home

audio.gomlab.com

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
gomlab.com

Scanner detections:
Detections  (83% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.GRETECH.GretechC.Installer.Meta (L), PUP.Gretech.GretechC.Installer.Meta (L)
100.00%

Bkav FE
W32.HfsAdware
20.00%

Zillya! Antivirus
Adware.Hao123.Win32.51
20.00%

ESET NOD32
Win32/FusionCore.C potentially unwanted (variant)
20.00%

The domain audio.gomlab.com has been seen to resolve to the following 46 IP addresses.

52.85.147.136
server-52-85-147-136.iad12.r.cloudfront.net
August 23, 2016

52.85.147.80
server-52-85-147-80.iad12.r.cloudfront.net
August 23, 2016

52.85.147.20
server-52-85-147-20.iad12.r.cloudfront.net
August 23, 2016

52.85.147.249
server-52-85-147-249.iad12.r.cloudfront.net
August 23, 2016

52.85.147.192
server-52-85-147-192.iad12.r.cloudfront.net
August 23, 2016

52.85.147.175
server-52-85-147-175.iad12.r.cloudfront.net
August 23, 2016

52.85.147.165
server-52-85-147-165.iad12.r.cloudfront.net
August 23, 2016

52.85.147.159
server-52-85-147-159.iad12.r.cloudfront.net
August 23, 2016

52.84.127.240
server-52-84-127-240.iad16.r.cloudfront.net
July 21, 2016

52.84.127.229
server-52-84-127-229.iad16.r.cloudfront.net
July 21, 2016

52.84.127.111
server-52-84-127-111.iad16.r.cloudfront.net
July 21, 2016

52.84.127.42
server-52-84-127-42.iad16.r.cloudfront.net
July 21, 2016

52.84.127.35
server-52-84-127-35.iad16.r.cloudfront.net
July 21, 2016

52.84.127.26
server-52-84-127-26.iad16.r.cloudfront.net
July 21, 2016

52.84.127.25
server-52-84-127-25.iad16.r.cloudfront.net
July 21, 2016

52.84.127.10
server-52-84-127-10.iad16.r.cloudfront.net
July 21, 2016

52.84.122.172
server-52-84-122-172.iad16.r.cloudfront.net
July 4, 2016

52.85.142.207
server-52-85-142-207.iad12.r.cloudfront.net
July 2, 2016

52.85.142.147
server-52-85-142-147.iad12.r.cloudfront.net
July 2, 2016

52.85.142.84
server-52-85-142-84.iad12.r.cloudfront.net
July 2, 2016

52.85.142.64
server-52-85-142-64.iad12.r.cloudfront.net
July 2, 2016

52.85.142.58
server-52-85-142-58.iad12.r.cloudfront.net
July 2, 2016

52.85.142.57
server-52-85-142-57.iad12.r.cloudfront.net
July 2, 2016

52.85.142.8
server-52-85-142-8.iad12.r.cloudfront.net
July 2, 2016

52.85.142.6
server-52-85-142-6.iad12.r.cloudfront.net
July 2, 2016

52.84.122.246
server-52-84-122-246.iad16.r.cloudfront.net
July 1, 2016

52.84.122.234
server-52-84-122-234.iad16.r.cloudfront.net
July 1, 2016

52.84.122.134
server-52-84-122-134.iad16.r.cloudfront.net
July 1, 2016

52.84.122.123
server-52-84-122-123.iad16.r.cloudfront.net
July 1, 2016

52.84.122.70
server-52-84-122-70.iad16.r.cloudfront.net
July 1, 2016

 
Showing 30 of 46 IP Addresses

File downloads found at URLs served by audio.gomlab.com.

1 / 68      (PUP)
https://audio.gomlab.com/download_audio.gom  (gomaudioglobalsetup.exe)

1 / 68      (PUP)
http://audio.gomlab.com/download_audio.gom  (gomaudioglobalsetup.exe)

1 / 68      (PUP)
http://audio.gomlab.com/download_audio.gom  (gomaudioglobalsetup.exe)

4 / 68      (PUP)
http://audio.gomlab.com/download_log.gom  (gomaudioglobalsetup_etc.exe)

1 / 68      (PUP)
http://audio.gomlab.com/download_audio.gom  (grlaunchertempsetup.exe)

0 / 68
http://audio.gomlab.com/download_audio.gom  (gomaudioglobalsetup.exe)

1 / 68      (PUP)
http://audio.gomlab.com/download_log.gom  (grlaunchertempsetup.exe)

The following 32 files have been seen to comunicate with audio.gomlab.com in live environments.

TCP » 52.85.147.20:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.85.147.20:443
online-guardian-v2.0.9.exe

TCP » 52.84.122.70:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.147.20:443
apptrailers.exe

TCP » 52.85.142.207:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.147:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.85.142.147:443
clearscreenplayerbrowser.exe

TCP » 52.85.142.58:80
browser.exe (Browser)

TCP » 52.85.147.20:443
apptrailers.exe

TCP » 52.85.147.20:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.122.58:80
browser.exe (speed browser by Smart Applications)

TCP » 52.85.142.84:80
emuletorrent.exe

TCP » 52.85.142.8:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.207:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.8:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.147.20:443
apptrailers.exe

TCP » 52.85.142.6:443
clearscreenplayerbrowser.exe

TCP » 52.85.142.58:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.85.142.6:443
ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

 
Latest 20 of 53 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.