ammyy.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain ammyy.com is registered by proxy through ENOM, INC. and was originally registered in January of 2008. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Berlin, Berlin within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Berlin, Germany (DE)

Create date:
Tuesday, January 29, 2008

Expires date:
Sunday, January 29, 2017

Updated date:
Monday, August 24, 2015

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Ammyy (M), PUP.Service.Ammyy.G, Threat.Win.Reputation.IMP, PUP.Ammyy.F, Win32.Generic
100.00%

Kaspersky
not-a-virus:RemoteAdmin.Win32.Ammyy
100.00%

Dr.Web
riskware program Program.RemoteAdmin.701
83.33%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.Ammyy.bc.(kcloud), Win32.Troj.Ammyy.ch.(kcloud)
66.67%

Rising Antivirus
PE:Malware.Ammyy!6.854, PE:Malware.Ammyy!6.1139
66.67%

NANO AntiVirus
Riskware.Win32.Ammyy.cqmwzu, Trojan.Win32.RemoteAdmin.cqzmlg, Riskware.Win32.RemoteAdmin.dbfbaj, Riskware.Win32.RemoteAdmin.dbybgd
66.67%

ESET NOD32
Win32/RemoteAdmin.Ammyy (variant)
66.67%

McAfee
Artemis!0ECDB503FCA9, Artemis!5616D57C2DA8, Artemis!F8CD52B70A11, Artemis!2CBF5657FFD8
66.67%

McAfee Web Gateway
Artemis!0ECDB503FCA9, Artemis!5616D57C2DA8, Artemis!F8CD52B70A11, BehavesLike.Win32.Dropper.bh
66.67%

K7 Gateway Antivirus
Unwanted-Program , Trojan
50.00%

K7 AntiVirus
Unwanted-Program , Trojan
50.00%

VIPRE Antivirus
Threat.4747282, Remote-Access.Win32.Ammyy
50.00%

Fortinet FortiGate
Riskware/Ammyy
50.00%

Trend Micro House Call
TROJ_GEN.R0C1H07BC14, Suspicious_GEN.F47V0627, Suspicious_GEN.F47V0703
50.00%

Avira AntiVirus
SPR/RemoteAdmin.AG, SPR/RemoteAdmin.C.1
33.33%

The domain ammyy.com has been seen to resolve to the following 2 IP addresses.

static.159.105.243.136.clients.your-server.de
January 28, 2016

ammyy.com
August 4, 2013

File downloads found at URLs served by ammyy.com.

18 / 68    (Adware)
http://ammyy.com/AA_v3.exe  (45c9b54d66cbcc2de89f93e25f368a45)

31 / 68    (Adware)

7 / 68      (Adware)
http://ammyy.com/AA_v3.exe  (2cbf5657ffd8858a9597f296a60270c2)

0 / 68
http://ammyy.com/AA_v3.exe  (190785b2bb664324334c1b5231b5c4b0)

9 / 68      (PUP)
http://ammyy.com/AA_v3.exe  (11bc606269a161555431bacf37f7c1e4)

12 / 68    (Adware)
http://ammyy.com/AA_v3.exe  (f8cd52b70a11a1fb3f29c6f89ff971ec)

The following file have been seen to comunicate with ammyy.com in live environments.

August 4, 2013

URL:
http://ammyy.com/

Google Analytics:
UA-21138530

Title:
“Ammyy Admin - Free Zero-Config Remote Desktop Software, Remote Desktop Connection and Remote Access Software”

Description:
“Popular zero-config free remote desktop software. It's used for system administration, webinars and instant remote desktop connection over the Internet. Free remote access software Ammyy Admin makes control of a remote PC quick and simple.”

Web server:
Apache/2.2.15 (CentOS)

Facebook:
Likes:  1,350
Shares:  2,486
Comments:  1,209

Statistics above are for the previous month of May 2017.