Locky Distribution Site :: banatlebanon.com

Host Information

Locky Distribution Site:banatlebanon.com
Threat:Distribution Site
Malware:Locky
URL:http://banatlebanon.com/g67eihnrv
Host Status:offline
Blacklist check:Spamhaus DBL:Not Listed
 SURBL:Not Listed
Domain Registar:GODADDY.COM, LLC
Nameserver(s):ns63.domaincontrol.com
 ns64.domaincontrol.com
Firstseen (UTC):2016-10-27 11:51:07
Lastseen (UTC):never

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky Distribution Site. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2018-05-30 01:04:362019-08-24 01:25:4946.101.214.158Not listedAS14061DIGITALOCEAN-ASN - DigitalOcean, LLC, US- Germany (DE)
no2017-03-31 01:52:442018-05-29 01:05:19138.197.108.4Not listedAS14061DIGITALOCEAN-ASN-NY3 - Digital Ocean, In[...]- United States (US)
no2018-02-09 01:07:032018-02-12 01:06:09184.168.221.69ip-184-168-221-69.ip.secureserver.netNot listedAS26496AS-26496-GO-DADDY-COM-LLC - GoDaddy.com,[...]- United States (US)
no2018-02-11 01:06:222018-02-14 01:06:03184.168.221.76ip-184-168-221-76.ip.secureserver.netNot listedAS26496AS-26496-GO-DADDY-COM-LLC - GoDaddy.com,[...]- United States (US)
no2016-10-27 12:02:432017-03-30 01:49:51192.185.39.63Not listedAS20013CYRUSONE - CyrusOne LLC, US- United States (US)
no2017-02-09 09:58:042017-02-17 01:50:5950.63.202.59ip-50-63-202-59.ip.secureserver.netNot listedAS26496AS-26496-GO-DADDY-COM-LLC - GoDaddy.com,[...]- United States (US)
no2018-02-13 01:06:44never50.63.202.71ip-50-63-202-71.ip.secureserver.netNot listedAS26496AS-26496-GO-DADDY-COM-LLC - GoDaddy.com,[...]- United States (US)
no2018-02-08 01:06:36never50.63.202.75ip-50-63-202-75.ip.secureserver.netNot listedAS26496AS-26496-GO-DADDY-COM-LLC - GoDaddy.com,[...]- United States (US)
no2018-02-10 01:06:02never50.63.202.82ip-50-63-202-82.ip.secureserver.netNot listedAS26496AS-26496-GO-DADDY-COM-LLC - GoDaddy.com,[...]- United States (US)

# IPs found: 9 (max. 25)

Dropped files

Latest 100 files (malware samples) dropped by this distribution site.

Firstseen (UTC)MD5 hashFilesizeVTSignature
2016-10-27 17:20:127b730a6ca2ea4c67f22e77291eb89c85176'128 bytesVirustotal results 16/59 (27.12%) # Not authorized
2016-10-27 11:16:3509a7090b07de1d0709b905d278088a42278'528 bytesVirustotal results 0/55 (0.00%) n/a

Unique dropped files: 2