Locky C2 :: 217.12.199.244

Host Information

Locky C2:217.12.199.244
Threat:C2
Malware:Locky
URL:http://217.12.199.244/apache_handler.php
Host Status:offline
Firstseen (UTC):2018-08-08 21:07:16
Lastseen (UTC):2018-08-11 03:08:05

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky C2. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2018-08-08 21:09:292018-09-10 23:58:17217.12.199.244antonova4.itldc-customer.netNot listedAS15626ITLAS, UA- Ukraine (UA)

# IPs found: 1 (max. 25)

Referencing malware samples

Latest 100 malware binaries referencing this Locky C2:

Firstseen (UTC)MD5 hashFilesizeVTLocky C2 URL
2018-08-08 17:30:07b9d0f51d773787b6a4729cecc146661b199'168 bytesVirustotal results 48/66 (72.73%) http://217.12.199.244/apache_handler.php
2018-08-08 17:27:40b72fef9b9324c903f6b6261da11771d4194'048 bytesVirustotal results 41/68 (60.29%) http://217.12.199.244/apache_handler.php
2018-08-08 17:24:40b3b26a945d210ecd20d7244e00657bbd215'040 bytesVirustotal results 51/68 (75.00%) http://217.12.199.244/apache_handler.php
2018-08-08 17:22:27b15db780d8450a2632e8e6a10781acd8188'416 bytesVirustotal results 38/68 (55.88%) http://217.12.199.244/apache_handler.php
2018-08-08 17:20:37afdf113bf7dd873a9bc673d455ff0987172'032 bytesVirustotal results 31/67 (46.27%) http://217.12.199.244/apache_handler.php
2018-08-08 17:10:59aca7ca6f090aba613f6a701f0b2bac1c207'360 bytesVirustotal results 31/67 (46.27%) http://217.12.199.244/apache_handler.php
2018-08-08 17:10:09ac3ea77bfc69d0e1005690fa0dc2754e209'408 bytesVirustotal results 46/68 (67.65%) http://217.12.199.244/apache_handler.php
2018-08-08 17:03:11a8f8fd348daeacb8baaa98d35fc41f82197'632 bytesVirustotal results 28/66 (42.42%) http://217.12.199.244/apache_handler.php
2018-08-08 16:57:11a589dab080ee82db194449f2040049b7203'264 bytesVirustotal results 33/65 (50.77%) http://217.12.199.244/apache_handler.php

Referencing malware samples: 9