SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 63efda4506df0e6e0478fb9dad449ec47560c630.

Database Entry


SHA1 Fingerprint:63efda4506df0e6e0478fb9dad449ec47560c630
Certificate Common Name (CN):retsback.com
Issuer Distinguished Name (DN):GeoTrust Inc CA
TLS Version:TLS 1.2
First seen:2015-10-30 01:25:05 UTC
Last seen:2015-11-09 02:44:47 UTC
Status:Blacklisted
Listing reason:ProxyChanger C&C
Listing date:2015-11-08 14:20:53
Malware samples:6
Botnet C&Cs:1

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2015-11-09 02:44:47efa5ea2c511b08d0f8259a10a49b27adVirustotal results 5/56 (8.93%) 91.230.211.206:443
2015-11-08 10:33:27e6f6a466e8ae00d3491ff7680d3ff54bVirustotal results 16/54 (29.63%) 91.230.211.206:443
2015-11-08 07:38:58e5b7fd7eed59340027625ac39bae7c81Virustotal results 22/55 (40.00%) 91.230.211.206:443
2015-10-31 17:30:2113d9352a27b626e501f5889bfd614b34Virustotal results 36/54 (66.67%) 91.230.211.206:443
2015-10-30 14:39:5051c754f0a2892a82c940bd2f0f05877fVirustotal results 34/55 (61.82%) 91.230.211.206:443
2015-10-30 01:25:057ee008e6fa5e9cbd5cd074770fe47718Virustotal results 34/54 (62.96%) 91.230.211.206:443

# of entries: 6 (max: 100)