Domain > cmdcmdcmd.php0h.com

More information on this domain is in AlienVault OTX

Property	Value
Email	ABUSE@BYETHOST.ORG
NameServer	NS2.BYET.ORG
Created	2006-02-20 00:00:00
Changed	2015-01-21 00:00:00
Expires	2016-02-20 00:00:00
Registrar	ENOM, INC.

DNS Resolutions

Date	IP Address
2013-04-01	199.59.243.64 (ClassC)
2013-04-01	199.59.243.124 (ClassC)
2014-06-15	23.253.135.157 (ClassC)
2014-07-30	199.59.243.123 (ClassC)
2024-08-29	199.59.243.226 (ClassC)
2024-12-27	199.59.243.227 (ClassC)
2025-07-16	199.59.243.228 (ClassC)

HTTP/1.1 200 OKdate: Sun, 23 Jun 2024 20:13:39 GMTcontent-type: text/html; charsetutf-8content-length: 1058x-request-id: 79755e13-2b5a-4d5d-a969-43a0b535baaccache-control: no-store, max-age0accept-ch:

!doctype html>html data-adblockkeyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ_A16vHzZKccLX0u240hwZjAJuMyh9ZgtMlj9pFgj1iXvc/zLSW6DdEZeMAAxb23TlfmNx+p5nxZXlTdoPG1D53w langen stylebackground: #2B2B2B;>head>    meta charsetutf-8>    meta nameviewport contentwidthdevice-width, initial-scale1>    link relicon hrefdata:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC>    link relpreconnect hrefhttps://www.google.com crossorigin>/head>body>div idtarget styleopacity: 0>/div>script>window.park  eyJ1dWlkIjoiNzk3NTVlMTMtMmI1YS00ZDVkLWE5NjktNDNhMGI1MzViYWFjIiwicGFnZV90aW1lIjoxNzE5MTczNjE5LCJwYWdlX3VybCI6Imh0dHA6Ly9jbWRjbWRjbWQucGhwMGguY29tLyIsInBhZ2VfbWV0aG9kIjoiR0VUIiwicGFnZV9yZXF1ZXN0Ijp7fSwicGFnZV9oZWFkZXJzIjp7fSwiaG9zdCI6ImNtZGNtZGNtZC5waHAwaC5jb20iLCJpcCI6IjUyLjQwLjIzNC4xMDUifQo;/script>script src/bJjCWNCpU.js>/script>/body>/html>

Subdomains

Date	Domain	IP
gehhem123.php0h.com	2013-04-13	209.190.85.145
dfree3.php0h.com	2015-05-24	185.27.134.159
paypa.php0h.com	2013-04-01	209.190.24.4
transmitindoterra.php0h.com	2014-05-29	23.253.135.157
hfeiya.php0h.com	2013-04-01	199.59.243.124
wpxnbd.php0h.com	2015-01-24	185.27.134.127
pferrarikid.php0h.com	2013-04-01	199.59.243.64
cmdcmdcmd.php0h.com	2013-04-01	199.59.243.64
fingguboard.php0h.com	2013-04-21	209.190.85.35
www.fingguboard.php0h.com	2013-05-20	209.190.85.35
shutembe.php0h.com	2013-11-30	185.27.134.111
horse.php0h.com	2013-05-07	209.190.85.145
arsperug.php0h.com	2013-07-03	199.59.243.109
ziwatik.php0h.com	2013-04-09	209.190.24.9
www.lion.php0h.com	2013-08-05	209.190.24.9
baston.php0h.com	2013-05-10	209.190.85.35
echo.php0h.com	2013-12-05	185.27.134.213
rhonoto.php0h.com	2014-07-16	185.27.134.142
sohocop.php0h.com	2013-05-29	209.51.196.248
taylodrop.php0h.com	2014-07-15	199.59.243.123
ftp.php0h.com	2025-06-26	185.27.134.11
bonusonlinepoker.php0h.com	2013-06-12	199.59.243.109
radioplayer.php0h.com	2013-04-01	199.59.243.110
smart_cis.php0h.com	2013-05-13	209.190.85.35
finggunews.php0h.com	2013-04-01	209.190.85.9
bancoposteit.php0h.com	2013-06-12	199.59.243.109
www.toplisteskort.php0h.com	2025-05-09	185.27.134.219
cbasketbe1u.php0h.com	2013-07-03	199.59.243.109
postepay.php0h.com	2014-06-30	205.164.14.79

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

MD5	A/V
31484df48eeeaba117b43b9fa746da0e	[W32.PikachuGTA.Worm] [Worm.Chupik.A3] [W32/Worm-FEL!31484DF48EEE] [W32/VB.aso] [Trojan.Win32.MulDrop2.crsvig] [W32/Worm.APUJ] [W32.SillyFDC] [Win32/Chupika.A] [TROJ_SPNR.02EM12] [Win32:Sality] [Worm.Chupik!EXA4Vn+0eQg] [Worm.Win32.VB.110592.B] [Worm.Win32.Autorun.d] [Worm.Win32.Autorun.eb0] [Trojan.MulDrop2.63234] [Worm.VB.Win32.2095] [Heuristic.BehavesLike.Win32.Suspicious-BAY.K] [Mal/VB-F] [Worm/VB.ayi] [Worm.VB.417792.(kcloud)] [Worm:Win32/Chupik.A] [Trojan/Win32.Cosmu] [W32/Worm.LPKA-4508] [Worm.VB] [Win32/VB.NSP] [PE:Worm.VobfusEx!1.99E4] [Worm.Win32.VB] [W32/VB.SDE!tr] [Worm/VB.ADVW] [W32/Picachu.A.worm]

Domain > cmdcmdcmd.php0h.com

Is this malicious?

Files that talk to cmdcmdcmd.php0h.com

Whois

DNS Resolutions

Port 80

Subdomains