tusfiles.net

Artur Kozak  (via a Proxy Registrant)

Domain Information

TusFiles is a file hosting service that bills itself as a cloud backup platform, however the service is known to distributed various potentially unwanted software packages such as adware bundles through its wrapped download manager (signed by Artur Kozak, etc.). The domain tusfiles.net is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2010. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Vaslui, Vaslui within Romania which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Registrar:
GODADDY.COM, LLC

Server location:
Vaslui, Romania (RO)

Create date:
Monday, May 17, 2010

Expires date:
Wednesday, May 17, 2017

Updated date:
Monday, May 18, 2015

ASN:
AS9009 M247 M247 Ltd,GB

Scanner detections:
Adware distribution

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer (M), Threat.Win.Reputation.IMP, PUP.FusionCore.Bundle.ET (M)
50.00%

ESET NOD32
Detection.Undefined, Win32/FusionCore.D potentially unwanted application, Win32/GameHack.AOV potentially unsafe application
37.50%

Dr.Web
Trojan.Packed
12.50%

The domain tusfiles.net has been seen to resolve to the following 3 IP addresses.

app01.tusfiles.net
August 4, 2016

tusfiles.net
February 20, 2016

December 22, 2013

File downloads found at URLs served by tusfiles.net.

0 / 68

0 / 68
https://tusfiles.net/uenvcx6y0m8p  (kiss fm fresh top 40 - 9 iulie 2016.zip)

1 / 68      (inconclusive)
https://tusfiles.net/beu66z6lxbjt  (wallhack cso free.exe)

0 / 68
https://tusfiles.net/ala1bjlgpt7w  (pes 2016 setting.exe_www.ketubanjiwa.com.rar)

2 / 68      (PUP)
https://tusfiles.net/8capk6senq6h  (freeautoclicker.exe)

0 / 68
http://tusfiles.net/nqun5960pwta  (coowon_install_1.5.3.0.exe)

0 / 68
https://tusfiles.net/o8waqjswbvyc  (Universal IDM Patcher v2.9.4.exe)

0 / 68
https://tusfiles.net/8u5pamopynzd  (idman623build22.exe)

0 / 68
https://tusfiles.net/r50crwtr6nme  (aida64_extreme_5.70.3869.exe)

1 / 68      (Adware)
http://tusfiles.net/v5p2wuvybhks  (office_mobile_for_office_365_apk_15.0.1924.2000_patched_full_android.zip.exe)

0 / 68
https://tusfiles.net/p1igwvyo5g2d  (p1igwvyo5g2d.htm)

0 / 68
https://tusfiles.net/q548utkx98yp  (openvpn-install-2.3.7-i602-i686.exe)

0 / 68
https://tusfiles.net/up5hqpo8xls4  (securepointsslvpn.exe)

1 / 68
https://tusfiles.net/hwh8fuhdcyl6  (winrar-x64-521es.exe)

0 / 68
https://tusfiles.net/yo1agntjh2z9  (universe sandbox ² alpha 16.exe)

0 / 68
https://tusfiles.net/ut7g8qqmx4zb  (ut7g8qqmx4zb.htm)

0 / 68
https://tusfiles.net/fn81yfa5hcx2  (dotnetfx35_w8.1_x86_x64.exe)

0 / 68
https://tusfiles.net/mw0zoap3mcv5  (234sa56fd7joweur43748yhl.exe)

1 / 68
https://tusfiles.net/0w01wt85v4io  (adobe photoshop cc 2015 16.1.1 nl portable.exe)

1 / 68      (Malware)
http://tusfiles.net/e9osjwsevy6c  (tante_sendiri.3gp.exe)

1 / 68      (Adware)
http://tusfiles.net/1m3upoyfy07m  (my_boss_my_hero_01.mp4.exe)

0 / 68
https://tusfiles.net/0ef3ergyzsgg  (0ef3ergyzsgg.htm)

0 / 68
https://tusfiles.net/h7u63xxnj755  (dsound.dll about-share.rar)

The following 15 files have been seen to comunicate with tusfiles.net in live environments.

 
Latest 20 of 32 files

June 8, 2016

February 7, 2014

June 6, 2016

April 26, 2014

February 7, 2014

November 7, 2015

February 26, 2016

September 7, 2014

February 19, 2015

January 6, 2016

February 29, 2016

April 13, 2015

January 6, 2016

April 11, 2016

February 11, 2016

November 18, 2015

April 20, 2016

December 22, 2013

February 11, 2016

April 12, 2016

URL:
http://tusfiles.net/

Google Analytics:
UA-3400026

Title:
“TusFiles | Free Cloud Storage”

Description:
“Share unlimited files using our free cloud service”

SSL certificate subject:
CN=*.tusfiles.net, OU=EssentialSSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx/1.9.11

Facebook:
Likes:  2,858
Shares:  5,248
Comments:  1,080

Statistics above are for the previous month of November 2017.