70.32.84.9:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53271 -> 104.21.47.18:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53272 -> 185.68.16.38:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.30.147.42:443 -> 192.168.168.219:53169 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 104.152.168.206:443 -> 192.168.168.219:53218 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 85.187.142.77:443 -> 192.168.168.219:53143 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53273 -> 109.95.157.137:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.126.4.85:443 -> 192.168.168.219:53217 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53274 -> 103.224.212.210:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.224.212.210:443 -> 192.168.168.219:53275 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53276 -> 5.61.249.144:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.61.249.144:443 -> 192.168.168.219:53277 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53278 -> 85.10.215.59:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.215.59:443 -> 192.168.168.219:53278 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.215.59:443 -> 192.168.168.219:53279 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53280 -> 54.241.91.134:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 54.241.91.134:443 -> 192.168.168.219:53281 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53282 -> 104.21.48.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53283 -> 85.236.63.4:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 91.207.205.11:443 -> 192.168.168.219:53167 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.204.218.56:443 -> 192.168.168.219:53262 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 157.173.216.22:443 -> 192.168.168.219:53242 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 103.30.147.42:443 -> 192.168.168.219:53168 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 85.236.63.4:443 -> 192.168.168.219:53284 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53285 -> 108.156.22.94:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 108.156.22.94:443 -> 192.168.168.219:53286 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53287 -> 85.10.159.49:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.49:443 -> 192.168.168.219:53287 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.49:443 -> 192.168.168.219:53288 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53290 -> 37.59.39.60:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 138.128.178.242:443 -> 192.168.168.219:53265 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53291 -> 104.18.25.153:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.25.153:443 -> 192.168.168.219:53292 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53295 -> 45.33.89.193:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.33.89.193:443 -> 192.168.168.219:53296 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53297 -> 109.234.167.98:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.167.98:443 -> 192.168.168.219:53298 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53299 -> 173.209.52.133:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53300 -> 213.158.90.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.158.90.67:443 -> 192.168.168.219:53301 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.223:443 -> 192.168.168.219:53302 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53302 -> 85.10.159.223:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.223:443 -> 192.168.168.219:53303 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53304 -> 15.197.225.128:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53306 -> 65.109.16.61:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53306 -> 65.109.16.61:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 65.109.16.61:443 -> 192.168.168.219:53306 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53307 -> 65.109.16.61:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53308 -> 84.16.66.164:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 84.16.66.164:443 -> 192.168.168.219:53309 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53310 -> 107.178.223.183:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53311 -> 104.21.95.183:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53312 -> 185.215.4.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.152.168.206:443 -> 192.168.168.219:53219 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53313 -> 185.95.24.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.95.24.111:443 -> 192.168.168.219:53314 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53315 -> 142.44.135.249:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 142.44.135.249:443 -> 192.168.168.219:53316 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53317 -> 136.144.164.218:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 136.144.164.218:443 -> 192.168.168.219:53318 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53320 -> 104.21.22.37:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 157.173.216.22:443 -> 192.168.168.219:53241 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53321 -> 162.159.135.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53323 -> 108.167.161.213:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 108.167.161.213:443 -> 192.168.168.219:53324 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53325 -> 185.21.40.19:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53325 -> 185.21.40.19:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.21.40.19:443 -> 192.168.168.219:53325 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53326 -> 185.21.40.19:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53327 -> 91.238.164.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53328 -> 83.166.138.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 83.166.138.21:443 -> 192.168.168.219:53329 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53330 -> 103.221.221.82:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53330 -> 103.221.221.82:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53331 -> 103.221.221.82:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53332 -> 93.119.0.141:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 93.119.0.141:443 -> 192.168.168.219:53333 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53334 -> 173.236.247.192:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 173.236.247.192:443 -> 192.168.168.219:53335 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53336 -> 178.79.185.209:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.168.219:55955 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 192.168.168.219:53337 -> 185.104.45.72:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53338 -> 46.28.0.144:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.28.0.144:443 -> 192.168.168.219:53339 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53340 -> 183.181.97.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 183.181.97.35:443 -> 192.168.168.219:53341 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53342 -> 50.62.181.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.62.181.13:443 -> 192.168.168.219:53343 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53344 -> 54.175.148.58:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53345 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53346 -> 109.203.117.183:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 138.128.178.242:443 -> 192.168.168.219:53266 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 109.203.117.183:443 -> 192.168.168.219:53347 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53348 -> 80.74.152.30:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 80.74.152.30:443 -> 192.168.168.219:53349 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53350 -> 104.21.18.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53351 -> 103.185.53.118:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53351 -> 103.185.53.118:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53352 -> 103.185.53.118:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53353 -> 178.62.235.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53294 -> 195.201.202.24:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 65.109.16.61:443 -> 192.168.168.219:53307 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53354 -> 194.8.253.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.8.253.233:443 -> 192.168.168.219:53355 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53356 -> 141.138.169.208:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.138.169.208:443 -> 192.168.168.219:53357 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53358 -> 46.59.102.201:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.21.40.19:443 -> 192.168.168.219:53326 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53359 -> 35.212.11.163:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.212.11.163:443 -> 192.168.168.219:53360 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53361 -> 46.101.88.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.101.88.142:443 -> 192.168.168.219:53362 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53363 -> 191.101.50.220:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53363 -> 191.101.50.220:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53364 -> 191.101.50.220:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53365 -> 54.38.241.151:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 54.38.241.151:443 -> 192.168.168.219:53366 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53367 -> 35.246.40.152:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.246.40.152:443 -> 192.168.168.219:53368 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53369 -> 35.214.158.106:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.214.158.106:443 -> 192.168.168.219:53370 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53371 -> 35.204.115.119:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.204.115.119:443 -> 192.168.168.219:53372 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53373 -> 5.79.100.182:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53374 -> 192.124.249.153:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.124.249.153:443 -> 192.168.168.219:53375 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53376 -> 198.49.23.144:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53378 -> 80.252.107.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 80.252.107.168:443 -> 192.168.168.219:53379 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53380 -> 91.195.240.94:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53382 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53383 -> 151.80.148.40:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.221.221.82:443 -> 192.168.168.219:53331 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53384 -> 23.236.62.147:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53386 -> 185.55.85.30:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53387 -> 195.35.41.81:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53387 -> 195.35.41.81:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53388 -> 195.35.41.81:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53319 -> 40.68.7.38:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53389 -> 139.162.195.126:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53390 -> 35.227.194.51:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.227.194.51:443 -> 192.168.168.219:53391 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53393 -> 74.208.236.75:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 74.208.236.75:443 -> 192.168.168.219:53394 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53395 -> 172.67.198.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53396 -> 35.215.83.253:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 191.101.50.220:443 -> 192.168.168.219:53363 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 35.215.83.253:443 -> 192.168.168.219:53397 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53398 -> 83.166.133.85:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 83.166.133.85:443 -> 192.168.168.219:53399 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53400 -> 146.59.209.127:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53401 -> 13.248.169.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53403 -> 70.32.23.90:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 70.32.23.90:443 -> 192.168.168.219:53404 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53405 -> 63.250.43.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 63.250.43.3:443 -> 192.168.168.219:53406 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53407 -> 165.227.207.223:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 165.227.207.223:443 -> 192.168.168.219:53408 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53409 -> 89.234.180.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.234.180.48:443 -> 192.168.168.219:53410 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53411 -> 109.234.162.115:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.162.115:443 -> 192.168.168.219:53412 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53413 -> 155.138.135.247:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53416 -> 116.202.108.184:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53418 -> 213.186.33.18:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.186.33.18:443 -> 192.168.168.219:53419 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53420 -> 87.98.159.160:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.98.159.160:443 -> 192.168.168.219:53421 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53422 -> 37.9.175.180:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.9.175.180:443 -> 192.168.168.219:53423 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53424 -> 138.197.17.80:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 138.197.17.80:443 -> 192.168.168.219:53425 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53426 -> 104.21.0.108:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.221.221.82:443 -> 192.168.168.219:53330 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 191.101.50.220:443 -> 192.168.168.219:53364 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53427 -> 213.133.104.49:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.133.104.49:443 -> 192.168.168.219:53427 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 213.133.104.49:443 -> 192.168.168.219:53428 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53429 -> 72.52.178.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 72.52.178.23:443 -> 192.168.168.219:53430 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53431 -> 173.254.106.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 173.254.106.233:443 -> 192.168.168.219:53432 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53433 -> 78.40.9.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 78.40.9.66:443 -> 192.168.168.219:53434 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53435 -> 172.66.40.208:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53437 -> 151.101.66.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53439 -> 37.34.48.68:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.34.48.68:443 -> 192.168.168.219:53440 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53442 -> 104.21.42.151:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53443 -> 3.164.230.26:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 3.164.230.26:443 -> 192.168.168.219:53444 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53445 -> 185.248.196.24:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53445 -> 185.248.196.24:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.248.196.24:443 -> 192.168.168.219:53445 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53446 -> 185.248.196.24:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53447 -> 192.124.249.155:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.124.249.155:443 -> 192.168.168.219:53448 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53449 -> 84.16.76.230:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 84.16.76.230:443 -> 192.168.168.219:53450 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53451 -> 50.62.174.80:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.62.174.80:443 -> 192.168.168.219:53452 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53453 -> 185.103.16.141:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53453 -> 185.103.16.141:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.103.16.141:443 -> 192.168.168.219:53453 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53454 -> 185.103.16.141:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53455 -> 149.126.4.26:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53455 -> 149.126.4.26:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.126.4.26:443 -> 192.168.168.219:53455 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53456 -> 149.126.4.26:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53457 -> 34.120.137.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.120.137.41:443 -> 192.168.168.219:53458 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53459 -> 5.175.14.108:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.175.14.108:443 -> 192.168.168.219:53460 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53461 -> 85.214.159.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53462 -> 46.105.91.191:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.185.53.118:443 -> 192.168.168.219:53351 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 103.185.53.118:443 -> 192.168.168.219:53352 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 195.35.41.81:443 -> 192.168.168.219:53387 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53463 -> 92.53.96.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.53.96.146:443 -> 192.168.168.219:53464 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53465 -> 185.151.30.205:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.151.30.205:443 -> 192.168.168.219:53466 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53468 -> 89.106.200.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53470 -> 131.111.179.82:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 131.111.179.82:443 -> 192.168.168.219:53471 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53472 -> 162.214.64.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.214.64.120:443 -> 192.168.168.219:53473 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53474 -> 193.228.90.152:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 193.228.90.152:443 -> 192.168.168.219:53475 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53476 -> 3.33.251.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53478 -> 173.231.220.177:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53479 -> 172.67.134.30:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53480 -> 151.101.130.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.35.41.81:443 -> 192.168.168.219:53388 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53482 -> 185.84.28.33:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.84.28.33:443 -> 192.168.168.219:53483 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53484 -> 68.66.226.89:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53484 -> 68.66.226.89:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53485 -> 68.66.226.89:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53486 -> 5.148.169.160:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.148.169.160:443 -> 192.168.168.219:53487 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53488 -> 88.198.132.41:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53488 -> 88.198.132.41:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 88.198.132.41:443 -> 192.168.168.219:53488 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53489 -> 88.198.132.41:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53490 -> 67.227.229.191:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53491 -> 100.24.208.97:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53493 -> 188.165.87.199:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 188.165.87.199:443 -> 192.168.168.219:53494 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53495 -> 85.10.159.87:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.87:443 -> 192.168.168.219:53495 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.87:443 -> 192.168.168.219:53496 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53497 -> 34.105.52.37:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.105.52.37:443 -> 192.168.168.219:53498 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53499 -> 176.31.91.53:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 176.31.91.53:443 -> 192.168.168.219:53500 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53501 -> 185.215.4.12:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53502 -> 13.248.213.45:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53504 -> 85.214.125.43:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.214.125.43:443 -> 192.168.168.219:53505 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53506 -> 85.92.72.56:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53506 -> 85.92.72.56:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 85.92.72.56:443 -> 192.168.168.219:53506 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53507 -> 85.92.72.56:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53508 -> 213.186.33.50:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.186.33.50:443 -> 192.168.168.219:53509 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53510 -> 142.93.178.74:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53512 -> 159.203.58.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 159.203.58.121:443 -> 192.168.168.219:53513 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53514 -> 31.7.1.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.7.1.48:443 -> 192.168.168.219:53515 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53516 -> 185.23.117.77:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53516 -> 185.23.117.77:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53517 -> 185.23.117.77:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53518 -> 208.73.140.70:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 208.73.140.70:443 -> 192.168.168.219:53519 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53520 -> 209.87.158.47:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 209.87.158.47:443 -> 192.168.168.219:53521 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53522 -> 141.94.228.153:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.94.228.153:443 -> 192.168.168.219:53523 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53524 -> 147.135.162.28:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 147.135.162.28:443 -> 192.168.168.219:53525 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53526 -> 217.26.51.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.26.51.78:443 -> 192.168.168.219:53527 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53528 -> 95.215.226.251:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53528 -> 95.215.226.251:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 95.215.226.251:443 -> 192.168.168.219:53528 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53530 -> 35.199.161.130:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53530 -> 35.199.161.130:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53531 -> 35.199.161.130:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53532 -> 35.214.216.103:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.214.216.103:443 -> 192.168.168.219:53533 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53534 -> 172.67.134.76:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53535 -> 160.153.0.174:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 160.153.0.174:443 -> 192.168.168.219:53536 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53537 -> 77.111.240.151:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.111.240.151:443 -> 192.168.168.219:53538 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53539 -> 104.26.12.244:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.26.12.244:443 -> 192.168.168.219:53540 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53541 -> 83.150.213.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53541 -> 83.150.213.66:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 83.150.213.66:443 -> 192.168.168.219:53541 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53542 -> 83.150.213.66:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53543 -> 213.160.71.62:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.160.71.62:443 -> 192.168.168.219:53544 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53545 -> 92.205.180.7:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.168.219:57325 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 192.168.168.219:53546 -> 185.68.16.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53547 -> 172.67.68.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 68.66.226.89:443 -> 192.168.168.219:53484 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53548 -> 84.38.188.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.126.4.26:443 -> 192.168.168.219:53456 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.103.16.141:443 -> 192.168.168.219:53454 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53549 -> 162.159.135.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53551 -> 177.234.144.114:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53551 -> 177.234.144.114:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53552 -> 177.234.144.114:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 68.66.226.89:443 -> 192.168.168.219:53485 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.248.196.24:443 -> 192.168.168.219:53446 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53553 -> 185.53.177.54:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53555 -> 46.30.213.137:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.213.137:443 -> 192.168.168.219:53556 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53557 -> 44.229.70.187:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53559 -> 212.14.16.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53560 -> 212.14.16.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.23.117.77:443 -> 192.168.168.219:53516 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 35.199.161.130:443 -> 192.168.168.219:53530 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 88.198.132.41:443 -> 192.168.168.219:53489 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53561 -> 212.172.54.148:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53562 -> 134.0.10.32:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 134.0.10.32:443 -> 192.168.168.219:53563 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53564 -> 212.95.45.175:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53565 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53566 -> 162.159.134.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53568 -> 64.225.88.114:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 64.225.88.114:443 -> 192.168.168.219:53569 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53570 -> 212.53.215.209:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.53.215.209:443 -> 192.168.168.219:53571 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53572 -> 87.230.47.47:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.230.47.47:443 -> 192.168.168.219:53573 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53575 -> 185.21.41.51:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53575 -> 185.21.41.51:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.23.117.77:443 -> 192.168.168.219:53517 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.21.41.51:443 -> 192.168.168.219:53575 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53576 -> 185.21.41.51:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53577 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53578 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53579 -> 192.0.78.12:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.0.78.12:443 -> 192.168.168.219:53580 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53581 -> 104.21.66.156:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53582 -> 3.33.130.190:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53584 -> 217.160.0.164:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.164:443 -> 192.168.168.219:53585 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 95.215.226.251:443 -> 192.168.168.219:53529 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53586 -> 23.128.160.140:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 23.128.160.140:443 -> 192.168.168.219:53587 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53588 -> 198.49.23.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53590 -> 81.169.145.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 81.169.145.159:443 -> 192.168.168.219:53591 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53592 -> 185.26.156.234:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.26.156.234:443 -> 192.168.168.219:53593 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53594 -> 195.182.210.190:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53595 -> 50.87.236.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.87.236.3:443 -> 192.168.168.219:53596 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53597 -> 185.253.212.22:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.253.212.22:443 -> 192.168.168.219:53598 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53599 -> 76.223.54.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53602 -> 37.218.254.106:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 177.234.144.114:443 -> 192.168.168.219:53552 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53603 -> 64.182.230.170:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 64.182.230.170:443 -> 192.168.168.219:53604 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53605 -> 212.237.249.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.237.249.17:443 -> 192.168.168.219:53606 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53607 -> 3.215.252.39:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 3.215.252.39:443 -> 192.168.168.219:53608 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53609 -> 141.193.213.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.193.213.10:443 -> 192.168.168.219:53610 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53611 -> 192.124.249.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.124.249.14:443 -> 192.168.168.219:53612 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53613 -> 167.71.72.208:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 167.71.72.208:443 -> 192.168.168.219:53614 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 83.150.213.66:443 -> 192.168.168.219:53542 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 35.199.161.130:443 -> 192.168.168.219:53531 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 177.234.144.114:443 -> 192.168.168.219:53551 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 85.92.72.56:443 -> 192.168.168.219:53507 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53615 -> 31.31.196.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.31.196.17:443 -> 192.168.168.219:53616 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53617 -> 141.138.169.238:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.138.169.238:443 -> 192.168.168.219:53618 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53620 -> 50.87.253.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.87.253.14:443 -> 192.168.168.219:53621 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53622 -> 213.186.33.19:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.186.33.19:443 -> 192.168.168.219:53623 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53624 -> 185.224.18.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.224.18.200:443 -> 192.168.168.219:53625 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53626 -> 31.217.192.121:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53626 -> 31.217.192.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.217.192.121:443 -> 192.168.168.219:53626 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53627 -> 31.217.192.121:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53628 -> 164.132.235.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 164.132.235.17:443 -> 192.168.168.219:53629 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53630 -> 217.160.0.156:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.156:443 -> 192.168.168.219:53631 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53632 -> 106.0.62.83:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53632 -> 106.0.62.83:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53633 -> 106.0.62.83:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53634 -> 23.185.0.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53636 -> 69.87.221.76:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53637 -> 23.185.0.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53641 -> 3.230.57.114:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53642 -> 109.234.162.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.234.162.200:443 -> 192.168.168.219:53643 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53644 -> 141.95.251.157:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.95.251.157:443 -> 192.168.168.219:53645 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53647 -> 160.153.0.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 160.153.0.131:443 -> 192.168.168.219:53648 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53649 -> 100.24.208.97:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53651 -> 92.205.64.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.205.64.111:443 -> 192.168.168.219:53652 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53653 -> 141.138.169.205:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.138.169.205:443 -> 192.168.168.219:53654 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53655 -> 5.39.65.179:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.39.65.179:443 -> 192.168.168.219:53656 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53658 -> 195.201.166.254:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 195.201.166.254:443 -> 192.168.168.219:53659 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53660 -> 76.223.54.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53662 -> 185.135.241.6:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.135.241.6:443 -> 192.168.168.219:53663 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53664 -> 69.167.187.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 69.167.187.17:443 -> 192.168.168.219:53665 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53666 -> 91.108.123.176:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53668 -> 172.66.0.96:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.66.0.96:443 -> 192.168.168.219:53669 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53670 -> 37.128.144.87:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.128.144.87:443 -> 192.168.168.219:53671 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53672 -> 88.99.121.253:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 88.99.121.253:443 -> 192.168.168.219:53673 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53674 -> 99.83.190.102:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 99.83.190.102:443 -> 192.168.168.219:53675 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53676 -> 81.169.145.93:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 81.169.145.93:443 -> 192.168.168.219:53677 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53678 -> 87.98.154.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 87.98.154.146:443 -> 192.168.168.219:53679 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53680 -> 34.88.171.89:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.88.171.89:443 -> 192.168.168.219:53681 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53682 -> 64.90.39.237:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 64.90.39.237:443 -> 192.168.168.219:53683 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53684 -> 86.38.217.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 86.38.217.66:443 -> 192.168.168.219:53685 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53686 -> 194.147.222.95:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.147.222.95:443 -> 192.168.168.219:53687 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.78:443 -> 192.168.168.219:53688 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53688 -> 85.10.159.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.78:443 -> 192.168.168.219:53689 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53690 -> 37.97.218.27:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.97.218.27:443 -> 192.168.168.219:53691 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53692 -> 92.112.189.200:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53692 -> 92.112.189.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53693 -> 92.112.189.200:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53694 -> 192.250.234.56:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53694 -> 192.250.234.56:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.250.234.56:443 -> 192.168.168.219:53694 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53695 -> 192.250.234.56:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53696 -> 185.151.30.221:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.151.30.221:443 -> 192.168.168.219:53697 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53698 -> 151.80.85.98:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 151.80.85.98:443 -> 192.168.168.219:53699 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53700 -> 46.30.215.0:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.215.0:443 -> 192.168.168.219:53701 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53702 -> 104.21.5.43:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53703 -> 160.153.0.177:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 160.153.0.177:443 -> 192.168.168.219:53704 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53705 -> 3.33.130.190:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53708 -> 197.221.14.44:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 197.221.14.44:443 -> 192.168.168.219:53709 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53710 -> 172.67.200.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53711 -> 162.244.80.155:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.244.80.155:443 -> 192.168.168.219:53712 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53713 -> 151.101.130.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53715 -> 162.243.44.16:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53717 -> 104.18.4.83:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53718 -> 172.64.144.71:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.64.144.71:443 -> 192.168.168.219:53719 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 106.0.62.83:443 -> 192.168.168.219:53633 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.21.41.51:443 -> 192.168.168.219:53576 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53720 -> 109.237.132.56:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 109.237.132.56:443 -> 192.168.168.219:53721 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53722 -> 184.154.118.34:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53722 -> 184.154.118.34:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53723 -> 184.154.118.34:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53724 -> 192.185.114.80:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.185.114.80:443 -> 192.168.168.219:53725 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53726 -> 149.202.215.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.202.215.17:443 -> 192.168.168.219:53727 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53728 -> 20.123.133.52:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 20.123.133.52:443 -> 192.168.168.219:53729 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53730 -> 156.67.234.11:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.67.234.11:443 -> 192.168.168.219:53731 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 31.217.192.121:443 -> 192.168.168.219:53627 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53732 -> 103.82.64.71:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53733 -> 15.161.115.44:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 15.161.115.44:443 -> 192.168.168.219:53734 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53735 -> 185.210.94.214:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.112.189.200:443 -> 192.168.168.219:53693 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53601 -> 45.162.229.46:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53736 -> 3.33.130.190:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53739 -> 178.77.83.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 178.77.83.248:443 -> 192.168.168.219:53740 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53741 -> 162.241.224.71:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.224.71:443 -> 192.168.168.219:53742 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
UDP 192.168.168.219:58607 -> 8.8.8.8:53 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related Potentially Bad Traffic
TCP 192.168.168.219:53743 -> 54.38.34.173:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 54.38.34.173:443 -> 192.168.168.219:53744 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53745 -> 157.7.107.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 157.7.107.67:443 -> 192.168.168.219:53746 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53747 -> 67.225.210.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 67.225.210.142:443 -> 192.168.168.219:53748 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53749 -> 104.17.127.5:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.17.127.5:443 -> 192.168.168.219:53750 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53751 -> 104.21.30.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.21.30.212:443 -> 192.168.168.219:53752 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.132:443 -> 192.168.168.219:53753 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53753 -> 85.10.159.132:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.132:443 -> 192.168.168.219:53754 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53755 -> 35.214.199.90:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.214.199.90:443 -> 192.168.168.219:53756 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53757 -> 75.151.98.76:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 75.151.98.76:443 -> 192.168.168.219:53758 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53759 -> 213.133.110.239:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53759 -> 213.133.110.239:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 106.0.62.83:443 -> 192.168.168.219:53632 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.133.110.239:443 -> 192.168.168.219:53759 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53760 -> 213.133.110.239:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53761 -> 141.193.213.20:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53763 -> 92.53.96.12:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.53.96.12:443 -> 192.168.168.219:53764 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53765 -> 172.67.192.62:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53766 -> 146.255.171.169:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 146.255.171.169:443 -> 192.168.168.219:53767 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53768 -> 103.224.182.253:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.224.182.253:443 -> 192.168.168.219:53769 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53772 -> 217.160.0.205:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.205:443 -> 192.168.168.219:53773 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 184.154.118.34:443 -> 192.168.168.219:53723 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53774 -> 172.67.193.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53775 -> 185.230.63.107:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53777 -> 141.138.169.215:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.138.169.215:443 -> 192.168.168.219:53778 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53779 -> 140.83.34.244:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53779 -> 140.83.34.244:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53780 -> 140.83.34.244:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
UDP 192.168.168.219:50507 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) Misc activity
TCP 192.168.168.219:53782 -> 77.87.194.179:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.87.194.179:443 -> 192.168.168.219:53782 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 77.87.194.179:443 -> 192.168.168.219:53783 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53784 -> 76.223.25.50:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53786 -> 172.67.216.166:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53787 -> 172.67.216.166:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53788 -> 151.101.130.159:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53790 -> 83.138.86.102:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 83.138.86.102:443 -> 192.168.168.219:53791 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53792 -> 31.217.192.177:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53792 -> 31.217.192.177:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.217.192.177:443 -> 192.168.168.219:53792 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53793 -> 31.217.192.177:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53794 -> 104.21.49.88:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53795 -> 20.211.217.25:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 20.211.217.25:443 -> 192.168.168.219:53796 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53797 -> 62.108.32.132:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 62.108.32.132:443 -> 192.168.168.219:53798 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53799 -> 194.147.58.175:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.147.58.175:443 -> 192.168.168.219:53800 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53801 -> 185.221.38.106:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.221.38.106:443 -> 192.168.168.219:53802 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53803 -> 103.57.223.7:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53804 -> 103.57.223.7:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53805 -> 46.30.211.38:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 46.30.211.38:443 -> 192.168.168.219:53806 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53807 -> 217.160.0.51:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.51:443 -> 192.168.168.219:53808 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 92.112.189.200:443 -> 192.168.168.219:53692 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53809 -> 213.154.226.57:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.154.226.57:443 -> 192.168.168.219:53810 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53811 -> 85.10.159.84:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 85.10.159.84:443 -> 192.168.168.219:53811 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 85.10.159.84:443 -> 192.168.168.219:53812 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53813 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53814 -> 37.140.192.156:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 37.140.192.156:443 -> 192.168.168.219:53815 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53816 -> 5.161.88.57:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.161.88.57:443 -> 192.168.168.219:53817 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.250.234.56:443 -> 192.168.168.219:53695 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53818 -> 5.9.36.122:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.168.219:60681 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.219:60681 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
TCP 192.168.168.219:53819 -> 45.40.149.92:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 45.40.149.92:443 -> 192.168.168.219:53820 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53821 -> 159.203.189.81:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 159.203.189.81:443 -> 192.168.168.219:53822 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup) Not Suspicious Traffic
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup) Not Suspicious Traffic
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup) Not Suspicious Traffic
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup) Not Suspicious Traffic
TCP 192.168.168.219:53823 -> 107.178.223.183:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53825 -> 66.185.26.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 66.185.26.120:443 -> 192.168.168.219:53826 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53827 -> 193.30.110.118:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53829 -> 172.67.173.224:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 184.154.118.34:443 -> 192.168.168.219:53722 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53830 -> 185.189.49.45:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53830 -> 185.189.49.45:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.189.49.45:443 -> 192.168.168.219:53830 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53831 -> 185.189.49.45:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53832 -> 141.193.213.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.193.213.10:443 -> 192.168.168.219:53833 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53834 -> 5.196.51.243:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.196.51.243:443 -> 192.168.168.219:53835 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53836 -> 185.55.85.6:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53837 -> 104.21.85.217:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53707 -> 92.43.216.137:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53838 -> 162.241.217.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.217.111:443 -> 192.168.168.219:53839 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53840 -> 162.241.230.224:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 162.241.230.224:443 -> 192.168.168.219:53841 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53842 -> 160.153.0.192:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 160.153.0.192:443 -> 192.168.168.219:53843 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53844 -> 192.0.78.13:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 140.83.34.244:443 -> 192.168.168.219:53779 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.0.78.13:443 -> 192.168.168.219:53845 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53846 -> 92.205.48.46:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.205.48.46:443 -> 192.168.168.219:53847 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53848 -> 160.153.0.146:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 160.153.0.146:443 -> 192.168.168.219:53849 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53850 -> 217.160.0.193:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.160.0.193:443 -> 192.168.168.219:53851 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53852 -> 184.154.118.34:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53852 -> 184.154.118.34:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53853 -> 184.154.118.34:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53854 -> 92.63.172.245:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.63.172.245:443 -> 192.168.168.219:53855 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53856 -> 76.223.21.241:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 76.223.21.241:443 -> 192.168.168.219:53857 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53858 -> 208.90.215.75:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 213.133.110.239:443 -> 192.168.168.219:53760 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 208.90.215.75:443 -> 192.168.168.219:53859 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53860 -> 188.246.227.29:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 188.246.227.29:443 -> 192.168.168.219:53861 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53862 -> 93.191.156.76:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 93.191.156.76:443 -> 192.168.168.219:53863 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53864 -> 38.17.20.28:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 38.17.20.28:443 -> 192.168.168.219:53865 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53866 -> 77.240.19.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.240.19.23:443 -> 192.168.168.219:53867 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53869 -> 81.88.52.207:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.217.192.177:443 -> 192.168.168.219:53793 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53870 -> 162.159.134.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53872 -> 199.102.46.200:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53872 -> 199.102.46.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53874 -> 138.201.61.68:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53874 -> 138.201.61.68:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 138.201.61.68:443 -> 192.168.168.219:53874 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53875 -> 138.201.61.68:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53876 -> 31.217.192.232:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53876 -> 31.217.192.232:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 31.217.192.232:443 -> 192.168.168.219:53876 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53877 -> 31.217.192.232:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53878 -> 217.11.48.156:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.11.48.156:443 -> 192.168.168.219:53879 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53880 -> 194.56.189.177:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.56.189.177:443 -> 192.168.168.219:53881 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53882 -> 188.114.96.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53884 -> 35.213.151.161:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.213.151.161:443 -> 192.168.168.219:53885 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53886 -> 194.9.168.20:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 194.9.168.20:443 -> 192.168.168.219:53887 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53888 -> 18.206.50.87:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 18.206.50.87:443 -> 192.168.168.219:53889 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53890 -> 213.130.145.66:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53890 -> 213.130.145.66:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 213.130.145.66:443 -> 192.168.168.219:53890 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53891 -> 213.130.145.66:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 140.83.34.244:443 -> 192.168.168.219:53780 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53892 -> 185.30.32.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.30.32.35:443 -> 192.168.168.219:53893 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53894 -> 162.212.130.27:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53895 -> 94.23.68.215:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.23.68.215:443 -> 192.168.168.219:53896 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53897 -> 35.212.113.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.212.113.200:443 -> 192.168.168.219:53898 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 184.154.118.34:443 -> 192.168.168.219:53852 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53899 -> 173.236.161.27:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 173.236.161.27:443 -> 192.168.168.219:53900 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53901 -> 134.209.129.254:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53902 -> 212.83.179.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 212.83.179.212:443 -> 192.168.168.219:53903 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53904 -> 13.248.169.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53906 -> 185.53.177.31:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53908 -> 141.193.213.10:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 141.193.213.10:443 -> 192.168.168.219:53909 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53910 -> 178.32.103.228:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53911 -> 185.206.180.167:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.206.180.167:443 -> 192.168.168.219:53912 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53913 -> 94.23.87.17:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.23.87.17:443 -> 192.168.168.219:53914 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53915 -> 185.15.78.186:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53916 -> 64.62.236.141:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 64.62.236.141:443 -> 192.168.168.219:53917 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53918 -> 107.180.0.87:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 107.180.0.87:443 -> 192.168.168.219:53919 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 103.57.223.7:443 -> 192.168.168.219:53803 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 138.201.61.68:443 -> 192.168.168.219:53875 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 103.57.223.7:443 -> 192.168.168.219:53804 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53920 -> 104.155.138.21:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53921 -> 205.251.139.139:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 205.251.139.139:443 -> 192.168.168.219:53922 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53923 -> 185.30.32.128:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.30.32.128:443 -> 192.168.168.219:53924 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53925 -> 67.205.4.85:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 67.205.4.85:443 -> 192.168.168.219:53926 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53927 -> 62.138.184.187:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 62.138.184.187:443 -> 192.168.168.219:53928 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53929 -> 92.53.96.111:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.53.96.111:443 -> 192.168.168.219:53930 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53931 -> 50.6.152.250:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 50.6.152.250:443 -> 192.168.168.219:53932 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53933 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53934 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53935 -> 188.114.97.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53937 -> 35.212.31.247:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.212.31.247:443 -> 192.168.168.219:53938 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53939 -> 89.31.143.90:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.31.143.90:443 -> 192.168.168.219:53940 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 178.254.10.205:443 -> 192.168.168.219:53941 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53941 -> 178.254.10.205:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 178.254.10.205:443 -> 192.168.168.219:53942 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 213.130.145.66:443 -> 192.168.168.219:53891 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 185.189.49.45:443 -> 192.168.168.219:53831 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53943 -> 162.159.135.42:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53945 -> 103.250.233.210:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 103.250.233.210:443 -> 192.168.168.219:53946 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53947 -> 199.59.243.227:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53950 -> 94.237.44.145:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53950 -> 94.237.44.145:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 94.237.44.145:443 -> 192.168.168.219:53950 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53951 -> 94.237.44.145:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53952 -> 185.161.140.75:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.161.140.75:443 -> 192.168.168.219:53953 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53954 -> 35.213.132.85:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 35.213.132.85:443 -> 192.168.168.219:53955 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53956 -> 3.33.251.168:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53960 -> 92.205.49.164:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 92.205.49.164:443 -> 192.168.168.219:53961 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.168.219:53962 -> 78.46.10.177:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.219:53964 -> 104.21.35.140:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 184.154.118.34:443 -> 192.168.168.219:53853 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 199.102.46.200:443 -> 192.168.168.219:53872 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 31.217.192.232:443 -> 192.168.168.219:53877 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 199.102.46.200:443 -> 192.168.168.219:53873 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.168.219:53958 -> 34.205.187.212:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.237.44.145:443 -> 192.168.168.219:53951 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.168.219:52447
78.46.1.42:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2 CN=g2mediainc.com 84:1e:62:5b:15:4c:ec:59:2f:28:20:69:5b:86:af:de:51:e8:59:d0
TLSv1
192.168.168.219:52451
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=vipcarrental.ae f9:89:e8:8d:77:88:99:c0:82:12:76:86:fc:99:30:22:10:d5:8f:48
TLSv1
192.168.168.219:52471
91.225.81.9:443 		C=US, O=Let's Encrypt, CN=R11 CN=11.in.ua eb:07:76:7e:99:ee:a2:71:6e:0b:21:d0:cb:02:da:19:84:c4:8b:7f
TLSv1
192.168.168.219:52477
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=scotlandsroute66.co.uk 0a:c8:07:9d:78:cb:33:a5:84:1f:ac:bd:0c:d1:2a:f8:8a:18:54:39
TLSv1
192.168.168.219:52491
104.155.138.21:443 		3c:41:e8:50:27:cc:34:d0:a7:71:ee:b8:72:33:63:a3:1f:31:0a:ef
TLSv1
192.168.168.219:52509
176.31.163.21:443 		C=US, O=Let's Encrypt, CN=R10 CN=diverfiestas.com.es d7:fc:d4:4f:0b:c8:52:f5:b0:03:79:13:00:6c:0a:35:cc:85:05:f4
TLSv1
192.168.168.219:52514
104.21.48.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=mbuildinghomes.com a6:13:8a:e0:7d:66:43:ff:ed:4a:4a:9b:8c:99:74:db:c8:b6:7b:56
TLSv1
192.168.168.219:52515
104.21.21.241:443 		C=US, O=Google Trust Services, CN=WE1 CN=citiscapes-art.com 91:a7:24:35:2c:b0:ed:3b:ad:5b:0a:6d:38:4e:e7:51:bb:13:8d:fd
TLSv1
192.168.168.219:52547
82.98.154.79:443 		C=US, O=Let's Encrypt, CN=R11 CN=smartmind.net 48:6d:8f:a0:56:de:f2:6f:51:e3:07:39:61:c3:be:1f:f8:26:ab:30
TLSv1
192.168.168.219:52552
104.21.44.61:443 		C=US, O=Google Trust Services, CN=WE1 CN=rvside.com 58:fe:8c:4c:b0:f4:64:9e:81:57:14:7c:b2:81:71:57:1d:a4:e2:f4
TLSv1
192.168.168.219:52557
51.15.236.35:443 		C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 CN=www.welovecustomers.fr 16:3b:bf:32:e9:6e:85:4f:51:0f:b4:0d:1a:65:b5:bd:52:67:ce:b0
TLSv1
192.168.168.219:52581
104.18.127.49:443 		C=US, O=Google Trust Services, CN=WR1 CN=billyoart.com 6c:29:4f:6c:0f:2a:2c:dd:13:58:10:de:69:6c:2d:84:7a:c3:31:18
TLSv1
192.168.168.219:52582
138.197.111.104:443 		C=US, O=Let's Encrypt, CN=R10 CN=patriotcleaning.net 1a:8d:17:4a:e3:df:bd:6b:1c:bc:9b:a5:ab:15:41:d7:d0:cb:fc:ad
TLSv1
192.168.168.219:52597
149.202.147.248:443 		C=US, O=Let's Encrypt, CN=R10 CN=hoteltantra.com 94:ac:f2:84:f9:76:1d:e1:03:d1:a8:42:72:59:bf:32:4a:dc:25:e9
TLSv1
192.168.168.219:52610
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=brownswoodblog.com aa:5a:9e:e4:38:d0:a8:49:c6:8a:8d:8c:49:c7:6c:e0:a2:92:c2:94
TLSv1
192.168.168.219:52613
178.173.12.6:443 		C=US, O=Let's Encrypt, CN=R10 CN=mneti.ru 5d:18:7e:30:3b:65:01:bd:84:73:e7:3a:fe:7a:58:bf:67:1b:87:fd
TLSv1
192.168.168.219:52615
185.60.135.196:443 		C=US, O=Let's Encrypt, CN=R10 CN=levencovka.ru e6:71:2f:d3:3d:21:19:9a:4a:03:b7:cc:46:b9:52:e4:1d:51:19:84
TLSv1
192.168.168.219:52618
172.67.132.175:443 		C=US, O=Google Trust Services, CN=WE1 CN=p-ride.live a7:12:17:64:eb:25:6e:c4:ba:b8:f3:c3:a4:18:8e:4b:84:5c:e2:00
TLSv1
192.168.168.219:52673
104.21.14.40:443 		C=US, O=Google Trust Services, CN=WE1 CN=xtensifi.com fb:b1:11:b8:57:84:70:29:87:ac:2c:f8:97:7c:8c:f9:3c:e0:35:9c
TLSv1
192.168.168.219:52680
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=startuplive.org 0d:db:70:e2:af:45:2e:80:21:7e:38:8a:f5:4a:e0:0f:75:e6:11:ad
TLSv1
192.168.168.219:52687
104.21.24.104:443 		C=US, O=Google Trust Services, CN=WE1 CN=harleystreetspineclinic.com 21:9d:37:9c:33:05:b0:b4:43:a4:e7:95:4f:c9:f1:00:79:a6:53:6f
TLSv1
192.168.168.219:52688
172.67.218.81:443 		C=US, O=Google Trust Services, CN=WE1 CN=harleystreetspineclinic.com 21:9d:37:9c:33:05:b0:b4:43:a4:e7:95:4f:c9:f1:00:79:a6:53:6f
TLSv1
192.168.168.219:52697
104.21.85.80:443 		C=US, O=Google Trust Services, CN=WE1 CN=digitale-elite.de e9:b5:ca:ba:75:b4:ee:b7:4c:74:99:8c:81:ce:b1:23:fc:d0:7b:98
TLSv1
192.168.168.219:52698
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=digitale-elite.com 7b:74:b7:09:b3:d6:6f:77:21:43:fc:aa:b1:b4:f9:0a:29:cd:95:3d
TLSv1
192.168.168.219:52708
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=mikegoodfellow.co.uk 28:d6:34:90:e7:f4:76:4e:83:62:16:d8:e6:ff:b3:09:b5:f9:e2:d0
TLSv1
192.168.168.219:52717
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=aslog.fr 94:97:c3:31:be:78:6b:62:39:86:cd:b2:5e:84:54:2f:bc:9b:38:a9
TLSv1
192.168.168.219:52718
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=aslog.fr 94:97:c3:31:be:78:6b:62:39:86:cd:b2:5e:84:54:2f:bc:9b:38:a9
TLSv1
192.168.168.219:52723
104.155.138.21:443 		e2:e0:15:c2:df:a0:e5:ce:73:2f:89:01:ae:ba:87:b2:f3:8c:0e:ba
TLSv1
192.168.168.219:52724
194.249.231.96:443 		C=US, O=Let's Encrypt, CN=R11 CN=www.elex.is 63:66:3c:87:7f:55:cc:b3:ef:8b:7a:3a:a9:a9:d8:e8:02:76:91:a3
TLSv1
192.168.168.219:52726
104.18.19.126:443 		C=US, O=Let's Encrypt, CN=R11 CN=mike.matthies.de 39:e3:95:83:8e:ca:3b:d3:b3:d4:b9:33:04:3c:ae:55:cb:c6:fd:09
TLSv1
192.168.168.219:52734
136.243.123.152:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2 CN=signamedia.de e3:07:bd:ba:ad:29:7c:a2:c3:b2:d4:8a:ed:5a:44:93:0b:47:af:fd
TLSv1
192.168.168.219:52753
94.46.169.84:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R6 AlphaSSL CA 2023 CN=www.globalskills.pt c2:19:4d:74:5e:3f:81:02:e9:61:bf:df:24:b1:0f:77:4f:78:63:be
TLSv1
192.168.168.219:52761
86.110.194.157:443 		C=US, O=Let's Encrypt, CN=R10 CN=koncept-m.ru 5f:c1:89:41:3c:3e:96:06:6b:a8:d1:10:e4:31:70:46:31:9d:bb:c8
TLSv1
192.168.168.219:52765
104.21.64.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=altitudeboise.com 16:4d:9e:58:d9:20:e0:83:ac:ba:9b:f1:ac:48:c2:50:00:a8:f2:25
TLSv1
192.168.168.219:52766
104.26.0.120:443 		C=US, O=Google Trust Services, CN=WR1 CN=altitudetrampolinepark.com 64:71:03:4e:73:60:a6:93:4d:10:fc:7a:e9:49:a8:32:c8:0b:f8:92
TLSv1
192.168.168.219:52767
104.26.0.120:443 		C=US, O=Google Trust Services, CN=WR1 CN=altitudetrampolinepark.com 64:71:03:4e:73:60:a6:93:4d:10:fc:7a:e9:49:a8:32:c8:0b:f8:92
TLSv1
192.168.168.219:52770
35.179.36.215:443 		C=US, O=Let's Encrypt, CN=R10 CN=rhino-turf.com f6:1a:e8:fe:17:ed:b9:40:fd:7d:13:0f:b4:4c:82:9c:d6:0c:aa:43
TLSv1
192.168.168.219:52777
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=netadultere.fr 7f:95:be:5c:8b:f1:2e:bb:1b:4c:d3:80:fe:14:b6:3f:b6:41:03:00
TLSv1
192.168.168.219:52792
108.167.164.84:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=*.hostgator.com 57:f6:e3:70:c1:b5:6c:31:71:35:51:c3:83:a6:48:3f:d7:0b:3c:1a
TLSv1
192.168.168.219:52793
80.158.2.41:443 		C=US, O=Let's Encrypt, CN=R10 CN=oscommunity.de 85:af:10:a4:b0:95:1d:55:d5:6d:9b:92:08:0a:0f:42:20:2c:9b:21
TLSv1
192.168.168.219:52798
192.81.213.222:443 		C=US, O=Let's Encrypt, CN=R11 CN=www.michal-s.co.il dd:41:19:97:9f:ae:f1:14:0f:ee:e7:72:a1:a5:6d:e2:f3:44:ab:90
TLSv1
192.168.168.219:52816
172.67.200.99:443 		C=US, O=Google Trust Services, CN=WE1 CN=buffdaddyblog.com ef:dd:3b:90:01:6b:0b:97:3b:60:89:f2:0f:7c:59:51:05:7d:28:ff
TLSv1
192.168.168.219:52817
172.67.200.99:443 		C=US, O=Google Trust Services, CN=WE1 CN=buffdaddyblog.com ef:dd:3b:90:01:6b:0b:97:3b:60:89:f2:0f:7c:59:51:05:7d:28:ff
TLSv1
192.168.168.219:52843
104.21.78.77:443 		C=US, O=Google Trust Services, CN=WE1 CN=geoweb.software 67:a5:45:cd:10:c1:a8:cf:38:81:88:26:f6:f0:46:dd:e0:a5:48:99
TLSv1
192.168.168.219:52850
172.67.167.41:443 		C=US, O=Google Trust Services, CN=WE1 CN=projektparkiet.pl 86:85:f5:66:d0:0a:dc:13:8a:17:68:50:8d:b6:f4:be:0c:bd:ae:55
TLSv1
192.168.168.219:52857
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=livedeveloper.com 00:2a:40:ba:03:dd:1c:65:a6:ec:49:72:70:a9:e2:44:e8:e4:78:df
TLSv1
192.168.168.219:52858
216.108.238.96:443 		C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=ashburn-va-datacenter.serverpoint.com, Email=root@ashburn-va-datacenter.serverpoint.com C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=ashburn-va-datacenter.serverpoint.com, Email=root@ashburn-va-datacenter.serverpoint.com 0e:bc:64:93:74:4f:3d:83:99:a6:01:7b:03:c8:c2:33:00:31:d9:01
TLSv1
192.168.168.219:52866
208.100.26.245:443 		C=US, O=Let's Encrypt, CN=R10 CN=myfbateam.com 87:4b:af:3f:7b:71:d5:22:75:f3:16:90:79:24:aa:e4:cd:e0:84:40
TLSv1
192.168.168.219:52870
176.62.173.90:443 		C=US, O=Let's Encrypt, CN=R10 CN=devplus.be 78:c0:fd:71:ed:4d:a5:d2:c6:db:d2:62:1f:04:6f:94:d7:f6:2f:60
TLSv1
192.168.168.219:52894
104.21.45.111:443 		C=US, O=Google Trust Services, CN=WE1 CN=atma.nl 74:ac:49:71:c0:28:b7:de:ad:ee:a4:d8:13:e5:2d:87:1e:56:6d:e8
TLSv1
192.168.168.219:52895
104.21.45.111:443 		C=US, O=Google Trust Services, CN=WE1 CN=atma.nl 74:ac:49:71:c0:28:b7:de:ad:ee:a4:d8:13:e5:2d:87:1e:56:6d:e8
TLSv1
192.168.168.219:52956
185.215.4.16:443 		C=US, O=Let's Encrypt, CN=R11 CN=k-zubki.ru 9d:83:ed:0f:0f:82:d5:b7:ca:60:6b:2a:8c:39:05:28:7e:ab:81:1b
TLSv1
192.168.168.219:52958
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=pisofare.co 94:f9:16:56:ab:2d:a9:e3:3b:53:5b:19:64:19:fb:38:96:73:58:22
TLSv1
192.168.168.219:52971
5.45.112.80:443 		C=US, O=Let's Encrypt, CN=R11 CN=trevi-vl.ru 6d:00:6b:42:9a:d3:b7:04:37:77:00:ad:ed:4f:38:c0:17:1c:fa:4c
TLSv1
192.168.168.219:52978
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=sprintcoach.com 3b:3f:90:fa:9f:42:c1:e1:42:81:63:1f:b6:22:e0:68:13:a1:64:e3
TLSv1
192.168.168.219:53009
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=donau-guides.eu cd:20:46:f8:a8:9a:2b:77:f3:05:49:8e:95:da:c7:c8:21:e6:9a:ba
TLSv1
192.168.168.219:53010
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=donauguides.com 57:ca:04:46:79:65:a0:c6:a6:2c:c2:45:c7:00:49:be:ef:47:c8:f6
TLSv1
192.168.168.219:53017
167.99.19.89:443 		C=US, O=Let's Encrypt, CN=R11 CN=limounie.com 25:a4:5b:25:b5:82:60:b7:77:c1:0d:f0:09:cc:d6:0e:21:57:e6:9f
TLSv1
192.168.168.219:53018
216.239.36.21:443 		C=US, O=Google Trust Services, CN=WR3 CN=rishigangoly.com 87:c6:3c:18:5b:df:51:ac:8e:89:dd:34:90:f4:c8:40:79:40:59:fe
TLSv1
192.168.168.219:53019
216.58.211.243:443 		C=US, O=Google Trust Services, CN=WR3 CN=www.rishigangoly.com ef:4d:c2:75:75:d6:a9:54:c3:11:ac:bd:8d:d5:5a:bb:2f:1f:c8:2a
TLSv1
192.168.168.219:53022
104.21.20.42:443 		C=US, O=Google Trust Services, CN=WE1 CN=osn.ro 46:39:50:07:37:43:bf:b5:0e:70:0b:15:17:1e:39:48:f5:a1:9c:b0
TLSv1
192.168.168.219:53044
176.62.169.242:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=lunoluno.com 3d:2e:f4:dc:01:6c:39:c2:af:3a:ca:ad:4f:1e:7f:02:3c:5f:2d:e5
TLSv1
192.168.168.219:53089
80.69.161.37:443 		C=US, O=Let's Encrypt, CN=R10 CN=www.finnergo.eu 5d:a6:58:4b:8d:f0:e2:69:14:1f:80:45:13:cc:5c:e4:ff:7f:53:96
TLSv1
192.168.168.219:53116
172.67.179.145:443 		C=US, O=Google Trust Services, CN=WE1 CN=uncensoredhentaigif.com 60:cc:4b:aa:07:96:90:1a:8f:f0:76:c4:ae:a2:d3:13:45:83:cb:4d
TLSv1
192.168.168.219:53121
104.21.19.227:443 		C=US, O=Google Trust Services, CN=WE1 CN=thesilkroadny.com 23:c8:78:cc:3d:44:f9:9a:15:aa:ee:68:6b:95:ca:aa:ce:10:2b:90
TLSv1
192.168.168.219:53122
91.250.102.240:443 		C=US, O=Let's Encrypt, CN=R11 CN=hotelturbo.de d6:fb:c4:4e:af:76:8d:b7:84:43:f1:4f:96:97:8e:2c:6d:e6:5e:a1
TLSv1
192.168.168.219:53127
78.47.106.17:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2 CN=nxtstg.org 13:89:05:f6:d2:77:e3:79:85:bf:d9:f4:87:96:0b:79:1e:bf:c5:68
TLSv1
192.168.168.219:53152
159.203.88.13:443 		C=US, O=Let's Encrypt, CN=R11 CN=iactechnologies.net 04:4b:9c:66:b5:ea:11:17:e7:76:42:95:5e:17:0a:8b:36:76:fb:97
TLSv1
192.168.168.219:53157
104.21.48.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=kryptos72.com 74:00:e0:39:49:da:86:9c:9c:5a:f1:73:ad:01:42:ed:c7:2d:eb:a1
TLSv1
192.168.168.219:53175
66.96.147.96:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=www.toranjtuition.org 74:1e:47:a4:b0:c3:51:4e:04:12:12:07:a3:90:eb:79:9c:d7:f3:10
TLSv1
192.168.168.219:53176
78.46.5.147:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2 CN=physio-lang.de 5f:2e:50:32:05:43:36:c0:e5:db:d0:24:dd:30:bd:2b:d9:e4:b7:e9
TLSv1
192.168.168.219:53187
104.21.112.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=sppdstats.com 7c:c5:6d:39:9d:0d:86:ee:95:11:20:c9:86:32:9c:32:6d:19:bc:19
TLSv1
192.168.168.219:53222
165.227.40.200:443 		C=US, O=Let's Encrypt, CN=R10 CN=cmeow.com e6:0b:bf:aa:79:9d:94:fe:a5:69:d8:09:9d:c9:07:6d:89:5d:04:9c
TLSv1
192.168.168.219:53270
70.32.84.9:443 		C=US, O=Let's Encrypt, CN=R11 CN=nevadaruralhousingstudies.org c7:10:64:c8:96:31:e4:b4:7b:a0:6f:e9:10:d5:a3:1e:39:78:27:4d
TLSv1
192.168.168.219:53271
104.21.47.18:443 		C=US, O=Google Trust Services, CN=WE1 CN=eksperdanismanlik.com d8:93:5a:98:b6:82:c2:d2:42:47:56:72:11:41:5c:e8:bf:82:bb:f7
TLSv1
192.168.168.219:53272
185.68.16.38:443 		C=US, O=Let's Encrypt, CN=R11 CN=www.kombi-dress.com 90:eb:62:27:8b:36:0c:13:a0:cd:2c:39:95:23:e1:00:b6:4f:1b:cb
TLSv1
192.168.168.219:53273
109.95.157.137:443 		C=US, O=Let's Encrypt, CN=R10 CN=gardenpartner.pl be:44:82:2d:93:14:5a:f3:8f:4f:2b:36:11:ff:af:1e:f7:7c:08:4f
TLSv1
192.168.168.219:53282
104.21.48.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=tetameble.pl ff:e7:ee:ee:a3:32:2b:ba:a3:0a:96:36:1a:9c:88:c4:45:88:09:45
TLSv1
192.168.168.219:53290
37.59.39.60:443 		C=US, O=Let's Encrypt, CN=R10 CN=ambytus.fr 67:3f:b2:ab:92:8e:44:5b:d2:60:19:42:f9:40:b6:46:26:0e:73:07
TLSv1
192.168.168.219:53299
173.209.52.133:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=www.humanviruses.org ef:74:20:5d:2c:73:4d:f4:38:d2:da:e3:48:9d:4f:23:8d:8b:a9:af
TLSv1
192.168.168.219:53310
107.178.223.183:443 		88:d6:19:e9:d7:d0:eb:57:21:a6:f5:fe:07:37:f9:c6:b1:2f:f1:0d
TLSv1
192.168.168.219:53311
104.21.95.183:443 		C=US, O=Google Trust Services, CN=WE1 CN=webforsites.com 06:a3:21:58:a3:e7:1e:a5:49:d0:9f:ee:1f:08:60:d1:19:1f:51:e9
TLSv1
192.168.168.219:53312
185.215.4.21:443 		C=US, O=Let's Encrypt, CN=R10 CN=parisschool.ru fe:1a:5f:72:4f:52:39:6b:33:46:b6:55:10:90:d9:05:04:48:49:63
TLSv1
192.168.168.219:53320
104.21.22.37:443 		C=US, O=Google Trust Services, CN=WE1 CN=kosten-vochtbestrijding.be ec:db:d5:86:d3:f7:a9:3a:19:b6:4f:c2:d1:37:b5:35:e5:11:7e:c0
TLSv1
192.168.168.219:53327
91.238.164.138:443 		C=US, O=Let's Encrypt, CN=R11 CN=redpebblephotography.com 1f:a5:c3:ba:f9:fd:c7:09:80:c3:3f:49:79:54:01:06:44:42:4d:85
TLSv1
192.168.168.219:53336
178.79.185.209:443 		C=US, O=Let's Encrypt, CN=R10 CN=dentalcircle.com 7e:19:bd:2a:f2:ef:99:15:f6:ba:87:dc:e5:47:d1:68:c7:29:28:b8
TLSv1
192.168.168.219:53337
185.104.45.72:443 		C=US, O=Let's Encrypt, CN=R10 CN=www.elitkeramika-shop.com.ua 2f:4e:61:97:4b:a3:9d:d5:aa:4d:5b:b5:71:89:43:e1:d4:3f:ce:26
TLSv1
192.168.168.219:53345
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=napisat-pismo-gubernatoru.ru 71:f1:a5:27:05:e4:64:3a:c4:fb:2c:78:6f:04:57:aa:27:25:db:b2
TLSv1
192.168.168.219:53350
104.21.18.109:443 		C=US, O=Google Trust Services, CN=WE1 CN=liveyourheartout.co c4:79:4d:7d:da:53:ee:7f:5c:9c:03:52:78:fd:83:20:18:ce:69:bd
TLSv1
192.168.168.219:53353
178.62.235.8:443 		C=US, O=Let's Encrypt, CN=R10 CN=www.itheroes.dk 7d:9e:7d:53:19:7e:c0:7a:cc:a3:e3:c2:31:07:2d:53:a4:4e:28:ba
TLSv1
192.168.168.219:53358
46.59.102.201:443 		C=US, O=Let's Encrypt, CN=E5 CN=ns7.inleed.net fc:f8:59:d8:1a:4f:b7:e9:a7:95:ea:1f:a5:d3:2a:f8:f9:40:b7:73
TLSv1
192.168.168.219:53373
5.79.100.182:443 		C=US, O=Let's Encrypt, CN=R10 CN=ntrt005.interattractive.nl 79:4a:14:07:05:a6:ac:e8:63:68:75:3a:b0:50:f4:8a:f5:b6:06:94
TLSv1
192.168.168.219:53382
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=profibersan.com b8:b3:71:d4:68:6d:c4:18:58:95:1e:4a:b8:ec:93:36:44:93:97:ae
TLSv1
192.168.168.219:53383
151.80.148.40:443 		C=US, O=Let's Encrypt, CN=R10 CN=agenceassemble.fr f3:93:c6:9b:43:d1:b9:aa:04:13:32:ca:7c:ee:d3:a7:62:c5:c2:4d
TLSv1
192.168.168.219:53386
185.55.85.30:443 		C=US, O=Let's Encrypt, CN=R11 CN=jalkapuu.net 9b:4c:89:55:1b:ad:f1:7f:07:ee:55:c8:98:5e:3b:f5:9e:e1:96:eb
TLSv1
192.168.168.219:53389
139.162.195.126:443 		C=MY, ST=Selangor, L=Cyberjaya, O=RunCloud Sdn. Bhd., OU=Engineering, CN=RunCloud WebSSL Root CA, Email=dev@runcloud.io C=MY, ST=Selangor, L=Cyberjaya, O=RunCloud Sdn. Bhd., OU=Engineering, CN=RunCloud Web Certificate eb:23:4d:bd:c8:e1:40:e4:7d:d4:4e:7c:ab:14:4e:ed:9e:fa:dd:ae
TLSv1
192.168.168.219:53395
172.67.198.145:443 		C=US, O=Google Trust Services, CN=WE1 CN=dieetuniversiteit.nl 23:72:97:68:e1:bd:f4:0b:82:ec:98:2b:3f:5b:62:6a:59:a8:71:07
TLSv1
192.168.168.219:53400
146.59.209.127:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=ciga-france.fr 8e:41:ee:10:ee:03:f6:e4:6e:70:8c:61:48:77:cb:67:fd:83:d2:cc
TLSv1
192.168.168.219:53426
104.21.0.108:443 		C=US, O=Google Trust Services, CN=WE1 CN=advanced-removals.co.uk c9:aa:76:ff:15:dc:4e:39:08:9a:0a:b2:3d:43:d8:de:00:65:8c:fe
TLSv1
192.168.168.219:53435
172.66.40.208:443 		C=US, O=Let's Encrypt, CN=R11 CN=yournextshoes.com ce:c6:0a:3f:d5:67:75:4e:7d:55:d0:44:53:6c:09:51:08:b7:03:ca
TLSv1
192.168.168.219:53442
104.21.42.151:443 		C=US, O=Google Trust Services, CN=WE1 CN=ikzoekgod.be 47:6d:23:6e:80:7f:c2:d7:a5:d3:33:18:96:49:e9:76:fe:61:61:1e
TLSv1
192.168.168.219:53461
85.214.159.1:443 		C=US, O=Let's Encrypt, CN=R11 CN=schluesseldienste-hannover.de 2a:95:0a:23:65:eb:c7:2c:4f:56:01:5b:2a:78:fb:49:9e:eb:c4:37
TLSv1
192.168.168.219:53462
46.105.91.191:443 		C=US, O=Let's Encrypt, CN=R10 CN=cap29010.it b0:8c:df:29:79:80:0d:67:10:a6:93:fe:af:ba:13:0a:25:44:33:77
TLSv1
192.168.168.219:53478
173.231.220.177:443 		C=US, O=Let's Encrypt, CN=R11 CN=*.randyabrown.com 87:c3:67:c1:38:a9:d7:e0:8d:de:e2:61:24:51:ed:a9:08:e2:16:0c
TLSv1
192.168.168.219:53479
172.67.134.30:443 		C=US, O=Google Trust Services, CN=WE1 CN=rattanwarehouse.co.uk 88:a3:1f:54:80:4f:55:83:8c:a2:5c:79:f2:a3:68:98:1b:97:f8:ad
TLSv1
192.168.168.219:53490
67.227.229.191:443 		C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority CN=enews-qca.com c1:af:c3:51:0d:15:8d:79:b0:6a:65:e8:21:40:7a:51:f6:27:61:76
TLSv1
192.168.168.219:53501
185.215.4.12:443 		C=US, O=Let's Encrypt, CN=R11 CN=pankiss.ru d3:25:ca:60:7c:07:ee:39:6a:72:55:5b:8b:5d:e8:42:41:10:d5:55
TLSv1
192.168.168.219:53534
172.67.134.76:443 		C=US, O=Google Trust Services, CN=WE1 CN=promus.ca db:21:48:0b:cd:bf:2c:96:7f:f4:ae:ef:d5:38:86:fb:b5:b6:6e:71
TLSv1
192.168.168.219:53545
92.205.180.7:443 		C=US, O=Let's Encrypt, CN=R11 CN=kamin-somnium.de 46:59:b1:bd:49:16:ad:39:aa:73:cc:30:9a:36:ae:11:29:c5:af:50
TLSv1
192.168.168.219:53546
185.68.16.21:443 		C=US, O=Let's Encrypt, CN=R10 CN=www.maxcube24.com.ua db:52:dc:df:60:e5:df:09:20:63:a3:8f:4a:1c:bd:0c:f2:c7:2a:e4
TLSv1
192.168.168.219:53547
172.67.68.48:443 		C=US, O=Google Trust Services, CN=WR1 CN=expohomes.com 61:99:4e:89:0b:13:81:51:21:a6:ae:32:06:4d:3c:94:60:86:3f:19
TLSv1
192.168.168.219:53548
84.38.188.66:443 		C=US, O=Let's Encrypt, CN=R11 CN=mayprogulka.ru fd:3a:2a:6f:f4:b2:47:29:84:15:db:25:5d:22:64:66:51:cd:e3:57
TLSv1
192.168.168.219:53559
212.14.16.131:443 		C=NL, O=GEANT Vereniging, CN=GEANT OV RSA CA 4 C=PL, ST=Zachodniopomorskie, O=Uniwersytet Szczeciński, CN=*.bg.szczecin.pl 0a:4c:05:e0:d4:75:a0:08:af:5d:d0:91:56:61:3c:a9:51:e6:d6:f5
TLSv1
192.168.168.219:53560
212.14.16.131:443 		C=NL, O=GEANT Vereniging, CN=GEANT OV RSA CA 4 C=PL, ST=Zachodniopomorskie, O=Uniwersytet Szczeciński, CN=*.bg.usz.edu.pl 54:cb:b9:85:f3:4d:6d:04:5b:c7:13:8a:f0:5a:d6:c0:49:3d:fc:c9
TLSv1
192.168.168.219:53561
212.172.54.148:443 		C=US, O=Let's Encrypt, CN=R11 CN=werkzeugtrolley.net 9b:9c:b1:97:2d:40:be:24:68:7c:e0:24:99:07:de:79:86:e2:fc:b8
TLSv1
192.168.168.219:53564
212.95.45.175:443 		C=US, O=Let's Encrypt, CN=R11 CN=geitoniatonaggelon.gr 98:0d:bc:7f:08:44:4f:dd:94:78:8c:29:d1:92:df:74:bd:8b:62:58
TLSv1
192.168.168.219:53565
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=muni.pe 21:19:53:82:1a:fd:65:1d:5f:ef:fb:41:1b:3b:09:c6:82:99:f9:55
TLSv1
192.168.168.219:53577
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=queertube.net e3:5c:76:af:a9:d4:01:fe:bc:46:bc:7a:f3:43:6a:88:b7:30:02:89
TLSv1
192.168.168.219:53578
188.114.97.1:443 		None None None
TLSv1
192.168.168.219:53581
104.21.66.156:443 		C=US, O=Google Trust Services, CN=WE1 CN=techybash.com 45:c9:e9:2a:89:e1:3b:74:bb:ff:75:82:fd:41:bb:1d:61:97:bc:0b
TLSv1
192.168.168.219:53594
195.182.210.190:443 		C=US, O=Let's Encrypt, CN=R11 CN=pxsrl.it b3:d6:e2:14:d4:2a:87:78:98:ec:4e:7b:cd:48:1d:15:1f:7e:36:77
TLSv1
192.168.168.219:53602
37.218.254.106:443 		C=US, O=Let's Encrypt, CN=R10 CN=bluetenreich-brilon.de 08:1d:69:71:7a:3e:e3:55:8e:6f:91:b0:30:5f:f0:a0:45:eb:0a:4d
TLSv1
192.168.168.219:53636
69.87.221.76:443 		C=US, O=Let's Encrypt, CN=R10 CN=bychowo.pl e2:a3:52:90:5f:88:54:31:b1:42:43:23:39:e5:b2:c0:78:28:98:a8
TLSv1
192.168.168.219:53641
3.230.57.114:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=epazz.com c4:60:27:19:6b:5e:e0:2d:29:09:e6:92:cb:48:ac:61:7e:79:c5:25
TLSv1
192.168.168.219:53702
104.21.5.43:443 		C=US, O=Google Trust Services, CN=WE1 CN=lollachiro.com 87:33:47:b7:12:cb:6d:63:c9:d5:d2:b9:17:0e:52:d1:f4:fc:51:1f
TLSv1
192.168.168.219:53710
172.67.200.146:443 		C=US, O=Google Trust Services, CN=WE1 CN=buonabitare.com d5:49:7a:d8:a4:c3:c7:cf:e4:4f:21:6f:11:3a:f5:aa:b8:61:22:be
TLSv1
192.168.168.219:53715
162.243.44.16:443 		C=US, O=Let's Encrypt, CN=R10 CN=coder.haus 22:9a:c6:63:d4:12:f6:04:5c:3b:b4:f5:1c:b2:3f:58:11:89:15:d5
TLSv1
192.168.168.219:53717
104.18.4.83:443 		C=US, O=Google Trust Services, CN=WR1 CN=eyedoctordallas.com 3f:54:e4:7a:2d:f9:7e:70:9f:18:74:75:38:a3:a8:91:bc:17:63:df
TLSv1
192.168.168.219:53732
103.82.64.71:443 		C=US, O=Let's Encrypt, CN=E5 CN=beandrivingschool.com.au 51:2d:16:a1:cd:e2:28:89:3e:6d:40:05:dc:e1:2e:30:a7:a9:39:01
TLSv1
192.168.168.219:53735
185.210.94.214:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1 C=TR, ST=İstanbul, L=Ataşehir, O=ACIBADEM MOBİL SAĞLIK HİZMETLERİ ANONİM ŞİRKETİ, CN=*.acibademmobil.com.tr 32:81:95:ea:c6:e5:43:8c:40:c1:b3:34:d3:32:eb:9d:1c:8b:87:6c
TLSv1
192.168.168.219:53765
172.67.192.62:443 		C=US, O=Google Trust Services, CN=WE1 CN=comoserescritor.com fa:37:9c:c8:49:73:f2:86:8e:3a:a6:90:a3:56:c6:e1:62:48:77:70
TLSv1
192.168.168.219:53774
172.67.193.13:443 		C=US, O=Google Trust Services, CN=WE1 CN=gaearoyals.com f7:1b:fe:41:92:3a:09:24:21:67:79:6f:7e:d0:48:ce:0c:c1:fe:d3
TLSv1
192.168.168.219:53786
172.67.216.166:443 		C=US, O=Google Trust Services, CN=WE1 CN=kryddersnapsen.dk cd:17:47:b8:68:57:26:68:5c:da:76:b3:b6:fa:79:6e:b3:9c:44:10
TLSv1
192.168.168.219:53787
172.67.216.166:443 		None None None
TLSv1
192.168.168.219:53794
104.21.49.88:443 		C=US, O=Google Trust Services, CN=WE1 CN=christopherhannan.com f0:1f:f5:aa:4e:86:53:cb:d7:da:79:c2:38:84:51:db:24:64:2a:47
TLSv1
192.168.168.219:53813
188.114.96.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=cleanroomequipment.ie 28:97:17:24:73:7e:ae:ad:c8:8a:03:9e:ab:13:f1:c4:28:dc:7a:71
TLSv1
192.168.168.219:53823
107.178.223.183:443 		f7:dc:1b:ac:85:b3:b0:27:99:d6:03:56:46:21:8a:82:f9:81:33:e5
TLSv1
192.168.168.219:53827
193.30.110.118:443 		C=US, O=Let's Encrypt, CN=R10 CN=affligemsehondenschool.be 0f:57:c5:83:77:08:37:fd:ba:54:d3:03:28:60:ce:8c:48:7d:1f:61
TLSv1
192.168.168.219:53829
172.67.173.224:443 		C=US, O=Google Trust Services, CN=WE1 CN=curtsdiscountguns.com 52:6b:0b:49:43:9f:df:99:0a:f6:32:08:01:7e:cf:2d:4f:19:b6:9c
TLSv1
192.168.168.219:53836
185.55.85.6:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=nuohous.com cc:e2:b1:11:e0:06:f0:71:66:db:ee:53:91:35:54:23:c1:fa:bf:44
TLSv1
192.168.168.219:53837
104.21.85.217:443 		C=US, O=Google Trust Services, CN=WE1 CN=camini.fi c7:26:75:3e:d6:b3:48:8c:e7:77:8d:42:b0:60:80:05:05:e3:e9:bf
TLSv1
192.168.168.219:53869
81.88.52.207:443 		C=US, O=Let's Encrypt, CN=E5 CN=eurethicsport.eu 41:34:00:5f:1f:f3:ef:29:55:80:20:ea:6b:63:52:a5:67:50:61:f2
TLSv1
192.168.168.219:53894
162.212.130.27:443 		C=US, O=Let's Encrypt, CN=R10 CN=rolleepollee.com f7:e6:dd:c5:43:6a:5a:d8:32:75:13:45:d4:91:66:f7:f5:71:63:19
TLSv1
192.168.168.219:53901
134.209.129.254:443 		C=US, O=Let's Encrypt, CN=R11 CN=vitoriaecoturismo.com.br bc:69:bc:cb:ad:3d:e0:92:cd:eb:08:bd:fd:f4:2e:74:cb:9d:92:e2
TLSv1
192.168.168.219:53910
178.32.103.228:443 		C=US, O=Let's Encrypt, CN=R10 CN=pays-saint-flour.fr 1a:e1:03:39:7c:4b:f0:0e:14:65:3a:98:18:1f:b7:96:54:b4:9b:9a
TLSv1
192.168.168.219:53915
185.15.78.186:443 		C=US, O=Let's Encrypt, CN=R11 CN=hostaletdelsindians.es f9:a3:9a:4a:83:ea:37:dc:39:a2:05:7a:32:65:22:05:cd:99:c0:22
TLSv1
192.168.168.219:53920
104.155.138.21:443 		7d:6f:f4:f4:9e:28:20:7e:23:5b:67:ec:fd:fe:98:d7:32:cd:78:46
TLSv1
192.168.168.219:53933
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=jameswilliamspainting.com 2c:d0:ca:e4:66:e0:79:6e:d2:f6:0e:d4:3e:b5:02:e9:5e:41:da:3e
TLSv1
192.168.168.219:53934
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=jameswilliamspainting.com 2c:d0:ca:e4:66:e0:79:6e:d2:f6:0e:d4:3e:b5:02:e9:5e:41:da:3e
TLSv1
192.168.168.219:53935
188.114.97.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=ownidentity.com c0:c1:95:fe:c7:97:14:9e:8a:4b:21:49:e4:3f:1e:8e:46:fe:70:d0
TLSv1
192.168.168.219:53962
78.46.10.177:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1 CN=wg-heiligenstadt.de 18:57:90:03:f0:1e:87:6a:ce:41:da:54:db:a1:be:70:14:4f:5d:a9
TLSv1
192.168.168.219:53964
104.21.35.140:443 		C=US, O=Google Trust Services, CN=WE1 CN=rizplakatjaya.com fe:af:f2:d8:67:2b:02:98:4b:24:9d:03:4f:ac:a6:7b:ad:4b:fc:55

Snort Alerts

Flow SID Message
UDP 192.168.168.219:55223 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:52912 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:64826 -> 8.8.8.8:53 2027867 ET INFO Observed DNS Query to .life TLD
UDP 192.168.168.219:50887 -> 8.8.8.8:53 2848586 ETPRO POLICY Observed DNS Query for Israel Domain (.il)
UDP 192.168.168.219:50887 -> 8.8.8.8:53 2848586 ETPRO POLICY Observed DNS Query for Israel Domain (.il)
TCP 216.108.238.96:443 -> 192.168.168.219:52858 2013659 ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
UDP 192.168.168.219:60652 -> 8.8.8.8:53 2848586 ETPRO POLICY Observed DNS Query for Israel Domain (.il)
UDP 192.168.168.219:60652 -> 8.8.8.8:53 2848586 ETPRO POLICY Observed DNS Query for Israel Domain (.il)
UDP 192.168.168.219:58468 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:52963 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:53916 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:55955 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:57325 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:58607 -> 8.8.8.8:53 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related
UDP 192.168.168.219:50507 -> 8.8.8.8:53 2851162 ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
UDP 192.168.168.219:60681 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.219:60681 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)
UDP 192.168.168.219:51120 -> 8.8.8.8:53 2026657 ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)
Cuckoo

We're processing your submission... This could take a few seconds.