www.gomplayer.jp

Gretech Corp.

Domain Information

The domain www.gomplayer.jp registered by Gretech Corp. was initially registered in July of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Server location:
New York, United States (US)

Create date:
Thursday, July 15, 2010

Expires date:
Sunday, July 31, 2016

Updated date:
Saturday, August 01, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (63% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.OpenCandy.Installer (L), PUP.GRETECH.GretechC.Installer.Meta (L), PUP.GRETECH.Installer.Meta (L), PUP.Gretech.GretechC.Installer.Meta (L), PUP.Gretech (L)
91.18%

Rising Antivirus
PE:Malware.XPACK/RDM!5.1, PE:Trojan.Win32.Generic.140D555D!336418141
14.71%

ESET NOD32
Win32/OpenCandy, Win32/Hao123.C potentially unwanted (variant), Win32/Bundled.Toolbar.Google
8.82%

Jiangmin
Trojan/Rector.dx
8.82%

Antiy Labs AVL
Trojan[:HEUR]/Win32.AGeneric
8.82%

Trend Micro House Call
Suspicious_GEN.F47V1221
5.88%

Quick Heal
(Suspicious) - DNAScan
2.94%

Bkav FE
W32.HfsAdware
2.94%

Clam AntiVirus
SWF.Exploit.Kit-434
2.94%

F-Secure
Gen:Variant.Symmi.57598
2.94%

The domain www.gomplayer.jp has been seen to resolve to the following 162 IP addresses.

ec2-54-174-163-51.compute-1.amazonaws.com
July 17, 2016

ec2-54-85-192-177.compute-1.amazonaws.com
July 17, 2016

server-52-84-122-243.iad16.r.cloudfront.net
June 28, 2016

server-52-84-122-198.iad16.r.cloudfront.net
June 28, 2016

server-52-84-122-145.iad16.r.cloudfront.net
June 28, 2016

server-52-84-122-127.iad16.r.cloudfront.net
June 28, 2016

server-52-84-122-118.iad16.r.cloudfront.net
June 28, 2016

server-52-84-122-104.iad16.r.cloudfront.net
June 28, 2016

server-52-84-122-25.iad16.r.cloudfront.net
June 28, 2016

server-52-84-122-247.iad16.r.cloudfront.net
June 28, 2016

server-54-192-18-161.iad12.r.cloudfront.net
June 5, 2016

server-54-192-18-140.iad12.r.cloudfront.net
June 5, 2016

server-54-192-18-117.iad12.r.cloudfront.net
June 5, 2016

server-54-192-18-94.iad12.r.cloudfront.net
June 5, 2016

server-54-192-18-9.iad12.r.cloudfront.net
June 5, 2016

server-54-192-18-234.iad12.r.cloudfront.net
June 5, 2016

server-54-192-18-179.iad12.r.cloudfront.net
June 5, 2016

server-52-84-122-140.iad16.r.cloudfront.net
June 4, 2016

server-52-84-122-114.iad16.r.cloudfront.net
June 4, 2016

server-52-84-122-68.iad16.r.cloudfront.net
June 4, 2016

server-52-84-122-43.iad16.r.cloudfront.net
June 4, 2016

server-52-84-122-15.iad16.r.cloudfront.net
June 4, 2016

server-52-84-122-219.iad16.r.cloudfront.net
June 4, 2016

server-52-84-122-210.iad16.r.cloudfront.net
June 4, 2016

server-52-84-122-188.iad16.r.cloudfront.net
June 4, 2016

server-54-192-18-219.iad12.r.cloudfront.net
May 26, 2016

server-54-192-18-150.iad12.r.cloudfront.net
May 26, 2016

server-54-192-18-63.iad12.r.cloudfront.net
May 26, 2016

server-54-192-18-13.iad12.r.cloudfront.net
May 26, 2016

server-54-192-18-4.iad12.r.cloudfront.net
May 26, 2016

 
Showing 30 of 162 IP Addresses

File downloads found at URLs served by www.gomplayer.jp.

1 / 68      (PUP)
http://www.gomplayer.jp/.../GOMENCODERSETUP_JPN.EXE  (b3d2930754643e59a24d04a8912a2498)

1 / 68      (PUP)
http://www.gomplayer.jp/.../GOMPLAYERJPSETUP.EXE  (2a545a234749325ad0c0c689b71789c1)

0 / 68

0 / 68

0 / 68

0 / 68
http://www.gomplayer.jp/picpick/.../PICPICKJPSETUP.EXE  (93a3123504484df0d0b1788d186b4a46)

0 / 68
http://www.gomplayer.jp/bandicam/.../BDCAMSETUP_JPN.EXE  (a321143aa9f604b11c9e058d781abb60)

0 / 68

1 / 68      (PUP)
https://www.gomplayer.jp/.../GOMPLAYERJPSETUP.EXE  (5d8700a821bff07cdeab7d6f8bb60e7d)

2 / 68      (PUP)

0 / 68

The following 12 files have been seen to comunicate with www.gomplayer.jp in live environments.

URL:
http://www.gomplayer.jp/

Google Analytics:
UA-4020306

Title:
“GRETECH JAPAN ̃\tgEFAQ - GOM \tg”

Description:
“GOMT[rXTCg| ĐGOM Player͂߂Ƃ\tgEFÃT[rX^cĂ܂B”

Network:
Amazon Cloudfront

SSL certificate subject:
CN=*.gomplayer.jp, OU=Dev.Team, O=Gretech Japan, L=Shinjuku, S=Tokyo, C=JP

SSL certificate issuer:
CN=thawte SSL CA - G2, O="thawte, Inc.", C=US

Web server:
Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1j-fips

Facebook:
Likes:  190
Shares:  193
Comments:  40

Statistics are for the previous month.