app.gomlab.com

Gretech Corp.

Domain Information

The domain app.gomlab.com registered by Gretech Corp. was initially registered in January of 2008 through GABIA, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
GABIA, INC.

Server location:
Washington, United States (US)

Create date:
Tuesday, January 22, 2008

Expires date:
Sunday, January 22, 2017

Updated date:
Monday, December 07, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.GRETECH.GretechC.Installer.Meta (L), PUP.Gretech.GretechC.Installer.Meta (L), PUP.Gretech (L)
97.67%

Emsisoft Anti-Malware
Worm.Generic.384701
2.33%

Antiy Labs AVL
Trojan[:HEUR]/Win32.Unknown
2.33%

G Data
Win32.Worm.Netsky
2.33%

The domain app.gomlab.com has been seen to resolve to the following 463 IP addresses.

server-52-85-142-234.iad12.r.cloudfront.net
September 15, 2016

server-52-85-142-138.iad12.r.cloudfront.net
September 15, 2016

server-52-85-142-87.iad12.r.cloudfront.net
September 15, 2016

server-52-85-142-46.iad12.r.cloudfront.net
September 15, 2016

server-52-85-142-254.iad12.r.cloudfront.net
September 15, 2016

server-52-85-142-244.iad12.r.cloudfront.net
September 15, 2016

server-52-85-147-202.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-146.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-118.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-87.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-70.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-65.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-58.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-215.iad12.r.cloudfront.net
September 2, 2016

server-52-85-147-75.iad12.r.cloudfront.net
August 30, 2016

server-52-85-147-18.iad12.r.cloudfront.net
August 30, 2016

server-52-85-147-115.iad12.r.cloudfront.net
August 27, 2016

server-52-85-147-48.iad12.r.cloudfront.net
August 27, 2016

server-52-85-147-45.iad12.r.cloudfront.net
August 27, 2016

server-52-85-147-22.iad12.r.cloudfront.net
August 27, 2016

server-52-85-147-246.iad12.r.cloudfront.net
August 27, 2016

server-52-85-147-241.iad12.r.cloudfront.net
August 27, 2016

server-52-85-147-206.iad12.r.cloudfront.net
August 27, 2016

server-52-85-147-142.iad12.r.cloudfront.net
August 27, 2016

server-52-84-127-223.iad16.r.cloudfront.net
August 27, 2016

server-52-84-127-200.iad16.r.cloudfront.net
August 27, 2016

server-52-84-127-162.iad16.r.cloudfront.net
August 27, 2016

server-52-84-127-121.iad16.r.cloudfront.net
August 27, 2016

server-52-84-127-80.iad16.r.cloudfront.net
August 27, 2016

server-52-84-127-79.iad16.r.cloudfront.net
August 27, 2016

 
Showing 30 of 463 IP Addresses

File downloads found at URLs served by app.gomlab.com.

1 / 68      (PUP)
http://app.gomlab.com/eng/.../GOMPLAYERENSETUP.EXE  (cdb471ee4f1ec135cd891c0570516073)

0 / 68
https://app.gomlab.com/site/.../GOMPLAYERENSETUP.EXE  (facf3ea9-6ded-4f91-5636-6c3aa7852fb9_1d1f0943e3d0c26)

1 / 68      (PUP)

1 / 68      (PUP)
https://app.gomlab.com/site/.../GOMPLAYERGLOBALSETUP.EXE  (3d3206b526d3ea1e29d2d80f9a891067)

1 / 68      (PUP)
https://app.gomlab.com/tha/.../GOMPLAYERTHSETUP.EXE  (8fc89f5d9a61bee2b0dc55e31aca5e6c)

0 / 68

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)
http://app.gomlab.com/cht/.../GOMPLAYERTWSETUP.EXE  (63b1c83632b7a0cc00ec8bdf7a6abfb4)

1 / 68      (PUP)
http://app.gomlab.com/rus/.../GOMPLAYERRUSETUP.EXE  (65be8cb9d159fa8ff35acc23cf126e3c)

The following 265 files have been seen to comunicate with app.gomlab.com in live environments.

 
Latest 20 of 570 files

URL:
http://app.gomlab.com/

Network:
Amazon Cloudfront

SSL certificate subject:
CN=*.gomlab.com, OU=Development Team, O=Gretech Corp., L=Gangnam-gu, S=Seoul, C=KR

SSL certificate issuer:
CN=thawte SSL CA - G2, O="thawte, Inc.", C=US

Web server:
Apache