dn.goforfiles.com

Righway Technologies, Inc.

Domain Information

The domain dn.goforfiles.com registered by Righway Technologies, Inc. was initially registered in August of 2012 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Thursday, August 16, 2012

Expires date:
Tuesday, August 16, 2016

Updated date:
Friday, December 11, 2015

Root domain:

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.RighwayTechnologies.c, PUP.RighwayTechnologies.j, PUP.RighwayTechnologies.p, PUP.RighwayTechnologies.R, PUP.RighwayTechnologies.Q, PUP.RighwayTechnologies.?, Threat.Win.Reputation.IMP, PUP.Via Advertising.RighwayTechnologies.Bundler (M), Win32.Generic, PUP.Via Advertising.RighwayT.Bundler (M)
96.97%

ESET NOD32
Win32/ExpressDownloader (variant), Win32/YourFileDownloader (variant)
75.76%

VIPRE Antivirus
ExpressFiles Installer, Yontoo
72.73%

Sophos
Go For Files
69.70%

McAfee
Artemis!DF3B28428CBF, Artemis!767228F5C58C, Artemis!EA4F5E984CF2, Artemis!FD3BB23E84E6, Artemis!7B998F57FCBC, Artemis!75828DD12967, Artemis!D59ACD337F6E, Artemis!1DD42C91BE13, Artemis!C452BBCA28D5, Artemis!301B31FB93A0
51.52%

Malwarebytes
PUP.Optional.GoForFiles.A
51.52%

McAfee Web Gateway
Artemis!DF3B28428CBF, Artemis!767228F5C58C, Artemis!EA4F5E984CF2, Artemis!FD3BB23E84E6, Artemis!7B998F57FCBC, Artemis!75828DD12967
51.52%

Trend Micro House Call
TROJ_GEN.F47V0607, TROJ_GEN.F47V0507, TROJ_GEN.F47V0827, TROJ_GEN.F47V0412, TROJ_GEN.F47V0920, TROJ_GEN.F47V0430, TROJ_GEN.F47V0531
48.48%

AhnLab V3 Security
PUP/Win32.ExpressFiles
39.39%

K7 Gateway Antivirus
Unwanted-Program
36.36%

K7 AntiVirus
Unwanted-Program
36.36%

herdProtect (fuzzy)
a variant of 38d054df87991c3cf7077b3c6f79e571e45b6c06, a variant of 70c31e5239b6e20f6a169124260e85b7d5923fce, a variant of b478c5e5a00e5093d854268b716c67a8f8975203
36.36%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
27.27%

Dr.Web
Adware.Downware.1204, Tool.DownLoader.52, Adware.Downware.11081
27.27%

avast!
Win32:PUP-gen [PUP], Win32:Malware-gen, Win32:Dropper-gen [Drp]
24.24%

The domain dn.goforfiles.com has been seen to resolve to the following 3 IP addresses.

unallocated.barefruit.co.uk
May 3, 2015

May 30, 2014

mail.goforfiles.com
May 23, 2014

File downloads found at URLs served by dn.goforfiles.com.

11 / 68    (Adware)

1 / 68      (Malware)

25 / 68    (Adware)

1 / 68      (inconclusive)

11 / 68    (Adware)
http://dn.goforfiles.com/.../Ltezy7lDFpoYwzH HYYg==  (denis_chang_-_jazz_manouche_-_technique_improvisation_-_vol._1_downloader_us_99262.exe)

12 / 68    (Adware)
http://dn.goforfiles.com/j5G1RGyQqlRi0e1Yb9a0MW/.../ZwFgF19sbSdUwQAnZNkF0wTFO  ({pth_1.19.0_by_hackod.torrent}_downloader_hu_99241.exe)

14 / 68    (Adware)

11 / 68    (Adware)

11 / 68    (Adware)
http://dn.goforfiles.com/.../n3mgZ6Mc=  (uninstall87804421.exe)

1 / 68      (Adware)
http://dn.goforfiles.com/  (gffdownloader.exe)

11 / 68    (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

3 / 68      (Adware)

1 / 68      (Malware)

 
Latest 30 of 293 download URLs

The following 230 files have been seen to comunicate with dn.goforfiles.com in live environments.

 
Latest 20 of 230 files