Locky C2 :: 158.255.6.109

Host Information

Locky C2:158.255.6.109
Threat:C2
Malware:Locky
URL:http://158.255.6.109/data/info.php
Host Status:offline
Firstseen (UTC):2016-09-06 18:17:40
Lastseen (UTC):2017-06-12 10:33:50

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky C2. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2016-09-20 11:50:312017-07-12 23:59:11158.255.6.109Not listedAS49335NCONNECT-AS, RU- Russian Federation (RU)

# IPs found: 1 (max. 25)

Referencing malware samples

Latest 100 malware binaries referencing this Locky C2:

Firstseen (UTC)MD5 hashFilesizeVTLocky C2 URL
2017-06-08 22:01:41002e1cd50be9495a99c3d3ab691fadfd326'144 bytesVirustotal results 41/59 (69.49%) http://158.255.6.109/data/info.php
2016-12-10 19:37:03a68d717b54d242867e719645d6c5619f157'184 bytesVirustotal results 41/57 (71.93%) http://158.255.6.109/data/info.php
2016-12-10 18:46:40a20e54a1678f9ac2e063d7239cd1ea9f157'184 bytesVirustotal results 43/57 (75.44%) http://158.255.6.109/data/info.php
2016-09-12 23:40:08a333f2be4a71cf35ded3c87929cd2d12232'598 bytesVirustotal results 7/56 (12.50%) http://158.255.6.109/data/info.php
2016-09-09 22:10:47810c011911151d3e8a064ad44a600421280'087 bytesVirustotal results 33/56 (58.93%) http://158.255.6.109/data/info.php
2016-09-09 14:46:5705f96e4199d83caa6f5e189016215e45151'552 bytesVirustotal results 18/58 (31.03%) http://158.255.6.109/data/info.php
2016-09-06 17:52:56efaf662299c0c910110c0ef19f3aee63269'370 bytesVirustotal results 7/58 (12.07%) http://158.255.6.109/data/info.php
2016-09-06 17:49:101edafb433bd36338d7598c2703fc0357256'816 bytesVirustotal results 6/57 (10.53%) http://158.255.6.109/data/info.php

Referencing malware samples: 8