SSL Certificates
The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 9d95f5400641b5773800e4ad177a04cad23fcb0e.
Database Entry
| SHA1 Fingerprint: | 9d95f5400641b5773800e4ad177a04cad23fcb0e |
|---|---|
| Certificate Common Name (CN): | mainsinkhole |
| Issuer Distinguished Name (DN): | mainsinkhole |
| TLS Version: | SSLv3 |
| First seen: | 2014-07-13 22:36:11 UTC |
| Last seen: | 2016-09-10 09:24:24 UTC |
| Status: | Blacklisted |
| Listing reason: | Malware C&C |
| Listing date: | 2015-06-21 15:40:54 |
| Malware samples: | 45 |
| Botnet C&Cs: | 2 |
Malware Samples
The table below documents all malware samples associated with this SSL certificate.
| Timestamp (UTC) | Malware Sample (MD5 hash) | VT | Signature | Botnet C&C (IP:port) |
|---|---|---|---|---|
| 2016-09-10 09:24:24 | e8aa3a3bb2d515b0f737f6bc8a08fafb |  18/58 (31.03%)
| Qadars | 166.78.144.80:443 |
| 2016-09-10 09:24:24 | e8aa3a3bb2d515b0f737f6bc8a08fafb | 18/58 (31.03%)
| Qadars | 166.78.144.80:443 |
| 2016-09-08 03:31:18 | 53904893a54acec3ed844d2d10b9b9da | 30/58 (51.72%)
| Qadars | 166.78.144.80:443 |
| 2016-09-08 03:31:18 | 53904893a54acec3ed844d2d10b9b9da | 30/58 (51.72%)
| Qadars | 166.78.144.80:443 |
| 2016-09-04 23:41:38 | fcaa99613ab95a359fe4e55b89212b3a | 21/58 (36.21%)
| Qadars | 166.78.144.80:443 |
| 2016-09-04 23:41:38 | fcaa99613ab95a359fe4e55b89212b3a | 21/58 (36.21%)
| Qadars | 166.78.144.80:443 |
| 2016-09-04 18:54:28 | 08bc0eb4a5e981eabfd8d06bc9cbc12a | 29/58 (50.00%)
| 166.78.144.80:443 | |
| 2016-09-04 18:54:28 | 08bc0eb4a5e981eabfd8d06bc9cbc12a | 29/58 (50.00%)
| 166.78.144.80:443 | |
| 2016-09-04 18:46:33 | 14ddfb95f8c581bf15aca8fe8c04f763 | 25/57 (43.86%)
| Qadars | 166.78.144.80:443 |
| 2016-09-04 18:46:33 | 14ddfb95f8c581bf15aca8fe8c04f763 | 25/57 (43.86%)
| Qadars | 166.78.144.80:443 |
| 2016-09-03 23:20:56 | bd472e8abd6c3ca2ce503d245e07d410 | 24/57 (42.11%)
| Qadars | 166.78.144.80:443 |
| 2016-09-03 23:20:56 | bd472e8abd6c3ca2ce503d245e07d410 | 24/57 (42.11%)
| Qadars | 166.78.144.80:443 |
| 2016-09-03 17:05:45 | 8a58bc01795d2872a8fb749c38a57e01 | 7/57 (12.28%)
| 166.78.144.80:443 | |
| 2016-09-03 17:05:45 | 8a58bc01795d2872a8fb749c38a57e01 | 7/57 (12.28%)
| 166.78.144.80:443 | |
| 2016-09-02 10:47:39 | 476b6518ab4e0ce88b620a76dd11314b | 25/56 (44.64%)
| Qadars | 166.78.144.80:443 |
| 2016-09-02 10:47:39 | 476b6518ab4e0ce88b620a76dd11314b | 25/56 (44.64%)
| Qadars | 166.78.144.80:443 |
| 2016-09-02 10:33:56 | f558b427a102e6f914ab99d784ca4af6 | 21/58 (36.21%)
| Qadars | 166.78.144.80:443 |
| 2016-09-02 10:33:56 | f558b427a102e6f914ab99d784ca4af6 | 21/58 (36.21%)
| Qadars | 166.78.144.80:443 |
| 2016-09-02 05:32:24 | 0f6e8921d92e521dc047057e9486f0c7 | 7/58 (12.07%)
| Qadars | 166.78.144.80:443 |
| 2016-09-02 05:32:24 | 0f6e8921d92e521dc047057e9486f0c7 | 7/58 (12.07%)
| Qadars | 166.78.144.80:443 |
| 2016-09-01 23:09:35 | bb192a138761f05190d39aa88cd9163b | 28/58 (48.28%)
| Qadars | 166.78.144.80:443 |
| 2016-09-01 23:09:35 | bb192a138761f05190d39aa88cd9163b | 28/58 (48.28%)
| Qadars | 166.78.144.80:443 |
| 2016-09-01 14:09:04 | dd44d86351ec7c9448a17ced1ce73026 | 21/56 (37.50%)
| 166.78.144.80:443 | |
| 2016-09-01 14:09:04 | dd44d86351ec7c9448a17ced1ce73026 | 21/56 (37.50%)
| 166.78.144.80:443 | |
| 2016-09-01 00:15:17 | 467f6be2ff0dd77b1b2d260334ceadb6 | n/a | Qadars | 166.78.144.80:443 |
| 2016-09-01 00:15:17 | 467f6be2ff0dd77b1b2d260334ceadb6 | n/a | Qadars | 166.78.144.80:443 |
| 2016-08-31 07:43:28 | c0b02ac01297ce558ff1abffada825f9 | 26/57 (45.61%)
| Qadars | 166.78.144.80:443 |
| 2016-08-31 07:43:28 | c0b02ac01297ce558ff1abffada825f9 | 26/57 (45.61%)
| Qadars | 166.78.144.80:443 |
| 2016-08-30 16:46:53 | e840a7c47aa7e1ebc915c7b1707afe66 | n/a | Qadars | 166.78.144.80:443 |
| 2016-08-30 16:46:53 | e840a7c47aa7e1ebc915c7b1707afe66 | n/a | Qadars | 166.78.144.80:443 |
| 2015-06-05 21:24:27 | 96c35c7c7400091b667a05e866ffaaa2 | 43/57 (75.44%)
| 166.78.144.80:443 | |
| 2015-06-05 21:24:27 | 96c35c7c7400091b667a05e866ffaaa2 | 43/57 (75.44%)
| 166.78.144.80:443 | |
| 2015-05-28 14:52:00 | 6266dc7f68e98b3a52908a7e2b5fe4eb | 40/56 (71.43%)
| 166.78.144.80:443 | |
| 2015-05-28 14:52:00 | 6266dc7f68e98b3a52908a7e2b5fe4eb | 40/56 (71.43%)
| 166.78.144.80:443 | |
| 2015-05-27 15:22:18 | 318471ba20991a8d3c8f3f29b2e35fb1 | 39/57 (68.42%)
| 166.78.144.80:443 | |
| 2015-05-27 15:22:18 | 318471ba20991a8d3c8f3f29b2e35fb1 | 39/57 (68.42%)
| 166.78.144.80:443 | |
| 2015-02-07 12:52:52 | f5ba446cfd661775c726503176bec6a4 | 18/56 (32.14%)
| 166.78.144.80:443 | |
| 2015-02-07 12:52:52 | f5ba446cfd661775c726503176bec6a4 | 18/56 (32.14%)
| 166.78.144.80:443 | |
| 2015-02-06 09:58:35 | c471c37bf0851bbf01566470d687a2c1 | 4/56 (7.14%)
| 166.78.144.80:443 | |
| 2015-02-06 09:58:35 | c471c37bf0851bbf01566470d687a2c1 | 4/56 (7.14%)
| 166.78.144.80:443 | |
| 2015-02-05 18:33:03 | 1685306c9f120b1ef0d4edee79ad7f93 | 2/56 (3.57%)
| 166.78.144.80:443 | |
| 2015-02-05 18:33:03 | 1685306c9f120b1ef0d4edee79ad7f93 | 2/56 (3.57%)
| 166.78.144.80:443 | |
| 2015-02-05 12:45:31 | 0a70e777fb042d0b6ffecc7d2203f1f8 | 13/56 (23.21%)
| 166.78.144.80:443 | |
| 2015-02-05 12:45:31 | 0a70e777fb042d0b6ffecc7d2203f1f8 | 13/56 (23.21%)
| 166.78.144.80:443 | |
| 2015-02-05 07:18:42 | 922bc3c229d5e1e2188737095b3d3579 | 3/56 (5.36%)
| 166.78.144.80:443 | |
| 2015-02-05 07:18:42 | 922bc3c229d5e1e2188737095b3d3579 | 3/56 (5.36%)
| 166.78.144.80:443 | |
| 2015-02-04 08:02:38 | db835bba2dafa1729db620b908f5e70f | 0/56 (0.00%)
| 166.78.144.80:443 | |
| 2015-02-04 08:02:38 | db835bba2dafa1729db620b908f5e70f | 0/56 (0.00%)
| 166.78.144.80:443 | |
| 2015-02-03 16:10:28 | ae5b18a08fc16af9bba4011fb8c960e0 | 6/57 (10.53%)
| 166.78.144.80:443 | |
| 2015-02-03 16:10:28 | ae5b18a08fc16af9bba4011fb8c960e0 | 6/57 (10.53%)
| 166.78.144.80:443 | |
| 2015-02-03 11:50:15 | 4f27da033ca92c28576be5270b923128 | 12/57 (21.05%)
| 166.78.144.80:443 | |
| 2015-02-03 11:50:15 | 4f27da033ca92c28576be5270b923128 | 12/57 (21.05%)
| 166.78.144.80:443 | |
| 2015-02-02 23:15:43 | 0ae67b36cd78c74bb60d34cf1a65de04 | 24/57 (42.11%)
| 166.78.144.80:443 | |
| 2015-02-02 23:15:43 | 0ae67b36cd78c74bb60d34cf1a65de04 | 24/57 (42.11%)
| 166.78.144.80:443 | |
| 2015-01-27 18:49:08 | 17f4394a5540e69a79b3c8cff3e1f225 | 1/57 (1.75%)
| 166.78.144.80:443 | |
| 2015-01-27 18:49:08 | 17f4394a5540e69a79b3c8cff3e1f225 | 1/57 (1.75%)
| 166.78.144.80:443 | |
| 2015-01-27 08:13:34 | b766b7c5cae64249613a413da8318da2 | 1/57 (1.75%)
| 166.78.144.80:443 | |
| 2015-01-27 08:13:34 | b766b7c5cae64249613a413da8318da2 | 1/57 (1.75%)
| 166.78.144.80:443 | |
| 2015-01-22 09:16:36 | 1848cdc8a174f48af7c9447897dd1ab0 | 12/56 (21.43%)
| 166.78.144.80:443 | |
| 2015-01-22 09:16:36 | 1848cdc8a174f48af7c9447897dd1ab0 | 12/56 (21.43%)
| 166.78.144.80:443 | |
| 2015-01-22 02:24:47 | 8f89b4e98b7574f28c0e4512ee1b4da1 | 31/56 (55.36%)
| 166.78.144.80:443 | |
| 2015-01-22 02:24:47 | 8f89b4e98b7574f28c0e4512ee1b4da1 | 31/56 (55.36%)
| 166.78.144.80:443 | |
| 2015-01-19 19:37:48 | 27822b58797ba5be65c8bbc901c7643d | 1/56 (1.79%)
| 166.78.144.80:443 | |
| 2015-01-19 19:37:48 | 27822b58797ba5be65c8bbc901c7643d | 1/56 (1.79%)
| 166.78.144.80:443 | |
| 2014-11-16 05:29:29 | acfcb5cf34597d54f9a118b4d8bf96f1 | 25/54 (46.30%)
| Shylock | 166.78.18.204:443 |
| 2014-11-16 05:29:29 | acfcb5cf34597d54f9a118b4d8bf96f1 | 25/54 (46.30%)
| Shylock | 166.78.18.204:443 |
| 2014-11-12 18:27:34 | 15c1fe57174d06ea57927fe5e837509e | 31/54 (57.41%)
| Shylock | 166.78.18.204:443 |
| 2014-11-12 18:27:34 | 15c1fe57174d06ea57927fe5e837509e | 31/54 (57.41%)
| Shylock | 166.78.18.204:443 |
| 2014-11-11 14:12:40 | 790cc8f400030a875e6280c355a33bdd | 23/54 (42.59%)
| Shylock | 166.78.18.204:443 |
| 2014-11-11 14:12:40 | 790cc8f400030a875e6280c355a33bdd | 23/54 (42.59%)
| Shylock | 166.78.18.204:443 |
| 2014-11-11 13:19:49 | 586ca738ed301b56112f849e0e5b4d07 | 28/54 (51.85%)
| Shylock | 166.78.18.204:443 |
| 2014-11-11 13:19:49 | 586ca738ed301b56112f849e0e5b4d07 | 28/54 (51.85%)
| Shylock | 166.78.18.204:443 |
| 2014-11-03 19:44:10 | 4c0b6c9e7c29b362ce16d47e7a9bbcce | 35/54 (64.81%)
| Shylock | 166.78.18.204:443 |
| 2014-11-03 19:44:10 | 4c0b6c9e7c29b362ce16d47e7a9bbcce | 35/54 (64.81%)
| Shylock | 166.78.18.204:443 |
| 2014-08-11 20:30:16 | 711066448ffbb9d9fda8b91a766668d7 | 23/53 (43.40%)
| Shylock | 166.78.18.204:443 |
| 2014-08-11 20:30:16 | 711066448ffbb9d9fda8b91a766668d7 | 23/53 (43.40%)
| Shylock | 166.78.18.204:443 |
| 2014-08-05 09:59:28 | 0a965f7c304e4ea268423782eb930e4d | 21/53 (39.62%)
| Shylock | 166.78.18.204:443 |
| 2014-08-05 09:59:28 | 0a965f7c304e4ea268423782eb930e4d | 21/53 (39.62%)
| Shylock | 166.78.18.204:443 |
| 2014-07-30 09:42:14 | 9066ab1421df5de831fe1a36e511e785 | 27/53 (50.94%)
| Shylock | 166.78.18.204:443 |
| 2014-07-30 09:42:14 | 9066ab1421df5de831fe1a36e511e785 | 27/53 (50.94%)
| Shylock | 166.78.18.204:443 |
| 2014-07-29 19:02:13 | 385564d62b323f6c254b950e48295bdb | 20/53 (37.74%)
| Shylock | 166.78.18.204:443 |
| 2014-07-29 19:02:13 | 385564d62b323f6c254b950e48295bdb | 20/53 (37.74%)
| Shylock | 166.78.18.204:443 |
| 2014-07-29 17:54:23 | 62f257159523697ad6bd87300a771ccd | 23/54 (42.59%)
| Shylock | 166.78.18.204:443 |
| 2014-07-29 17:54:23 | 62f257159523697ad6bd87300a771ccd | 23/54 (42.59%)
| Shylock | 166.78.18.204:443 |
| 2014-07-29 03:10:41 | 3983c4d0518d378fae935ea407c277b2 | 29/54 (53.70%)
| Shylock | 166.78.18.204:443 |
| 2014-07-29 03:10:41 | 3983c4d0518d378fae935ea407c277b2 | 29/54 (53.70%)
| Shylock | 166.78.18.204:443 |
| 2014-07-14 09:35:36 | 9a8e992c1f3c5e9d713aa18e643e4368 | 25/54 (46.30%)
| Shylock | 166.78.144.80:443 |
| 2014-07-14 09:35:36 | 9a8e992c1f3c5e9d713aa18e643e4368 | 25/54 (46.30%)
| Shylock | 166.78.144.80:443 |
| 2014-07-13 22:36:11 | 227155e7b833069226c5bc0a2a3a28a1 | 30/53 (56.60%)
| Shylock | 166.78.144.80:443 |
| 2014-07-13 22:36:11 | 227155e7b833069226c5bc0a2a3a28a1 | 30/53 (56.60%)
| Shylock | 166.78.144.80:443 |
# of entries: 90 (max: 100)