Domain > rtvwerjyuver.com

More information on this domain is in AlienVault OTX

Files that talk to rtvwerjyuver.com

MD5	A/V
0c2b57e1e356e568b4874eec01a72851	[W32.InjectAdwaredDwnA1.PE] [Win32.Ramnit.N] [Virus/W32.SpyEye] [Virus.Win32.Ramit.1!O] [W32.Ramnit.BA] [W32/Ramnit.a] [Virus.Ramnit] [Virus.Nimnul.Win32.2] [Virus.Win32.Nimnul.bqjjnb] [W32/Ramnit.E] [W32.Ramnit.B!inf] [Ramnit.Z] [Win32/Ramnit.C] [Win32:RmnDrp] [W32.Ramnit-1] [Virus.Win32.Nimnul.a] [Win32.Nimnul.A] [Virus.Win32.Heur.d] [PE:Win32.Mgr.b!1594784] [Virus.Win32.Ramnit.K] [Win32.Rmnet.12] [W32/Ramnit.C] [PE_RAMNIT.DEN] [Heuristic.LooksLike.Win32.SuspiciousPE.J] [W32/Ramnit-A] [Win32/IRCNite.wi] [Virus/Win32.Nimnul.a] [Win32.Ramnit.lx.30720] [Virus:Win32/Ramnit.J] [Win32/Ramnit.G] [Virus.Win32.Nimnul.b] [W32/Cosmu.E] [Win32/Ramnit.H] [Virus.Win32.Dropper.k] [Virus.Win32.Ramnit] [Win32/Zbot.F] [Virus.Win32.Nimnul.$a] [Virus.Win32.Ramnit.A]
FA844F97E93392140A3EA79137EA4AD6	[W32.Sality.PE] [Win32.Sality.3] [Virus/W32.Sality.D] [Trojan.Win32.Krap.1!O] [W32.Sality.U] [Backdoor.IRCBot] [Virus.Sality.Win32.20] [Win32.Sality.BL] [W32.Sality.AE] [Sality.ZHB] [Win32/Sality.AA] [PE_SALITY.RL] [Win32:SaliCode] [WIN.Ransom.Lockscreen] [Trojan.Win32.Pakes.tyi] [Virus.Win32.Sality.beygb] [Win32.Sality.N[h]] [PE:Trojan.Win32.Fednu.ueo!1075351062] [Trojan.MulDrop3.45645] [BehavesLike.Win32.Ramnit.cc] [Mal/Sality-D] [W32/Sality.AT] [Trojan:Win32/Ramnit.A] [W32/Ramnit.k] [Virus.Win32.Sality.bakc] [W32/Sality.AA] [Win32.Ramnit.AY] [Win32/Sality.NBA] [Trojan-Ransom.Win32.PornoBlocker] [W32/Ramnit.AA] [Win32/Zbot.S] [Virus.Win32.Sality.$Emu] [Worm.Win32.FakeFolder.BU]
058c491a4427af1c3753cf533064a680	[W32.FamVT.Nimnul.PE] [Virus/W32.SpyEye] [Virus.Win32.Ramit.1!O] [W32.Ramnit.BA] [Virus.Ramnit] [W32/Ramnit.E] [W32.Ramnit.B!inf] [Win32/Ramnit.C] [PE_RAMNIT.DEN] [Win32:RmnDrp] [Virus.Win32.Nimnul.a] [Virus.Win32.Nimnul.bqjjnb] [Win32.Nimnul.A[h]] [Worm.Win32.Autorun.d] [Virus.Win32.Ramnit.K] [Virus.Nimnul.Win32.2] [BehavesLike.Win32.Ramnit.fh] [W32/Ramnit-A] [Win32/IRCNite.wi] [W32/Ramnit.C] [Virus/Win32.Nimnul.a] [Win32.Ramnit.lx.30720] [Virus:Win32/Ramnit.J] [Win32/Ramnit.G] [W32/Ramnit.a] [Virus.Win32.Nimnul.b] [Virus.Win32.Nimnul.$a] [Win32.Ramnit.H] [Win32/Ramnit.H] [PE:Worm.VobfusEx!1.99E4] [Trojan.Win32.VB] [VB.CGQT] [W32/Cosmu.E] [Virus.Win32.Ramnit.A]
1adc41752e4bd91c9705e65de0e22cb1
feca011488d43a3bf9003b9926e6aaa8
a767f197a9dab7a2caa273ffaeac4c3a	[W32.OdiserI.Trojan] [Trojan.Dropper.YJG] [Backdoor.Win32.IRCNite!O] [Trojan.Dropper.YJG] [Backdoor/IRCNite.ckw] [Trojan.Dropper.YJG] [Win32.Trojan.Nimnal.e] [W32/Trojan2.NRKG] [Trojan.ADH] [Win32/Ramnit.A] [Win.Dropper.DroopTroop-5] [Backdoor.Win32.IRCNite.ckw] [Trojan.Dropper.YJG] [Trojan.Win32.FakeAlert.vqrwv] [Trojan.Win32.Z.Drooptroop.255984[h]] [Trojan.Dropper.YJG] [TrojWare.Win32.Bamital.KDE] [Trojan.Dropper.YJG] [Trojan.Packed.142] [Dropper.Drooptroop.Win32.5270] [trojan.win32.ramnit.a] [BehavesLike.Win32.Ramnit.dz] [Mal/FakeAV-BW] [W32/Trojan.ZTCM-5204] [auy] [W32/Sality.AB.2] [Trojan[Backdoor]/Win32.IRCNite] [Win32.Troj.Undef.(kcloud)] [Trojan:Win32/Ramnit.A] [Backdoor.W32.IRCNite.ckw!c] [Trojan/Win32.Bamital.R9115] [Trojan.Dropper.YJG] [W32/Ramnit.k] [TrojanDropper.Drooptroop] [Win32.Ramnit.A] [Win32.Virus.Ramnit.Lmkl] [Trojan.Kryptik!zZR4fvhIEjg] [Virus.Win]

Whois

Property	Value
Email	gregorygofr@yahoo.com
NameServer	NS2.SUSPENDED-DOMIAN.COM
Created	2011-06-26 00:00:00
Changed	2015-07-21 00:00:00
Expires	2016-06-26 00:00:00
Registrar	BIGROCK SOLUTIONS LI

DNS Resolutions

Date	IP Address
2013-05-17	173.255.217.235 (ClassC)
2014-05-24	69.164.203.105 (ClassC)
2017-04-25	69.164.203.105 (ClassC)
2017-06-27	209.99.40.221 (ClassC)
2017-09-16	104.131.8.122 (ClassC)
2017-09-17	174.138.81.210 (ClassC)
2017-09-18	165.227.189.13 (ClassC)
2017-09-22	165.227.100.254 (ClassC)
2017-09-24	138.197.77.118 (ClassC)
2017-09-28	165.227.110.129 (ClassC)
2017-09-30	165.227.121.155 (ClassC)
2017-10-02	138.197.105.246 (ClassC)
2017-10-08	159.203.111.33 (ClassC)
2017-10-09	138.197.103.250 (ClassC)
2017-10-11	165.227.116.32 (ClassC)
2017-10-17	104.236.240.68 (ClassC)
2017-10-20	165.227.77.254 (ClassC)
2017-10-21	165.227.98.194 (ClassC)
2017-10-25	165.227.114.91 (ClassC)
2017-11-03	159.203.163.177 (ClassC)
2017-11-08	159.203.77.210 (ClassC)
2017-11-15	165.227.97.225 (ClassC)
2017-11-17	159.203.88.154 (ClassC)
2017-11-28	174.138.57.231 (ClassC)
2017-12-01	165.227.124.166 (ClassC)
2021-02-23	45.55.36.236 (ClassC)
2025-08-11	193.166.255.171 (ClassC)

HTTP/1.1 200 OKDate: Thu, 23 May 2019 18:10:23 GMTServer: Apache/2.4.18 (Ubuntu)Link: http://45.55.36.236/index.php/wp-json/>; relhttps://api.w.org/Vary: Accept-EncodingTransfer-Encoding: chunkedConte

!doctype html>html langen-US>head>	meta charsetUTF-8 />	meta nameviewport contentwidthdevice-width, initial-scale1 />	link relprofile hrefhttps://gmpg.org/xfn/11 />	title>Wordpress – Just another WordPress site/title>link reldns-prefetch href//45.55.36.236 />link reldns-prefetch href//code.jquery.com />link reldns-prefetch href//s.w.org />link relalternate typeapplication/rss+xml titleWordpress » Feed hrefhttp://45.55.36.236/index.php/feed/ />link relalternate typeapplication/rss+xml titleWordpress » Comments Feed hrefhttp://45.55.36.236/index.php/comments/feed/ />		script typetext/javascript>			window._wpemojiSettings  {baseUrl:https://s.w.org/images/core/emoji/11.2.0/72x72/,ext:.png,svgUrl:https://s.w.org/images/core/emoji/11.2.0/svg/,svgExt:.svg,source:{concatemoji:http://45.55.36.236/wp-includes/js/wp-emoji-release.min.js?ver5.1.1}};			!function(a,b,c){function d(a,b){var cString.fromCharCode;l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,a),0,0);var dk.toDataURL();l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,b),0,0);var ek.toDataURL();return de}function e(a){var b;if(!l||!l.fillText)return!1;switch(l.textBaselinetop,l.font600 32px Arial,a){caseflag:return!(bd(55356,56826,55356,56819,55356,56826,8203,55356,56819))&&(bd(55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447,55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447),!b);caseemoji:return bd(55358,56760,9792,65039,55358,56760,8203,9792,65039),!b}return!1}function f(a){var cb.createElement(script);c.srca,c.deferc.typetext/javascript,b.getElementsByTagName(head)0.appendChild(c)}var g,h,i,j,kb.createElement(canvas),lk.getContext&&k.getContext(2d);for(jArray(flag,emoji),c.supports{everything:!0,everythingExceptFlag:!0},i0;ij.length;i++)c.supportsjie(ji),c.supports.everythingc.supports.everything&&c.supportsji,flag!ji&&(c.supports.everythingExceptFlagc.supports.everythingExceptFlag&&c.supportsji);c.supports.everythingExceptFla

Subdomains

Date	Domain	IP
www.rtvwerjyuver.com	2025-05-14	193.166.255.171

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > rtvwerjyuver.com

Is this malicious?

Files that talk to rtvwerjyuver.com

Whois

DNS Resolutions

Port 80

Subdomains