Locky C2 :: 138.201.118.102

Host Information

Locky C2:138.201.118.102
Threat:C2
Malware:Locky
URL:http://138.201.118.102/userinfo.php
Host Status:offline
Firstseen (UTC):2016-05-20 10:05:57
Lastseen (UTC):2016-05-25 10:21:13

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky C2. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2016-05-20 11:35:482016-06-24 14:28:17138.201.118.102static.102.118.201.138.clients.your-server.deNot listedAS24940HETZNER-AS , DE- Germany (DE)

# IPs found: 1 (max. 25)

Referencing malware samples

Latest 100 malware binaries referencing this Locky C2:

Firstseen (UTC)MD5 hashFilesizeVTLocky C2 URL
2016-05-24 17:31:101978c47ef77fac59d9d32d2ad56ad13e154'624 bytesVirustotal results 37/57 (64.91%) http://138.201.118.102/userinfo.php
2016-05-20 11:32:57d60fb6b8e8064ebde29de159927d733d155'648 bytesVirustotal results 6/57 (10.53%) http://138.201.118.102/userinfo.php
2016-05-20 11:32:5689434793c1b1d96647701ba19156e940155'648 bytesVirustotal results 36/55 (65.45%) http://138.201.118.102/userinfo.php
2016-05-20 11:32:5461a9e67cdd183df3d29d58c813ac64e9155'648 bytesVirustotal results 5/56 (8.93%) http://138.201.118.102/userinfo.php
2016-05-20 09:44:10d6b18988d73708639b299738f40f6f37155'648 bytesVirustotal results 5/56 (8.93%) http://138.201.118.102/userinfo.php
2016-05-20 09:43:112dc3fb375cfd9bffe948ff68e7b25820155'648 bytesVirustotal results 38/56 (67.86%) http://138.201.118.102/userinfo.php

Referencing malware samples: 6