home

www.ammyy.ru

Private Person  (Proxy Registrant)

Domain Information

The domain www.ammyy.ru is registered by proxy through REGISTRATOR-RU and was originally registered in May of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Berlin, Berlin within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
REGISTRATOR-RU

Server location:
Berlin, Germany (DE)

Create date:
Friday, May 23, 2014

Expires date:
Monday, May 23, 2016

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Root domain:
ammyy.ru

Whois:
2 ammyy.ru records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Dr.Web
Program.RemoteAdmin.701, riskware program Program.RemoteAdmin.701
100.00%

Reason Heuristics
PUP.Ammyy.G, Win32.Generic
100.00%

avast!
Win32:Sality, Win32:RemoteAdmin-B [PUP]
100.00%

F-Prot
W32/Sality.gen2, W32/RemoteAdmin.Ammyy
100.00%

K7 AntiVirus
Virus , Unwanted-Program
100.00%

Kaspersky
Virus.Win32.Sality, not-a-virus:RemoteAdmin.Win32.Ammyy
100.00%

Rising Antivirus
PE:Win32.KUKU.GEN!1463551, PE:Malware.Ammyy!6.1139
100.00%

McAfee
Artemis!E72B313D807A
50.00%

AhnLab V3 Security
Unwanted/Win32.RemoteAdmin
50.00%

ESET NOD32
Win32/RemoteAdmin.Ammyy (variant)
50.00%

Baidu Antivirus
Hacktool.Win32.Ammyy
50.00%

VIPRE Antivirus
Threat.4734158
50.00%

Microsoft Security Essentials
Threat.Undefined
50.00%

Avira AntiVirus
W32/Sality.AT
50.00%

Bkav FE
W32.Sality.PE
50.00%

The domain www.ammyy.ru has been seen to resolve to the following 2 IP addresses.

136.243.105.159
static.159.105.243.136.clients.your-server.de
April 18, 2016

70.38.40.185
ammyy.com
December 1, 2014

File downloads found at URLs served by www.ammyy.ru.

8 / 68      (PUP)
http://www.ammyy.ru/AA_v3.exe  (11bc606269a161555431bacf37f7c1e4)

35 / 68    (Adware)
http://www.ammyy.ru/AA_v3.exe  (aa_v3.5.exe)

35 / 68    (Adware)
http://www.ammyy.ru/AA_v3.5.exe  (e72b313d807a536d45b68e52c1257996)

The following file have been seen to comunicate with www.ammyy.ru in live environments.

TCP » 136.243.105.159:80
UCBrowser.exe (UC Browser by UCWeb)

URL:
http://www.ammyy.ru/

Google Analytics:
UA-21138530

Title:
“Ammyy Admin - Free Zero-Config Remote Desktop Software, Remote Desktop Connection and Remote Access Software”

Description:
“Popular zero-config free remote desktop software. It's used for system administration, webinars and instant remote desktop connection over the Internet. Free remote access software Ammyy Admin makes control of a remote PC quick and simple.”

Web server:
Apache/2.2.15 (CentOS)

Facebook:
Likes:  1,350
Shares:  2,486
Comments:  1,209

Statistics are for the previous month.

ammyy.com

mooo.com

strangled.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.