SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint c1f87bec7cd36db02855527a8b47555425c1504e.

Database Entry


SHA1 Fingerprint:c1f87bec7cd36db02855527a8b47555425c1504e
Certificate Common Name (CN):etc/emailAddress=support@site.com
Issuer Distinguished Name (DN):etc/emailAddress=support@site.com
TLS Version:TLS 1.2
First seen:2015-09-22 14:45:47 UTC
Last seen:2016-04-17 03:51:55 UTC
Status:Blacklisted
Listing reason:Gozi C&C
Listing date:2015-09-23 09:49:11
Malware samples:22
Botnet C&Cs:9

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-04-17 03:51:5505b9003db1972d382be4be6bd897f81cVirustotal results 9/57 (15.79%) Gozi 62.213.103.173:443
2016-04-10 18:22:4843624f4d7586146107c9dc1c373bb06aVirustotal results 10/57 (17.54%) Gozi 37.46.131.147:443
2016-04-10 11:14:50ff39ee556744c3232350e5151080d395Virustotal results 7/57 (12.28%) Gozi 37.46.131.147:443
2016-02-22 22:48:31c62c2f1f38563951ebb3c9d444a6c86cVirustotal results 3/56 (5.36%) Gozi 31.41.45.9:443
2016-02-21 18:32:13cc6082461b2b979e7f8375a1f75caa72Virustotal results 18/55 (32.73%) Gozi 31.41.45.9:443
2016-02-21 16:18:387b73dd0a492c462da46f031270c8227dVirustotal results 23/52 (44.23%) Gozi 31.41.45.9:443
2016-02-21 14:06:296b91c03fbbebd4dff44e4e4b305fedf4Virustotal results 28/57 (49.12%) Gozi 31.41.45.9:443
2016-02-19 21:19:13acad8b10c5d4ef7f212e0a54c6fb95ccVirustotal results 27/55 (49.09%) Gozi 31.41.45.9:443
2016-02-19 20:59:05c200e522d04652f6a8f88c753d41394eVirustotal results 25/55 (45.45%) Gozi 31.41.45.9:443
2016-02-19 18:06:51dfc99f48e23eccacda66bf894dea140dVirustotal results 12/56 (21.43%) Gozi 31.41.45.9:443
2016-02-19 18:01:2581e6ffdf386245a073d12d80519a32e3Virustotal results 20/55 (36.36%) Gozi 31.41.45.9:443
2016-01-13 10:18:59ce0ba205e6ec932857ecab6c39ea4364n/aGozi 185.14.28.9:443
2015-12-26 19:11:1898ffeae38b1e87bacecfbf773d2a8a80n/aGozi 31.41.44.5:443
2015-12-26 14:00:33cc3ee0ee8ab5c0c1288f7698660e9c91Virustotal results 2/53 (3.77%) Gozi 31.41.44.5:443
2015-12-15 15:36:1535032e5ffe92dc1cd99ac25d4830fe83Virustotal results 34/53 (64.15%) Gozi 95.215.108.11:443
2015-12-14 18:33:31d77e103592d3787d84da1c3b93f5d069Virustotal results 2/56 (3.57%) Gozi 95.215.108.11:443
2015-11-16 02:28:32f8255a56d46f46887745a974d0b31241Virustotal results 7/55 (12.73%) Gozi 185.82.202.73:443
2015-11-15 08:20:467505d042ab97eda1391adcf87a95ebceVirustotal results 23/56 (41.07%) Gozi 185.82.202.73:443
2015-10-17 11:29:08c4829aec136b34edb57c678fb97ffc42Virustotal results 2/54 (3.70%) Gozi 95.215.108.70:443
2015-10-16 08:39:03de414d7c488aa54e9a5fe8deb706bee7Virustotal results 5/53 (9.43%) Gozi 95.215.108.70:443
2015-09-28 22:22:515d9d3491f0ca5039e480f57dc59467d8Virustotal results 28/56 (50.00%) Gozi 95.215.108.70:443
2015-09-22 14:45:47c7872508eededb17cf864886270fd3e9Virustotal results 3/56 (5.36%) Gozi 185.82.200.100:443

# of entries: 22 (max: 100)