SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 9d95f5400641b5773800e4ad177a04cad23fcb0e.

Database Entry


SHA1 Fingerprint:9d95f5400641b5773800e4ad177a04cad23fcb0e
Certificate Common Name (CN):mainsinkhole
Issuer Distinguished Name (DN):mainsinkhole
TLS Version:SSLv3
First seen:2014-07-13 22:36:11 UTC
Last seen:2016-09-10 09:24:24 UTC
Status:Blacklisted
Listing reason:Malware C&C
Listing date:2015-06-21 15:40:54
Malware samples:45
Botnet C&Cs:2

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-09-10 09:24:24e8aa3a3bb2d515b0f737f6bc8a08fafbVirustotal results 18/58 (31.03%) Qadars 166.78.144.80:443
2016-09-08 03:31:1853904893a54acec3ed844d2d10b9b9daVirustotal results 30/58 (51.72%) Qadars 166.78.144.80:443
2016-09-04 23:41:38fcaa99613ab95a359fe4e55b89212b3aVirustotal results 21/58 (36.21%) Qadars 166.78.144.80:443
2016-09-04 18:54:2808bc0eb4a5e981eabfd8d06bc9cbc12aVirustotal results 29/58 (50.00%) 166.78.144.80:443
2016-09-04 18:46:3314ddfb95f8c581bf15aca8fe8c04f763Virustotal results 25/57 (43.86%) Qadars 166.78.144.80:443
2016-09-03 23:20:56bd472e8abd6c3ca2ce503d245e07d410Virustotal results 24/57 (42.11%) Qadars 166.78.144.80:443
2016-09-03 17:05:458a58bc01795d2872a8fb749c38a57e01Virustotal results 7/57 (12.28%) 166.78.144.80:443
2016-09-02 10:47:39476b6518ab4e0ce88b620a76dd11314bVirustotal results 25/56 (44.64%) Qadars 166.78.144.80:443
2016-09-02 10:33:56f558b427a102e6f914ab99d784ca4af6Virustotal results 21/58 (36.21%) Qadars 166.78.144.80:443
2016-09-02 05:32:240f6e8921d92e521dc047057e9486f0c7Virustotal results 7/58 (12.07%) Qadars 166.78.144.80:443
2016-09-01 23:09:35bb192a138761f05190d39aa88cd9163bVirustotal results 28/58 (48.28%) Qadars 166.78.144.80:443
2016-09-01 14:09:04dd44d86351ec7c9448a17ced1ce73026Virustotal results 21/56 (37.50%) 166.78.144.80:443
2016-09-01 00:15:17467f6be2ff0dd77b1b2d260334ceadb6n/aQadars 166.78.144.80:443
2016-08-31 07:43:28c0b02ac01297ce558ff1abffada825f9Virustotal results 26/57 (45.61%) Qadars 166.78.144.80:443
2016-08-30 16:46:53e840a7c47aa7e1ebc915c7b1707afe66n/aQadars 166.78.144.80:443
2015-06-05 21:24:2796c35c7c7400091b667a05e866ffaaa2Virustotal results 43/57 (75.44%) 166.78.144.80:443
2015-05-28 14:52:006266dc7f68e98b3a52908a7e2b5fe4ebVirustotal results 40/56 (71.43%) 166.78.144.80:443
2015-05-27 15:22:18318471ba20991a8d3c8f3f29b2e35fb1Virustotal results 39/57 (68.42%) 166.78.144.80:443
2015-02-07 12:52:52f5ba446cfd661775c726503176bec6a4Virustotal results 18/56 (32.14%) 166.78.144.80:443
2015-02-06 09:58:35c471c37bf0851bbf01566470d687a2c1Virustotal results 4/56 (7.14%) 166.78.144.80:443
2015-02-05 18:33:031685306c9f120b1ef0d4edee79ad7f93Virustotal results 2/56 (3.57%) 166.78.144.80:443
2015-02-05 12:45:310a70e777fb042d0b6ffecc7d2203f1f8Virustotal results 13/56 (23.21%) 166.78.144.80:443
2015-02-05 07:18:42922bc3c229d5e1e2188737095b3d3579Virustotal results 3/56 (5.36%) 166.78.144.80:443
2015-02-04 08:02:38db835bba2dafa1729db620b908f5e70fVirustotal results 0/56 (0.00%) 166.78.144.80:443
2015-02-03 16:10:28ae5b18a08fc16af9bba4011fb8c960e0Virustotal results 6/57 (10.53%) 166.78.144.80:443
2015-02-03 11:50:154f27da033ca92c28576be5270b923128Virustotal results 12/57 (21.05%) 166.78.144.80:443
2015-02-02 23:15:430ae67b36cd78c74bb60d34cf1a65de04Virustotal results 24/57 (42.11%) 166.78.144.80:443
2015-01-27 18:49:0817f4394a5540e69a79b3c8cff3e1f225Virustotal results 1/57 (1.75%) 166.78.144.80:443
2015-01-27 08:13:34b766b7c5cae64249613a413da8318da2Virustotal results 1/57 (1.75%) 166.78.144.80:443
2015-01-22 09:16:361848cdc8a174f48af7c9447897dd1ab0Virustotal results 12/56 (21.43%) 166.78.144.80:443
2015-01-22 02:24:478f89b4e98b7574f28c0e4512ee1b4da1Virustotal results 31/56 (55.36%) 166.78.144.80:443
2015-01-19 19:37:4827822b58797ba5be65c8bbc901c7643dVirustotal results 1/56 (1.79%) 166.78.144.80:443
2014-11-16 05:29:29acfcb5cf34597d54f9a118b4d8bf96f1Virustotal results 25/54 (46.30%) Shylock 166.78.18.204:443
2014-11-12 18:27:3415c1fe57174d06ea57927fe5e837509eVirustotal results 31/54 (57.41%) Shylock 166.78.18.204:443
2014-11-11 14:12:40790cc8f400030a875e6280c355a33bddVirustotal results 23/54 (42.59%) Shylock 166.78.18.204:443
2014-11-11 13:19:49586ca738ed301b56112f849e0e5b4d07Virustotal results 28/54 (51.85%) Shylock 166.78.18.204:443
2014-11-03 19:44:104c0b6c9e7c29b362ce16d47e7a9bbcceVirustotal results 35/54 (64.81%) Shylock 166.78.18.204:443
2014-08-11 20:30:16711066448ffbb9d9fda8b91a766668d7Virustotal results 23/53 (43.40%) Shylock 166.78.18.204:443
2014-08-05 09:59:280a965f7c304e4ea268423782eb930e4dVirustotal results 21/53 (39.62%) Shylock 166.78.18.204:443
2014-07-30 09:42:149066ab1421df5de831fe1a36e511e785Virustotal results 27/53 (50.94%) Shylock 166.78.18.204:443
2014-07-29 19:02:13385564d62b323f6c254b950e48295bdbVirustotal results 20/53 (37.74%) Shylock 166.78.18.204:443
2014-07-29 17:54:2362f257159523697ad6bd87300a771ccdVirustotal results 23/54 (42.59%) Shylock 166.78.18.204:443
2014-07-29 03:10:413983c4d0518d378fae935ea407c277b2Virustotal results 29/54 (53.70%) Shylock 166.78.18.204:443
2014-07-14 09:35:369a8e992c1f3c5e9d713aa18e643e4368Virustotal results 25/54 (46.30%) Shylock 166.78.144.80:443
2014-07-13 22:36:11227155e7b833069226c5bc0a2a3a28a1Virustotal results 30/53 (56.60%) Shylock 166.78.144.80:443

# of entries: 45 (max: 100)