Re: https://urlhaus.abuse.ch/url/237295/
Blacklisted (3): https://sitecheck.sucuri.net/results/pl.thevoucherstop.com/wp-admin/xdx66dy1/
Various instances give the site as clean, Google Safe Browse: OK ; Spamhaus Check: OK ;
Abuse CC: OK ; Dshield Blocklist: OK ; Cisco Talos Blacklist
4 engines will detect this URL: https://www.virustotal.com/gui/url/89400101bae600c6cb244737b68d01c938d51fc150793022c2339f994d3e56b3/detection
On IP see: https://www.shodan.io/host/173.198.199.5
Infesting with -/////MZ@ !L!This program cannot be run in DOS mode. etc//////
polonus
Thanks Pondus, the more the better
(well actually 8 now as you count the engine, flagging it as suspicious);
the 4 that flagged it initially was at the time URLHaus member reported, then another three jumped the detection wagon.
Other domains on that IP:
-au.thevoucherstop.com
-be.thevoucherstop.com
-de.thevoucherstop.com
-es.thevoucherstop.com
-fr.thevoucherstop.com
-in.thevoucherstop.com
-it.thevoucherstop.com
-nl.thevoucherstop.com
-pl.thevoucherstop.com
-pt.thevoucherstop.com
-ro.thevoucherstop.com
-test.thevoucherstop.com
-thevoucherstop.com
-tr.thevoucherstop.com
-uk.thevoucherstop.com
-www.thevoucherstop.com
pol