home

www.mipko.ru

Mipko Ltd.

Domain Information

The domain www.mipko.ru registered by Mipko Ltd. was initially registered in September of 2006 through REGTIME-REG-RIPN. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Saint Petersburg, Saint Petersburg City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
REGTIME-RU

Server location:
Saint Petersburg City, Russia (RU)

Create date:
Friday, September 01, 2006

Expires date:
Thursday, September 01, 2016

ASN:
AS29076 CITYTELECOM-AS Filanco LTD,RU

Root domain:
mipko.ru

Whois:
3 mipko.ru records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

NANO AntiVirus
Riskware.Win32.MonSpy.xyyns, Riskware.Win32.MPK.dixdav
100.00%

ESET NOD32
Win32/Monitor.MIPKOEmployeeMonitor.AC (variant), Win32/Monitor.MIPKOEmployeeMonitor.AC potentially unsafe (variant)
100.00%

Reason Heuristics
PUP.Installer.MipkoOOO.O, PUP.MipkoOOO.Installer (M)
100.00%

McAfee
Artemis!D5C019625DCC, Artemis!A64B32A87BD6
66.67%

McAfee Web Gateway
Artemis!D5C019625DCC
66.67%

Bkav FE
W32.HfsAdware
66.67%

Antiy Labs AVL
RiskWare[Monitor:not-a-virus]/Win64.Mikpo
66.67%

Vba32 AntiVirus
TrojanSpy.KeyLogger
66.67%

CMC Antivirus
Monitor.Win64.Mikpo!O
33.33%

K7 Gateway Antivirus
Unwanted-Program
33.33%

K7 AntiVirus
Unwanted-Program
33.33%

Trend Micro House Call
TROJ_GEN.F47V1117
33.33%

Kaspersky
not-a-virus:Monitor.Win64.Mikpo
33.33%

Agnitum Outpost
Riskware.Monitor
33.33%

IKARUS anti.virus
not-a-virus:Monitor.Win64
33.33%

The domain www.mipko.ru has been seen to resolve to the following 2 IP addresses.

78.108.93.49
static.78.108.93.49.clients.majordomo.ru
June 26, 2015

198.50.155.157
ovh1-frontend.refog.com
February 8, 2014

File downloads found at URLs served by www.mipko.ru.

12 / 68    (Adware)
https://www.mipko.ru/.../em18e617d242cf-824  (em824-setup-18e617d242cf.exe)

6 / 68      (Adware)
https://www.mipko.ru/.../pm261a77d4a379-824  (pm824-setup-261a77d4a379.exe)

14 / 68    (Adware)
http://www.mipko.ru/.../pmonitor-setup.exe  (d5c019625dcc8ce38b31ef7565fc4ec1)

The following file have been seen to comunicate with www.mipko.ru in live environments.

TCP » 198.50.155.157:80
DwNetFilter.exe (Dr.Web by Doctor Web)

URL:
http://www.mipko.ru/

Google Analytics:
UA-56160860

Title:
“Мониторинг компьютера с программой Mipko Personal Monitor”

Description:
“Отслеживание действий пользователя на компьютере и в Интернете с настраиваемой системой реагирования на ввод указанных ключевых слов или фраз с дистанционным уведомлением по e-mail или FTP протоколу.”

SSL certificate subject:
CN=www.mipko.ru, OU=IT, O="MIPKO, LTD", L=Pskov, S=Pskovskaya obl., C=RU, SERIALNUMBER=1076027010388, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=RU

SSL certificate issuer:
CN=GeoTrust EV SSL CA - G4, O=GeoTrust Inc., C=US

Web server:
nginx/1.6.2

Facebook:
Likes:  1
Shares:  1

Statistics are for the previous month.

refog.com

refog.net

refog.org

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.