Not all scanner flag this website as malicious....

Viruses and worms
1

Re: https://zulu.zscaler.com/submission/9726bc74-46ef-4c66-a797-7cab01248f3d 100/100 malicious
Specified as with Cerberus and flagged accordingly: https://urlhaus.abuse.ch/url/354903/
Missed: https://www.virustotal.com/gui/url/18b31d4b9e4013c71c2df36c3548ec5f5d0cf5be4b052a5ae2413b6abb75b251/details
Missed in relations for IP: https://www.virustotal.com/gui/ip-address/160.153.133.149/relations
Detected as blacklisted and malicious: https://sitecheck.sucuri.net/results/evdekaldiye20-gb.com

This page redirects to hxtp://evdekaldiye20-gb.com/kazan20gbturkiye.apk that is blacklisted by Google Safe Browsing, see htxps://transparencyreport.google.com/safe-browsing/search?url=http%3A%2F%2Fevdekaldiye20-gb.com%2Fkazan20gbturkiye.apk see vuln. here: https://www.shodan.io/host/160.153.133.149

-kazan20gbturkiye.apk

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

2

Another example of such abuse on GoDaddy:
Anubis
https://urlhaus.abuse.ch/url/354970/
Blacklisted but malware missed: https://sitecheck.sucuri.net/results/saglikodemelerinial.org
Same here: https://sitecheck.sucuri.net/results/saglikodemelerinial.org
Detected: https://www.virustotal.com/file/5f04f7b808154a6ee2fe058b68c0078ee6fea308e80e05062a83b82d9fb70ee5/analysis/1588261517/
DrWeb gives it as infected: hxtp://saglikodemelerinial.org/20gb_hediye_internet.apk/classes.dex infected with Android.BankBot.684.origin

Good that Avast-Mobile detects this for us as Android:Evo-gen [Trj]
So we are being protected,

polonus

3

What about this Pharmasafe-scam address?
How we got there, via scanning for -elborg.orange.website
landing at IP abuse info: https://www.abuseipdb.com/check/82.221.105.125
Re: https://talosintelligence.com/reputation_center/lookup?search=82.221.105.125&__cf_chl_jschl_tk__=3679fa4618cf3d1feb99f819eb5e62bdf91a3808-1588292360-0-AakyOqy1cnSGusi_8tIPNAO3iuVtPA5yw6LIerdyP9ntd2C7eeLLi5Wu4bFsfq1Ek7fwCAgscgflplY4NvkuxAfcwU6exmLtPNBG4HC3_72-f-tZSenIEUz-7ThuW8yu30rJ5mly6YPuqwQAX4aytzBTW-HMfQ-SbrzuyiRtMsAkxJ_5P3Kq1LfRL7R46ITV4uvJMCndcBcKfVupoqheDwWrU4IKo3IoKta8Hpc4eBof9VgS5yIgNuipdX5LmyYyIkUhZrkyK92wdjd2lUVeW2B0ZDD1k4QavdCudCU5VgyIKMpgRh9IKtx4w84oKycB_jy8wPlka84a-YaQ02uOX18aBuJRkRZxUvIKFg8U6sG95jaKkLzOMZqXX4GFKcwjTMAg_IgKF0vmu01xNxpXHc8
stumbling on: https://domainwat.ch/site/pharmasafe24.com
77 sites in this from this particular IP.

polonus