Help RSS API Feed Maltego Contact                        

Domain > rghost.ru

More information on this domain is in AlienVault OTX

Is this malicious?

Files that talk to rghost.ru
MD5A/V
19ff2e8613be36335a88ca30f2d66eab
a8243df96256c1c425a75acd7c1a760e[Worm.VBS.Dunihi.W] [Worm/VBS.Dinihou]
3b0e3916f98277882c6f942bf643e4b8
41e67dca33376c8723aa88c49c0a38af
e446afebaa40ba5ff5043b16fd1c2a36
3c9b84d13045a38f9994693ffa3ee725
52660d440348342d7663fd3173763fef[W32.NeshtaB.PE] [Win32.Neshta.A] [Virus/W32.Neshta] [Virus.Win32.Neshta!O] [W32.Neshta.A] [Virus.Ramnit] [Virus.Neshta.Win32.1] [Trojan.Win32.Neshta.cwfstr] [W32/HLLP.41472] [W32.Neshuta] [Neshta.C] [Win32/Neshta.A] [PE_NESHTA.A] [W32.Neshuta.A] [Virus.Win32.Neshta.a] [Win32.Neshta.B] [PE:Win32.Netsha.a!411233] [Win32.Ramnit] [Win32.HLLP.Neshta] [W32/Neshta.A] [Heuristic.BehavesLike.Win32.Suspicious.D] [W32/Bloat-A] [Virus.Neshta.a] [Virus/Win32.Neshta.a] [Virus:Win32/Neshta.A] [Win32/Neshta] [Virus.Win32.Neshta] [Worm/Delf.FF] [Virus.Win32.Neshta.$a] [Virus.Win32.Neshta.B]
36d68b0d8bada85675cb2fccab5d68fd[PUP-FEX!36D68B0D8BAD] [PUP.Optional.LoadMoney] [Trojan.Win32.LMN.cmhxoa] [LoadMoney.DGNB] [TrojWare.Win32.Kryptik.BEUX] [Trojan.LoadMoney.225] [PUP-FEA!36D68B0D8BAD] [Troj/LdMon-D] [Trojan/Win32.LoadMoney] [Malware-Cryptor.Limpopo] [W32/Kryptik.WIE!tr] [Win32/Cryptor]
52cb9d6fe8c9d09eb28e6a250f235ade
36ae9e597b297fdc2543dac51978720d
38fa884e6cf1eeccd8a134701e2b87a2
4bd939cf0747f726cc4f99104fbf491d
555f39d1119ce270d6614d1d0f11cf82
25893d268cdc2c9ff630226b82d0fedd
2408b2c4fe8208c59a303f6281f9b72b[Trojan.DownLoader4.56255]
014e2ae816258eb51061f3c8cafe32b6[Artemis!014E2AE81625] [Adware.Downware.3965] [Trojan.Win32.Llac] [PossibleThreat]
4b95c5997a834624a5d08bd9ae54899c
42100d0d9a40803a6f99c69d463d3dce
a698c316aec4374394c3643429a382f5
92ec6db2df53d85fee61f86f0491dd0e

DNS Resolutions
DateIP Address
2011-04-08217.199.218.103 (ClassC)
2011-08-28217.199.218.101 (ClassC)
2012-01-28217.199.217.180 (ClassC)
2012-12-30217.199.217.181 (ClassC)
2012-12-30217.199.218.98 (ClassC)
2013-08-13141.101.127.140 (ClassC)
2013-08-13108.162.200.141 (ClassC)
2013-10-19217.199.218.100 (ClassC)
2013-12-04108.162.207.189 (ClassC)
2013-12-04141.101.124.189 (ClassC)
2013-12-15217.199.218.100 (ClassC)
2014-02-14108.162.198.174 (ClassC)
2014-02-14108.162.199.174 (ClassC)
2014-02-1889.248.225.50 (ClassC)
2014-02-2789.248.225.44 (ClassC)
2014-03-0389.248.225.42 (ClassC)
2014-03-1789.248.225.43 (ClassC)
2014-07-0189.248.225.50 (ClassC)
2014-10-25162.159.243.134 (ClassC)
2014-10-25162.159.242.134 (ClassC)
2016-06-04163.172.19.203 (ClassC)
2016-06-0637.59.33.100 (ClassC)
2018-07-29198.251.84.79 (ClassC)
2020-08-20104.28.14.51 (ClassC)
2020-10-28104.28.15.51 (ClassC)
2022-04-21172.67.131.47 (ClassC)
2022-05-05104.21.3.207 (ClassC)
2022-08-16188.114.96.2 (ClassC)
2022-09-03188.114.97.2 (ClassC)
2023-08-11188.114.97.7 (ClassC)
2023-08-11188.114.96.7 (ClassC)
2023-12-01188.114.97.0 (ClassC)
2023-12-01188.114.96.0 (ClassC)
2024-11-11172.67.175.16 (ClassC)
2024-12-23104.21.64.31 (ClassC)
2025-01-09104.21.64.1 (ClassC)
2025-05-01104.21.48.1 (ClassC)
2025-07-11104.21.80.1 (ClassC)
2025-07-20104.21.112.1 (ClassC)
2025-07-27104.21.32.1 (ClassC)
2025-08-08104.21.16.1 (ClassC)
2025-08-12104.21.96.1 (ClassC)

Port 80

Port 443

Subdomains
DateDomainIP
plasmon.rghost.ru2013-10-19217.199.218.98
polariton.rghost.ru2024-10-17104.21.64.31
higgs.rghost.ru2013-10-19217.199.217.181
tau.rghost.ru2013-10-19217.199.217.180
www.rghost.ru2024-09-12172.67.175.16
View on OTX | View on ThreatMiner








Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]



� Copyright 2019 AlienVault, Inc. | Legal| Status| Do Not Sell My Personal Information