downlite.net

Linus Kolseth

Domain Information

The domain downlite.net registered by Linus Kolseth was initially registered in March of 2013 through INTERNETWORX LTD. & CO. KG. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
INTERNETWORX LTD. & CO. KG

Server location:
California, United States (US)

Create date:
Monday, March 18, 2013

Expires date:
Saturday, March 18, 2017

Updated date:
Saturday, March 19, 2016

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.OOO.F, PUP.OOO.DD, PUP.OOO.d, PUP.OOO.p, PUP.OOO.h, PUP.Installer.OOO.t, PUP.OOO.i, PUP.DownLite.Installer (M), PUP.Installer (M)
90.91%

F-Prot
W32/OpenCandy.A, W32/OpenCandy.A (exact, not disinfectable)
63.64%

Dr.Web
Adware.Downware.1329
63.64%

VIPRE Antivirus
Adware.Privitize
63.64%

ESET NOD32
Win32/OpenCandy, Win32/DownLite
63.64%

McAfee
Artemis!5ACE242BCE28, Artemis!E9E5059DD650, Artemis!5C62FC04727E, Artemis!E768474DDA31, Artemis!32FCA83CD54B, Artemis!F41A253A3EBC
54.55%

Malwarebytes
PUP.Optional.BundleInstaller, PUP.Optional.OpenCandy, PUP.Optional.Opencandy
54.55%

K7 Gateway Antivirus
Unwanted-Program , Riskware
54.55%

K7 AntiVirus
Unwanted-Program , Riskware, Adware
54.55%

Trend Micro House Call
TROJ_GEN.R0CBH0AI113, TROJ_SPNR.08JK13, TROJ_SPNR.08LB13, TROJ_SPNR.09JM13, TROJ_GE.E218BDF9, TROJ_GEN.R0CBOH0L513
54.55%

McAfee Web Gateway
Artemis!5ACE242BCE28, Artemis!E9E5059DD650, Artemis!5C62FC04727E, Heuristic.BehavesLike.Win32.Suspicious-PKR.O, Artemis!32FCA83CD54B
54.55%

Bkav FE
W32.Clod46b.Trojan, W32.Clod108.Trojan, W32.Clod981.Trojan, W32.Clod782.Trojan, W32.Clodf11.Trojan
45.45%

avast!
Win32:PUP-gen [PUP], NSIS:Adware-LK [PUP]
45.45%

Sophos
OpenCandy
45.45%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
45.45%

The domain downlite.net has been seen to resolve to the following 9 IP addresses.

July 23, 2014

July 23, 2014

cf-173-245-61-128.cloudflare.com
May 13, 2014

cf-173-245-60-128.cloudflare.com
May 13, 2014

March 14, 2014

March 14, 2014

January 23, 2014

January 23, 2014

December 13, 2013

File downloads found at URLs served by downlite.net.

14 / 68    (Adware)

28 / 68    (Adware)

16 / 68    (Adware)

1 / 68      (Adware)

5 / 68      (Adware)

17 / 68    (Adware)

28 / 68    (Adware)

16 / 68    (Adware)
http://downlite.net/download.php?c=oca&n=Autodata_3.18_(Full_Version)&b=oca  (internet_download_manager_6.04_final_._crack-[hb].exe)

28 / 68    (Adware)

19 / 68    (Adware)

5 / 68      (Adware)
http://downlite.net/download.php?c=ocac&n=Dr_Dre_The_Chronic&b=ocac  (Call_of_Duty_Black_Ops_2_PC_game_SP.MP.ZM_^^nosTEAM^^.exe)

2 / 68      (false positives)

28 / 68    (Adware)

28 / 68    (Adware)

14 / 68    (Adware)

14 / 68    (Adware)

 
Latest 30 of 209 download URLs

December 13, 2013

September 18, 2014

Facebook:
Shares:  11

Statistics above are for the previous month of March 2017.