www.gomplayer.jp
Gretech Corp.
Domain Information
The domain www.gomplayer.jp registered by Gretech Corp. was initially registered in July of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Server location:
New York, United States (US)
Create date:
Thursday, July 15, 2010
Expires date:
Sunday, July 31, 2016
Updated date:
Saturday, August 1, 2015
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US
Scanner detections:
Detections (63% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.OpenCandy.Installer (L), PUP.GRETECH.GretechC.Installer.Meta (L), PUP.GRETECH.Installer.Meta (L), PUP.Gretech.GretechC.Installer.Meta (L), PUP.Gretech (L)
91.18%
Rising Antivirus
PE:Malware.XPACK/RDM!5.1, PE:Trojan.Win32.Generic.140D555D!336418141
14.71%
ESET NOD32
Win32/OpenCandy, Win32/Hao123.C potentially unwanted (variant), Win32/Bundled.Toolbar.Google
8.82%
Trend Micro House Call
Suspicious_GEN.F47V1221
5.88%
Quick Heal
(Suspicious) - DNAScan
2.94%
Bkav FE
W32.HfsAdware
2.94%
Clam AntiVirus
SWF.Exploit.Kit-434
2.94%
F-Secure
Gen:Variant.Symmi.57598
2.94%
The domain www.gomplayer.jp has been seen to resolve to the following 162 IP addresses.
ec2-54-174-163-51.compute-1.amazonaws.com
July 17, 2016
ec2-54-85-192-177.compute-1.amazonaws.com
July 17, 2016
server-52-84-122-243.iad16.r.cloudfront.net
June 28, 2016
server-52-84-122-198.iad16.r.cloudfront.net
June 28, 2016
server-52-84-122-145.iad16.r.cloudfront.net
June 28, 2016
server-52-84-122-127.iad16.r.cloudfront.net
June 28, 2016
server-52-84-122-118.iad16.r.cloudfront.net
June 28, 2016
server-52-84-122-104.iad16.r.cloudfront.net
June 28, 2016
server-52-84-122-25.iad16.r.cloudfront.net
June 28, 2016
server-52-84-122-247.iad16.r.cloudfront.net
June 28, 2016
server-54-192-18-161.iad12.r.cloudfront.net
June 5, 2016
server-54-192-18-140.iad12.r.cloudfront.net
June 5, 2016
server-54-192-18-117.iad12.r.cloudfront.net
June 5, 2016
server-54-192-18-94.iad12.r.cloudfront.net
June 5, 2016
server-54-192-18-9.iad12.r.cloudfront.net
June 5, 2016
server-54-192-18-234.iad12.r.cloudfront.net
June 5, 2016
server-54-192-18-179.iad12.r.cloudfront.net
June 5, 2016
server-52-84-122-140.iad16.r.cloudfront.net
June 4, 2016
server-52-84-122-114.iad16.r.cloudfront.net
June 4, 2016
server-52-84-122-68.iad16.r.cloudfront.net
June 4, 2016
server-52-84-122-43.iad16.r.cloudfront.net
June 4, 2016
server-52-84-122-15.iad16.r.cloudfront.net
June 4, 2016
server-52-84-122-219.iad16.r.cloudfront.net
June 4, 2016
server-52-84-122-210.iad16.r.cloudfront.net
June 4, 2016
server-52-84-122-188.iad16.r.cloudfront.net
June 4, 2016
server-54-192-18-219.iad12.r.cloudfront.net
May 26, 2016
server-54-192-18-150.iad12.r.cloudfront.net
May 26, 2016
server-54-192-18-63.iad12.r.cloudfront.net
May 26, 2016
server-54-192-18-13.iad12.r.cloudfront.net
May 26, 2016
server-54-192-18-4.iad12.r.cloudfront.net
May 26, 2016
Showing 30 of 162 IP Addresses
File downloads found at URLs served by www.gomplayer.jp.
The following 12 files have been seen to comunicate with www.gomplayer.jp in live environments.
URL:
http://www.gomplayer.jp/
Google Analytics:
UA-4020306
Title:
“GRETECH JAPAN ̃\tgEFAQ - GOM \tg”
Description:
“GOMT[rXTCg| ĐGOM Player͂߂Ƃ\tgEFÃT[rX^cĂ܂B”
Network:
Amazon Cloudfront
SSL certificate subject:
CN=*.gomplayer.jp, OU=Dev.Team, O=Gretech Japan, L=Shinjuku, S=Tokyo, C=JP
SSL certificate issuer:
CN=thawte SSL CA - G2, O="thawte, Inc.", C=US
Web server:
Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1j-fips
Facebook:
Likes: 190
Shares: 193
Comments: 40
Statistics are for the previous month.
