r.tusfiles.net

Artur Kozak  (via a Proxy Registrant)

Domain Information

TusFiles is a file hosting service that bills itself as a cloud backup platform, however the service is known to distributed various potentially unwanted software packages such as adware bundles through its wrapped download manager (signed by Artur Kozak, etc.). The domain r.tusfiles.net is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2010. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Bucharest, Bucuresti within Romania which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Registrar:
GODADDY.COM, LLC

Server location:
Bucuresti, Romania (RO)

Create date:
Monday, May 17, 2010

Expires date:
Wednesday, May 17, 2017

Updated date:
Monday, May 18, 2015

ASN:
AS9009 M247 M247 Ltd,GB

Root domain:

Scanner detections:
Adware distribution

Scan engine
Details
Detections

AegisLab AV Signature
Spr.Andr.Smalihook.A!c
100.00%

Avira AntiVirus
SPR/ANDR.SmaliHook.A.Gen
100.00%

The domain r.tusfiles.net has been seen to resolve to the following IP address.

no-rdns.free.clues.ro
February 11, 2016

File downloads found at URLs served by r.tusfiles.net.

0 / 68
https://r.tusfiles.net/d/.../SSH Singapore.zip  (e3235a279c5d2828337c06c3f12a22bb)

0 / 68
https://r.tusfiles.net/d/.../PowerISO 6.3 _5B64-Bit_5D Cr4ck & Patch.rar  (poweriso 6.3 _5b64-bit_5d + cr4ck & patch.rar)

0 / 68
https://r.tusfiles.net/d/.../marhaban ya ramadhan.cdr  (8d6525dff688abcb216e85814fe4011f)

0 / 68
https://r.tusfiles.net/d/.../Ngintip abg lagi ngentot.3gp  (d7ac64185ab3c137eb09496a7ce90e68)

0 / 68
https://r.tusfiles.net/d/.../BN - STBS.epub  (36c66a4382c66d3052771974ff09ad59)

0 / 68
https://r.tusfiles.net/d/.../Any_Cut_1.0.apk  (731e7130d78c793e6feddafe8333ee99)

0 / 68
https://r.tusfiles.net/d/.../SOURCE CODE INJEK AZIS.rar  (5aeb9deb0848954efbdfb1e7011d20da)

0 / 68
https://r.tusfiles.net/d/.../SSH Singapore.zip  (cb99f3f0befec23b78bc27690935cd14)

0 / 68
https://r.tusfiles.net/d/.../SuperSU_v2.36_Final.apk  (0715a9379fc72f74e56b00a224d950b4)

0 / 68
https://r.tusfiles.net/d/.../bios.rar  (62d8b959723a41ad58daca77cbd1257d)

0 / 68
https://r.tusfiles.net/d/.../Readon TV Movie Radio Player.rar  ({1dab52da-93bb-4092-a320-00008c720658}-readon tv movie radio player.rar)

0 / 68
https://r.tusfiles.net/d/.../shuimeiren20131209.apk  ({2e2510bc-af30-45e6-b8aa-649c3c63be95}-shuimeiren20131209.apk)

2 / 68      (inconclusive)

0 / 68

0 / 68
https://r.tusfiles.net/d/.../Dsound.dll About-share.rar  (089272cb6d4e106db89f02e3fd382c7a)

The following 3 files have been seen to comunicate with r.tusfiles.net in live environments.

URL:
http://r.tusfiles.net/

Title:
“File Server”

SSL certificate subject:
CN=*.tusfiles.net, OU=EssentialSSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx

Facebook:
Shares:  10

Statistics are for the previous month.