home

www.tusfiles.net

Artur Kozak  (via a Proxy Registrant)

Domain Information

TusFiles is a file hosting service that bills itself as a cloud backup platform, however the service is known to distributed various potentially unwanted software packages such as adware bundles through its wrapped download manager (signed by Artur Kozak, etc.). The domain www.tusfiles.net is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2010. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Vaslui, Vaslui within Romania which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Registrar:
GODADDY.COM, LLC

Server location:
Vaslui, Romania (RO)

Create date:
Monday, May 17, 2010

Expires date:
Wednesday, May 17, 2017

Updated date:
Monday, May 18, 2015

ASN:
AS9009 M247 M247 Ltd,GB

Root domain:
tusfiles.net

Whois:
2 tusfiles.net records

Scanner detections:
Detections  (74% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), PUP.New IT Limited.NewIT.Bundler (M), Adware.WebPick.Installer (M), Threat.Win.Reputation.IMP, Adware.Bundler, PUP.WebPick.Stanisla (M), PUP.WebPick.ItzhakSh (M), Adware (M), PUP (M)
72.50%

avast!
Win32:Apanas [Trj], Win32:Agent-AYLT [PUP]
20.00%

ESET NOD32
Win32/Adware.MultiPlug.DZ application, Win32/Adware.MultiPlug.JX application, Win32/AdWare.MultiPlug.CT application
17.50%

Norman
Gen:Trojan.Heur.8uW@vbhmfxhin, Gen:Variant.Adware.MultiPlug.4, Gen:Variant.Adware.MPlug.16
17.50%

Emsisoft Anti-Malware
Trojan.Generic.7175407, Win32.Neshta, Gen:Trojan.Heur.8uW@vbhmfxhin, Gen:Variant.Adware.MPlug.16, Gen:Variant.Adware.MPlug.10
15.00%

Microsoft Security Essentials
Virus:Win32/Neshta.A, Threat.Undefined
15.00%

Kaspersky
Virus.Win32.Neshta, not-a-virus:HEUR:AdWare.Win32.MultiPlug
12.50%

AVG
Worm/Delf, Adware Generic_r.XD, Adware Generic_r.VD, Adware Generic_r.UH
10.00%

ViRobot
JS.A.Iframe.40776192, JS.A.Pakes.621952, Win32.Neshta.B[h]
7.50%

Vba32 AntiVirus
Trojan.MSIL.Inject, TrojanPSW.Agent, Virus.Win32.Neshta.a
7.50%

Dr.Web
Win32.HLLP.Neshta, Trojan.Crossrider.36840
7.50%

Rising Antivirus
PE:Trojan.Win32.Generic.141BD3AB!337367979, PE:Win32.Netsha.a!411233
5.00%

Clam AntiVirus
Trojan.Startpage-1860, W32.Neshuta.A
5.00%

VIPRE Antivirus
Virus.Win32.Neshta.a, Threat.5085665
5.00%

McAfee
W32/HLLP.41472.e, Program.MultiPlug-FRC
5.00%

The domain www.tusfiles.net has been seen to resolve to the following 3 IP addresses.

85.204.124.90
app01.tusfiles.net
August 4, 2016

93.115.7.109
tusfiles.net
February 20, 2016

46.23.68.237
December 22, 2013

File downloads found at URLs served by www.tusfiles.net.

1 / 68      (Adware)
http://www.tusfiles.net/jj49wyv9zw97  (jilbab pengantin(www999.s3xtgem.com).mp4.exe)

1 / 68      (Adware)
http://www.tusfiles.net/d3kwvfrzv0zt  (1.d.m.6.17.b.5.fnl.dvd4arab.c0m.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/f6p6mo9j9vd5  (sf2.10.crck.rar.exe)

0 / 68
http://www.tusfiles.net/5as3pzifpsa7  (o p 658 sd - vb.alm7ben.cc.mp4.exe)

0 / 68
http://www.tusfiles.net/e4iu04mm1ijn  (pokemon black2.zip.exe)

0 / 68
http://www.tusfiles.net/3zcmlyau8q46  (pokemon white2.zip.exe)

0 / 68
http://www.tusfiles.net/wtiw0bcaz9kp  (bdc764a739ade069a93d52a8c50f8005)

1 / 68      (Adware)
http://www.tusfiles.net/4gukid6eun7h  (delta force 2(www.fullypcgames.net).rar.exe)

3 / 68      (inconclusive)
http://www.tusfiles.net/x9o4dycjljsm  (Microsoft Toolkit.exe)

2 / 68      (Malware)
http://www.tusfiles.net/pvdao14k1h5o  (324396142_stp.exe)

2 / 68
http://www.tusfiles.net/hkrjjjafgcg1  (swfopenersetup.exe)

1 / 68
http://www.tusfiles.net/rubxbjwb2oyg  (dgsetup.exe)

1 / 68      (Adware)
http://www.tusfiles.net/3wb72a11a7vd  (angry-birds-go-1.0.exe)

1 / 68      (Adware)
https://www.tusfiles.net/kwv560xpwj9r  (x_c_e_u_bb_www.directdownloadstuffs.com_.part1.rar.exe)

1 / 68      (Malware)
http://www.tusfiles.net/y7lxniwrprrh  (org.sshtunnel.apk.exe)

1 / 68      (Adware)
http://www.tusfiles.net/urp3tazhg6km  (pokemon ruby 2012 version v2.0.zip.exe)

6 / 68      (PUP)
https://www.tusfiles.net/sqz7ln9inscr  (all atis indonesia ---xxxd.flv.exe)

1 / 68      (Adware)
http://www.tusfiles.net/iutmn3v9nih7  (powerarchiver_2013_14.05.04_multilingual_with_licensekeys.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/msmzs37ronj7  (varios interpretes - aqui estan...los mejores norteños.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/myqll2nhdco1  (external keyboard helper pro 6.5.apk.exe)

3 / 68      (PUP)
https://www.tusfiles.net/1eu5byy5bevc  (microsoft.toolkit.2.5.2_sharepirate.exe.exe)

3 / 68      (PUP)
http://www.tusfiles.net/am1jz6wr5840  (recklessracing3.apk.exe)

1 / 68      (Adware)
http://www.tusfiles.net/3kbixnn5dsjs  (photo2sketch.6.51.rar.exe)

6 / 68      (PUP)
http://www.tusfiles.net/57ngwn69tr5k  (tulus - gajah.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/xpsr6zu7cn5b  (livezartlink - tnod-1.4.2.3-final-setup.exe.exe)

1 / 68      (Adware)
http://www.tusfiles.net/fu2jrak5sh72  (c.c.ftp.p.9.0.5.0007.zr.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/4l7ak8j2lyyg  (removewat.2.2.7.0.rar.exe)

6 / 68      (PUP)
http://www.tusfiles.net/n5x7ddb3uzzi  (idm6.21build9-seogoogleku.info.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/uq8wpcnl0ol2  (kmsauto_pro_v1.18_portable_en_woc.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/9u1xsshkby93  (marvel avengers alliance cheat hack v2.3.zip.exe)

 
Latest 30 of 292 download URLs

The following 15 files have been seen to comunicate with www.tusfiles.net in live environments.

TCP » 85.204.124.90:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.204.124.90:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.204.124.90:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.204.124.90:443
online-guardian-v2.0.9.exe

TCP » 85.204.124.90:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.204.124.90:80
online-guardian-v2.0.9.exe

TCP » 85.204.124.90:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.204.124.90:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.204.124.90:80
online-guardian-v2.0.9.exe

TCP » 85.204.124.90:443
online-guardian-v2.0.9.exe

TCP » 85.204.124.90:443
onlineguardian-v2.exe

TCP » 85.204.124.90:80
onlineguardian-v2.exe

TCP » 85.204.124.90:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 85.204.124.90:80
download.exe ({ProductName} by {CompanyName})

TCP » 85.204.124.90:80
JDownloader2Update.exe (JDownloader Update by AppWork GmbH)

TCP » 85.204.124.90:443
JDownloader2Update.exe (JDownloader Update by AppWork GmbH)

TCP » 85.204.124.90:443
online-guardian-v2.exe

TCP » 85.204.124.90:80
PennyBeeW.exe (PennyBee)

TCP » 85.204.124.90:80
download.exe ({ProductName} by {CompanyName})

TCP » 85.204.124.90:80
download.exe (ProductName by CompanyName)

 
Latest 20 of 32 files

URL:
http://www.tusfiles.net/

Google Analytics:
UA-3400026

Title:
“TusFiles | Free Cloud Storage”

Description:
“Share unlimited files using our free cloud service”

SSL certificate subject:
CN=*.tusfiles.net, OU=EssentialSSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx/1.9.11

Facebook:
Likes:  2,858
Shares:  5,251
Comments:  1,080

Statistics are for the previous month.

tusfiles.com

sharesuperapp.info

relevantsearch.info

search-guide.info

wisesearch.info

greatresults.info

simplesearches.info

searchiseasy.info

searchinweb.info

filescdn.com

userscloud.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.