home

www.positivedownload.com

China Capital Investment Limited

Domain Information

The domain www.positivedownload.com registered by China Capital Investment Limited was initially registered in May of 2015 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
DOMAINSOFTHEWORLD.NET LLC

Server location:
Virginia, United States (US)

Create date:
Saturday, May 2, 2015

Expires date:
Monday, May 2, 2016

Updated date:
Monday, March 7, 2016

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
positivedownload.com

Whois:
3 positivedownload.com records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Installer.Wilmaonline.g, PUP.Installer.Wilmaonline.c, PUP.Installer.Wilmaonline.b, PUP.Installer.Wilmaonline.CC, Adware.Amonetize.Installer.Meta (M), PUP.Amonetize.Bundler
95.56%

Malwarebytes
PUP.Optional.Amonetize
88.89%

Avira AntiVirus
ADWARE/Adware.Gen2, Adware/Amonetize.tzv, APPL/Amonetize.htzw
86.67%

Baidu Antivirus
Adware.Win32.Amonetize
86.67%

ESET NOD32
Win32/Amonetize.AS (variant), Win32/Amonetize.AW (variant), Win32/Amonetize.BM (variant), Win32/Amonetize.BN (variant), Win32/Amonetize.BK (variant)
86.67%

AVG
Win32/Virut, BundleApp_r.R, Generic, Generic_r
84.44%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.Amonetize, Win32/Virut.F
82.22%

Kaspersky
not-a-virus:Downloader.Win32.Agent, not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:AdWare.Win32.Amonetize, Virus.Win32.Virut
77.78%

McAfee
PUP-FBM!B73F999FA502, PUP-FBM!D753BCA1B9F2, PUP-FBM!EB328C8CA3A6, PUP-FBM!BD32A9182B47, PUP-FBM!C9EA9DCD7BCD, Artemis!3AEF9913BB40, PUP-Amonetize, PUP-FBM!1FB1A3C549EF, PUP-FBM!5DDE97A8EEF7
73.33%

Sophos
Amonetize, Generic PUA NI, Generic PUA KM, Generic PUA HP, Generic PUA OG, Generic PUA NH, W32/Scribble-B, Generic PUA HH
62.22%

Panda Antivirus
W32/Sality.AO, Trj/CI.A, Trj/Genetic.gen
60.00%

Agnitum Outpost
Win32.Virut.AB.Gen, PUA.Amonetize
55.56%

NANO AntiVirus
Virus.Win32.Virut.hpeg, Riskware.Win32.Downware.daymkg, Riskware.Win32.Downware.dbeiwq, Riskware.Win32.Amonetize.dbekwx
55.56%

avast!
Win32:Vitro, Win32:Amonetize-BX [PUP], Win32:Adware-gen [Adw], Win32:Amonetize-DR [PUP], Win32:Amonetize-DJ [PUP], Win32:PUP-gen [PUP]
53.33%

Qihoo 360 Security
Virus.Win32.Virut.M, Win32/Trojan.Adware.37e, Win32/Virus.Adware.932, Win32/Application.1b3, HEUR/Malware.QVM10.Gen, Win32/Application.c7d
51.11%

The domain www.positivedownload.com has been seen to resolve to the following 8 IP addresses.

199.83.132.93
199.83.132.93.ip.incapdns.net
June 27, 2016

104.130.124.96
April 12, 2016

141.8.226.14
February 9, 2016

141.8.225.244
May 3, 2015

209.222.14.3
209.222.14.3.choopa.net
February 20, 2015

23.23.180.109
ec2-23-23-180-109.compute-1.amazonaws.com
September 15, 2014

50.17.240.123
ec2-50-17-240-123.compute-1.amazonaws.com
September 9, 2014

54.225.180.137
ec2-54-225-180-137.compute-1.amazonaws.com
June 21, 2014

File downloads found at URLs served by www.positivedownload.com.

1 / 68      (Adware)
http://www.positivedownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=7343&ti1=sin1CL3AhPLZ1vnLKhACGL-RrJCny9vbGyINODcuMTA5LjEwMi43MygBMKCHkp0F&ti2=PMZ&ti3=3005008&capp=FlashPlayer  (tvapp__8821_i1040562873_il6.exe)

1 / 68      (PUP)
http://www.positivedownload.com/download.php?version=1.1.1.72&direct=1&prefix=FlashPlayersetup&campid=6529&ti1=lIh5QK63OCl1RrliwYAnLkVlemzFRKIzDxI9I7Eiek_r4Re10ZCVjnJyxkhVxz9DwwGLrPcWUpToYGThGMMejOSwJP_jjLF1DnJkv6jXreNDCWLMI0VTCq4RKLXttSYvWRHY2PS-kPgihcer_fPMczUuXOcSFUl3lSOuF8IWBZFLznmp3iDMKBpVJULRmm_up9z0jiLCM5-XMWK98xJjdc3YyAEcjkMBwk76wlLu6GBOH3l2vKIHsDi6FcunsnHlaYLiLfvOfn8fxGdeXP-LrBzvjEmcrKRhybGi9v30mTBRriSmFotZDalhy8KUheeJRJYYSmpxxSdmLH79-84hcfNCyS7LNUCiTA8o9LSLbM3b7Sddes47BTXTBbxkL5Y&capp=FlashPlayer  (flashplayersetup__5462_i815058398_il352.exe)

1 / 68      (PUP)
http://www.positivedownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=2583&ti1=0080775084929923004&capp=FlashPlayer  (flashplayersetup__2583_i829817586_il6.exe)

19 / 68    (Adware)
http://www.positivedownload.com/download.php?version=1.1.5.26&campid=6086&instid[appname]=Candidly.Nicole.S01E07.How.To.Say.Yes.WS.DSR.x264 NY2.mp4&prefix=Candidly.Nicole.S01E07.How.To.Say.Yes.WS.DSR.x264 NY2.mp4&instid[appsetupurl]=http://secure-fastfile.com/f/Prompt_Downloader_setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://secure-fastfile.com/f/logo150x150.png&instid[thankyoupage]=http://www.fhserve.com/www/.../apu.php?n=&zoneid=1991&popunder=1&direct=1&instid[interrupted]=http://www.fhserve.com/www/.../apu.php?n=&zoneid=1991&popunder=1&direct=1&ti1=3125986991.361859.de0fc3c406.4974.3ef3cc16dae8005abf35d5c10400800d&ti2=&ti3=  (kmspico 9.2.4__7628_il399.exe)

27 / 68    (PUP)
http://www.positivedownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=2583&ti1=0067877525089766416&capp=FlashPlayer  (flashplayer__4072_i844262802_il70.exe)

24 / 68    (PUP)
http://www.positivedownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=2583&ti1=0081095325141789154&capp=FlashPlayer  (tvapp__8821_i851187727_il485160.exe)

2 / 68      (false positives)
http://www.positivedownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Cubase 7 Crack Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1194953816.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Cubase 7 Crack Downloader&instid[interrupted]=http://.../?cancel&ti1=1194953816&instid[thankyoupage]=http://.../?success  (wrar420.exe)

16 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=c9b36cb980a7426ab9959910b4777064b4c755fb&t1=1408406872&ref=www.winflashplayer.com&version=1.1.1.72&direct=1&prefix=FlashPlayersetup&campid=280&ti1=ams1CNHj36Kr9_jlehACGLTA0aeM6JWIFiINOTMuMjE3LjE1LjE0NCgBMJipyp8F&ti2=2453189&capp=FlashPlayer  (flashplayersetup__280_i1191301961_il38.exe)

20 / 68    (Adware)
http://www.positivedownload.com/download.php?version=1.1.5.26&campid=6086&instid[appname]=UnlimitedDownload&prefix=UnlimitedDownload&instid[appsetupurl]=http://secure-fastfile.com/f/Prompt_Downloader_setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://secure-fastfile.com/f/logo150x150.png&instid[thankyoupage]=http://www.fhserve.com/www/.../apu.php?n=&zoneid=3921&popunder=1&direct=1&instid[interrupted]=http://www.fhserve.com/www/.../apu.php?n=&zoneid=3921&popunder=1&direct=1&ti1=1774028269.335492.47cdbbf0be.5541.da6467d9901d0e958f7950c1761b854e&ti2=&ti3=  (testdriveunlimited.exe__9406_il2307481.exe)

1 / 68      (PUP)
http://www.positivedownload.com/download.php?myref=www.new-hdplugin.com&version=1.1.5.55&prefix=FlashPlayerSetup&campid=7324&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=crunchroll.com&capp=FlashPlayer&AMt=1402529107256&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashplayer__7324_i835260966_il161.exe)

16 / 68    (Adware)
http://www.positivedownload.com/download.php?version=1.1.5.27&ti1=p191.oc203.56572.203.1209467be7b5017&ti2=12465115292&campid=2299&instid[appname]=Download Manager&instid[appsetupurl]=http://link.wdownloadmanager.com/?url=&ref=&name=DownloadFileSetup&source=xs&instid[cmdline]=&instid[appimageurl]=http://.../dl.png&prefix=DownloadFileSetup&instid[thankyoupage]=  (downloadsetup__7818_i1298263739_il1.exe)

26 / 68    (Adware)
http://www.positivedownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Continental Math League Math Practice Sheets Pdf Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1004150759.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Continental Math League Math P Downloader&instid[interrupted]=http://.../?cancel&ti1=1004150759&instid[thankyoupage]=http://.../?success  (франклин,майклитреворизgta5дляgtasanandreas__7215_il133.exe)

25 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=9c099741e43f28d1c827c1945ccd6272b9929e22&t1=1409315379&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=u59c9c2a350718723151f1653de&AMt=1409315190146&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashplayersetup__3890_i1236389199_il7.exe)

34 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=fb1c1e970a583e1e3c66965e255ddd8e4829d760&t1=1410200965&myref=dm&campid=2490&version=1.1.5.26&instid[appname]=Minecraft&instid[appsetupurl]=http://minecraftcrackeddownload.com/minecraftsetup.exe&instid[appimageurl]=http://minecraftcrackeddownload.com/icon.png&prefix=MinecraftInstaller&instid[thankyoupage]=http://download.forfreeminecraft.com/.../&AMt=1410200864798&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (kms activator__9771_il356291.exe)

14 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=277e38aaa4a425071bc52ae3538728c840b8d41c&t1=1409197637&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=29163716771409197450&AMt=1409197499639&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashplayer__4120_i1230936046_il1.exe)

14 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=7f4b847140315c7cf273fa45ddd4971b73623cde&t1=1409600761&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=15843403831409600567&AMt=1409600576849&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashplayer__6741_i1250751702_il6.exe)

27 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=ddfe4ab686206d011fe5a61265e808875d79739d&t1=1410259418&myref=dm&campid=2490&version=1.1.5.26&instid[appname]=Minecraft&instid[appsetupurl]=http://minecraftcrackeddownload.com/minecraftsetup.exe&instid[appimageurl]=http://minecraftcrackeddownload.com/icon.png&prefix=MinecraftInstaller&instid[thankyoupage]=http://download.forfreeminecraft.com/.../&AMt=1410259231102&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (chaturbate token generator__5160_i1286194112_il4691.exe)

19 / 68    (PUP)
http://www.positivedownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=2583&ti1=0073648025909201077&capp=FlashPlayer  (flashplayersetup__2583_i938749514_il1.exe)

11 / 68    (PUP)
http://www.positivedownload.com/download.php?version=1.1.5.55&direct=1&prefix=FlashPlayersetup&campid=2570&ti1=7644751738&capp=FlashPlayer  (flashplayersetup__2570_i828043102_il1373.exe)

20 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=caf0e57d966eb0d0bd787de64a0128fd1c4ed15e&t1=1408554127&ref=www.winflashplayer.com&version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=7343&ti1=lax1CJuP39KMhtrAOBACGOuA_7us3qqAPyINNzUuNjYuMTUwLjE1MCgBMJCn058F&ti2=SBZ&ti3=3374519&capp=FlashPlayer  (flashplayer__4120_i1198524369_il28.exe)

20 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=da6acf7a62ef62dc761dfdad037712bf490dad57&t1=1408554107&ref=www.winflashplayer.com&version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=7343&ti1=lax1CJuP39KMhtrAOBACGOuA_7us3qqAPyINNzUuNjYuMTUwLjE1MCgBMJCn058F&ti2=SBZ&ti3=3374519&capp=FlashPlayer  (flashplayer__4120_i1198524369_il28.exe)

13 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=6d77f0e8b4983933da20260595e2c863270f5086&t1=1409508748&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=7718279191409508557&AMt=1409508566677&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (flashplayer__6741_i1246666564_il1.exe)

12 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=f23c8308e3c46604a3824df95a0aa907b4be2f34&t1=1409475869&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=u29fadb9454019f807aff477226&AMt=1409475682798&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (tvapp__8821_i1244572181_il13.exe)

13 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=33ac906cab75bf1a6c37d2c6335a6cfc3289cb24&t1=1409445369&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=u29fadb9454019f807aff477226&AMt=1409445182802&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (mediaplayer__9251_il209.exe)

8 / 68      (Adware)
http://www.positivedownload.com/tdownload.php?s1=2750637651237250807b8013455900ca33e7e434&t1=1409258295&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=6971493471409258104&AMt=1409258109791&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (tvapp__8821_i1234623581_il13.exe)

14 / 68    (Adware)
http://www.positivedownload.com/tdownload.php?s1=307bdcbf702cd7ce410d10e84fdb4efc29e6158a&t1=1409125717&myref=www.livesoccer2014.com&version=1.1.5.89&prefix=TVapp&campid=8821&capp=TvAppMondial&ti1=7043523791409125518&AMt=1409125525796&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3  (tvapp__8821_i1227386119_il13.exe)

10 / 68    (PUP)
http://www.positivedownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=2583&ti1=0027641655203016749&capp=FlashPlayer  (tvapp__8821_i860087453_il485160.exe)

26 / 68    (PUP)
http://www.positivedownload.com/download.php?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTEwfDIxMzB8QlJ8M3wxfHw  (flashplayer__4369_i1116282693_il5.exe)

10 / 68    (PUP)
http://www.positivedownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=2583&ti1=0048789274942360989&capp=FlashPlayer  (flashplayersetup__2583_i831077276_il6.exe)

34 / 68    (Adware)
http://www.positivedownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Instagram Followers Hack Tool March 2014 Release Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1890049461.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Instagram Followers Hack Tool Downloader&instid[interrupted]=http://.../?cancel&ti1=1890049461&instid[thankyoupage]=http://.../?success  (kms activator__9771_il356291.exe)

 
Latest 30 of 155 download URLs

The following 10 files have been seen to comunicate with www.positivedownload.com in live environments.

TCP » 209.222.14.3:80
bitcomet_x64.exe (BitComet 64-bit by www.BitComet.com)

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 104.130.124.96:443
translategenius.crx

TCP » 141.8.226.14:80
google-bookmarks.crx

TCP » 209.222.14.3:80
tunnel.exe (by Microsoft)

TCP » 209.222.14.3:80
PEG2.exe (PE GUARD 2 by OHTIC.com)

TCP » 209.222.14.3:6969
QQDownload.exe (by Tencent Technology (Shenzhen) Company Limited)

TCP » 209.222.14.3:80
quicktime.crx

URL:
http://www.positivedownload.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.8.1

Facebook:
Shares:  3

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.