thanks.postdownload.net

Optimum Installer  (via a Proxy Registrant)

Domain Information

This site is used as the exit page for an adware-based download and install manager. After a download manager such as Premium Installer/Adknowledge of Optimum Installer deploys its offers, it will redirect the user's web browser to this site to record the offer installs as well as display various advertisements for additional offerings (of more potentially unwanted software). The domain thanks.postdownload.net is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform. The domain is associated with the publisher Optimum Installer who is located in Kansas City, Missouri in the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Wednesday, May 15, 2013

Expires date:
Sunday, May 15, 2016

Updated date:
Saturday, May 02, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.PremiumInstaller.O, Threat.Adknowledge.Bundler, PUP.Adknowledge.PremiumInstaller.Installer (M), PUP.Adknowledge.PremiumI.Bundler (M), PUP.Bundlore (M), PUP.Adknowledge (M)
100.00%

Boost by Reason
Adware.PremiumInstaller.O
16.67%

avast!
Installer-K [PUP]
16.67%

ESET NOD32
Win32/AdWare.iBryte.K.gen application
16.67%

Dr.Web
Trojan.DownLoader11.3480
16.67%

AVG
Adware AdInstaller.ExpressInstall
16.67%

Emsisoft Anti-Malware
Gen:Variant.Adware.Jatif.89
16.67%

F-Prot
W32/Ibryte.G.gen
16.67%

F-Secure
Gen:Variant.Adware.Jatif
16.67%

VIPRE Antivirus
Threat.4778314
16.67%

Kaspersky
not-a-virus:AdWare.Win32.iBryte
16.67%

Bkav FE
W32.HfsAdware
16.67%

MicroWorld eScan
Gen:Variant.Adware.Jatif.89
16.67%

Quick Heal
PUA.iBryte.DC4
16.67%

Malwarebytes
PUP.Optional.iBryte
16.67%

The domain thanks.postdownload.net has been seen to resolve to the following 7 IP addresses.

ec2-50-16-236-148.compute-1.amazonaws.com
August 16, 2016

ec2-23-23-176-5.compute-1.amazonaws.com
April 21, 2016

ec2-23-21-93-71.compute-1.amazonaws.com
February 24, 2016

ec2-54-225-160-115.compute-1.amazonaws.com
May 5, 2015

ec2-50-19-236-48.compute-1.amazonaws.com
May 5, 2015

(CloudFlare)
July 26, 2013

(CloudFlare)
July 26, 2013

File downloads found at URLs served by thanks.postdownload.net.

URL:
http://thanks.postdownload.net/

Title:
“Download Activation”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 2.0.50727)

Facebook:
Shares:  8

Statistics are for the previous month.