JA3 Fingerprints

You can find further information about the JA3 fingerprint 34f14a69ad7009ca5863379218af17f3, including the corresponding malware samples as well as the associated botnet C&Cs.

Database Entry


JA3 Fingerprint:34f14a69ad7009ca5863379218af17f3
First seen:2018-11-17 05:17:22 UTC
Last seen:2018-12-29 01:46:46 UTC
Status:Blacklisted
Malware samples:7
Destination IPs:8
Malware:Tofsee -
Listing date:2018-11-19 11:34:28

Malware Samples


The table below documents all malware samples associated with this JA3 Fingerprint.

Timestamp (UTC)Malware Sample (MD5 hash)VTBotnet C&C (IP:port)
2018-12-29 01:46:46b27e2573f4fcae368b9104f0912d3edfVirustotal results 45/71 (63.38%) 205.185.216.10:443
2018-12-29 01:46:46b27e2573f4fcae368b9104f0912d3edfVirustotal results 45/71 (63.38%) 34.214.252.85:443
2018-12-28 22:25:37eca69a3720188063a81202928b808af0n/a52.85.245.73:443
2018-12-24 22:19:08424f7b8edf5d150c7a248ad789512bc4Virustotal results 39/69 (56.52%) 54.191.241.246:443
2018-12-09 00:59:4399baca5d78a6427843dba64a5fc0c083Virustotal results 39/71 (54.93%) 216.58.215.99:443
2018-11-29 20:46:04020b08c9f4ece0ca858b702b57b5b6eeVirustotal results 37/69 (53.62%) 54.187.16.16:443
2018-11-18 19:19:35bc95c3f699cea00f31cc288e669d9bd3Virustotal results 18/67 (26.87%) 52.216.110.93:443
2018-11-17 05:17:221eeae4203ca29b93116321481964bafeVirustotal results 28/68 (41.18%) 54.149.226.233:443

# of entries: 8 (max: 100)