www.tusfiles.net

Artur Kozak  (via a Proxy Registrant)

Domain Information

TusFiles is a file hosting service that bills itself as a cloud backup platform, however the service is known to distributed various potentially unwanted software packages such as adware bundles through its wrapped download manager (signed by Artur Kozak, etc.). The domain www.tusfiles.net is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2010. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Vaslui, Vaslui within Romania which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Artur Kozak who is located in Kyiv, Ukraine.
Registrar:
GODADDY.COM, LLC

Server location:
Vaslui, Romania (RO)

Create date:
Monday, May 17, 2010

Expires date:
Wednesday, May 17, 2017

Updated date:
Monday, May 18, 2015

ASN:
AS9009 M247 M247 Ltd,GB

Root domain:

Scanner detections:
Detections  (74% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), PUP.New IT Limited.NewIT.Bundler (M), Adware.WebPick.Installer (M), Threat.Win.Reputation.IMP, Adware.Bundler, PUP.WebPick.Stanisla (M), PUP.WebPick.ItzhakSh (M), Adware (M), PUP (M)
70.73%

avast!
Win32:Apanas [Trj], Win32:Agent-AYLT [PUP]
19.51%

ESET NOD32
Win32/Adware.MultiPlug.DZ application, Win32/Adware.MultiPlug.JX application, Win32/AdWare.MultiPlug.CT application
17.07%

Norman
Gen:Trojan.Heur.8uW@vbhmfxhin, Gen:Variant.Adware.MultiPlug.4, Gen:Variant.Adware.MPlug.16
17.07%

Emsisoft Anti-Malware
Trojan.Generic.7175407, Win32.Neshta, Gen:Trojan.Heur.8uW@vbhmfxhin, Gen:Variant.Adware.MPlug.16, Gen:Variant.Adware.MPlug.10
14.63%

Microsoft Security Essentials
Virus:Win32/Neshta.A, Threat.Undefined
14.63%

Kaspersky
Virus.Win32.Neshta, not-a-virus:HEUR:AdWare.Win32.MultiPlug
12.20%

AVG
Worm/Delf, Adware Generic_r.XD, Adware Generic_r.VD, Adware Generic_r.UH
9.76%

ViRobot
JS.A.Iframe.40776192, JS.A.Pakes.621952, Win32.Neshta.B[h]
7.32%

Vba32 AntiVirus
Trojan.MSIL.Inject, TrojanPSW.Agent, Virus.Win32.Neshta.a
7.32%

Antiy Labs AVL
Trojan/Win32.SGeneric, Trojan/Win32.Tgenic, Virus.Win32.Neshta.a
7.32%

Dr.Web
Win32.HLLP.Neshta, Trojan.Crossrider.36840
7.32%

Rising Antivirus
PE:Trojan.Win32.Generic.141BD3AB!337367979, PE:Win32.Netsha.a!411233
4.88%

Clam AntiVirus
Trojan.Startpage-1860, W32.Neshuta.A
4.88%

Kingsoft AntiVirus
Win32.Malware.Heur_Generic.B.(kcloud), Win32.Troj.Neshta.c.(kcloud)
4.88%

The domain www.tusfiles.net has been seen to resolve to the following 3 IP addresses.

app01.tusfiles.net
August 4, 2016

tusfiles.net
February 20, 2016

December 22, 2013

File downloads found at URLs served by www.tusfiles.net.

1 / 68      (Adware)
http://www.tusfiles.net/jj49wyv9zw97  (jilbab pengantin(www999.s3xtgem.com).mp4.exe)

1 / 68      (Adware)
http://www.tusfiles.net/d3kwvfrzv0zt  (1.d.m.6.17.b.5.fnl.dvd4arab.c0m.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/f6p6mo9j9vd5  (sf2.10.crck.rar.exe)

0 / 68
http://www.tusfiles.net/5as3pzifpsa7  (o p 658 sd - vb.alm7ben.cc.mp4.exe)

0 / 68
http://www.tusfiles.net/e4iu04mm1ijn  (pokemon black2.zip.exe)

0 / 68
http://www.tusfiles.net/3zcmlyau8q46  (pokemon white2.zip.exe)

0 / 68
http://www.tusfiles.net/wtiw0bcaz9kp  (bdc764a739ade069a93d52a8c50f8005)

1 / 68      (Adware)
http://www.tusfiles.net/4gukid6eun7h  (delta force 2(www.fullypcgames.net).rar.exe)

3 / 68      (inconclusive)
http://www.tusfiles.net/x9o4dycjljsm  (Microsoft Toolkit.exe)

2 / 68      (Malware)

3 / 68
http://www.tusfiles.net/hkrjjjafgcg1  (swfopenersetup.exe)

1 / 68      (Adware)
http://www.tusfiles.net/3wb72a11a7vd  (angry-birds-go-1.0.exe)

1 / 68      (Adware)
https://www.tusfiles.net/kwv560xpwj9r  (x_c_e_u_bb_www.directdownloadstuffs.com_.part1.rar.exe)

1 / 68      (Malware)
http://www.tusfiles.net/y7lxniwrprrh  (org.sshtunnel.apk.exe)

1 / 68      (Adware)
http://www.tusfiles.net/urp3tazhg6km  (pokemon ruby 2012 version v2.0.zip.exe)

6 / 68      (PUP)
https://www.tusfiles.net/sqz7ln9inscr  (all atis indonesia ---xxxd.flv.exe)

1 / 68      (Adware)
http://www.tusfiles.net/iutmn3v9nih7  (powerarchiver_2013_14.05.04_multilingual_with_licensekeys.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/msmzs37ronj7  (varios interpretes - aqui estan...los mejores norteños.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/myqll2nhdco1  (external keyboard helper pro 6.5.apk.exe)

3 / 68      (PUP)
https://www.tusfiles.net/1eu5byy5bevc  (microsoft.toolkit.2.5.2_sharepirate.exe.exe)

3 / 68      (PUP)
http://www.tusfiles.net/am1jz6wr5840  (recklessracing3.apk.exe)

1 / 68      (Adware)
http://www.tusfiles.net/3kbixnn5dsjs  (photo2sketch.6.51.rar.exe)

6 / 68      (PUP)
http://www.tusfiles.net/57ngwn69tr5k  (tulus - gajah.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/xpsr6zu7cn5b  (livezartlink - tnod-1.4.2.3-final-setup.exe.exe)

1 / 68      (Adware)
http://www.tusfiles.net/fu2jrak5sh72  (c.c.ftp.p.9.0.5.0007.zr.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/4l7ak8j2lyyg  (removewat.2.2.7.0.rar.exe)

6 / 68      (PUP)
http://www.tusfiles.net/n5x7ddb3uzzi  (idm6.21build9-seogoogleku.info.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/uq8wpcnl0ol2  (kmsauto_pro_v1.18_portable_en_woc.rar.exe)

1 / 68      (Adware)
http://www.tusfiles.net/9u1xsshkby93  (marvel avengers alliance cheat hack v2.3.zip.exe)

 
Latest 30 of 292 download URLs

The following 15 files have been seen to comunicate with www.tusfiles.net in live environments.

 
Latest 20 of 32 files

URL:
http://www.tusfiles.net/

Google Analytics:
UA-3400026

Title:
“TusFiles | Free Cloud Storage”

Description:
“Share unlimited files using our free cloud service”

SSL certificate subject:
CN=*.tusfiles.net, OU=EssentialSSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx/1.9.11

Facebook:
Likes:  2,858
Shares:  5,251
Comments:  1,080

Statistics are for the previous month.