Scanned pages/files
Request | Server response | Status |
http://qip.ru/ | 200 OK Content-Length: 83054 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
http://qip.ru/js/s_index.js?556 | 200 OK Content-Length: 46110 Content-Type: application/x-javascript | clean |
http://qip.ru/js/criteo.js?556 | 200 OK Content-Length: 1108 Content-Type: application/x-javascript | clean |
http://qip.ru//api.qip.ru/js/head.js?584/ | 404 Not Found Content-Length: 83280 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
http://qip.ru//pagead2.googlesyndication.com/pagead/show_ads.js/ | 404 Not Found Content-Length: 83561 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
http://qip.ru//qip.ru/homepage/ | 404 Not Found Content-Length: 84116 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
https://qip.ru/reg/recover | 200 OK Content-Length: 17522 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
https://api.qip.ru/js/main.js?584 | 200 OK Content-Length: 13764 Content-Type: application/x-javascript | clean |
https://api.qip.ru/js/JsHttpRequest.js | 200 OK Content-Length: 13895 Content-Type: application/x-javascript | clean |
https://qip.ru//mail.qip.ru/ | 404 Not Found Content-Length: 83707 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
https://qip.ru/js/s_index.js?556 | 200 OK Content-Length: 46110 Content-Type: application/x-javascript | clean |
https://qip.ru/js/criteo.js?556 | 200 OK Content-Length: 1108 Content-Type: application/x-javascript | clean |
https://qip.ru//api.qip.ru/js/head.js?584/ | 404 Not Found Content-Length: 84153 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
https://qip.ru//pagead2.googlesyndication.com/pagead/show_ads.js/ | 404 Not Found Content-Length: 84252 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> | ||
https://qip.ru//qip.ru/homepage/ | 404 Not Found Content-Length: 86150 Content-Type: text/html | suspicious |
Suspicious code found <div class="qip_footer qf_stretch"> <div class="qf_left"><script> function forLinkToNewVersion(_link) { _gaq.push(['_trackEvent', 'ÐовÑй дизайн', 'Ðлик', 'Ðодвал']); setTimeout(function() {document.location.href = _link.href;}, 100); return false; } </script> <a id="q_footer_pda" href="//qip.ru/?newversion" rel="nofollow" onclick='return forLinkToNewVersion(this);'>ÐовÑй дизайн</a></ (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.defer = true; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: qip.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate
Connection: close
Date: Mon, 27 Apr 2015 18:39:06 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Wed, 14 May 2000 00:00:00 GMT
Set-Cookie: sqip_weather_code=RU_45_45_2; expires=Sun, 17-Jan-2016 18:39:06 GMT; path=/; domain=qip.ru
Set-Cookie: startqip_uniq=11fa2899c139a3785773f65ac92f2d35; expires=Wed, 27-May-2015 18:39:06 GMT; path=/; domain=qip.ru
GET / HTTP/1.1
Host: qip.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate
Connection: close
Date: Mon, 27 Apr 2015 18:39:06 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Wed, 14 May 2000 00:00:00 GMT
Set-Cookie: sqip_weather_code=RU_45_45_2; expires=Sun, 17-Jan-2016 18:39:06 GMT; path=/; domain=qip.ru
Set-Cookie: startqip_uniq=11fa2899c139a3785773f65ac92f2d35; expires=Wed, 27-May-2015 18:39:06 GMT; path=/; domain=qip.ru
Second query (visit from search engine):
GET / HTTP/1.1
Host: qip.ru
Referer: http://www.google.com/search?q=qip.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: qip.ru
Referer: http://www.google.com/search?q=qip.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=qip.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://qip.ru/
Result: qip.ru is not infected or malware details are not published yet.
Result: qip.ru is not infected or malware details are not published yet.