The domain dn.goforfiles.com registered by Righway Technologies, Inc. was initially registered in August of 2012 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
INTERNET DOMAIN SERVICE BS CORP
Northern Ireland, United Kingdom (GB)
Thursday, August 16, 2012
Tuesday, August 16, 2016
Friday, December 11, 2015
Detections (94% detected)
PUP.RighwayTechnologies.c, PUP.RighwayTechnologies.j, PUP.RighwayTechnologies.p, PUP.RighwayTechnologies.R, PUP.RighwayTechnologies.Q, PUP.RighwayTechnologies.?, Threat.Win.Reputation.IMP, PUP.Via Advertising.RighwayTechnologies.Bundler (M), Win32.Generic, PUP.Via Advertising.RighwayT.Bundler (M)
Win32/ExpressDownloader (variant), Win32/YourFileDownloader (variant)
ExpressFiles Installer, Yontoo
Artemis!DF3B28428CBF, Artemis!767228F5C58C, Artemis!EA4F5E984CF2, Artemis!FD3BB23E84E6, Artemis!7B998F57FCBC, Artemis!75828DD12967, Artemis!D59ACD337F6E, Artemis!1DD42C91BE13, Artemis!C452BBCA28D5, Artemis!301B31FB93A0
McAfee Web Gateway
Artemis!DF3B28428CBF, Artemis!767228F5C58C, Artemis!EA4F5E984CF2, Artemis!FD3BB23E84E6, Artemis!7B998F57FCBC, Artemis!75828DD12967
Trend Micro House Call
TROJ_GEN.F47V0607, TROJ_GEN.F47V0507, TROJ_GEN.F47V0827, TROJ_GEN.F47V0412, TROJ_GEN.F47V0920, TROJ_GEN.F47V0430, TROJ_GEN.F47V0531
AhnLab V3 Security
K7 Gateway Antivirus
a variant of 38d054df87991c3cf7077b3c6f79e571e45b6c06, a variant of 70c31e5239b6e20f6a169124260e85b7d5923fce, a variant of b478c5e5a00e5093d854268b716c67a8f8975203
Adware.Downware.1204, Tool.DownLoader.52, Adware.Downware.11081
Win32:PUP-gen [PUP], Win32:Malware-gen, Win32:Dropper-gen [Drp]
The domain dn.goforfiles.com has been seen to resolve to the following 3 IP addresses.
May 3, 2015
May 23, 2014
File downloads found at URLs served by dn.goforfiles.com.
Latest 30 of 293 download URLs
The following 230 files have been seen to comunicate with dn.goforfiles.com in live environments.