devid.drp.su

Private Person  (Proxy Registrant)

Domain Information

The domain devid.drp.su is registered by proxy through R01-REG-FID and was originally registered in June of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Wayne, Pennsylvania within the United States which resides on the 1&1 Internet Inc. network.
Remove Malware from devid.drp.su - Powered by Reason Core Security
Registrar:
R01-REG-FID

Server location:
Pennsylvania, United States (US)

Create date:
Wednesday, June 17, 2009

Expires date:
Friday, June 17, 2016

Root domain:

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Avira AntiVirus
SPR/Mrspt.A, APPL/Mrspt.A
77.27%

Reason Heuristics
PUP.Bundler.KuzyakovArtur.Meta (L)
77.27%

Rising Antivirus
PE:Trojan.Win32.Generic.15604F20!358633248, PE:Trojan.RuMail!1.6574
63.64%

Antiy Labs AVL
Trojan/Win32.Patched.gen
22.73%

Jiangmin
Trojan/Chifrax.fyc, Trojan/Hrup.chkq
18.18%

Trend Micro House Call
TROJ_GEN.F47V0723, TROJ_GEN.F47V0411, TROJ_GEN.F47V0409
13.64%

Dr.Web
Adware.Downware.9957
13.64%

Emsisoft Anti-Malware
Adware.Agent.NTQ
4.55%

Norman
Suspicious_Gen4.DUWHA
4.55%

Kingsoft AntiVirus
Win32.Heur.KVMF43.hy.(kcloud)
4.55%

avast!
Win32:Malware-gen
4.55%

G Data
Win32.Trojan.Agent.JN0DT9
4.55%

ViRobot
Trojan.Win32.A.Zbot.7532963[h]
4.55%

The domain devid.drp.su has been seen to resolve to the following 6 IP addresses.

October 13, 2015

October 13, 2015

August 27, 2015

August 27, 2015

hosted-by.leaseweb.com
February 8, 2014

u16626929.onlinehome-server.com
December 26, 2013

File downloads found at URLs served by devid.drp.su.

1 / 68      (PUP)

4 / 68      (PUP)
http://devid.drp.su/?dev=*PNP0F13&down=auto&l=en  (0637_touchpad_elantech_v7057_vt32.exe)

4 / 68      (PUP)

6 / 68      (PUP)

3 / 68      (PUP)
http://devid.drp.su/?dev=USB\VID_0C45&PID_62F1&down=auto  (usb_vid_0c45_pid_62f0_usb_video_device_.exe)

4 / 68      (inconclusive)

3 / 68      (PUP)

4 / 68      (inconclusive)

3 / 68      (PUP)

3 / 68      (PUP)
http://devid.drp.su/?dev=ACPI\ATK0100&down=auto&l=en  (8576_atkdrv_v1043231105_win7_32.exe)

6 / 68      (PUP)

3 / 68      (PUP)

1 / 68      (PUP)

3 / 68      (PUP)

3 / 68      (PUP)

The following 2 files have been seen to comunicate with devid.drp.su in live environments.

URL:
http://devid.drp.su/

Google Analytics:
UA-16117929

Title:
“Search for drivers”

Description:
“This web site allows you to easily find, download and install any driver. Search for drivers, find drivers, download drivers, drivers”

SSL certificate subject:
CN=ssl256375.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Facebook:
Shares:  3

Statistics are for the previous month.

Remove Malware from devid.drp.su - Powered by Reason Core Security