JA3 Fingerprints

You can find further information about the JA3 fingerprint a61299f9b501adcf680b9275d79d4ac6, including the corresponding malware samples as well as the associated botnet C&Cs.

Database Entry


JA3 Fingerprint:a61299f9b501adcf680b9275d79d4ac6
First seen:2017-11-04 18:03:59 UTC
Last seen:2018-12-29 01:46:46 UTC
Status:Blacklisted
Malware samples:35
Destination IPs:8
Malware:Tofsee -
Listing date:2018-11-14 12:51:05

Malware Samples


The table below documents all malware samples associated with this JA3 Fingerprint.

Timestamp (UTC)Malware Sample (MD5 hash)VTBotnet C&C (IP:port)
2018-12-29 01:46:46b27e2573f4fcae368b9104f0912d3edfVirustotal results 45/71 (63.38%) 193.252.242.25:443
2018-12-28 01:43:12117f62878ac1929ddd9526463de87b72n/a193.252.242.125:443
2018-12-24 22:19:07424f7b8edf5d150c7a248ad789512bc4Virustotal results 39/69 (56.52%) 193.252.242.125:443
2018-12-09 00:59:4399baca5d78a6427843dba64a5fc0c083Virustotal results 39/71 (54.93%) 193.252.242.125:443
2018-04-11 14:14:01bffc328157754eea97604bdd0b4ae3b5Virustotal results 45/68 (66.18%) 31.13.91.2:443
2018-01-30 09:37:300644de0d042dffbf136867cd2b7a8650Virustotal results 14/66 (21.21%) 31.13.69.197:443
2018-01-25 05:35:58e485a8828410ee65c7eeac8d2e212a9fn/a31.13.69.197:443
2018-01-23 18:26:19f80df5133528d38f9385fd20b4963635Virustotal results 30/66 (45.45%) 31.13.69.197:443
2018-01-23 14:06:41aff40deb476fc3f227917c8eca81e925n/a31.13.69.197:443
2018-01-23 00:35:22636650c7fe575b442b88aca1f00ff556n/a31.13.69.197:443
2018-01-22 21:23:226e2f5d85b144deaf0cb8dc5827344c51n/a31.13.69.197:443
2018-01-22 20:07:2490bac151ec6e99a522f3cb57bd0362een/a31.13.69.197:443
2018-01-21 16:40:04f6130af4fdc13b1e452767ea9cc27080Virustotal results 16/66 (24.24%) 31.13.69.197:443
2018-01-15 23:22:15e70dc7260416996a8b62ff3b6e0420f6n/a31.13.69.197:443
2018-01-12 14:02:462e93fd814178e85ad8d182f0d3548d17n/a31.13.69.197:443
2018-01-10 18:45:23ecf1106d0bbb455ba188e7a2c4cc1e1aVirustotal results 14/68 (20.59%) 157.240.20.15:443
2018-01-09 19:33:20b4288a36234bc83c7ee656a4d0283186n/a157.240.20.15:443
2018-01-09 19:28:55b78bf95f011f531060c2d50ac5e2890eVirustotal results 24/68 (35.29%) 157.240.20.15:443
2018-01-09 14:45:2822c0ba07da7193eebb78803e3375b9c3Virustotal results 16/68 (23.53%) 157.240.20.15:443
2018-01-09 00:28:11e4215da6af48146018316783eab0696bVirustotal results 21/67 (31.34%) 157.240.20.15:443
2018-01-08 16:04:16d7c44c4311738e8808b1ed2b6bac95fan/a31.13.91.2:443
2018-01-08 08:26:41adb32e1be76138eae4a00af0f243ae45n/a157.240.20.15:443
2018-01-08 08:18:499bf2de044b190dcb3c3594e3be76cbd3n/a157.240.20.15:443
2018-01-08 05:35:345289604c9700565eb3f34b0fcc0dbb26Virustotal results 40/68 (58.82%) 157.240.20.15:443
2018-01-08 01:52:1316f372308299b5d3656614da10e3c86eVirustotal results 14/68 (20.59%) 31.13.91.2:443
2018-01-07 23:58:098904a531afdae5e2259b09d462a89e47Virustotal results 28/65 (43.08%) 31.13.91.2:443
2018-01-07 23:42:129c5f8c719c3eb378567fc733685af84en/a31.13.91.2:443
2018-01-07 18:03:437924edc1de31c09aed8bd2ebcae9d217Virustotal results 33/68 (48.53%) 31.13.91.2:443
2018-01-07 11:47:54a709c1c3c63290398dfa813d47847448Virustotal results 46/68 (67.65%) 31.13.91.2:443
2018-01-04 06:02:042ef262f34ba89932cf10a106f1f461fdVirustotal results 46/67 (68.66%) 31.13.91.2:443
2018-01-04 02:08:120c04748bb3aa40b0ff686eda3c7e008dVirustotal results 38/68 (55.88%) 31.13.69.197:443
2018-01-03 11:41:37179152d355a7ff589910fffe30ca20daVirustotal results 46/66 (69.70%) 31.13.71.1:443
2017-12-31 12:24:07191bc5404aa0afe394fdda4361aab28cVirustotal results 31/68 (45.59%) 31.13.70.1:443
2017-12-31 09:17:59704af016a00c9dc1015aaa2daf488ee8Virustotal results 35/67 (52.24%) 31.13.70.1:443
2017-11-04 18:03:59aee6290f2f20aa0e9ac62efdf9d65624n/a104.20.97.31:443

# of entries: 35 (max: 100)