I’ve noticed that when I enter speedtest.net webpage that I’ve used for couple of years every now and then, Firefox shows recieving data from the domain “-www.fallingfalcon.com”, which has one of both suspicious and malicious blacklists at Virustotal, and according to additional information, the domain seems to provide advertisements:

https://www.virustotal.com/en-gb/url/d9b8ad030d6799cdced6f4f190d883ebd9b5aa144fab8ec1bcd24481f5b93ba9/analysis/1462637104/

However, this domain doesn’t seem to appear on list of links found on the site by Noscript, Adblock Plus, Quttera or Sucuri:

http://quttera.com/detailed_report/speedtest.net

https://sitecheck.sucuri.net/results/www.speedtest.net/

Sucuri and Killmalware both dont seem to not be able to scan fallingfalcon.com properly.

“Content not found” by Sucuri:
https://sitecheck.sucuri.net/results/www.fallingfalcon.com

“5000 cannot connect to fallingfalcon.com:80” by Killmalware:
http://killmalware.com/fallingfalcon.com/

Quttera scan shows rather odd results after probably a 1 second scan time…:

http://quttera.com/detailed_report/www.fallingfalcon.com

Netcraft shows clean:

http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.fallingfalcon.com%2F

First the virustotal scan isn’t actually a scan but checking against existing blacklist data. This could be old data and one supposed malicious out of 67, is pretty low and many might say an FP.

I have used speedtest.net for some considerable time and no issues. Just ran it again using my default browser firefox and no issues. I’m in the UK and choose my normal closest Hosting provider, I don’t let it select the Host.

Do you let speedtest.net select the Host or do you do that ?

Actually I block speedtest.net domain at my house because malware byes said malware warning while browsing the site a few months ago. Speedtest.net does have malware sometimes.

Most likely what you did see was this

Oh, the Sites You Will Never See > https://blog.malwarebytes.com/malwarebytes-news/2013/05/oh-the-sites-you-will-never-see/

I have been using speedtest.net for many years and no issues what so ever.

Since you don’t say what the location or the actual message is there is no real way of investigating.

Personally when using MBAM Premium I disabled its Malicious Website Protection as it alerts on more than malicious sites. Its lists have all sorts of categories lumped into this malicious sites heading.

I’ve personally used Adblock Plus so I haven’t stumbled on adverticements on speedtest.net.

Seems the domain your mention is no longer up: http://toolbar.netcraft.com/site_report?url=+FallingFalcon.com
It does not resolve to any IP address, and used to be here: https://www.virustotal.com/en/ip-address/52.10.154.150/information/
See: https://whois.domaintools.com/fallingfalcon.com
It now seems to reside here: 216.157.88.23. The subdomain should resolve here: 52.33.219.196
→ https://www.threatcrowd.org/domain.php?domain=www.fallingfalcon.com

pol

polonus,

You are replying to a post from the OP on 07 May 2016.

The one you should be looking at is from Scotty4 Reply #2 dated Today at 19:08:52.

Hi DavidR,

Slip of the keyboard, go there then, commenting on a sub-link that has been long long gone or taken down.
This was my Rip van Winkel moment, as he apparently also was Dutch.
Thanks for waking me up, friend! Sometimes it is almost that the bits and bytes gets the better of ye ;D

pol

No problem