home

www.maastroy.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.maastroy.com is registered by proxy through ENOM, INC. and was originally registered in April of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
ENOM, INC.

Server location:
Dublin City, Ireland (IE)

Create date:
Tuesday, April 29, 2014

Expires date:
Wednesday, April 29, 2015

Updated date:
Tuesday, April 29, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
maastroy.com

Whois:
1 maastroy.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SOFTWAREAGILITYLIMITED.i, PUP.SOFTWAREAGILITYLIMITED.b, PUP.SOFTWAREAGILITYLIMITED.Y, PUP.SOFTWAREAGILITYLIMITED.FF, PUP.SOFTWAREAGILITY.Bundler.Meta (M), PUP.SOFTWAREAGILITYLIMITED.u, PUP.SOFTWAREAGILITYLIMITED.W, PUP.SOFTWARE (M)
100.00%

Dr.Web
Adware.Downware.3176, Trojan.DownLoader11.11161, Trojan.DownLoader11.9093
70.00%

AVG
MalSign.Bundle, Found Win32/DH{gRKBEyVXToEPAA}
70.00%

Malwarebytes
PUP.Optional.FilePile
60.00%

MicroWorld eScan
Gen:Variant.Graftor.141359, Gen:Variant.Adware.Graftor.143702
60.00%

avast!
Win32:Rootkit-gen [Rtk], Win32:Malware-gen
60.00%

Bitdefender
Gen:Variant.Graftor.141359, Gen:Variant.Adware.Graftor.143702
60.00%

Emsisoft Anti-Malware
Gen:Variant.Graftor.141359, Gen:Variant.Adware.Graftor.143702
60.00%

G Data
Gen:Variant.Graftor.141359, Gen:Variant.Adware.Graftor.143702
60.00%

Lavasoft Ad-Aware
Gen:Variant.Graftor.141359, Gen:Variant.Adware.Graftor.143702
50.00%

F-Secure
Gen:Variant.Graftor.141359, Gen:Variant.Adware.Graftor.143702
50.00%

ESET NOD32
Win32/BundleInstaller.F potentially unwanted application
50.00%

VIPRE Antivirus
Threat.4150696
40.00%

Vba32 AntiVirus
AdWare.Amonetize, Downloader.Agent
40.00%

Kaspersky
not-a-virus:Downloader.Win32.Agent
40.00%

The domain www.maastroy.com has been seen to resolve to the following 5 IP addresses.

185.53.179.6
July 30, 2016

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
July 15, 2016

176.121.11.90
August 12, 2014

176.121.11.88
May 23, 2014

195.66.79.27
May 10, 2014

File downloads found at URLs served by www.maastroy.com.

1 / 68      (Adware)
http://www.maastroy.com/.../answers_for_ap_biology_chapter_54_guided_reading.zip_Downloader_14000004.exe  (answers_for_ap_biology_chapter_54_guided_reading.zip_downloader.exe)

1 / 68      (Adware)
http://www.maastroy.com/.../Ace_Combat_Joint_Assault_Iso_Downloader_316177714.exe  (ace_combat_joint_assault_iso_downloader.exe)

22 / 68    (Adware)
http://www.maastroy.com/.../Rise_as_One_series_1_episode_4_Downloader_822700310.exe  (rise_as_one_series_1_episode_4_downloader.exe)

21 / 68    (Adware)
http://www.maastroy.com/.../YTGen_v-1.2.1_Downloader_631900001.exe  (ytgen_v-1.2.1_downloader.exe)

21 / 68    (Adware)
http://www.maastroy.com/.../Fall_Out_Boy_-_Just_One_Yesterday_Karaoke_Downloader_111600005.exe  (fall_out_boy_-_just_one_yesterday_karaoke_downloader.exe)

1 / 68      (PUP)
http://www.maastroy.com/.../Imei_UNLOCKER_Downloader_550400001.exe  (imei_unlocker_downloader.exe)

21 / 68    (Adware)
http://www.maastroy.com/.../Dont_Drink_the_Water_Downloader_7899521.exe  (dont_drink_the_water_downloader.exe)

12 / 68    (Adware)
http://www.maastroy.com/.../Contract_Wars_Downloader_652101501.exe  (contract_wars_downloader.exe)

11 / 68    (Adware)
http://www.maastroy.com/.../Tsunamis_Navigator_Pro_Downloader_316177714.exe  (tsunamis_navigator_pro_downloader.exe)

4 / 68      (Adware)
http://www.maastroy.com/.../Descargar_Hacker_Facebook2014_Downloader_1132200001.exe  (descargar_hacker_facebook2014_downloader.exe)

The following 215 files have been seen to comunicate with www.maastroy.com in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
hqghumeaylnlf.exe (Optimizer Pro v3.2 by PC Utilities Software Limited)

 
Latest 20 of 219 files

URL:
http://www.maastroy.com/

Title:
“Fast File Downloader”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.4.7 (PHP/5.4.28-1~dotdeb.1)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.