go.goforfiles.com

Righway Technologies, Inc.

Domain Information

The domain go.goforfiles.com registered by Righway Technologies, Inc. was initially registered in August of 2012 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Thursday, August 16, 2012

Expires date:
Tuesday, August 16, 2016

Updated date:
Friday, December 11, 2015

Root domain:

Scanner detections:
Detections  (97% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.RighwayTechnologies.Q, PUP.RighwayTechnologies.e, PUP.RighwayTechnologies.J, PUP.RighwayTechnologies.z, PUP.RighwayTechnologies.AA, PUP.RighwayTechnologies.m, PUP.Via Advertising.RighwayTechnologies.Bundler (M), Threat.Win.Reputation.IMP
100.00%

ESET NOD32
Win32/YourFileDownloader (variant), Win32/ExpressFiles (variant)
75.76%

VIPRE Antivirus
ExpressFiles Installer, Yontoo, Threat.4783941
72.73%

Malwarebytes
PUP.Optional.GoForFiles.A
69.70%

Sophos
Go For Files, PUA 'Go For Files'
57.58%

avast!
Win32:PUP-gen [PUP], Win32:Expressfiles-A [PUP], Win32:Malware-gen, Win32:Adware-gen [Adw]
54.55%

Dr.Web
Adware.Downware.825, Adware.Downware.914, Adware.Downware.747, Tool.DownLoader.52
51.52%

Trend Micro House Call
TROJ_SPNR.28B713, TROJ_GEN.F47V0430, TROJ_SPNR.08BB13, HV_ZYX_BL1329AD.TOMC, TROJ_GEN.RCBH1AI, TROJ_GEN.F47V1101, TROJ_GEN.F47V1114, TROJ_GEN.F47V1022, TROJ_GEN.F47V1219
48.48%

McAfee
Artemis!9294A626096D, Artemis!07343314F7B4, Artemis!332D3639F52B, Artemis!3AC8BEB60DCF, Artemis!392EE4F35BC6, Artemis!7B998F57FCBC, Artemis!26628FEC66EE
45.45%

K7 AntiVirus
Unwanted-Program
42.42%

Avira AntiVirus
Adware/ExpressFiles.A
42.42%

AhnLab V3 Security
PUP/Win32.ExpressFiles
42.42%

AVG
Skodna.Generic_r, MalSign.Righway Technologies, Dropper.Generic9
42.42%

Trend Micro
TROJ_SPNR.28B713, TROJ_SPNR.08BK13, TROJ_SPNR.08BB13, TROJ_SPNR.08B713
39.39%

Fortinet FortiGate
W32/SPNR.28B713!tr, Adware/YourFileDownloader, W32/SPNR.08B713!tr
39.39%

The domain go.goforfiles.com has been seen to resolve to the following 5 IP addresses.

unallocated.barefruit.co.uk
May 4, 2015

October 9, 2014

May 30, 2014

mail.goforfiles.com
December 22, 2013

199.195.196.182.static.midphase.com
December 22, 2013

File downloads found at URLs served by go.goforfiles.com.

3 / 68      (PUP)

26 / 68    (Adware)
http://go.goforfiles.com/j5G X3bEuRtnxL1Tb9CwIGWcoXQn4Loke S7LXKpgjho/.../UyFoQkI5SC9s3QwrfPU50yA==  (pirates-stagnettis-revenge-unrated-online-full_downloader_165.exe)

23 / 68    (Adware)
http://go.goforfiles.com/j5GGWHDApklnwKgUXNm9Nm/.../oB3FVnlw=  (gangnam_style_sheet_music.pdf_downloader_2.exe)

5 / 68      (Adware)

1 / 68      (Malware)

5 / 68      (Adware)

14 / 68    (Adware)

26 / 68    (Adware)

22 / 68    (Adware)

7 / 68      (Adware)

10 / 68    (Adware)

5 / 68      (Adware)

1 / 68      (Malware)

1 / 68      (Malware)
http://go.goforfiles.com/.../TFEeCjgZfgMBWA9o0ShiYdkpzwz9KdsU4RnjL  (d3dcompiler_43.dll_nfs_most_wanted_2012_downloader_99259.exe)

4 / 68      (Adware)

 
Latest 30 of 81 download URLs

The following 230 files have been seen to comunicate with go.goforfiles.com in live environments.

 
Latest 20 of 230 files

Facebook:
Likes:  96
Shares:  507
Comments:  125

Statistics are for the previous month.