TusFiles is a file hosting service that bills itself as a cloud backup platform, however the service is known to distributed various potentially unwanted software packages such as adware bundles through its wrapped download manager (signed by Artur Kozak, etc.). The domain www.tusfiles.net is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2010. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Vaslui, Vaslui within Romania which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Vaslui, Romania (RO)
Monday, May 17, 2010
Wednesday, May 17, 2017
Monday, May 18, 2015
AS9009 M247 M247 Ltd,GB
Detections (74% detected)
(M), PUP.New IT Limited.NewIT.Bundler (M), Adware.WebPick.Installer (M), Threat.Win.Reputation.IMP, Adware.Bundler, PUP.WebPick.Stanisla (M), PUP.WebPick.ItzhakSh (M), Adware (M), PUP (M)
Win32:Apanas [Trj], Win32:Agent-AYLT [PUP]
Win32/Adware.MultiPlug.DZ application, Win32/Adware.MultiPlug.JX application, Win32/AdWare.MultiPlug.CT application
Gen:Trojan.Heur.8uW@vbhmfxhin, Gen:Variant.Adware.MultiPlug.4, Gen:Variant.Adware.MPlug.16
Trojan.Generic.7175407, Win32.Neshta, Gen:Trojan.Heur.8uW@vbhmfxhin, Gen:Variant.Adware.MPlug.16, Gen:Variant.Adware.MPlug.10
Microsoft Security Essentials
Worm/Delf, Adware Generic_r.XD, Adware Generic_r.VD, Adware Generic_r.UH
JS.A.Iframe.40776192, JS.A.Pakes.621952, Win32.Neshta.B[h]
Trojan.MSIL.Inject, TrojanPSW.Agent, Virus.Win32.Neshta.a
Antiy Labs AVL
Trojan/Win32.SGeneric, Trojan/Win32.Tgenic, Virus.Win32.Neshta.a
The domain www.tusfiles.net has been seen to resolve to the following 3 IP addresses.
August 4, 2016
February 20, 2016
File downloads found at URLs served by www.tusfiles.net.
Latest 30 of 292 download URLs
The following 15 files have been seen to comunicate with www.tusfiles.net in live environments.
“TusFiles | Free Cloud Storage”
“Share unlimited files using our free cloud service”
SSL certificate subject:
CN=*.tusfiles.net, OU=EssentialSSL Wildcard, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Statistics are for the previous month.