home

t.qihutechs.com

qi techs

Domain Information

The domain t.qihutechs.com registered by qi techs was initially registered in January of 2016 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Texas, United States (US)

Create date:
Wednesday, January 6, 2016

Expires date:
Friday, January 6, 2017

Updated date:
Wednesday, January 6, 2016

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
qihutechs.com

Whois:
1 qihutechs.com record

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Thinknice.TaiwanShuiMuChihChingTechnology.Installer (M), Threat.Win.Reputation.IMP, PUP.Elex (M), PUP.Elex.Chenchen.Installer.Meta (M), Adware.Elex
56.25%

Kaspersky
not-a-virus:Downloader.Win32.Elex, not-a-virus:Downloader.Win32.AdLoad, not-a-virus:Downloader.NSIS.Agent, Virus.Win32.Parite
43.75%

ESET NOD32
Win32/Sality.NBA virus, Win32/ELEX.DS potentially unwanted application, Win32/ELEX.BI.gen potentially unwanted application
43.75%

avast!
Win32:Dropper-gen [Drp], Win32:SaliCode, Win32:Parite
37.50%

F-Prot
W32/Sality.gen2, W32/Sality.E.gen, W32/Parite.B
31.25%

Microsoft Security Essentials
Threat.Undefined
31.25%

Emsisoft Anti-Malware
Trojan.Generic.14715267, Win32.Sality, Win32.Parite
25.00%

AVG
Win32/Sality, Win32/Parite
25.00%

Norman
Win32.Sality.3, Trojan.NSIS.Androm.3, Win32.Parite.B
25.00%

McAfee
Program.Artemis!DF667A225FAD, Artemis!1317E3C29A07, Virus.W32/Pate.b
25.00%

VIPRE Antivirus
Threat.4150696, Threat.46249, Threat.4758034
18.75%

Dr.Web
Win32.Sector.30, Win32.Sector.22, Adware.Mutabaha.229, Win32.Parite.2
18.75%

IKARUS anti.virus
Trojan-Downloader.Agent, Trojan.Crypt
12.50%

Avira AntiVirus
TR/Dldr.Agent.395776.5, TR/Crypt.ZPACK.Gen9
12.50%

Malwarebytes
PUP.Optional.RinoReader.A
6.25%

The domain t.qihutechs.com has been seen to resolve to the following 4 IP addresses.

208.43.232.117
208.43.232.117-static.reverse.softlayer.com
February 17, 2016

208.43.232.115
208.43.232.115-static.reverse.softlayer.com
February 17, 2016

208.43.232.114
208.43.232.114-static.reverse.softlayer.com
February 17, 2016

173.193.171.11
b.ab.c1ad.ip4.static.sl-reverse.com
February 17, 2016

File downloads found at URLs served by t.qihutechs.com.

8 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (029f226380e3c59812213d7c7d11088e)

6 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (ae41d5ec13114f88b087399e913d4b9f)

1 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (cb2429bff7c6f17ce564031e13ba74bc)

12 / 68    (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (b8c894d6068d8beaeb0c8e14369810fe)

12 / 68    (PUP)
http://t.qihutechs.com/update/new.2.0/wz/2.0.3/.../Setup.exe  (85017759285c4149c23b36860a18e0c2)

9 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (07c94bea06a5512ef18a50b912477479)

1 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/2.0.14/.../wzpd0303.exe  (AA.exe)

0 / 68
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (179b70bc1d70b316f420e041af7d9236)

1 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (8af25aa3785d77e765df2dac16619ed6)

2 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (563fe4e5402d7755eee851a0b68d417f)

1 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (a68310e080438d72a1fe8192c5a957b5)

13 / 68    (PUP)
http://t.qihutechs.com/update/new.2.0/wz/2.0.3/.../QianYi.exe  (1317e3c29a073e275285dede09f9b866)

3 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/2.0.3/.../Setup.exe  (d8061190145c1003cdddbaf063305471)

9 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (06a364d71962963ba026c09631c49246)

1 / 68      (PUP)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (05356775bcc910ec9cb0b5d701608360)

1 / 68      (Malware)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (zip_update_v1.5.137.exe)

1 / 68      (Adware)
http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe  (df667a225fad7706c3dc45fcc01314cc)

The following file have been seen to comunicate with t.qihutechs.com in live environments.

TCP » 208.43.232.117:80
wprotectmanager.exe (wmp control by Cherished Technololgy LIMITED)

URL:
http://t.qihutechs.com/

Web server:
openresty

4-zip.com

abbhelpu.com

ali-b2c.com

astrills.com

brot-soft.com

globo-360.com

picexa.com

puphelp.com

wseclub.com

downkegja.com

downkfadx.com

downkhpiw.com

downkjcme.com

soft365.com

win10-apps.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.