SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint dbf9203100d0c74c61b9c7cfc88814d4bd6ed2ee.

Database Entry

SHA1 Fingerprint:	dbf9203100d0c74c61b9c7cfc88814d4bd6ed2ee
Certificate Common Name (CN):	nikolay-romanov.su
Issuer Distinguished Name (DN):	WE1
TLS Version:	TLS 1.2
First seen:	2025-01-16 12:12:48 UTC
Last seen:	2025-01-17 08:03:48 UTC
Status:	Blacklisted
Listing reason:	LummaStealer C&C
Listing date:	2025-01-17 07:48:22
Malware samples:	16
Botnet C&Cs:	7

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Botnet C&C (IP:port)
2025-01-17 08:03:48	bb4ca5f3fed452a6a466143c707c2903	n/a	104.21.32.1:443
2025-01-17 04:30:21	878e1d97d0fcc4b2dc3ac0050b7bf677	n/a	104.21.80.1:443
2025-01-17 03:58:08	74327e5d3547d18e9042816ed2fe8e7c	n/a	104.21.16.1:443
2025-01-17 03:18:23	5c5ec748c591a61644dad8a69575e734	n/a	104.21.96.1:443
2025-01-17 02:54:32	503be4eafffdb86bdaea3c6fa0b7c228	n/a	104.21.96.1:443
2025-01-17 01:49:49	335b9a0d35c92d69f973efa05a564206	n/a	104.21.64.1:443
2025-01-17 00:28:37	098cb23a5a4366267d59b19074791c66	n/a	104.21.16.1:443
2025-01-16 23:20:34	4bee2971a0b6e440cfde304b628142c0	n/a	104.21.80.1:443
2025-01-16 23:14:57	4905b2139feb6968094385ec54e4f428	n/a	104.21.96.1:443
2025-01-16 21:35:27	04b384eb4a74ab77b359dfda4466ae1c	n/a	104.21.112.1:443
2025-01-16 20:07:05	9622bd65ff88f8e637d50ba2ce794d82	n/a	104.21.96.1:443
2025-01-16 19:51:38	0a03084bf2bdcde731a3cc0a924a49d5	n/a	104.21.16.1:443
2025-01-16 16:32:30	f64bac9b25bb5d72c26f8eb853174b6f	n/a	104.21.112.1:443
2025-01-16 15:04:16	f4c05e7aacfbaba7c021e411d4f4c71a	n/a	104.21.48.1:443
2025-01-16 12:40:38	d112f3f6ef0d03985bf5f132228fba3a	n/a	104.21.112.1:443
2025-01-16 12:12:48	cacaeae640274b7e1d8d070262337c81	n/a	104.21.64.1:443

# of entries: 16 (max: 100)