Locky C2 :: 5.196.200.229

Host Information

Locky C2:5.196.200.229
Threat:C2
Malware:Locky
URL:http://5.196.200.229/imageload.cgi
Host Status:offline
Firstseen (UTC):2017-10-05 17:54:32
Lastseen (UTC):2017-10-06 10:05:26

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky C2. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2017-10-05 18:02:292017-11-05 23:59:505.196.200.229ip229.ip-5-196-200.euNot listedAS16276OVH, FR- France (FR)

# IPs found: 1 (max. 25)

Referencing malware samples

Latest 100 malware binaries referencing this Locky C2:

Firstseen (UTC)MD5 hashFilesizeVTLocky C2 URL
2017-10-05 19:22:55de930daab1cf4cf683499080429601cd620'544 bytesVirustotal results 16/66 (24.24%) http://5.196.200.229/imageload.cgi
2017-10-05 12:56:45e42050a2981c5b3e3b95a6208de9da0f620'544 bytesVirustotal results 18/65 (27.69%) http://5.196.200.229/imageload.cgi
2017-10-05 10:07:21faf3540fa12859f52bb62f0aea53f947589'824 bytesVirustotal results 39/66 (59.09%) http://5.196.200.229/imageload.cgi
2017-10-05 09:41:45920837bb9b08ef6eb49ae0b98917e676598'016 bytesVirustotal results 21/65 (32.31%) http://5.196.200.229/imageload.cgi
2017-10-04 19:05:458320519e514b6979c6fa1607bc801b3e589'824 bytesVirustotal results 43/64 (67.19%) http://5.196.200.229/imageload.cgi

Referencing malware samples: 5