Hiya I’ve been a bitdefender customer since last year… I have their Total Security 2017 package. I went to download this android emulator and when i opened the installer… I got a few popups from bitdefender saying a website was blocked from being opened from the installer of the andy emulator. Is this a legit threat or a false positive and does avast block it as well?
https://www.virustotal.com/en/url/1644f508616276f30b85ca473f8328fcf9e8491af26d3477c07dd31f58a7b41c/analysis/1485630893/
https://www.virustotal.com/en/ip-address/52.2.72.151/information/
http://www.urlvoid.com/scan/rp.nadosoyo.com/
https://sitecheck.sucuri.net/results/rp.nadosoyo.com
http://urlquery.net/report.php?id=1485630120823
I guess I’ll take their word for it. Maybe Virtualbox or bluestacks or just sticking to my phone for android apps…
Looks like the executable may be adware.
I don’t know if the hash is the same but you should probably submit the executable to Virustotal to see.
Seems down- Unable to properly scan site. Site empty (no content): Content-Length: 0
Malicious activity reported from that IP: https://cymon.io/52.50.196.247
Hadsruda Troyan/Greyware. (That is probably while the one blacklist those of the grey area, and other vendors do not).
When not active, you get a connection time-out. The executable win-zip file can be checked by a polymorphic checker.
As you can see here they abuse Amazon’s Cloud and PaaS to transport their malware since 2016. → http://toolbar.netcraft.com/site_report?url=+52.206.46.116 and http://toolbar.netcraft.com/site_report?url=+52.50.196.247 -ec2-52-50-196-247.eu-west-1.compute.amazonaws.com for instance.
polonus (volunteer website security analyst and website error-hunter)