Quttera False Positive: Is Your Site Hacked or Misidentified?

Quttera is an online link and malware scanner that flags URLs it believes may contain malicious content. It is commonly used to check whether sites or links appear dangerous. 

Its results also feed into VirusTotal, a Google-owned tool that aggregates outputs from dozens of scanners and displays them in a report.

If you or a visitor has scanned your site through VirusTotal and Quttera has marked it as “suspicious”, you probably have two burning questions:

• Is your site actually hacked?
• Or is this yet another Quttera false positive?

Either way, being labeled suspicious on a public scanning service is not great for visitor trust, especially among people who rely on VirusTotal.

TL;DR: Quttera is a subpar malware scanner. We tested Quttera thoroughly, and its results are inconclusive and ambiguous at best. Scan your site with a proper malware scanner like MalCare for real peace of mind. 

Does your site have malware or is it compromised?

Understandably, your first concern is whether your site is hacked. So your first port of call is to use a proper scanner to get your answer.

🔥 MalCare’s scanner is the best option for WordPress. It is completely free, and gives you clear, accurate yes/no results. The malware scan is free, and if your site is infected, you can upgrade for a one-click cleanup. 

Knowing definitively whether or not malware is present is the key step before taking further action with Quttera. 

Stop your site getting flagged as suspicious by Quttera

If your site is showing clean with MalCare, the remaining problem is reputational. 

Being flagged as suspicious or malicious by Quttera may mislead visitors. If visitors think your site is unsafe, they will not, well, visit.

😵 We tried to scan several infected sites. These sites had malware, keylogger downloads, phishing scams, botnets, and much more on them. We were trying to get a screenshot of a Quttera suspicious or malicious message for this article. All the results were clean. Draw your own conclusions from that.

Report the false positive to Quttera

The way to resolve this is to report the false positive to Quttera. This is not always effective, but is unfortunately the only real solution to this issue.

Gather up as much evidence as you can to get your site off of their list.

What you can do

• Submit a false-positive report through Quttera’s contact channels.
• Attach supporting evidence such as clean MalCare scan results.
• Gather as much documentation as possible to demonstrate that your site is not compromised.

You can also email Quttera directly, and contact any other vendors on VirusTotal who flagged your site.

Ideally, they should review your site, and hopefully remove it from their blacklist.

Do a little digging of your own

If you are comfortable with development or debugging, you can also examine what may have triggered the false positive. 

In our experience, Quttera frequently flags benign elements such as:

• legitimate iframes
• redirects
• embedded third-party widgets
• safe base64 or encoding functions (which are used legitimately)

It is definitely a bit of innocuous code, but it is triggering the scanner for some reason.

Quttera’s history of false positives

Quttera uses heuristics and AI to detect malware now, but long before this tech was developed, it reported lots of websites, files, and links as suspicious or malicious. 

For example, in 2015, Quttera flagged several high-profile websites as malicious. Therefore, Quttera has been known for false positives for some time.

Quttera’s logic is straightforward. It flags code snippets that are commonly seen in malware, even when used in legitimate contexts. (We are not assuming this; it has been their stock-in-trade response to legions of support queries.)

However, this logic is deeply flawed. In fact, it is a classic hasty generalisation fallacy. To put that into perspective, it’s the equivalent of saying: “Many bad drivers speed, so anyone who speeds is a bad driver.”

Modern websites often include code patterns that resemble those used in malicious scripts. That’s just… code.

Quttera as a scanner

When we tested Quttera as a malware scanner roundup, it performed poorly. We ranked it 13th in a lineup of 13 scanners, which reflects how unreliable its results were during our evaluation.

Our tests also uncovered several cases where those scanners failed entirely.

Case in point with a site infected with malware

We tested a site compromised with the Japanese keyword hack, a well-known SEO spam infection.

In our tests, we selected a Malaysian university site affected by this and scanned its URL through VirusTotal and Sucuri SiteCheck. Both scanners marked the site as clean despite visible evidence of SEO spam in search results.

But behind the scenes, injected pages exist for search engines.

While both tools are online scanners, and do not guarantee detection, it is still evidence of missed malware.

The upshot of these tests is that neither Quttera nor VirusTotal should be (solely) relied upon to determine whether a website is truly hacked. False positives are problematic and frustrating but false negatives are far worse.

You can run the same test yourself

The Japanese keyword hack often targets high-authority domains because they are valuable for spam SEO. Many hacked pages advertise grey-market or illegal goods, such as handbags or weight loss pills, etc.

1. Use Google Translate to generate a Japanese phrase such as “fake Gucci bags.”
2. Search that Japanese phrase in Google.
3. You will quickly find results from legitimate, unrelated websites.
4. When you click through, the site’s homepage looks normal; no mention of Gucci or any spam.

This demonstrates why relying solely on Quttera or VirusTotal is risky. They often fail to detect actual infections while still producing false positives elsewhere.

Conclusion

Quttera is a lightweight link-checking tool, but it is not an accurate or reliable website malware scanner. If your site has been flagged as suspicious, it may be due to a genuine infection, or it may simply be another false positive, which Quttera is known for.

Your first step should always be to scan your site with a dedicated WordPress malware scanner like MalCare. Once you have confirmed your site is clean, report the false positive to Quttera and any other VirusTotal vendors involved.

FAQs

What does Quttera malicious mean?

It means Quttera has classified your URL or file as suspicious or potentially harmful. This does not confirm malware on your site, because Quttera frequently issues false positives.

What is Quttera’s detection rate?

Quttera does not publish independent, verifiable detection-rate statistics. Based on our own evaluations, its detection ability is inconsistent, with both false positives and false negatives.

Is Quttera malware?

No. Quttera is a security vendor that provides URL and file scanning tools. However, its classification results should not be used as a sole indicator of website health.

What is a Quttera false positive?

A Quttera false positive occurs when Quttera flags a safe website or file as suspicious or malicious. This often happens because its heuristic scanner misidentifies harmless code patterns as malware.

Why does Quttera give false positives?

Quttera false positives happen because the scanner relies on pattern-matching heuristics that flag code snippets commonly used both in malware and normal websites. This leads to misclassification, especially on WordPress sites.

How do I fix a Quttera false positive?

To fix a Quttera false positive, first scan your site with a reliable WordPress malware scanner like MalCare to confirm it’s clean. Then submit a false-positive report to Quttera with your clean scan results attached.

Is a Quttera false positive dangerous for my site?

A Quttera false positive does not indicate danger, but it can harm your site’s reputation, especially if it appears on VirusTotal. Visitors may assume the site is unsafe even when no malware is present.

Can VirusTotal show a Quttera false positive?

Yes. VirusTotal aggregates results from multiple scanners, including Quttera. If Quttera issues a false positive, that warning will appear in the VirusTotal report even if other scanners mark the site clean.

Why did Quttera flag my site as suspicious?

Quttera flagged your site because its heuristic scanner detected code patterns commonly associated with malware, even if they are benign. These false positives occur frequently, so always verify with a dedicated WordPress malware scanner.

Common reasons include:

• benign code that resembles malware patterns
• embedded iframes
• redirects
• encoded scripts
• heuristic misclassification

If your site scans clean in a proper malware scanner, you can report the false positive to Quttera for review.

Is my site hacked if Quttera says it’s malicious?

Not necessarily. Quttera frequently misclassifies harmless scripts and embeds as suspicious. Always verify with a dedicated malware scanner before assuming compromise.