home

amigo.mail.ru

MGL Mail.ru Internet Assets Limited

Domain Information

The domain amigo.mail.ru registered by MGL Mail.ru Internet Assets Limited was initially registered in September of 1997 through RU-CENTER-REG-RIPN. Currently this domain has been known to host various forms of malware. The hosted servers are located in Orenburg, Orenburg within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
RU-CENTER-RU

Server location:
Orenburg, Russia (RU)

Create date:
Saturday, September 27, 1997

Expires date:
Saturday, October 1, 2016

ASN:
AS47764 MAILRU-AS Limited liability company Mail.Ru

Root domain:
mail.ru

Whois:
4 mail.ru records

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Win32.Generic, PUP.MailRU.Amigo.Installer (M), PUP.MailRu.Amigo (M)
100.00%

The domain amigo.mail.ru has been seen to resolve to the following 3 IP addresses.

217.69.139.251
amigo.mail.ru
January 29, 2016

217.69.134.55
vrrp-hoe.p.mail.ru
February 3, 2014

217.69.134.56
vrrp-kirka.p.mail.ru
February 3, 2014

File downloads found at URLs served by amigo.mail.ru.

1 / 68      (Malware)
https://amigo.mail.ru/amigo_setup.exe  (87a6ab4fc3edecf5e397130e08adf683)

The following 16 files have been seen to comunicate with amigo.mail.ru in live environments.

TCP » 217.69.139.251:443
amigo.exe (Amigo by Mail.Ru)

TCP » 217.69.139.251:443
kometa.exe (Kometa by Kometa Authors)

TCP » 217.69.139.251:443
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 217.69.134.55:80
amigo.exe (Amigo by Mail.Ru)

TCP » 217.69.139.251:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 217.69.134.55:80
mrupdater.exe.dul! (MailRuUpdater by Mail.Ru)

TCP » 217.69.139.251:80
kometa.exe (Kometa by Kometa Authors)

TCP » 217.69.139.251:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 217.69.139.251:80
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 217.69.134.55:80
GuardMailRu.exe (GuardMailRu Module)

TCP » 217.69.134.55:80
GuardMailRu.exe (GuardMailRu Module)

TCP » 217.69.134.55:80
GuardMailRu.exe (GuardMailRu Module)

TCP » 217.69.139.251:443
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 217.69.134.55:80
GuardMailRu.exe (GuardMailRu Module)

TCP » 217.69.134.55:80
mrutmp.exe (MailRuUpdater by Mail.Ru)

TCP » 217.69.134.56:80
GuardMailRu.exe (GuardMailRu Module)

TCP » 217.69.139.251:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 217.69.134.55:80
GuardMailRu.exe (GuardMailRu Module)

TCP » 217.69.134.55:80
GuardMailRu.exe (GuardMailRu Module)

TCP » 217.69.134.55:80
MailRuUpdater.exe (MailRuUpdater by Mail.Ru)

 
Latest 20 of 32 files

URL:
http://amigo.mail.ru/

Google Analytics:
UA-63957003

Title:
“Браузер «Амиго» - Установи быстрый браузер!”

Description:
“Браузер «Амиго» – это не только быстрый и безопасный браузер, но и приложение для социальных сетей. Благодаря ему, вы сразу будете в курсе новостей ваших друзей, сможете обмениваться личными сообщениями, слушать музыку, делиться ссылками, менять ...”

SSL certificate subject:
CN=*.mail.ru, OU=IT, O=LLC Mail.Ru, L=Moscow, S=RUSSIAN FEDERATION, C=RU

SSL certificate issuer:
CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US

Web server:
nginx

Facebook:
Likes:  766
Shares:  7,274
Comments:  103

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.