devid.drp.su

Private Person  (Proxy Registrant)

Domain Information

The domain devid.drp.su is registered by proxy through R01-REG-FID and was originally registered in June of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Wayne, Pennsylvania within the United States which resides on the 1&1 Internet Inc. network.
Registrar:
R01-REG-FID

Server location:
Pennsylvania, United States (US)

Create date:
Wednesday, June 17, 2009

Expires date:
Friday, June 17, 2016

Root domain:

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bundler.KuzyakovArtur.Meta (L), PUP.Bundler.Kuzyakov.Meta (L)
85.00%

Avira AntiVirus
SPR/Mrspt.A, APPL/Mrspt.A
50.00%

Rising Antivirus
PE:Trojan.Win32.Generic.15604F20!358633248, PE:Trojan.RuMail!1.6574
37.50%

Jiangmin
Trojan/Chifrax.fyc, Trojan/Hrup.chkq
15.00%

Antiy Labs AVL
Trojan/Win32.Patched.gen
15.00%

Trend Micro House Call
TROJ_GEN.F47V0723, TROJ_GEN.F47V0808, TROJ_GEN.F47V0803, TROJ_GEN.F47V0411, TROJ_GEN.F47V0409
12.50%

Dr.Web
Adware.Downware.9957
7.50%

Emsisoft Anti-Malware
Adware.Agent.NTQ
2.50%

Norman
Suspicious_Gen4.DUWHA
2.50%

Kingsoft AntiVirus
Win32.Heur.KVMF43.hy.(kcloud)
2.50%

avast!
Win32:Malware-gen
2.50%

G Data
Win32.Trojan.Agent.JN0DT9
2.50%

ViRobot
Trojan.Win32.A.Zbot.7532963[h]
2.50%

The domain devid.drp.su has been seen to resolve to the following 8 IP addresses.

June 27, 2016

June 27, 2016

October 13, 2015

October 13, 2015

August 27, 2015

August 27, 2015

hosted-by.leaseweb.com
February 8, 2014

u16626929.onlinehome-server.com
December 26, 2013

File downloads found at URLs served by devid.drp.su.

1 / 68      (PUP)

4 / 68      (PUP)

6 / 68      (PUP)

3 / 68      (PUP)

3 / 68      (PUP)

1 / 68      (PUP)
http://devid.drp.su/?dev=PCI\VEN_10DE&DEV_0A65&down=auto&l=en  (195.62_desktop_winxp_32bit_international_whql.exe)

1 / 68      (PUP)
http://devid.drp.su/?dev=USB\VID_04E8&PID_3268&REV_0100&down=auto&l=en  (20080216130214218_scx-4200_2kxp_32bit.exe)

1 / 68      (PUP)

1 / 68      (PUP)
http://devid.drp.su/?dev=VEN_14E4&DEV_4329&down=auto&l=en  (8511_wlan_broadcom_4312_t77h030_4.170.75.0_whql.exe)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

4 / 68      (PUP)
http://devid.drp.su/?dev=*PNP0F13&down=auto&l=en  (0637_touchpad_elantech_v7057_vt32.exe)

4 / 68      (PUP)

6 / 68      (PUP)

 
Latest 30 of 48 download URLs

The following 2 files have been seen to comunicate with devid.drp.su in live environments.

URL:
http://devid.drp.su/

Google Analytics:
UA-16117929

Title:
“Search for drivers”

Description:
“This web site allows you to easily find, download and install any driver. Search for drivers, find drivers, download drivers, drivers”

SSL certificate subject:
CN=ssl256375.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Facebook:
Shares:  3

Statistics are for the previous month.