SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 613c868a52bdf1c7d4d8c6e670b01d217ed6f44a.

Database Entry


SHA1 Fingerprint:613c868a52bdf1c7d4d8c6e670b01d217ed6f44a
Certificate Common Name (CN):wheredoyougo.cn
Issuer Distinguished Name (DN):R3
TLS Version:TLS 1.1
First seen:2021-03-21 19:01:10 UTC
Last seen:2021-03-22 18:16:03 UTC
Status:Blacklisted
Listing reason:ServHelper C&C
Listing date:2021-03-22 20:22:47
Malware samples:4
Botnet C&Cs:1

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2021-03-22 18:16:0340c762a97018be731a92252e1c555ecfn/aCryptBot5.181.156.3:443
2021-03-21 20:01:143b0f04478f3bf746f608781ae644e1a3Virustotal results 25 / 70 (35.71%) 5.181.156.3:443
2021-03-21 19:02:261b6e9e18e7a6b324a2a11dd8f41974c9Virustotal results 38 / 70 (54.29%) ServHelper5.181.156.3:443
2021-03-21 19:01:1055beff6c2e4cd61079286749a8fb003eVirustotal results 26 / 71 (36.62%) RaccoonStealer5.181.156.3:443

# of entries: 4 (max: 100)