SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 3977fc8a9c9b5c372786f65bdf7ad7fef6368e9f.

Database Entry


SHA1 Fingerprint:3977fc8a9c9b5c372786f65bdf7ad7fef6368e9f
Certificate Common Name (CN):ophira-crest-flow.pro
Issuer Distinguished Name (DN):WE1
TLS Version:TLS 1.2
First seen:2025-08-08 00:36:22 UTC
Last seen:2025-08-14 07:37:22 UTC
Status:Blacklisted
Listing reason:DeerStealer C&C
Listing date:2025-08-11 08:14:27
Malware samples:17
Botnet C&Cs:2

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2025-08-14 07:37:22a7c00844a5d74ab128ba6aa8b9b5d1dcn/a172.67.150.122:443
2025-08-14 07:11:397c290a8c89e176cd3a71dc21259794fcn/a172.67.150.122:443
2025-08-14 07:10:4892b0a77c9d71b419655bc36e7a2eb874n/a104.21.96.24:443
2025-08-13 01:25:55ad5c1844d329600ca74a7ce5f53c36b2n/a104.21.96.24:443
2025-08-12 14:54:221ff0b9a14577737b41a60efa5ceb54e9n/a104.21.96.24:443
2025-08-12 00:55:0062e88343213cbdffdfa9a2a8b638b650n/a172.67.150.122:443
2025-08-10 00:06:15e0d1c1786a5b2630d1fab682cf113157n/a172.67.150.122:443
2025-08-09 17:45:0964ad84c21ac3a9a29859fb9af63b667bn/a104.21.96.24:443
2025-08-09 14:29:26d5848832b09fd4445d2e2a00ea9f2500n/a104.21.96.24:443
2025-08-09 13:59:07d4e71f1d151c261bffabe8626188a7b1n/a104.21.96.24:443
2025-08-09 08:14:36cdd5ee08ce5e64a14a6156b1cc265d5an/a104.21.96.24:443
2025-08-09 04:29:1968bde46c51c80ba6174cdb8680fe038cn/a104.21.96.24:443
2025-08-09 03:53:53c094cf461dc56e98f0768396f89d38cen/a104.21.96.24:443
2025-08-09 03:38:16bf29384b9a7d044d810cae085398e6ccn/a104.21.96.24:443
2025-08-09 02:27:17dc3945c15af023564f8f89daac9ec01fn/a104.21.96.24:443
2025-08-08 00:36:5518aeb2023f25b28fd5d5ae8d3299ae1en/a104.21.96.24:443
2025-08-08 00:36:2266b30c9adb6d7a429b61ec4eb263d5e8n/a104.21.96.24:443

# of entries: 17 (max: 100)