home

www.ammyy.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.ammyy.com is registered by proxy through ENOM, INC. and was originally registered in January of 2008. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Berlin, Berlin within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Berlin, Germany (DE)

Create date:
Tuesday, January 29, 2008

Expires date:
Sunday, January 29, 2017

Updated date:
Monday, August 24, 2015

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Root domain:
ammyy.com

Whois:
5 ammyy.com records

Scanner detections:
Detections  (63% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Ammyy.E, PUP.Ammyy.F, Threat.Win.Reputation.IMP, Win32.Generic
72.73%

Kaspersky
not-a-virus:RemoteAdmin.Win32.Ammyy, Virus.Win32.Neshta, Trojan.Win32.Yakes
39.39%

Dr.Web
Program.RemoteAdmin.701, riskware program Program.RemoteAdmin.701, Win32.HLLP.Neshta, Threat.Undefined, Trojan.DownLoader17.35207, Detection.Undefined
33.33%

Rising Antivirus
PE:Trojan.Win32.Generic.12ACEA95!313322133, PE:Malware.Ammyy!6.854, PE:Win32.KUKU.kt!1591113, PE:Malware.Ammyy!6.1139, PE:Win32.Netsha.a!411233, PE:Malware.Obscure/Heur!1.9E03 [F]
27.27%

avast!
Win32:PUP-gen [PUP], Win32:SaliCode, Win32:RemoteAdmin-B [PUP], Win32:Apanas [Trj], RemoteAdmin-D [PUP]
24.24%

ESET NOD32
Win32/RemoteAdmin.Ammyy (variant), Win32/RemoteAdmin.Ammyy.B potentially unsafe (variant), Win32/Agent.RLY
21.21%

Baidu Antivirus
HackTool.Win32.RemoteAdmin, Hacktool.Win32.Ammyy, Virus.Win32.Neshta.$a
21.21%

ESET NOD32
Win32/RemoteAdmin.Ammyy.B potentially unsafe application, Win32/Neshta.A virus, Win32/RemoteAdmin.Ammyy.C potentially unsafe application
21.21%

K7 AntiVirus
Unwanted-Program , Virus , Trojan
18.18%

NANO AntiVirus
Trojan.Win32.RemoteAdmin.cqwpdg, Riskware.Win32.RemoteAdmin.dbfbaj, Virus.Win32.Neshta.cdby, Riskware.Win32.RemoteAdmin.dskdxp
18.18%

Agnitum Outpost
Riskware.RemoteAdmin, Win32.Neshta.A, Trojan.Kryptik
18.18%

F-Prot
W32/RemoteAdmin.Ammyy, W32/HLLP.41472, W32/Backdoor2.HZUP (exact, not disinfectable), W32/RemoteAdmin.Ammyy (exact, damaged)
18.18%

Avira AntiVirus
SPR/RemoteAdmin.AB, W32/Neshta.a, SPR/RemoteAdmin.765952, TR/AD.Corebot.Y.2
15.15%

VIPRE Antivirus
Trojan.Win32.Generic, Remote-Access.Win32.Ammyy, Threat.4721115, Threat.4276445, Remote-Access.Win32.Ammyy (not malicious)
15.15%

AhnLab V3 Security
PUP/Win32.RemoteAdmin, Unwanted/Win32.RemoteAdmin, Win32/Kashu.E, Win32/Neshta, Unwanted/Win32.Ammyy
15.15%

The domain www.ammyy.com has been seen to resolve to the following 2 IP addresses.

136.243.105.159
static.159.105.243.136.clients.your-server.de
January 28, 2016

70.38.40.185
ammyy.com
August 4, 2013

File downloads found at URLs served by www.ammyy.com.

1 / 68      (PUP)
http://www.ammyy.com/AA_v3.exe  (94fd70d6a78ecbb78766616734c4b84b)

0 / 68
http://www.ammyy.com/.../downloads.html  (aa_v3.exe)

1 / 68      (Malware)
http://www.ammyy.com/AA_v3.3.exe  (8235ba00c93ae827ac7f9a02f1474086)

6 / 68      (Adware)
http://www.ammyy.com/AMMYY_Admin.exe  (aa_v3.exe)

1 / 68      (PUP)
http://www.ammyy.com/AA_v3.5.exe  (f68274bdc35a23fd76fab5c2b83cefb5)

1 / 68      (PUP)
http://www.ammyy.com/AA_v3.4.exe  (d740632f6a3ba5b9cec6d565724de461)

0 / 68
http://www.ammyy.com/.../  (en.htm)

8 / 68      (PUP)
http://www.ammyy.com/.../  (11bc606269a161555431bacf37f7c1e4)

The following file have been seen to comunicate with www.ammyy.com in live environments.

TCP » 136.243.105.159:80
UCBrowser.exe (UC Browser by UCWeb)

URL:
http://www.ammyy.com/

Google Analytics:
UA-21138530

Title:
“Ammyy Admin - Free Zero-Config Remote Desktop Software, Remote Desktop Connection and Remote Access Software”

Description:
“Popular zero-config free remote desktop software. It's used for system administration, webinars and instant remote desktop connection over the Internet. Free remote access software Ammyy Admin makes control of a remote PC quick and simple.”

Web server:
Apache/2.2.15 (CentOS)

Facebook:
Likes:  1,350
Shares:  2,486
Comments:  1,209

Statistics are for the previous month.

ammyy.ru

mooo.com

strangled.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.