drp.su

Private Person  (Proxy Registrant)

Domain Information

The domain drp.su is registered by proxy through R01-REG-FID and was originally registered in June of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Wayne, Pennsylvania within the United States which resides on the 1&1 Internet Inc. network.
Registrar:
R01-REG-FID

Server location:
Pennsylvania, United States (US)

Create date:
Wednesday, June 17, 2009

Expires date:
Friday, June 17, 2016

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.KuzyakovArturVyacheslavovichIP.M, PUP.KuzyakovArturVyacheslavovichIP.b, PUP.Optional.Installer.N, Win32.Generic.KuzyakovArturVyacheslavovichIP.Meta, Win32.Generic.KuzyakovArturVyacheslavovichIP.Installer.Meta, PUP.Bundler.Kuzyakov.Meta (L)
88.89%

ESET NOD32
Win32/OpenCandy, Win32/InstallCore.AG (variant)
33.33%

Dr.Web
Adware.InstallCore.59, Adware.OpenCandy.3, Trojan.MulDrop4.21621
33.33%

Antiy Labs AVL
Trojan/Win32.SGeneric, Trojan/Win32.BHO.gic
33.33%

Trend Micro House Call
TROJ_SPNR.0BI612, HV_ZYX_BK0829B6.TOMC
22.22%

CMC Antivirus
WebToolbar.Win32.InstallCore!O
11.11%

Norman
InstallCore.FAIX
11.11%

Comodo Security
UnclassifiedMalware
11.11%

Avira AntiVirus
ADWARE/InstallCore.Gen
11.11%

Trend Micro
TROJ_SPNR.0BI612
11.11%

Rising Antivirus
PE:Trojan.Win32.Generic.12E3B7AA!316913578
11.11%

Fortinet FortiGate
Riskware/InstallCore
11.11%

Bkav FE
HW32.Laneul
11.11%

SUPERAntiSpyware
Trojan.Agent/Gen-Reputation
11.11%

ViRobot
Trojan.Win32.A.Zbot.1620927
11.11%

The domain drp.su has been seen to resolve to the following 8 IP addresses.

July 6, 2016

July 6, 2016

October 11, 2015

October 11, 2015

June 21, 2014

June 21, 2014

hosted-by.leaseweb.com
February 2, 2014

u16626929.onlinehome-server.com
August 4, 2013

File downloads found at URLs served by drp.su.

1 / 68      (PUP)
http://drp.su/.../DRPSu11.torrent[eng].exe  (driverpack-online-v17.6.4-prod.exe)

1 / 68      (PUP)

1 / 68      (PUP)
http://drp.su/.../DRPSu11.torrent[eng].exe  (driverpack-17-online_1953676953.1447717529.exe)

1 / 68      (PUP)
http://drp.su/.../DRPSu12.3-Lite-install.exe  (driverpack-online-v17.6.4-prod.exe)

6 / 68      (Malware)
http://drp.su/.../DRPSu11.torrent[eng].exe  (941a808a71fc74df8e1d62d000ebf72e)

4 / 68      (PUP)
http://drp.su/.../DRPSu12.3-Lite.exe  (8fb78037e224abd72fd56f1bdbbc5f93)

1 / 68      (PUP)
http://drp.su/.../DRPSu12.3-Lite-install.exe  (driverpack-online_1327303049.1442155536.exe)

1 / 68      (PUP)
http://drp.su/.../DRPSu11.torrent[eng].exe  (driverpack-online_2057143084.1451292654.exe)

1 / 68      (PUP)
http://drp.su/.../DRPSu12.3-Lite.exe  (driverpack-online_2057143084.1451292654.exe)

12 / 68    (PUP)
http://drp.su/.../DRPSu12.3-Lite-install.exe  (icreinstall_drpsu12.3-lite-install.exe)

2 / 68      (PUP)
http://drp.su/.../DRPSu13-Lite.exe  (f4b325e23a1b1e605c494b2dd747d72b)

The following 2 files have been seen to comunicate with drp.su in live environments.

February 8, 2014

December 26, 2013

August 4, 2013

November 7, 2015

May 1, 2014

April 15, 2015

July 16, 2015

February 27, 2014

April 11, 2015

June 5, 2016

URL:
http://drp.su/

Google Analytics:
UA-16117929

Title:
“DriverPack Solution - Best Drivers installation Software”

Description:
“Do you want to download the driver for free? DriverPack Solution - free solutions to problems with drivers . If you need to download drivers for Windows, drivers for laptops, then you us!”

SSL certificate subject:
CN=ssl256375.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (PleskLin)

Facebook:
Likes:  25
Shares:  114
Comments:  25

Statistics above are for the previous month of July 2017.