JA3 Fingerprint: f735bbc6b69723b9df7b0e7ef27872af First seen: 2018-10-02 18:04:16 UTC Last seen: 2020-01-15 05:53:57 UTC Status: Blacklisted Malware samples: 1’816 Destination IPs: 193 Malware: TrickBot Listing date: 2020-01-09 14:17:18 2020-01-16 06:18:01.857421 IP 192.168.86.25.56294 > 94.23.64.40.80: Flags [P.], seq 1:444, ack 1, win 64240, length 443: HTTP: GET /RED3.exe HTTP/1.1 E…..@…;…V.^.@(…P-C.>.ca.P…ch..GET /RED3.exe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: bbvaticanskeys.com Connection: Keep-Alive Cookie: SERVERID104280=112034|XiBGX|XiBGX 2020-01-16 06:18:01.968837 IP 94.23.64.40.80 > 192.168.86.25.56294: Flags [.], seq 1:1461, ack 444, […]