MalwareTips
Security Review

Is onyxx.totalh.net legit or a scam?

Our verdict:Suspicious· 55/100

A legacy Sudoku software page hosted on a free subdomain service with a high history of phishing and security compromises.

Top reasons
Hosted on a free subdomain service frequently used for phishing and malware distribution.Parent domain is associated with over 500 infostealer credential leaks.No verifiable business registration or physical contact information.
onyxx.totalh.netScanned 1h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 90·MT 40
Category tags
hosting85% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
14 years old
Registered May 11, 2012
MT Intelligence
Suspicious
Moderate likelihood · 85% confidence
SUSPICIOUS

Warning signs detected

A legacy Sudoku software page hosted on a free subdomain service with a high history of phishing and security compromises. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Website Preview

Screenshot of onyxx.totalh.net
LIVE RENDER
onyxx.totalh.net
1Simple, text-heavy layout with basic HTML styling

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

15
/ 100
Low visual risk

Visual red flags detected in the screenshot

The page appears to be a simple, legitimate informational site for a Sudoku software tool with no visible scam indicators or deceptive design patterns.

Visual risk15/100

What our vision model saw

5 signals

Simple, text-heavy layout with basic HTML styling

Static image of a software interface for a Sudoku solver

No visible calls to action, payment forms, or urgency tactics

Informational content regarding a Windows 7 and 10 application

Absence of deceptive trust badges or pop-up overlays

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Moderate scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The site is a subdomain of a free hosting provider that has a documented history of hosting malicious content. Our research found that the parent domain is linked to hundreds of credential leaks and numerous phishing subdomains. While the specific 'onyxx' page appears to be a simple informational site for a Sudoku solver, the lack of business registration and the high-risk environment make it untrustworthy. The page also requires JavaScript to display any content, which is a common trait for modern web apps but can also hide intent from simple crawlers. Because the hosting environment is so frequently abused, we cannot verify the safety of the software downloads offered here.
Full dossier
Analysis complete

Page Content

The page serves as a landing site for 'Onyx - The House of Sudoku,' a Windows-based puzzle generator created by an individual developer. It features a basic HTML layout with a static image of the software interface and technical descriptions of the puzzle-generation logic.

Infrastructure

The site is hosted on a free subdomain service (totalh.net) which is part of the InfinityFree/Byet network. It uses a ZeroSSL certificate and is hosted on an IP address with no current abuse reports, though the parent domain has a significant history of security issues.

Domain History

The parent domain has been active for over 14 years, but this specific subdomain lacks a global traffic rank. There is no business registration or official contact information associated with the site, which is typical for personal hobbyist projects from the Windows 7/10 era.

Web Reputation

Independent security sources and blacklist feeds frequently flag the parent domain due to its association with phishing campaigns, including fake Instagram and gaming login pages. While this specific subdomain hasn't been flagged, it resides in a high-risk neighborhood.
Risk Factors
5
  • Hosted on a free subdomain service frequently used for phishing and malware distribution.
  • Parent domain is associated with over 500 infostealer credential leaks.
  • No verifiable business registration or physical contact information.
  • Requires JavaScript to render any content, obscuring the page from basic analysis.
  • Multiple other subdomains on the same provider are actively blacklisted.
Positive Signals
3
  • Domain has been registered for over 5,000 days.
  • Zero detections from 92 antivirus engines in our network.
  • No specific scam reports found targeting this exact subdomain.
AI Recommendation
Avoid downloading or executing any software from this site. If you choose to use the tool, scan the downloaded file with updated antivirus software before opening it.
Scam network detected
3 linked domains correlated

The site is part of a free hosting network that is heavily abused by various scam and phishing operators.

totalh.netinstagram.totalh.netservices.runescape.com-mss-forum.totalh.net
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for onyxx.totalh.net, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
14 yrs
Registered May 2012
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
4 scam reports
Key findings
7 headline facts from open-web research
  • onyxx.totalh.net is a subdomain on totalh.net, a free hosting provider (InfinityFree/Byet) that has hosted many user sites since at least ~2012 (domain age 5160 days).
  • The site describes itself as "Onyx - The House of Sudoku" offering a Windows Sudoku puzzle maker/solver by Jean le Roux that generates asymmetrical, single-solution puzzles in 8 difficulty levels.
  • Page requires JavaScript to load; without it, only a "This site requires Javascript" message is shown. No active content, downloads, or interactive elements visible in crawls.
  • totalh.net and many of its subdomains (including instagram.totalh.net, fix.totalh.net, exodus.totalh.net, and phishing-mimicking subdomains like services.runescape.com-mss-forum.totalh.net) have very low trust scores and multiple blacklist/
  • Hudson Rock reports 565 infostealer credentials associated with totalh.net and 23 compromised employees, indicating a medium threat posture and history of compromise.
  • No specific scam reports, reviews, or complaints were found exclusively targeting onyxx.totalh.net itself; negative signals are tied to the parent hosting domain and other subdomains.
  • No business registration, contact info, or legitimate company presence identified for the site or author beyond an old personal project page.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • Scamadviseropen

    "totalh.net has a very low trust score which indicates that there is a strong likelyhood the website is a scam."

  • Gridinsoftopen

    "Totalh.net Scam Check: Blacklist Warning (29/100 Trust Score). Multiple security vendors blacklist Totalh.net."

  • MalwareURLopen

    "instagram.totalh.net - Phishing. Entry matching instagram.totalh.net was found in our database."

  • VirusTotalopen

    "services.runescape.com-mss-forum.totalh.net ... Phishing"

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
We searched scam-report databases and security feeds for onyxx.totalh.net and found that while the specific subdomain is clean, the parent domain totalh.net is widely blacklisted. Independent review aggregators and security researchers have flagged the hosting provider for hosting phishing sites mimicking Instagram and Runescape. Additionally, reports indicate a history of compromised credentials associated with the hosting infrastructure.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious57Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age14 years old
RegistrarNameCheap, Inc.
RegisteredMay 11, 2012
ExpiresMay 11, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerZeroSSL GmbH · ZeroSSL ECC DV SSL CA 2
ExpiresSep 12, 2026 (76d)
Self-signedNo
Hosting & Technology
HostingI FastNet LTD
Server locationGB
Web serveropenresty

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPI FastNet LTD
Usage typeContent Delivery Network

Proceed with caution

Our automated review flagged enough risk that you should treat this site as unverified.

  • Treat onyxx.totalh.net as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked onyxx.totalh.net as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • onyxx.totalh.net currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. onyxx.totalh.net presents a valid TLSv1.3 certificate issued by ZeroSSL GmbH · ZeroSSL ECC DV SSL CA 2, expiring in 76 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • onyxx.totalh.net is 14.1 years old, registered on 5/11/2012 through NameCheap, Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report onyxx.totalh.net as clean.
  • No. onyxx.totalh.net is not currently listed on the major browser blocklist feeds that modern browsers use.
  • onyxx.totalh.net resolves to an IP operated by I FastNet LTD in GB (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 27, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around onyxx.totalh.net have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·onyxx.totalh.net
SUSPICIOUS

This is a personal software page hosted on a free subdomain service with a poor reputation. While the specific page appears to be an old Sudoku tool, the hosting provider is frequently used for phishing and malware. Exercise caution when downloading any files from this domain.

Avoid downloading or executing any software from this site. If you choose to use the tool, scan the downloaded file with updated antivirus software before opening it.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust50
lolicit.org
48m ago
Read the review
Suspicioustrust45
sexycity.cc
50m ago
Read the review
Suspicioustrust45
rabbitmeow.live
50m ago
Read the review
Suspicioustrust49
downloader.now
52m ago
Read the review
Suspicioustrust65
mobilefuse.com
54m ago
Read the review
Suspicioustrust49
aimmy.dev
2h ago
Read the review
Suspicioustrust44
skullbrokers.com
2h ago
Read the review
Suspicioustrust52
maximumprofitstrade.com
2h ago
Read the review
Suspicioustrust48
simpcity.us
2h ago
Read the review
Suspicioustrust55
palletsliquidationworldwide.com
3h ago
Read the review
Suspicioustrust48
tws-debit.com
3h ago
Read the review
Suspicioustrust58
scnsrc.me
4h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.