Locky C2 :: 109.234.35.75

Host Information

Locky C2:109.234.35.75
Threat:C2
Malware:Locky
URL:http://109.234.35.75/imageload.cgi
Host Status:offline
Firstseen (UTC):2017-09-19 08:51:36
Lastseen (UTC):2017-11-05 06:40:24

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky C2. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2017-09-19 09:04:062017-12-06 00:01:10109.234.35.75itw.comNot listedAS35415WEBZILLA, NL- Russian Federation (RU)

# IPs found: 1 (max. 25)

Referencing malware samples

Latest 100 malware binaries referencing this Locky C2:

Firstseen (UTC)MD5 hashFilesizeVTLocky C2 URL
2017-11-04 09:15:46d88b6ae868b4a1e2b75a8ce4fbda56b8529'920 bytesVirustotal results 53/68 (77.94%) http://109.234.35.75/imageload.cgi
2017-09-30 14:03:44b2eb34d9d7d9ada4511f34dfa1c886ee617'472 bytesVirustotal results 45/62 (72.58%) http://109.234.35.75/imageload.cgi
2017-09-16 09:19:06f0b43800d3ca1fa03b7047bc09aa9528669'184 bytesn/ahttp://109.234.35.75/imageload.cgi

Referencing malware samples: 3