Artur Kozak (via a Proxy Registrant)
TusFiles is a file hosting service that bills itself as a cloud backup platform, however the service is known to distributed various potentially unwanted software packages such as adware bundles through its wrapped download manager (signed by Artur Kozak, etc.). The domain tusfiles.net is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2010. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Vaslui, Vaslui within Romania which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Vaslui, Romania (RO)
Monday, May 17, 2010
Wednesday, May 17, 2017
Monday, May 18, 2015
AS9009 M247 M247 Ltd,GB
Adware.WebPick.Installer (M), Threat.Win.Reputation.IMP, PUP.FusionCore.Bundle.ET (M)
Detection.Undefined, Win32/FusionCore.D potentially unwanted application, Win32/GameHack.AOV potentially unsafe application
The domain tusfiles.net has been seen to resolve to the following 3 IP addresses.
August 4, 2016
February 20, 2016
File downloads found at URLs served by tusfiles.net.
The following 15 files have been seen to comunicate with tusfiles.net in live environments.
“TusFiles | Free Cloud Storage”
“Share unlimited files using our free cloud service”
SSL certificate subject:
CN=*.tusfiles.net, OU=EssentialSSL Wildcard, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Statistics above are for the previous month of March 2017.