Help RSS API Feed Maltego Contact                        

Domain > www.lisword.com

This indicator is referenced in AlienVault OTX pulse ""

Is this malicious?
Most users have voted this as MALICIOUS

Reports
https://otx.alienvault.com/pulse/553e18f9b45ff54b6...    
https://www2.fireeye.com/rs/fireye/images/rpt-apt3...    

Files that talk to www.lisword.com
MD5A/V
0a4fdacde69a566f53833500a0d53a35
010ca5e1de980f5f45f9d82027e1606c[W32/S-2819558c!Eldorado] [TR/Graftor.87826.6] [TrojanAPT.LecnaCBack.MUE.Z3] [Win.Trojan.Backspace] [Trojan.DownLoader7.62432] [Win32/Lecna.AI] [Luhe.Fiha.A] [Trojan.Win32.Swisyn] [Trojan.Downloader] [Downloader-FAQF!010CA5E1DE98] [Backdoor*Win32/Lecna.H!dha] [Troj/Lecna-S] [W32.Baksaz]
4e5c116d874bbaaf7d6dadec7be926f5[W32/Backdoor.FFOQ-4061] [BDS/Lecna.4915.4] [TrojanAPT.LecnaCBack.MUE.Z3] [Win.Trojan.Backspace] [BackDoor.Dizhi.109] [Win32/Lecna.B] [W32/Lecna.DK!tr.bdr] [W32/Backdoor2.HBSF] [Backdoor.Win32.Lecna] [Trojan.Win32.Fsysna.td] [Trojan.FakeMS.EDIE] [BackDoor-FCNM!4E5C116D874B] [Backdoor*Win32/Lecna.M!dha] [Troj/Lecna-Q] [W32.Baksaz] [Backdoor.1F5037CFAFA1370F]
6791254f160e98ac1f46b4d506b695ad[W32/S-2819558c!Eldorado] [TR/Rogue.982386.1] [TrojanAPT.LecnaCBack.MUE.Z3] [Win.Trojan.Backspace] [Trojan.DownLoader7.62432] [Win32/Lecna.AI] [W32/Lecna.AF] [Luhe.Fiha.A] [Trojan.Win32.Swisyn] [Trojan.Downloader] [Downloader-FAQF!6791254F160E] [Backdoor*Win32/Lecna.H!dha] [Troj/Lecna-S] [W32.Baksaz] [Trojan.B16C86ADCF8A9241]
4b8531d294c020d5f856b58a5a23b238[W32/S-2819558c!Eldorado] [TR/Graftor.87826] [TrojanAPT.LecnaCBack.MUE.Z3] [Win.Trojan.Backspace] [Trojan.DownLoader7.62432] [Win32/Lecna.AI] [Luhe.Fiha.A] [Trojan.Win32.Swisyn] [Trojan.Downloader] [Downloader-FAQF!4B8531D294C0] [Backdoor*Win32/Lecna.H!dha] [Troj/Lecna-Q] [W32.Baksaz]

Whois
PropertyValue
Email web@163ns.com
NameServer DNS2.51DNS.TOP
Created 2008-03-07 00:00:00
Changed 2015-03-13 00:00:00
Expires 2016-03-07 00:00:00
Registrar JIANGSU BANGNING SCI

DNS Resolutions
DateIP Address
2013-05-27221.231.138.41 (ClassC)
2016-07-20123.60.70.26 (ClassC)
2017-02-28198.11.172.242 (ClassC)
2017-06-0113.112.234.189 (ClassC)
2017-08-2954.172.131.220 (ClassC)
2017-10-3152.71.185.125 (ClassC)
2018-02-1554.164.198.60 (ClassC)
2018-03-2854.175.183.209 (ClassC)
2018-04-2452.86.22.136 (ClassC)
2018-05-2654.174.212.152 (ClassC)
2018-06-0754.208.174.161 (ClassC)
2018-06-0954.80.72.81 (ClassC)
2018-06-2352.5.103.164 (ClassC)
2018-06-2852.73.115.80 (ClassC)
2018-06-2852.55.168.146 (ClassC)
2018-07-3052.72.89.116 (ClassC)
2018-07-3052.5.142.190 (ClassC)
2018-08-1252.6.128.155 (ClassC)
2018-08-1252.54.24.134 (ClassC)
2018-08-2354.208.75.210 (ClassC)
2018-08-2352.6.224.208 (ClassC)
2018-08-2954.174.45.28 (ClassC)
2018-09-0552.7.6.73 (ClassC)
2018-09-1854.152.137.87 (ClassC)
2018-10-0652.6.46.72 (ClassC)
2018-10-1052.87.45.42 (ClassC)
2018-10-1052.5.251.20 (ClassC)
2018-10-2354.144.21.246 (ClassC)
2018-10-3152.55.164.156 (ClassC)
2018-10-3152.54.154.33 (ClassC)
2018-11-0752.22.89.169 (ClassC)
2018-11-1452.6.234.76 (ClassC)
2018-11-2654.208.56.179 (ClassC)
2018-11-2652.73.179.54 (ClassC)
2018-11-3054.165.193.163 (ClassC)
2018-11-3052.86.122.241 (ClassC)
2019-10-2523.20.239.12 (ClassC)
2021-02-233.223.115.185 (ClassC)
2021-11-2454.152.178.215 (ClassC)
2021-11-2652.2.147.58 (ClassC)
2023-12-123.130.253.23 (ClassC)
2023-12-1752.86.6.113 (ClassC)
2024-03-3054.161.222.85 (ClassC)
2024-04-1718.119.154.66 (ClassC)
2024-06-163.130.204.160 (ClassC)
2024-06-203.94.41.167 (ClassC)
2024-07-153.18.7.81 (ClassC)
2024-08-0134.205.242.146 (ClassC)
2024-08-0752.71.57.184 (ClassC)
2024-08-103.140.13.188 (ClassC)
2024-08-173.19.116.195 (ClassC)
2025-08-01104.21.51.40 (ClassC)
2025-08-24172.67.220.180 (ClassC)

Port 80
View on OTX | View on ThreatMiner








Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]



� Copyright 2019 AlienVault, Inc. | Legal| Status| Do Not Sell My Personal Information