Locky C2 :: 82.202.221.108

Host Information

Locky C2:82.202.221.108
Threat:C2
Malware:Locky
URL:http://82.202.221.108/imageload.cgi
Host Status:offline
Firstseen (UTC):2017-09-01 19:42:08
Lastseen (UTC):2017-09-04 01:04:17

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky C2. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2017-09-01 19:55:382017-10-05 00:04:1482.202.221.108orangeuk.onlineNot listedAS49505SELECTEL, RU- Russian Federation (RU)

# IPs found: 1 (max. 25)

Referencing malware samples

Latest 100 malware binaries referencing this Locky C2:

Firstseen (UTC)MD5 hashFilesizeVTLocky C2 URL
2017-09-02 06:54:59c70176df04d9f86d4094c2c81f6ed694659'456 bytesVirustotal results 20/64 (31.25%) http://82.202.221.108/imageload.cgi
2017-09-02 06:54:529a7b1125663fda90031be892d2d5f39e670'208 bytesVirustotal results 39/64 (60.94%) http://82.202.221.108/imageload.cgi
2017-09-02 06:54:283b0b5a0d3a1c8ba4da29754045f0e875616'960 bytesVirustotal results 41/64 (64.06%) http://82.202.221.108/imageload.cgi
2017-09-02 06:54:030b0dcb63624b14500eb09acd07cc498b670'208 bytesVirustotal results 38/65 (58.46%) http://82.202.221.108/imageload.cgi
2017-09-01 15:38:321974edcb8326835d1ad1ca94d70a914a616'960 bytesVirustotal results 36/64 (56.25%) http://82.202.221.108/imageload.cgi
2017-09-01 13:35:36c80c3fb6c195380cac523a07379ac310616'960 bytesVirustotal results 39/65 (60.00%) http://82.202.221.108/imageload.cgi
2017-09-01 08:46:268cb80882a3c844da0a64be767bf9bbd7616'960 bytesVirustotal results 34/64 (53.12%) http://82.202.221.108/imageload.cgi

Referencing malware samples: 7