down.koowo.com

Koowo Beijing Co.,Ltd

Domain Information

The domain down.koowo.com registered by Koowo Beijing Co.,Ltd was initially registered in August of 2005 through HICHINA ZHICHENG TECHNOLOGY LTD.. The hosted servers are located in Tianjin, Tianjin within China which resides on the Asia Pacific Network Information Centre network.
Remove Malware from down.koowo.com - Powered by Reason Core Security
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
Tianjin, China (CN)

Create date:
Monday, August 08, 2005

Expires date:
Wednesday, August 08, 2018

Updated date:
Tuesday, April 14, 2015

ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone

Root domain:

Google Safe Browsing:
unwanted

Scan engine
Details
Detections

NANO AntiVirus
Trojan.Win32.Starter.csihlg, Trojan.Win32.TrojObfusc.csyffs, Trojan.Win32.BrowseBan.czolqf
80.00%

K7 AntiVirus
Trojan
80.00%

K7 Gateway Antivirus
Trojan
60.00%

F-Prot
W32/Heuristic-210
60.00%

Commtouch SDK
W32/Heuristic-210!Eldorado
60.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
60.00%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.G, Artemis!7287D20ED4D7
40.00%

McAfee
Artemis!1DA99BF30D3C, Artemis!7287D20ED4D7
40.00%

Trend Micro House Call
TROJ_GE.72C3CCAD, TROJ_GEN.F47V1220
40.00%

Sophos
Address Tool Bar
20.00%

Bkav FE
W32.Clodf30.Trojan
20.00%

Malwarebytes
Trojan.StartPage
20.00%

Norman
Startpage.WTF
20.00%

Comodo Security
Application.Win32.MeinV.AK
20.00%

Antiy Labs AVL
Trojan[:HEUR]/Win32.AGeneric
20.00%

The domain down.koowo.com has been seen to resolve to the following 31 IP addresses.

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 28, 2014

August 1, 2014

August 1, 2014

August 1, 2014

no-data
April 14, 2014

April 14, 2014

 
Showing 30 of 31 IP Addresses

File downloads found at URLs served by down.koowo.com.

3 / 68
http://down.koowo.com/mbox_data/plugin/.../Helper.exe  (361fb3d5d542ce889bad70e62beaa062)

3 / 68
http://down.koowo.com/mbox/.../mbox581.exe  (cbd4ac82e569d87441c55acebcacd3ce)

7 / 68      (inconclusive)

8 / 68      (inconclusive)
http://down.koowo.com/mbox/.../mbox722.exe  (7287d20ed4d7eb4777cdce17ff33dd9d)

11 / 68    (Unwanted)

7 / 68      (inconclusive)
http://down.koowo.com/mbox/.../mbox523.exe  (e3ada203cd77906a8eb4bb58f63482a5)

The following file have been seen to comunicate with down.koowo.com in live environments.

URL:
http://down.koowo.com/

Title:
“rewrite”

Web server:
DnionOS/1.2.1.8

Remove Malware from down.koowo.com - Powered by Reason Core Security