home

bersoft.ru

Private Person  (Proxy Registrant)

Domain Information

The domain bersoft.ru is registered by proxy through NAUNET-RU and was originally registered in March of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted server (195.216.243.43) is located in United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
NAUNET-RU

Server location:
United Kingdom (GB)

Create date:
Wednesday, March 31, 2010

Expires date:
Friday, March 31, 2017

ASN:
AS29226 MASTERTEL-AS CJSC Mastertel,RU

Whois:
1 bersoft.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.MediaGet.Inbox.Installer (M)
100.00%

Dr.Web
riskware program Program.MediaGet.142
33.33%

ESET NOD32
Win32/MediaGet.AE potentially unwanted application
33.33%

Kaspersky
not-a-virus:HEUR:Downloader.Win32.MediaGet
33.33%

Sophos
PUA 'MediaGet' (of type Hacktool)
33.33%

The domain bersoft.ru has been seen to resolve to the following IP address.

195.216.243.43
s43.ucoz.net
April 21, 2016

File downloads found at URLs served by bersoft.ru.

1 / 68      (PUP)
http://bersoft.ru/.../0-0-1-442-20  (outlast-full-turkce-indir_id2959289ids2s.exe)

5 / 68      (PUP)
http://bersoft.ru/.../0-0-1-442-20  (age-of-empires_id3809258ids1s.exe)

1 / 68      (PUP)
http://bersoft.ru/.../0-0-1-442-20  (collapse-dilogiya-rus-repack-ot-rg-mehanikitorrent_id1198379ids1s.exe)

The following 3 files have been seen to comunicate with bersoft.ru in live environments.

TCP » 195.216.243.43:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.216.243.43:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.216.243.43:80
browser.exe (Yandex by YANDEX)

TCP » 195.216.243.43:80
multi client by schokk.exe (Copyright © Powered© by Schokk 2017)

URL:
http://bersoft.ru/

Title:
“BerSoft.ru - скачать программы, софт для компьютера”

Web server:
nginx/1.8.0

1torrent.ru

4styles.net

clan.su

gta-shka.ru

igromann.at.ua

ilim.kz

lomaster.at.ua

portal-wm.ru

tvfree.ro

ucoz.com

valerypro.ru

your-sims.su

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.