www.gomplayer.jp

Gretech Corp.

Domain Information

The domain www.gomplayer.jp registered by Gretech Corp. was initially registered in July of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Remove Malware from www.gomplayer.jp - Powered by Reason Core Security
Server location:
New York, United States (US)

Create date:
Thursday, July 15, 2010

Expires date:
Sunday, July 31, 2016

Updated date:
Saturday, August 01, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (58% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.GRETECH.Q, PUP.Optional.Installer.Q, PUP.Optional.Installer.T, PUP.Optional.Installer.M, PUP.Optional.Installer.W, Threat.Installer.GRETECH
75.86%

ESET NOD32
Win32/Bundled.Toolbar.Google, Win32/Bundled.Toolbar.Google.D potentially unsafe, Win32/Hao123.C potentially unwanted (variant)
62.07%

CMC Antivirus
Virus.Win32.Sality!O
34.48%

Emsisoft Anti-Malware
Backdoor.Agent.YRG
34.48%

Rising Antivirus
PE:Malware.XPACK/RDM!5.1, PE:Trojan.Win32.Generic.140D555D!336418141, PE:Malware.XPACK-LNR/Heur!1.5594
13.79%

Bkav FE
W32.HfsAdware
10.34%

Jiangmin
Trojan/Rector.dx
6.90%

Antiy Labs AVL
Trojan[:HEUR]/Win32.AGeneric
6.90%

Clam AntiVirus
SWF.Exploit.Kit-434
6.90%

McAfee Web Gateway
BehavesLike.Win32.Suspicious.wc, BehavesLike.Win32.Suspicious.rc
6.90%

K7 AntiVirus
Trojan
3.45%

K7 Gateway Antivirus
Trojan
3.45%

ESET NOD32
Win32/OpenCandy potentially unsafe application
3.45%

Dr.Web
Threat.Undefined
3.45%

VIPRE Antivirus
Trojan.Win32.Generic
3.45%

The domain www.gomplayer.jp has been seen to resolve to the following 46 IP addresses.

server-54-230-193-91.iad53.r.cloudfront.net
January 5, 2016

server-54-230-193-58.iad53.r.cloudfront.net
January 5, 2016

server-54-230-193-49.iad53.r.cloudfront.net
January 5, 2016

server-54-230-193-181.iad53.r.cloudfront.net
January 5, 2016

server-54-230-193-157.iad53.r.cloudfront.net
January 5, 2016

server-54-230-193-155.iad53.r.cloudfront.net
January 5, 2016

server-54-230-193-111.iad53.r.cloudfront.net
January 5, 2016

server-54-230-193-110.iad53.r.cloudfront.net
January 5, 2016

server-54-239-152-242.iad53.r.cloudfront.net
December 23, 2015

server-54-230-195-117.iad53.r.cloudfront.net
December 23, 2015

server-54-192-195-141.iad53.r.cloudfront.net
December 23, 2015

server-54-192-195-114.iad53.r.cloudfront.net
December 23, 2015

server-54-192-194-253.iad53.r.cloudfront.net
December 23, 2015

server-54-192-194-202.iad53.r.cloudfront.net
December 23, 2015

server-54-192-194-170.iad53.r.cloudfront.net
December 23, 2015

server-54-192-193-171.iad53.r.cloudfront.net
December 23, 2015

server-54-230-101-253.iad2.r.cloudfront.net
December 4, 2015

server-54-230-195-13.iad53.r.cloudfront.net
August 27, 2015

server-54-230-194-175.iad53.r.cloudfront.net
August 27, 2015

server-54-230-193-166.iad53.r.cloudfront.net
August 27, 2015

server-54-192-195-50.iad53.r.cloudfront.net
August 27, 2015

server-54-192-194-150.iad53.r.cloudfront.net
August 27, 2015

server-54-192-194-59.iad53.r.cloudfront.net
August 27, 2015

server-54-192-193-220.iad53.r.cloudfront.net
August 27, 2015

server-54-192-193-122.iad53.r.cloudfront.net
August 27, 2015

server-54-192-101-228.iad2.r.cloudfront.net
June 19, 2015

server-54-192-101-40.iad2.r.cloudfront.net
June 19, 2015

server-54-230-101-209.iad2.r.cloudfront.net
June 19, 2015

server-54-230-101-141.iad2.r.cloudfront.net
June 19, 2015

server-54-192-102-190.iad2.r.cloudfront.net
June 19, 2015

 
Showing 30 of 46 IP Addresses

File downloads found at URLs served by www.gomplayer.jp.

3 / 68      (PUP)
http://www.gomplayer.jp/.../GOMPLAYERJPSETUP.EXE  (5cd5084e530bb01d66c1688c0f9167e8)

6 / 68      (PUP)
http://www.gomplayer.jp/.../GOMENCODERSETUP_JPN.EXE  (f780b90204a78967953c9ad44cce2628)

0 / 68

0 / 68
http://www.gomplayer.jp/bandicam/.../BDCAMSETUP_JPN.EXE  (436d35c59b64191a35131777a2183a19)

0 / 68

4 / 68      (PUP)
https://www.gomplayer.jp/.../GOMPLAYERJPSETUP.EXE  (483f4a85eb55f8086cffdc8e576b0a9e)

2 / 68      (PUP)
http://www.gomplayer.jp/audio/.../GOMAUDIOGLOBALSETUP.EXE  (d7dc21509cb19ff3614a48640a18680b)

0 / 68

1 / 68      (PUP)

4 / 68      (PUP)

URL:
http://www.gomplayer.jp/

Google Analytics:
UA-4020306

Title:
“GRETECH JAPAN ̃\tgEFAQ - GOM \tg”

Description:
“GOMT[rXTCg| ĐGOM Player͂߂Ƃ\tgEFÃT[rX^cĂ܂B”

Network:
Amazon Cloudfront

SSL certificate subject:
CN=*.gomplayer.jp, OU=Dev.Team, O=Gretech Japan, L=Shinjuku, S=Tokyo, C=JP

SSL certificate issuer:
CN=thawte SSL CA - G2, O="thawte, Inc.", C=US

Web server:
Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1j-fips

Facebook:
Likes:  192
Shares:  192
Comments:  40

Statistics are for the previous month.

Remove Malware from www.gomplayer.jp - Powered by Reason Core Security