The domain downlite.net registered by Linus Kolseth was initially registered in March of 2013 through INTERNETWORX LTD. & CO. KG. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
INTERNETWORX LTD. & CO. KG
California, United States (US)
Monday, March 18, 2013
Friday, March 18, 2016
Thursday, March 19, 2015
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US
Google Safe Browsing:
Detections (100% detected)
Win32/OpenCandy, Win32/DownLite, Win32/Toolbar.Montiera.I potentially unwanted
PUP.Installer.OOO.F, PUP.OOO.DD, PUP.Installer.OOO.O, PUP.OOO.d, PUP.OOO.p, PUP.OOO.h, PUP.Installer.OOO.t, PUP.OOO.i, PUP.Installer (M)
PUP.Optional.BundleInstaller, PUP.Optional.OpenCandy, PUP.Optional.Opencandy
K7 Gateway Antivirus
Unwanted-Program , Riskware, Trojan
Unwanted-Program , Riskware, Adware , Trojan
Trend Micro House Call
TROJ_GEN.R0CBH0AI113, TROJ_SPNR.08JK13, TROJ_GEN.F47V0723, TROJ_SPNR.08LB13, TROJ_SPNR.09JM13, TROJ_GE.E218BDF9, TROJ_GEN.R0CBOH0L513
Win32:PUP-gen [PUP], NSIS:Adware-LK [PUP], Win32:Malware-gen
Artemis!5ACE242BCE28, Artemis!E9E5059DD650, Artemis!5C62FC04727E, Artemis!E768474DDA31, Artemis!32FCA83CD54B, Artemis!F41A253A3EBC
McAfee Web Gateway
Artemis!5ACE242BCE28, Artemis!E9E5059DD650, Artemis!5C62FC04727E, Heuristic.BehavesLike.Win32.Suspicious-PKR.O, Artemis!32FCA83CD54B
W32.Clod46b.Trojan, W32.Clod108.Trojan, W32.Clod981.Trojan, W32.Clod782.Trojan, W32.Clodf11.Trojan, W32.HfsAdware
The domain downlite.net has been seen to resolve to the following 9 IP addresses.
May 13, 2014
May 13, 2014
File downloads found at URLs served by downlite.net.
Latest 30 of 154 download URLs
“DownLite - Free download manager!”
SSL certificate subject:
CN=sni69031.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Statistics above are for the previous month of September 2016.