Hello I hope that I can post here in this section because I got a website that is sneaky and provides FAKE surveys and has some malware as you can see in the scans below. Surf safe and always check that you typed the URL Correct!
https://www.virustotal.com/en/url/6e611acaa3c71d8a74e0c8e20a6762f6a1d71bbf3b7be360d2302c64eacb7322/analysis/1421178749/ as you can see here it’s only a 5/61 detection !
The IP https://www.virustotal.com/en/ip-address/104.156.226.89/information/
24 blacklisted links, thats alot.
And blacklisted by 5 lists on Sucuri.
Not blocked by Avast as of now.
Well but why doesn’t Kaspersky detect it ?
[quote author=Georgie123 link=topic=164463.msg1172194#msg1172194 date=1421179929]
Only thing is that Quttera and ESET flag it as suspicious… Webutation,Dr.Web.Spam404 and Comodo flagged it as malicious (Including Sucuri which scans I have given just like Qutteras)
I dont know, there web blocker is not that great.
Oh one question am I allowed to post threads like this ? I have some more “Typos” that I found and some are malicious and even aware to steal you privacy like Emails.
Hi 
Yes, you may post liks to malicious sites. However, these links MUST be broken.
Example:
https://www.facebook.com/ (Live)
hxxps://wxw.facebook.c0m/ (Broken)
Allright thanks, I’ll break every link and type a “warning” in front of them. So I’ll just show you more examples of the websites that steal you privacy. Thanks for allowing it to me : D
wxw.facebooklogin-facebook.com/
It may look obvious but some people may still fall for it right ?
https://www.virustotal.com/en/url/580acf6a7240c87773c8052a59e033810f90e439ae6f154bf8943076f19600d9/analysis/1421181669/
May someone PLEASE send this one to Avast so it nobody can get infected ?
https://www.virustotal.com/en/ip-address/188.93.150.44/information/ IP is bretty bad isn’t it ?
I’ll edit my post after Quttera and Sucuri are done scanning!
http://www.quttera.com/detailed_report/www.facebooklogin-facebook.com Oh my…
http://sitecheck.sucuri.net/results/www.facebooklogin-facebook.com/
Beware and I hope I helped you a bit.
Okay I found something more interesting
https://www.virustotal.com/en/ip-address/108.168.208.206/information/ did avast! allow FileHippo to give downloads of avast to the FileHippo users ?
I somehow stumpled upon this site called hxxp.38zu.cn
https://www.virustotal.com/en/url/2cf1aa18cbc9896f846093248f3dda9ec641a7603237930e2956765b4974d113/analysis/1421186399/
https://www.virustotal.com/en/ip-address/98.126.249.28/information/ IP is bad
Oh one thing I informed myself a bit about it and some people say that you have to download something from it to get a virus ? But I still think that it gives a virus even when you visit it!
http://www.quttera.com/detailed_report/38zu.cn
http://sitecheck.sucuri.net/results/38zu.cn Not able to connect to the site ?
Boils down to Infostealer malware and atrojan dropper variant like Trojan-Ransom.Win32.Foreign.lcdi: https://www.virustotal.com/nl/file/2346f399cc8b4433d10cc5d819b0b4a2727b98c301e14b5217925414055b9c69/analysis/
See: https://www.virustotal.com/nl/ip-address/188.93.150.44/information/
polonus
Okay thanks for you resposne you downloaded that from hxxp.38zu.cn right ? (I’m a bit nervous right now because of speaking to a avast! malware specialist) Oh and it’s tricky it has some copyright,some people might think “Hey it has copyright it’s not a virus”. Thanks for the info Polonus. Oh and you did download it from hxxp.38zu.cn right ?
https://www.virustotal.com/en/url/9f1dd3db36b41fd8f2019a4ec3c8422a8321940d7e72d7d760327e350b45e7f2/analysis/1421188283/ All clean hm ? But the ratings are that it’s bad ?
According to some reserach it installs the old Iloveyou virus ? And a “Kaspersky” virus ?! Now hold on kaspersky has a virus ?
https://www.virustotal.com/en/ip-address/176.126.236.112/information/ IP isn’t that bad
It took me very long for Quttera to scan because it has more than 500 files, I hope I can scan it with sucuri and upload and take a look… I ran into 10 more which I will test tommorow. http://www.quttera.com/detailed_report/funmaza.com Here is just the scan log I just took a quick look it has some javascripts I’ll show you the 10 more tommorow! Be safe!
http://sitecheck.sucuri.net/results/funmaza.com#blacklist-status Just finished with Sucuri, no security risks but has no firewall.
Okay so I found a scam website called hxxp.ammyy.com So the Virustotal scan is clean, but many bad ratings oh and the IP is pretty bad https://www.virustotal.com/hr/ip-address/70.38.40.185/information/ I’m going to see what Zulu, Sucuri and Quttera say about it. (I’ll edit my comment when they are done scanning) Just a quick edit MXSkypeRecorder.exe is launched lack of privacy.
http://www.quttera.com/detailed_report/Ammyy.com
http://sitecheck.sucuri.net/results/ammyy.com
Zulu just showed nothing. If you want me to explain you what kind of scam they do be free and ask me.
My bad, I just researched more a bit IMPORTANT They say this site is safe and that there are some scammers that call you and let you think that they work for hxxp.Ammyy.com. I’ll do even more reserach to be 100% sure oh but the IP is still bad.
http://prntscr.com/5sfgg6
Originaly posted by Eugene from Ammyy(Dot)com
Dear users of Ammyy Admin
Unfortunately, there are some cases of malicious use of our software noticed. Please be attentive and never grant access to people you don’t know personally or whom you don’t trust.
!!! If you receive a phone call claiming to be from ‘Microsoft’ or someone claiming to work on their behalf, telling you that you have a virus on your computer or some errors which they will help you to fix via Ammyy Admin, it is definitely a scam.
Ammyy Admin itself absolutely safe software but due to its ease of use and free availability it may be used by scammers.
If you became a victim of scammers please see the link which may help hxxp://wxw.ammyy.com/en/admin_mu.html
Kind regards
Eugene
Ammyy Inc. Team "
Looks like I was wrong about the site, but some scammers around the world use this site as a shield ? Interesting, and I wouldn’t reco omend visiting it since the IP is very bad so beware about callers that claim that you are “Infected” and need to download Ammyy Admin and let them control you PC. Surf Safe!
hxxp.ammyy.com does not seem like a scam. Seems to be a russian remote admin tool
Detected at VT as riskware / PUP
It can be downloaded at cnet / softonic …
Any remote admin tool can be missused
As you can see I updated my post saying that some scammers claim that they work for Microsoft or Ammyy admin.
http://prntscr.com/5sfgg6 Here we can see the CNET download icon.
Virustotal scan of the file: https://www.virustotal.com/en/file/7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404/analysis/1421259150/
Good one Steven, thanks for posting it it doesn’t surprise me that the download may be Suspicious/Unwanted because it’s origin comes from CNET! It may come with some more PUPs.