down.koowo.com

Koowo Beijing Co.,Ltd

Domain Information

The domain down.koowo.com registered by Koowo Beijing Co.,Ltd was initially registered in August of 2005 through HICHINA ZHICHENG TECHNOLOGY LTD.. The hosted servers are located in Tianjin, Tianjin within China which resides on the Asia Pacific Network Information Centre network.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
Tianjin, China (CN)

Create date:
Monday, August 08, 2005

Expires date:
Wednesday, August 08, 2018

Updated date:
Tuesday, April 14, 2015

ASN:
AS4837 CHINA169-BACKBONE CNCGROUP China169 Backbone

Root domain:

Google Safe Browsing:
unwanted

Scan engine
Details
Detections

K7 AntiVirus
Trojan
71.43%

McAfee
Artemis!0BDBABD87FAD, Artemis!1DA99BF30D3C, Artemis!0CDE50391488, Artemis!7287D20ED4D7
57.14%

Trend Micro House Call
TROJ_GEN.F47V0429, TROJ_GE.72C3CCAD, TROJ_GEN.R0CBH07K213, TROJ_GEN.F47V1220
57.14%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.G, Artemis!0CDE50391488, Artemis!7287D20ED4D7
57.14%

NANO AntiVirus
Trojan.Win32.Starter.csihlg, Trojan.Win32.TrojObfusc.csyffs, Trojan.Win32.BrowseBan.czolqf
57.14%

K7 Gateway Antivirus
Trojan
57.14%

F-Prot
W32/Heuristic-210
57.14%

Commtouch SDK
W32/Heuristic-210!Eldorado
57.14%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
57.14%

Comodo Security
Heur.Suspicious, Application.Win32.MeinV.AK
28.57%

Sophos
Address Tool Bar
28.57%

Bkav FE
W32.Clodf30.Trojan, W32.Clodeb1.Trojan
28.57%

ViRobot
Adware.Agent.561520
14.29%

VIPRE Antivirus
Trojan.Win32.Generic
14.29%

Malwarebytes
Trojan.StartPage
14.29%

The domain down.koowo.com has been seen to resolve to the following 39 IP addresses.

June 26, 2016

June 26, 2016

June 26, 2016

June 26, 2016

June 26, 2016

June 26, 2016

June 26, 2016

June 26, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

February 3, 2016

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

August 19, 2015

 
Showing 30 of 39 IP Addresses

File downloads found at URLs served by down.koowo.com.

9 / 68      (inconclusive)

0 / 68
http://down.koowo.com/.../music_kwun2080.exe  (0a5019df5284c062f054eefc0d9ff190)

7 / 68      (inconclusive)
http://down.koowo.com/mbox_data/plugin/.../Helper.exe  (0bdbabd87fad7046a22aa3b2bb858902)

0 / 68
http://down.koowo.com/mbox/.../mbox722.exe  (54ee0aec8ff2756381b498e9532f801d)

0 / 68

0 / 68
http://down.koowo.com/.../KwSing.exe  (1e234798771154dbb5807a31c3d565ec)

3 / 68
http://down.koowo.com/mbox_data/plugin/.../Helper.exe  (361fb3d5d542ce889bad70e62beaa062)

3 / 68
http://down.koowo.com/mbox/.../mbox581.exe  (cbd4ac82e569d87441c55acebcacd3ce)

7 / 68      (inconclusive)

8 / 68      (inconclusive)
http://down.koowo.com/mbox/.../mbox722.exe  (7287d20ed4d7eb4777cdce17ff33dd9d)

11 / 68    (Unwanted)

7 / 68      (inconclusive)
http://down.koowo.com/mbox/.../mbox523.exe  (e3ada203cd77906a8eb4bb58f63482a5)

The following file have been seen to comunicate with down.koowo.com in live environments.

URL:
http://down.koowo.com/

Title:
“rewrite”

Web server:
DnionOS/1.2.1.8