TCP Built Outbound Connection and Teardown


So there is a lot (hundreds to thousands) of logs showed up with messages Built outbound TCP Connection (event id ASA-302013) and then Teardown TCP Connection (event id ASA-302014) with the same source and destination IP address. Here is one of the messages for Built Outbound TCP Connection:

ASA-6-302013:Malicious Source(s) detected : 187.59.95.202

Log Message : Built outbound TCP connection 790892754 for OUTSIDE:187.59.95.202/445 (187.59.95.202/445) to INSIDE2:10.14.41.111/55214 (10.14.84.111/55214)

And here is one of the messages for Teardown TCP Connection:

ASA-6-302014:Malicious Source(s) detected : 187.59.95.202

Log Message : Teardown TCP connection 790892754 for OUTSIDE:187.59.95.202/445 to INSIDE2:10.14.84.111/55214 duration 0:00:30 bytes 0 SYN Timeout

There are at least 3 devices (probably more because I’m just checking for a specified date) that create these logs and I am not sure either what kind of device it is because it belongs to my client.

Is it some anomalies because all these logs said a device tried to create an outbound TCP connection to a lot of different IPs and then delete the connection which is failed because SYN Timeout after 30second waiting for a reply? or it is normal events?