The domain downlite.net registered by Linus Kolseth was initially registered in March of 2013 through INTERNETWORX LTD. & CO. KG. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
INTERNETWORX LTD. & CO. KG
California, United States (US)
Monday, March 18, 2013
Saturday, March 18, 2017
Saturday, March 19, 2016
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US
Google Safe Browsing:
Detections (91% detected)
PUP.Installer.OOO.F, PUP.OOO.DD, PUP.OOO.d, PUP.OOO.p, PUP.OOO.h, PUP.Installer.OOO.t, PUP.OOO.i, PUP.DownLite.Installer (M), PUP.Installer (M)
W32/OpenCandy.A, W32/OpenCandy.A (exact, not disinfectable)
Artemis!5ACE242BCE28, Artemis!E9E5059DD650, Artemis!5C62FC04727E, Artemis!E768474DDA31, Artemis!32FCA83CD54B, Artemis!F41A253A3EBC
PUP.Optional.BundleInstaller, PUP.Optional.OpenCandy, PUP.Optional.Opencandy
K7 Gateway Antivirus
Unwanted-Program , Riskware
Unwanted-Program , Riskware, Adware
Trend Micro House Call
TROJ_GEN.R0CBH0AI113, TROJ_SPNR.08JK13, TROJ_SPNR.08LB13, TROJ_SPNR.09JM13, TROJ_GE.E218BDF9, TROJ_GEN.R0CBOH0L513
McAfee Web Gateway
Artemis!5ACE242BCE28, Artemis!E9E5059DD650, Artemis!5C62FC04727E, Heuristic.BehavesLike.Win32.Suspicious-PKR.O, Artemis!32FCA83CD54B
W32.Clod46b.Trojan, W32.Clod108.Trojan, W32.Clod981.Trojan, W32.Clod782.Trojan, W32.Clodf11.Trojan
Win32:PUP-gen [PUP], NSIS:Adware-LK [PUP]
The domain downlite.net has been seen to resolve to the following 9 IP addresses.
May 13, 2014
May 13, 2014
File downloads found at URLs served by downlite.net.
Latest 30 of 209 download URLs
Statistics above are for the previous month of March 2017.