home

go.goforfiles.com

Righway Technologies, Inc.

Domain Information

The domain go.goforfiles.com registered by Righway Technologies, Inc. was initially registered in August of 2012 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Thursday, August 16, 2012

Expires date:
Tuesday, August 16, 2016

Updated date:
Friday, December 11, 2015

Root domain:
goforfiles.com

Whois:
3 goforfiles.com records

Scanner detections:
Detections  (97% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.RighwayTechnologies.Q, PUP.RighwayTechnologies.e, PUP.RighwayTechnologies.J, PUP.RighwayTechnologies.z, PUP.RighwayTechnologies.AA, PUP.RighwayTechnologies.m, PUP.Via Advertising.RighwayTechnologies.Bundler (M), Threat.Win.Reputation.IMP
100.00%

ESET NOD32
Win32/YourFileDownloader (variant), Win32/ExpressFiles (variant)
75.76%

VIPRE Antivirus
ExpressFiles Installer, Yontoo, Threat.4783941
72.73%

Malwarebytes
PUP.Optional.GoForFiles.A
69.70%

Sophos
Go For Files, PUA 'Go For Files'
57.58%

avast!
Win32:PUP-gen [PUP], Win32:Expressfiles-A [PUP], Win32:Malware-gen, Win32:Adware-gen [Adw]
54.55%

Dr.Web
Adware.Downware.825, Adware.Downware.914, Adware.Downware.747, Tool.DownLoader.52
51.52%

Trend Micro House Call
TROJ_SPNR.28B713, TROJ_GEN.F47V0430, TROJ_SPNR.08BB13, HV_ZYX_BL1329AD.TOMC, TROJ_GEN.RCBH1AI, TROJ_GEN.F47V1101, TROJ_GEN.F47V1114, TROJ_GEN.F47V1022, TROJ_GEN.F47V1219
48.48%

McAfee
Artemis!9294A626096D, Artemis!07343314F7B4, Artemis!332D3639F52B, Artemis!3AC8BEB60DCF, Artemis!392EE4F35BC6, Artemis!7B998F57FCBC, Artemis!26628FEC66EE
45.45%

K7 AntiVirus
Unwanted-Program
42.42%

Avira AntiVirus
Adware/ExpressFiles.A
42.42%

AhnLab V3 Security
PUP/Win32.ExpressFiles
42.42%

AVG
Skodna.Generic_r, MalSign.Righway Technologies, Dropper.Generic9
42.42%

Trend Micro
TROJ_SPNR.28B713, TROJ_SPNR.08BK13, TROJ_SPNR.08BB13, TROJ_SPNR.08B713
39.39%

Fortinet FortiGate
W32/SPNR.28B713!tr, Adware/YourFileDownloader, W32/SPNR.08B713!tr
39.39%

The domain go.goforfiles.com has been seen to resolve to the following 5 IP addresses.

92.242.140.21
unallocated.barefruit.co.uk
May 4, 2015

74.63.79.82
October 9, 2014

208.53.158.118
May 30, 2014

5.79.65.217
mail.goforfiles.com
December 22, 2013

199.195.196.182
199.195.196.182.static.midphase.com
December 22, 2013

File downloads found at URLs served by go.goforfiles.com.

5 / 68      (Adware)
http://go.goforfiles.com/.../kUety3ZXrP6HYh9OB6JPPleijulj53qNhlEuXPKFO2mjJDvMxFWuGT  (uninstall232869431.exe)

3 / 68      (PUP)
http://go.goforfiles.com/.../f6uzbzL60WIu5cUTdJS7Mlb0tSlDnNwkaIvbBkSJ3xxbjZlSDNgzVU2ZZwAvmW1Gf8w1TXLeZfBzzSayajkvv2Y8KQ==  (undisputed_iii_redemption__dvdrip_xvid-gfw.avi_downloader_98828.exe)

26 / 68    (Adware)
http://go.goforfiles.com/j5G X3bEuRtnxL1Tb9CwIGWcoXQn4Loke S7LXKpgjho/.../UyFoQkI5SC9s3QwrfPU50yA==  (pirates-stagnettis-revenge-unrated-online-full_downloader_165.exe)

23 / 68    (Adware)
http://go.goforfiles.com/j5GGWHDApklnwKgUXNm9Nm/.../oB3FVnlw=  (gangnam_style_sheet_music.pdf_downloader_2.exe)

6 / 68      (Adware)
http://go.goforfiles.com/j5GVXmHEvEljlI5KftekNy77oC52pfk9JOrqYSvosTxsuIQ1TrXPLEu9iWIc6MNFXamXEF JnVYP3c1YDM51AAPdNkFyxzlMdcA4  (uninstall3809232.exe)

5 / 68      (Adware)
http://go.goforfiles.com/j5H1BzabmlRo0KwUQde1JmCXlhFB6 F/JO eGUnj2WYs56AkUrHCNEr/.../oUQE 3GUwvTzF0F1MhJTYVoFwPeNUJkg3wZMZlkG3feZb4o  (uninstall232869431.exe)

0 / 68
http://go.goforfiles.com/j5GIVnDEoFUt/.../hV7sPc5d7b7O2n10GAr NNgF fRbQCjgDZO5cNTGPqGElCXlAJS2cw=  (martin_hache_dvd_rip.rar_downloader_1.exe)

5 / 68      (Adware)
http://go.goforfiles.com/.../c 8KHW7lTpwpc4nRrbPL1Xp3Gwf6cRVHuTMXhSXlAJS2c9fD85yBlybaB4mzTs=  (krug_tarnen_tricksen_taeuschen.pdf_downloader.exe)

5 / 68      (Adware)
http://go.goforfiles.com/j5GmWGzEu1ot0aEUfNG0LXrT/iN3rPIlebapKjG4hTU1qIAkQbGbPEemxjhYuYUKXfqBFA/.../wjlOYId4HT2VeOdz2mG6NA==  (krug_tarnen_tricksen_taeuschen.pdf_downloader.exe)

6 / 68      (Adware)
http://go.goforfiles.com/j5G2R2fToFpqlP8JKsy MXzZuzMypLY8eKiyLn7okTpsrZEyArKIIgCjgDZO5cdTHPqGElCXlAJS2cRXA9o3VUqfOEZxxjhNdMU5THo=  (uninstall3809232.exe)

22 / 68    (Adware)
http://go.goforfiles.com/j5GsUnrApVR00e0MKsq0JGfPoTVztLAkeOS IH6txyRzpYFqFODbfVWhjyhHsZVeF XFXgTGjRgL1c5aDdwxQwrYNQ==  (uninstall.exe)

26 / 68    (Adware)
http://go.goforfiles.com/j5GjRXfZvUJq26JPeZi3NmLQ9TF3sqoiear9KWithHVpoYwzH bZbwCnmD1dtZgHE XMVwDY3x9F2cxcDNgxSwndM0Y=  (uninstall2749368313.exe)

1 / 68      (Malware)
http://go.goforfiles.com/j5GoVnDcrEIm1aNbKtW0Y37Ys2d0srwuNqCyOHSkjjJ66pI6S7TUbRbgyyxfuoYOR7jIXgvQwV8QkI5SC9s3QgneMEFzyQ==  (marley_and_me_pdf_free_download_downloader_99084.exe)

13 / 68    (Adware)
http://go.goforfiles.com/j5GCVnDfvVQm8aNcZdalMW ckiZgr60qNo6yPHK9gHNWrZclS6PPLEu9iWIc6MJFXamXEF JnVYP3MVbCM51AAPdNkJ6xzBMdsA5  (slp.myegy.mr._hmed.rmvb_downloader_99122.exe)

5 / 68      (Adware)
http://go.goforfiles.com/j5GCXmDSulhn2eYNOonhaDeS4Gkj664iYqz2P3u8gjs4uJZqE PdYhHg2Goc79cUQ7WRWgTQyk1FkZ8YV4FlTgzcMA==  (uninstall623691.exe)

5 / 68      (Adware)
http://go.goforfiles.com/j5G1Vnfc6Vlz16VeZNm/.../vsMgT7mNZhDk2nlZrZMUQ7WRWgvYwFkAwokcB9kyRgjYNUB0yT4=  ({ecmhpainrgeevdineawmse_v3.rar}_downloader_411.exe)

14 / 68    (Adware)
http://go.goforfiles.com/j5GWXnHErEkt56RRIZX6DWHL/gZ8pPINeba4OX 6ynYs9NdnE LMaR/.../Rw==  ({debenu_pdf_maximus_en.exe}_downloader_411.exe)

26 / 68    (Adware)
http://go.goforfiles.com/.../oUQE 3GUgbUzF8G08o=  (uninstall.exe)

22 / 68    (Adware)
http://go.goforfiles.com/j5GRX2eenUxv2KRYYsz/.../btGlQsrwqfa2zKDSMgCRw4bU2UKTHaQjx32cY6MBRC 7MSXGBtDlflNMue6svK0iFQVpwxmJdMocwTnnNIrJ2zS21ZiZu5j9gILlqOwfgK25S gt0FKlWIQ==  (uninstall.exe)

5 / 68      (Adware)
http://go.goforfiles.com/j5GVUnDdrFVi1apNY5OfLCWN4mxGobE eO/vfyr/.../vTpEv5QPQbCUBlzLuwpEhZMIEaVoH1eHLjMjlXsaLt99GyzeZfBzzSayYjAvs2M9LKktZUj3Yz4VokRjXPkReUT7Vz5Fngg=  (krug_tarnen_tricksen_taeuschen.pdf_downloader.exe)

22 / 68    (Adware)
http://go.goforfiles.com/.../wjtP  (uninstall.exe)

7 / 68      (Adware)
http://go.goforfiles.com/.../ZMkd1xT5dMZlkG3fOIbdoj2DlJW1w72s9JbdpMQ==  (uninstall6661663.exe)

10 / 68    (Adware)
http://go.goforfiles.com/j5GjRWfV6VNjxqJaeZjiYy7aoCt 4K8uZLe0IHTulj53qNhhEuTPKFO2mjJDvMxaF zHXxSUilYH18hYCtg1SgfZ  (bmw_etk_local_windows_7_64_bit_downloader_415.exe)

27 / 68    (Adware)
http://go.goforfiles.com/.../fsCV9r7JgfqW JDG z2Iw c5lEuHbdVS1n3leq8xSHenAUAHWz1oPwooCU4w8RQ7eIwQ3kn4WL5AwTXjM  (uninstall.exe)

6 / 68      (Adware)
http://go.goforfiles.com/j5GIVnbcqFkmhv0OOJi3LHycgi58pLY8ZeT1fCjlgzpq6pI6S7TUbRbmyyxfuoYOR7jIXgrZy10QkI5SC9s3QgvbNkF7wQ==  (uninstall3809232.exe)

1 / 68      (Malware)
http://go.goforfiles.com/j5G1WGbDvVpxzeZIecj0AD2Zl3Q3g xuLva NX 7jzZ055UyRrGONEG9hjYBs4QNQauGDFvLiQ9QwokcB9kyRwfUNUJywzFdMZlkG3fKIbZoj2DlJW1w72siabI8  (podstawy_współczesnej_pedagogiki_kunowski_pdf_downloader.exe)

5 / 68      (Adware)
http://go.goforfiles.com/j5G2VmzEoFdq1aNeIcqwKnSXtjJzpKsqcqX2P36uxydt8dRkF DabhPk32kMr5wKSuHHVwfGih5Uk5AGXtUnBwOK  (krug_tarnen_tricksen_taeuschen.pdf_downloader.exe)

1 / 68      (Malware)
http://go.goforfiles.com/j5GBWG3bvF9zlOUNOongai6NlgMyhI8PRK2tb2L612c jaQUAoOcOVX0lRtn8IYUWfKYBkGUkB9Zlo8KVJxyXV2DaF5snWINYINgFi7FJ7N82mbyMHd04jI5JLdiOhm1Kn8YplEmGateLR6pXQ==  (dookudu__1cd_dvdrip_x264_aac_subs_xdm(www.mastitorrents.com).mkv_downloader_98828.exe)

1 / 68      (Malware)
http://go.goforfiles.com/.../TFEeCjgZfgMBWA9o0ShiYdkpzwz9KdsU4RnjL  (d3dcompiler_43.dll_nfs_most_wanted_2012_downloader_99259.exe)

4 / 68      (Adware)
http://go.goforfiles.com/j5GNUnDV6Xhp2ahMKsy5Ji7 uih/.../jDp68dNnFvaaLkSjgDZO5chbFunDQUaTxFoF0cVZAtswRQw=  (wireless_lan_driver_and_utility_download_downloader_98989.exe)

 
Latest 30 of 81 download URLs

The following 230 files have been seen to comunicate with go.goforfiles.com in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

TCP » 92.242.140.21:80
pricemeterexpress.crx

TCP » 92.242.140.21:80
chrome.crx

TCP » 92.242.140.21:80
app-center.crx

TCP » 92.242.140.21:80
ntp.crx

TCP » 92.242.140.21:80
3dayinvite.crx

TCP » 92.242.140.21:80
twitter.crx

TCP » 92.242.140.21:80
viewlater.crx

TCP » 92.242.140.21:80
rss.crx

TCP » 92.242.140.21:80
datapump.crx

 
Latest 20 of 230 files

Facebook:
Likes:  96
Shares:  507
Comments:  125

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.