Is this domain (that's seemingly owned by Amazon) harmful?

[REDACTED]

I was browsing deviantart art site and when visiting profile of one user, Firefox showed me that the page took time to load the domain "dapxl.com". Netcraft.com shows 1/10 risk for this domain, and shows it belonging to Amazon.

http://toolbar.netcraft.com/site_report?url=dapxl.com

Virustotal shows few old detections, but newer scan shows the domain not being blacklisted.

https://www.virustotal.com/en-gb/domain/dapxl.com/information/

https://www.virustotal.com/en-gb/url/d2b89207c1da7b538d6bc2fc92eefab115a5763edfbce6e38ca7e2123f0abe93/analysis/1457215787/

Sucuri cannot scan.

https://sitecheck.sucuri.net/results/dapxl.com/

[polonus]

I get a BEef alert going to the reversed DNS address (website risk 8 red out of 10): http://toolbar.netcraft.com/site_report?url=http://ec2-52-34-149-79.us-west-2.compute.amazonaws.com
See for that main site: http://toolbar.netcraft.com/site_report?url=dapxl.com
Only got this minimal return: Response size: 43 bytes   = GIF89a


!

,

L
; site's image GIF at 52.34.149.79
Re: https://urlquery.net/report.php?id=1457216767057

Code: [Select]

  Failed writing body (0 != 43) -> https://oscarotero.com/embed/demo/index.php?url=http%3A%2F%2Fdapxl.com&options%5BminImageWidth%5D=0&options%5BminImageHeight%5D=0&options%5BfacebookAccessToken%5D=&options%5BembedlyKey%5D=&options%5BsoundcloudClientId%5D=YOUR_CLIENT_ID&options%5BoembedParameters%5D=  (This occurs when grep is closing the read stream from curl, cURL does not expect this and "kicks up" the error message "Failed writing body").

This could be intentional behaviour as site's xss scan will land at: htxp://pornearn.com/js/pop.js
This is an Adult Paid URL Shortener - AOS does not flag, is in the World Adult List,
let us put it this way "Better stay away from such scam!".

polonus (volunteer website security analyst and website error-hunter)

[Eddy]

You misunderstood the results from netcraft.
The domain doesn't have to belong to Amazone, the netblock (IP range) does.
Netblock and domain are two different things.

Exampe :
My domain is www.ache.nl and I own it.
The netblock is from mijndomein.nl BV
And that is correct as they are the ones I use for hosting.

Something else you got wrong is about the VirusTotal report.
VirusTotal does not scan websites, it checks blacklists.

[REDACTED]

Something else you got wrong is about the VirusTotal report.
VirusTotal does not scan websites, it checks blacklists.

It's a bit unclear to me why I need to get reminded about this, mostly because I've known this for a long time already, and since Virustotal reports seem to be a common reference when talking about safety of websites

[polonus]

Well probably Pernaman meant that VT has a collection of recent scan results,
and when you look it that way you can say
they list detection or no detection from those scan results that VT has listed.

In this case we have a more difficult job as we have only these 43 response bytes to go by.
Here we find the domain info: https://whois.domaintools.com/dapxl.com
The IP address is 54.69.83.26 is hosted on a dedicated server, faciltated by Amazon.

I would also reckon we have to deal here with Amazon abuse.
It is the lack of pro-active security assitance that cause the insecurity to arise here.
It is a registered domain but not a website. *
The Amazon hostname = ec2-54-69-83-26.us-west-2.compute.amazonaws.com
Half of the IDS tracking here is insecure: At least 2 third parties know you are on this webpage.
- Google
-ec2-54-69-83-26.us-west-2.compute.amazonaws.com 
-ec2-54-69-83-26.us-west-2.compute.amazonaws.com

* Site doesn't have a title (image/gif). commonName=dapxl.com/organizationName=deviantART, Inc./stateOrProvinceName=California/countryName=US

polonus