Domain > qip.ru

More information on this domain is in AlienVault OTX

Files that talk to qip.ru

MD5	A/V
e21b3469b4fc1efddf76d8c89f1ebb2a	[Malware.Packer.HGX1] [Heuristic.LooksLike.Win32.Suspicious.E] [W32/Kryptik.AXUE!tr]
9aa81fa022c0b159758efa1bda4f9be1	[HW32.CDB.A20b] [Packed.Win32.Katusha.3!O] [WS.Reputation.1] [Kryptik.CCFN] [Backdoor.Win32.Hlux.dthd] [UnclassifiedMalware] [BackDoor.Slym.13011] [Backdoor:Win32/Kelihos] [Heur.Trojan.Hlux] [Win32/Kryptik.CBNK] [Win32.Backdoor.Hlux.Hwcu] [Trojan.Crypt3] [W32/Kryptik.BD!tr] [Crypt3.OHL] [Backdoor.Win32.Hlux.Ac]
833009a54c295a72ad64ab0941f482fe	[Suspicious.Cloud.5] [Kryptik.CCFN] [TrojWare.Win32.Kryptik.BZOO] [Trojan.DownLoad3.28912] [TR/Crypt.EPACK.9220] [Heuristic.BehavesLike.Win32.Suspicious-BAY.K] [Mal/FakeAV-UF] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Win32.SuspectCrc] [W32/Hlux.BWUN!tr.bdr] [Crypt_s.GIF] [Trojan.Win32.Kryptik.BZOO]
b36385662ebdaf40bc3d28f90b6a4751	[Spyware.Zbot.USBV] [Trojan] [BackDoor.SlymENT.1498] [Heuristic.LooksLike.Win32.Suspicious.E] [Trojan/Win32.Foreign]
c17c487f120d173057d60b37b69af463
1623be5a046aa215162665c5067332e0	[HW32.CDB.Db63] [Packed.Win32.Katusha.3!O] [WS.Reputation.1] [Kryptik.CDQY] [Trojan-PSW.Win32.Tepfer.tybm] [Trojan.PWS.Tepfer!sA6n+JUlMF8] [UnclassifiedMalware] [Trojan.Packed.26581] [Backdoor:Win32/Kelihos.F] [W32/Trojan.YSDP-3009] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [W32/Kryptik.BWUN!tr] [Crypt_s.GNC] [Trojan.Win32.InfoStealer.aRBP]
3223f61af50aa26a1c3bb96fe1779011	[HW32.CDB.D56b] [Packed.Win32.Katusha.3!O] [Backdoor.Hlux.r3] [Backdoor.Hlux.Win32.9065] [Trojan.Win32.Kryptik.czfnsp] [Trojan.FakeAV] [Kryptik.CCQY] [Backdoor.Win32.Hlux.dueu] [Backdoor.Hlux!DdFHfWii/ns] [UnclassifiedMalware] [TR/Kryptik.oenzk] [Backdoor:Win32/Kelihos] [Trojan/Win32.FakeAV] [Heur.Trojan.Hlux] [Backdoor.Win32.Hlux.cri] [Trojan.Crypt3] [W32/Kryptik.CBOM!tr] [Crypt3.ORV] [Backdoor.Win32.Hlux.Acmu] [Win32/Trojan.7bf]
14bfd82cc98684fb9c3e91971d2490b1	[HW32.CDB.Eb32] [Packed.Win32.Katusha.3!O] [WS.Reputation.1] [Kryptik.CDQY] [UnclassifiedMalware] [BackDoor.Slym.13873] [Win32.Troj.Undef.(kcloud)] [Backdoor:Win32/Kelihos.F] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Trojan.Win32.Kryptik.CBCJ] [Trojan.Crypt_s] [W32/Kryptik.BD!tr] [Crypt_s.GNC]
17124a0c3ffde1fd0de7168990278c06	[HW32.CDB.439f] [Packed.Win32.Katusha.3!O] [WS.Reputation.1] [Kryptik.CDQY] [TrojWare.Win32.Kryptik.CBCJ] [BackDoor.Slym.13873] [Win32.Troj.Undef.(kcloud)] [Backdoor:Win32/Kelihos.F] [Trojan/Win32.Tepfer] [W32/Trojan.DNNY-5917] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [Crypt_s.GNC] [Trojan.Win32.Kryptik.CBCJ]
350f0dcda52b7421f76777461a14f249	[Trojan/Win32.Zbot] [Trojan-Spy.Zbot]
20837cfed9fcc3df5a3e414c18eff646	[Packed.Win32.Katusha.3!O] [WS.Reputation.1] [Kryptik.CDQY] [TrojWare.Win32.Kryptik.CBCJ] [BackDoor.Slym.13873] [Win32.Troj.Undef.(kcloud)] [Backdoor:Win32/Kelihos.F] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [Crypt_s.GNC] [Trojan.Win32.Kryptik.CBCJ]
0d42b2efd88f95f4d5af60b548d7290a	[FraudTool.Security] [W32/Tepfer.MQ!tr] [Win32/Cryptor]
1ca8bda50d98c89332d39dbaf3aac976	[HW32.CDB.29c0] [Packed.Win32.Katusha.3!O] [Trojan.Win32.Kryptik.cxmkag] [WS.Reputation.1] [Kryptik.CDQY] [TrojWare.Win32.Kryptik.CBCJ] [BackDoor.Slym.13873] [Win32.Troj.Undef.(kcloud)] [Backdoor:Win32/Kelihos.F] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [Crypt_s.GNC]
d6a71b4d3098eab4dddab30fddbaef35	[FakeSecTool-FCX!D6A71B4D3098] [Malware.Packer.FFS] [BackDoor.SlymENT.2075] [Heuristic.LooksLike.Win32.Suspicious.E] [PE:Malware.XPACK/RDM!5.1]
292ad75fbab2288a453c7f7db162eed0	[HW32.CDB.A2b5] [Packed.Win32.Katusha.3!O] [Backdoor.Hlux!xuwpKhCjMA8] [WS.Reputation.1] [Kryptik.CDQY] [Backdoor.Win32.Hlux.dqzg] [UnclassifiedMalware] [Trojan.Packed.26581] [Trojan[Backdoor]/Win32.Hlux] [Backdoor:Win32/Kelihos] [W32/Trojan.HATR-5126] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [W32/Kryptik.BWUN!tr] [Crypt_s.GNC] [Backdoor.Win32.Hlux.Aj] [Win32/Trojan.112]
ba38f7c52eafa83a4f368b6c6ae17b51	[HW32.CDB.Fc1e] [Trojan.Crypt.Delf.B] [Trojan.Crypt.Delf.B] [Win32.TrojanDownloader.Banload.9] [Trojan/Downloader.Dadobra.afm] [Trojan.DL.Dadobra!IpHFYA2R3x0] [W32/Downldr2.CCCJ] [Downloader] [DLoader.NAVE] [TROJ_DLOADER.MCS] [Trojan.Packed-4] [Trojan-Downloader.Win32.Dadobra.afm] [Trojan.Crypt.Delf.B] [Trojan.Win32.Dadobra.ugej] [Win32.Trojan-downloader.Dadobra.Pfjc] [Trojan.Crypt.Delf.B] [Heur.Packed.Unknown] [Trojan.Crypt.Delf.B] [Trojan.DownLoader.63243] [TR/Crypt.Delf.B.93] [TROJ_DLOADER.MCS] [Heuristic.BehavesLike.Win32.Suspicious-BAY.G] [Trojan[Downloader]/Win32.Dadobra] [Win32.TrojDownloader.Dadobra.a.(kcloud)] [Trojan.Win32.A.Downloader.73728.AKS] [Trojan.Crypt.Delf.B] [Win-Trojan/Xema.variant] [TrojanDownloader] [Trojan.Win32.Dadobra.ADO] [PE:Trojan.Win32.Undef.dva!1075123518] [Trojan-Downloader.Win32.Banload] [Dloader.X!tr] [Downloader.Banload.UEP] [Trj/Dadobra.QW] [Win32/Trojan]
b20a97424bcc7c72cc5aeb087dea5d89	[Trojan/W32.Badur.8949760] [Artemis!B20A97424BCC] [Trojan.Win32.Leprum.duefiu] [Artemis] [W32/Trojan.HRZC-8284] [TR/Leprum.8949760.2] [Trojan/Win32.Badur] [Trojan:Win32/Dynamer!ac] [ASD.Reputation] [Trj/Chgt.O] [Virus.Win32.Leprum] [W32/Leprum.B] [Delfi.OC] [Virus.Win32.Leprum.B]
cbd57189a998c6f3e8741a9101b29483	[W32.Clod184.Trojan.a08a] [Trojan-Spy/W32.Banker.523264] [PWS-Banker] [Trojan/Packed.Themida.c] [W32/Trojan2.TSU] [Downloader] [Win32/Tnega.HOJ] [WORM_SDBOT.GAY] [Packed.Win32.Black.a] [Trojan.Win32.Banker.mgie] [Trojan.Win32.A.Black.523264] [Packed.Win32..Black.~A] [Trojan.Packed.650] [TR/Spy.Banker.gzn] [WORM_SDBOT.GAY] [Heuristic.LooksLike.Win32.EPO.C] [Mal/Behav-285] [Win32.Troj.Banker.(kcloud)] [VirTool:Win32/Obfuscator.XX] [Backdoor/Win32.Ciadoor] [W32/Trojan.QGQQ-1838] [Trj/Thed.A] [Backdoor.Win32.IRCBot] [W32/Packed.2D18!tr] [Win32/Themida] [Trojan.Win32.Black.Awg] [Win32/Trojan.b50]
6797c066d9e0eb3a4d4919db176860fe	[HW32.CDB.A3f8] [Trojan-Banker.Win32.Banker!O] [TrojanBanker.Banker.lkg] [Malware.Packer] [Trojan.Win32.Banker.nusn] [W32/Trojan2.FFKY] [Trojan-Banker.Win32.Banker.lkg] [Packed/XPack] [Trojan.Win32.A.Banker.3916321] [Trojan.PWS.Banker.22201] [Heuristic.LooksLike.Win32.Suspicious.N] [Mal/EncPk-DM] [Backdoor/Hupigon.aaqz] [TrojanDownloader:Win32/Banload.ZY] [Win32/MalPackedB.suspicious] [TrojanBanker.Banker] [Trj/Banker.FWD] [PE:Virus.Mian007!1.9AEA] [Trojan.Crypt.NSPM] [Malware_fam.gw] [PSW.Banker4.ABVM] [Trojan.Win32.Banker.ahGg]
333def0dfdba55d936f987c7c6279f48	[W32.Clodd7a.Trojan.6f66] [Trojan-Spy/W32.Banker.521728] [TrojanBanker.Banker.nwx] [PWS-Banker] [Trojan/Spy.Banker.xes] [Trojan.Win32.Banker.tnhd] [Infostealer.Bancos] [Trojan-Banker.Win32.Banker.nwx] [Packed/PECompact] [Trojan.PWS.Banker.based] [Heuristic.LooksLike.Win32.Suspicious.C!87] [Mal/DelpBanc-A] [TrojanSpy.Banker.fgz] [Win32.Troj.Banker.(kcloud)] [TrojanSpy:Win32/Bancos.DV] [Win-Trojan/Banker.521728.M] [W32/Trojan-juke-based!Maximus] [TrojanBanker.Banker] [Trj/CI.A] [Trojan-Spy.Win32.Banker.aww] [Malware_fam.gw] [Trojan.Win32.Banker.AW] [Win32/Trojan.f8e]

DNS Resolutions

Date	IP Address
2010-06-12	195.68.160.249 (ClassC)
2010-08-17	195.68.160.27 (ClassC)
2010-10-30	195.239.111.122 (ClassC)
2010-10-30	195.68.160.229 (ClassC)
2010-11-10	195.239.111.142 (ClassC)
2010-11-21	195.239.111.141 (ClassC)
2010-12-12	208.88.227.169 (ClassC)
2012-06-27	195.68.160.117 (ClassC)
2012-10-27	195.68.160.105 (ClassC)
2012-11-06	83.229.209.144 (ClassC)
2013-02-17	195.68.160.175 (ClassC)
2013-04-19	83.229.209.165 (ClassC)
2013-05-15	83.229.209.156 (ClassC)
2013-05-16	195.239.111.119 (ClassC)
2013-06-23	195.68.160.114 (ClassC)
2013-07-15	195.239.111.98 (ClassC)
2013-09-10	195.239.242.60 (ClassC)
2013-10-19	195.239.111.97 (ClassC)
2013-10-19	195.239.111.75 (ClassC)
2013-10-19	195.239.111.119 (ClassC)
2014-03-11	80.68.249.61 (ClassC)
2014-04-25	195.239.111.97 (ClassC)
2014-06-18	195.239.111.75 (ClassC)
2014-06-24	195.16.127.186 (ClassC)
2014-06-24	195.239.111.33 (ClassC)
2014-06-28	195.16.127.140 (ClassC)
2014-06-29	195.16.127.165 (ClassC)
2014-07-27	195.16.127.144 (ClassC)
2014-09-20	195.239.111.239 (ClassC)
2014-12-11	195.239.111.76 (ClassC)
2014-12-17	195.16.127.181 (ClassC)
2018-09-01	195.16.127.101 (ClassC)
2018-09-01	195.16.127.150 (ClassC)
2018-09-01	5.188.42.231 (ClassC)
2018-09-13	217.65.7.67 (ClassC)
2019-08-18	91.234.98.100 (ClassC)
2021-07-29	31.172.128.36 (ClassC)
2025-08-11	91.236.136.105 (ClassC)

HTTP/1.1 200 OKServer: nginx/1.12.2Date: Thu, 02 May 2019 20:34:25 GMTContent-Type: text/html; charsetUTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.39Set-Cookie: QIPSIDp3f

!DOCTYPE html>!--if IE 8 >html classie ie8 langen> !endif-->!--if IE 9 >html classie ie9 langen> !endif-->!--if lt IE 9> script srcjs/html5shiv-3.7.2.min.js>/script>!endif-->html langru-RU>head>	!--- Meta	 -->	title>QIP.RU/title>	meta charsetUTF-8>    	meta nameviewport contentwidthdevice-width, initial-scale1.0>	meta http-equivX-UA-Compatible contentIEedge>	meta nameviewport contentwidthdevice-width, initial-scale1, maximum-scale1>	meta namecsrf-param content_csrf>    meta namecsrf-token contentT2NZSWY5MU0qAQkhEGhBPzUzEgYFY3MeBSkDHD5aBwp.DTp8Jw9oPg>	!-- Favicons	 -->	link relshortcut icon href/img/favicon/favicon.ico typeimage/x-icon>	link relapple-touch-icon href/img/favicon/apple-touch-icon.png>	link relapple-touch-icon sizes72x72 href/img/favicon/apple-touch-icon-72x72.png>	link relapple-touch-icon sizes114x114 href/img/favicon/apple-touch-icon-114x114.png>    !-- CSS         -->    style>        @font-face{font-family:robotoregular;src:url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.eot);src:url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.eot?#iefix) format(embedded-opentype), url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.woff) format(woff), url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.ttf) format(truetype), url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.svg#robotoregular) format(svg);font-weight:normal;font-style:normal;}        @font-face{font-family:robotobold;src:url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.eot);src:url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.eot?#iefix) format(embedded-opentype), url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.woff) format(woff), url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.ttf) format(truetype), url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.svg#robotobold) format(svg);font-weight:normal;font-style:normal;}        @font-face{font-family:robotoblack;src:url(/fonts/roboto_black_cyrillic/Roboto-Black-webfont.eot);src:url(/fonts/roboto_black_cyrillic/Roboto-Black-webfont.eot?#iefix) form

Port 443

HTTP/1.1 200 OKServer: nginx/1.12.2Date: Thu, 02 May 2019 20:34:26 GMTContent-Type: text/html; charsetUTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.39Set-Cookie: QIPSIDrm6

!DOCTYPE html>!--if IE 8 >html classie ie8 langen> !endif-->!--if IE 9 >html classie ie9 langen> !endif-->!--if lt IE 9> script srcjs/html5shiv-3.7.2.min.js>/script>!endif-->html langru-RU>head>	!--- Meta	 -->	title>QIP.RU/title>	meta charsetUTF-8>    	meta nameviewport contentwidthdevice-width, initial-scale1.0>	meta http-equivX-UA-Compatible contentIEedge>	meta nameviewport contentwidthdevice-width, initial-scale1, maximum-scale1>	meta namecsrf-param content_csrf>    meta namecsrf-token contentc2FnVl9DcUJCGAFuOXQyBSIYUW8Ad0QgF1Y3Jh0UPANeDg87bXo9Dw>	!-- Favicons	 -->	link relshortcut icon href/img/favicon/favicon.ico typeimage/x-icon>	link relapple-touch-icon href/img/favicon/apple-touch-icon.png>	link relapple-touch-icon sizes72x72 href/img/favicon/apple-touch-icon-72x72.png>	link relapple-touch-icon sizes114x114 href/img/favicon/apple-touch-icon-114x114.png>    !-- CSS         -->    style>        @font-face{font-family:robotoregular;src:url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.eot);src:url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.eot?#iefix) format(embedded-opentype), url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.woff) format(woff), url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.ttf) format(truetype), url(/fonts/roboto_regular_cyrillic/Roboto-Regular-webfont.svg#robotoregular) format(svg);font-weight:normal;font-style:normal;}        @font-face{font-family:robotobold;src:url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.eot);src:url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.eot?#iefix) format(embedded-opentype), url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.woff) format(woff), url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.ttf) format(truetype), url(/fonts/roboto_bold_cyrillic/Roboto-Bold-webfont.svg#robotobold) format(svg);font-weight:normal;font-style:normal;}        @font-face{font-family:robotoblack;src:url(/fonts/roboto_black_cyrillic/Roboto-Black-webfont.eot);src:url(/fonts/roboto_black_cyrillic/Roboto-Black-webfont.eot?#iefix) form

Subdomains

Date	Domain	IP
weball.qip.ru	2014-09-15	195.239.111.122
ip.qip.ru	2015-01-15	195.16.127.102
smtp.qip.ru	2013-06-21	62.141.94.173
r.qip.ru	2014-06-27	195.68.160.114
pass.qip.ru	2014-06-19	195.239.111.98
referats.qip.ru	2014-03-11	83.229.209.186
lstats.qip.ru	2014-06-19	195.68.160.249
5ballov.qip.ru	2018-09-03	104.24.122.231
mx.qip.ru	2013-05-16	62.141.94.154

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > qip.ru

Is this malicious?

Files that talk to qip.ru

DNS Resolutions

Port 80

Port 443

Subdomains